The azure-native:compute:VirtualMachineScaleSet resource, part of the Pulumi Azure Native provider, defines a Virtual Machine Scale Set that provisions and manages groups of identical VMs. This guide focuses on three scale set capabilities: VM extensions and custom images, security configurations, and load balancer integration.
Scale sets depend on virtual networks, subnets, and often reference custom images, load balancers, or storage accounts. The examples are intentionally small. Combine them with your own networking, image repositories, and load balancing infrastructure.
Deploy a scale set with VM extensions
Scale sets often need to run post-deployment configuration tasks like installing monitoring agents or applying security policies.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const virtualMachineScaleSet = new azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet", {
location: "westus",
overprovision: true,
resourceGroupName: "myResourceGroup",
sku: {
capacity: 3,
name: "Standard_D1_v2",
tier: "Standard",
},
upgradePolicy: {
mode: azure_native.compute.UpgradeMode.Manual,
},
virtualMachineProfile: {
diagnosticsProfile: {
bootDiagnostics: {
enabled: true,
storageUri: "http://{existing-storage-account-name}.blob.core.windows.net",
},
},
extensionProfile: {
extensions: [{
autoUpgradeMinorVersion: false,
name: "{extension-name}",
publisher: "{extension-Publisher}",
settings: {},
suppressFailures: true,
type: "{extension-Type}",
typeHandlerVersion: "{handler-version}",
}],
},
networkProfile: {
networkInterfaceConfigurations: [{
enableIPForwarding: true,
ipConfigurations: [{
name: "{vmss-name}",
subnet: {
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
name: "{vmss-name}",
primary: true,
}],
},
osProfile: {
adminPassword: "{your-password}",
adminUsername: "{your-username}",
computerNamePrefix: "{vmss-name}",
},
storageProfile: {
imageReference: {
offer: "WindowsServer",
publisher: "MicrosoftWindowsServer",
sku: "2016-Datacenter",
version: "latest",
},
osDisk: {
caching: azure_native.compute.CachingTypes.ReadWrite,
createOption: azure_native.compute.DiskCreateOptionTypes.FromImage,
managedDisk: {
storageAccountType: azure_native.compute.StorageAccountTypes.Standard_LRS,
},
},
},
},
vmScaleSetName: "{vmss-name}",
});
import pulumi
import pulumi_azure_native as azure_native
virtual_machine_scale_set = azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet",
location="westus",
overprovision=True,
resource_group_name="myResourceGroup",
sku={
"capacity": 3,
"name": "Standard_D1_v2",
"tier": "Standard",
},
upgrade_policy={
"mode": azure_native.compute.UpgradeMode.MANUAL,
},
virtual_machine_profile={
"diagnostics_profile": {
"boot_diagnostics": {
"enabled": True,
"storage_uri": "http://{existing-storage-account-name}.blob.core.windows.net",
},
},
"extension_profile": {
"extensions": [{
"auto_upgrade_minor_version": False,
"name": "{extension-name}",
"publisher": "{extension-Publisher}",
"settings": {},
"suppress_failures": True,
"type": "{extension-Type}",
"type_handler_version": "{handler-version}",
}],
},
"network_profile": {
"network_interface_configurations": [{
"enable_ip_forwarding": True,
"ip_configurations": [{
"name": "{vmss-name}",
"subnet": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
"name": "{vmss-name}",
"primary": True,
}],
},
"os_profile": {
"admin_password": "{your-password}",
"admin_username": "{your-username}",
"computer_name_prefix": "{vmss-name}",
},
"storage_profile": {
"image_reference": {
"offer": "WindowsServer",
"publisher": "MicrosoftWindowsServer",
"sku": "2016-Datacenter",
"version": "latest",
},
"os_disk": {
"caching": azure_native.compute.CachingTypes.READ_WRITE,
"create_option": azure_native.compute.DiskCreateOptionTypes.FROM_IMAGE,
"managed_disk": {
"storage_account_type": azure_native.compute.StorageAccountTypes.STANDARD_LRS,
},
},
},
},
vm_scale_set_name="{vmss-name}")
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewVirtualMachineScaleSet(ctx, "virtualMachineScaleSet", &compute.VirtualMachineScaleSetArgs{
Location: pulumi.String("westus"),
Overprovision: pulumi.Bool(true),
ResourceGroupName: pulumi.String("myResourceGroup"),
Sku: &compute.SkuArgs{
Capacity: pulumi.Float64(3),
Name: pulumi.String("Standard_D1_v2"),
Tier: pulumi.String("Standard"),
},
UpgradePolicy: &compute.UpgradePolicyArgs{
Mode: compute.UpgradeModeManual,
},
VirtualMachineProfile: &compute.VirtualMachineScaleSetVMProfileArgs{
DiagnosticsProfile: &compute.DiagnosticsProfileArgs{
BootDiagnostics: &compute.BootDiagnosticsArgs{
Enabled: pulumi.Bool(true),
StorageUri: pulumi.String("http://{existing-storage-account-name}.blob.core.windows.net"),
},
},
ExtensionProfile: &compute.VirtualMachineScaleSetExtensionProfileArgs{
Extensions: compute.VirtualMachineScaleSetExtensionTypeArray{
&compute.VirtualMachineScaleSetExtensionTypeArgs{
AutoUpgradeMinorVersion: pulumi.Bool(false),
Name: pulumi.String("{extension-name}"),
Publisher: pulumi.String("{extension-Publisher}"),
Settings: pulumi.Any(map[string]interface{}{}),
SuppressFailures: pulumi.Bool(true),
Type: pulumi.String("{extension-Type}"),
TypeHandlerVersion: pulumi.String("{handler-version}"),
},
},
},
NetworkProfile: &compute.VirtualMachineScaleSetNetworkProfileArgs{
NetworkInterfaceConfigurations: compute.VirtualMachineScaleSetNetworkConfigurationArray{
&compute.VirtualMachineScaleSetNetworkConfigurationArgs{
EnableIPForwarding: pulumi.Bool(true),
IpConfigurations: compute.VirtualMachineScaleSetIPConfigurationArray{
&compute.VirtualMachineScaleSetIPConfigurationArgs{
Name: pulumi.String("{vmss-name}"),
Subnet: &compute.ApiEntityReferenceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}"),
},
},
},
Name: pulumi.String("{vmss-name}"),
Primary: pulumi.Bool(true),
},
},
},
OsProfile: &compute.VirtualMachineScaleSetOSProfileArgs{
AdminPassword: pulumi.String("{your-password}"),
AdminUsername: pulumi.String("{your-username}"),
ComputerNamePrefix: pulumi.String("{vmss-name}"),
},
StorageProfile: &compute.VirtualMachineScaleSetStorageProfileArgs{
ImageReference: &compute.ImageReferenceArgs{
Offer: pulumi.String("WindowsServer"),
Publisher: pulumi.String("MicrosoftWindowsServer"),
Sku: pulumi.String("2016-Datacenter"),
Version: pulumi.String("latest"),
},
OsDisk: &compute.VirtualMachineScaleSetOSDiskArgs{
Caching: compute.CachingTypesReadWrite,
CreateOption: pulumi.String(compute.DiskCreateOptionTypesFromImage),
ManagedDisk: &compute.VirtualMachineScaleSetManagedDiskParametersArgs{
StorageAccountType: pulumi.String(compute.StorageAccountTypes_Standard_LRS),
},
},
},
},
VmScaleSetName: pulumi.String("{vmss-name}"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var virtualMachineScaleSet = new AzureNative.Compute.VirtualMachineScaleSet("virtualMachineScaleSet", new()
{
Location = "westus",
Overprovision = true,
ResourceGroupName = "myResourceGroup",
Sku = new AzureNative.Compute.Inputs.SkuArgs
{
Capacity = 3,
Name = "Standard_D1_v2",
Tier = "Standard",
},
UpgradePolicy = new AzureNative.Compute.Inputs.UpgradePolicyArgs
{
Mode = AzureNative.Compute.UpgradeMode.Manual,
},
VirtualMachineProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetVMProfileArgs
{
DiagnosticsProfile = new AzureNative.Compute.Inputs.DiagnosticsProfileArgs
{
BootDiagnostics = new AzureNative.Compute.Inputs.BootDiagnosticsArgs
{
Enabled = true,
StorageUri = "http://{existing-storage-account-name}.blob.core.windows.net",
},
},
ExtensionProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetExtensionProfileArgs
{
Extensions = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetExtensionArgs
{
AutoUpgradeMinorVersion = false,
Name = "{extension-name}",
Publisher = "{extension-Publisher}",
Settings = null,
SuppressFailures = true,
Type = "{extension-Type}",
TypeHandlerVersion = "{handler-version}",
},
},
},
NetworkProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkProfileArgs
{
NetworkInterfaceConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkConfigurationArgs
{
EnableIPForwarding = true,
IpConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetIPConfigurationArgs
{
Name = "{vmss-name}",
Subnet = new AzureNative.Compute.Inputs.ApiEntityReferenceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
},
},
Name = "{vmss-name}",
Primary = true,
},
},
},
OsProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSProfileArgs
{
AdminPassword = "{your-password}",
AdminUsername = "{your-username}",
ComputerNamePrefix = "{vmss-name}",
},
StorageProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetStorageProfileArgs
{
ImageReference = new AzureNative.Compute.Inputs.ImageReferenceArgs
{
Offer = "WindowsServer",
Publisher = "MicrosoftWindowsServer",
Sku = "2016-Datacenter",
Version = "latest",
},
OsDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSDiskArgs
{
Caching = AzureNative.Compute.CachingTypes.ReadWrite,
CreateOption = AzureNative.Compute.DiskCreateOptionTypes.FromImage,
ManagedDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetManagedDiskParametersArgs
{
StorageAccountType = AzureNative.Compute.StorageAccountTypes.Standard_LRS,
},
},
},
},
VmScaleSetName = "{vmss-name}",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.VirtualMachineScaleSet;
import com.pulumi.azurenative.compute.VirtualMachineScaleSetArgs;
import com.pulumi.azurenative.compute.inputs.SkuArgs;
import com.pulumi.azurenative.compute.inputs.UpgradePolicyArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetVMProfileArgs;
import com.pulumi.azurenative.compute.inputs.DiagnosticsProfileArgs;
import com.pulumi.azurenative.compute.inputs.BootDiagnosticsArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetExtensionProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetNetworkProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetStorageProfileArgs;
import com.pulumi.azurenative.compute.inputs.ImageReferenceArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSDiskArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetManagedDiskParametersArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var virtualMachineScaleSet = new VirtualMachineScaleSet("virtualMachineScaleSet", VirtualMachineScaleSetArgs.builder()
.location("westus")
.overprovision(true)
.resourceGroupName("myResourceGroup")
.sku(SkuArgs.builder()
.capacity(3.0)
.name("Standard_D1_v2")
.tier("Standard")
.build())
.upgradePolicy(UpgradePolicyArgs.builder()
.mode("Manual")
.build())
.virtualMachineProfile(VirtualMachineScaleSetVMProfileArgs.builder()
.diagnosticsProfile(DiagnosticsProfileArgs.builder()
.bootDiagnostics(BootDiagnosticsArgs.builder()
.enabled(true)
.storageUri("http://{existing-storage-account-name}.blob.core.windows.net")
.build())
.build())
.extensionProfile(VirtualMachineScaleSetExtensionProfileArgs.builder()
.extensions(VirtualMachineScaleSetExtensionArgs.builder()
.autoUpgradeMinorVersion(false)
.name("{extension-name}")
.publisher("{extension-Publisher}")
.settings(Map.ofEntries(
))
.suppressFailures(true)
.type("{extension-Type}")
.typeHandlerVersion("{handler-version}")
.build())
.build())
.networkProfile(VirtualMachineScaleSetNetworkProfileArgs.builder()
.networkInterfaceConfigurations(VirtualMachineScaleSetNetworkConfigurationArgs.builder()
.enableIPForwarding(true)
.ipConfigurations(VirtualMachineScaleSetIPConfigurationArgs.builder()
.name("{vmss-name}")
.subnet(ApiEntityReferenceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}")
.build())
.build())
.name("{vmss-name}")
.primary(true)
.build())
.build())
.osProfile(VirtualMachineScaleSetOSProfileArgs.builder()
.adminPassword("{your-password}")
.adminUsername("{your-username}")
.computerNamePrefix("{vmss-name}")
.build())
.storageProfile(VirtualMachineScaleSetStorageProfileArgs.builder()
.imageReference(ImageReferenceArgs.builder()
.offer("WindowsServer")
.publisher("MicrosoftWindowsServer")
.sku("2016-Datacenter")
.version("latest")
.build())
.osDisk(VirtualMachineScaleSetOSDiskArgs.builder()
.caching("ReadWrite")
.createOption("FromImage")
.managedDisk(VirtualMachineScaleSetManagedDiskParametersArgs.builder()
.storageAccountType("Standard_LRS")
.build())
.build())
.build())
.build())
.vmScaleSetName("{vmss-name}")
.build());
}
}
resources:
virtualMachineScaleSet:
type: azure-native:compute:VirtualMachineScaleSet
properties:
location: westus
overprovision: true
resourceGroupName: myResourceGroup
sku:
capacity: 3
name: Standard_D1_v2
tier: Standard
upgradePolicy:
mode: Manual
virtualMachineProfile:
diagnosticsProfile:
bootDiagnostics:
enabled: true
storageUri: http://{existing-storage-account-name}.blob.core.windows.net
extensionProfile:
extensions:
- autoUpgradeMinorVersion: false
name: '{extension-name}'
publisher: '{extension-Publisher}'
settings: {}
suppressFailures: true
type: '{extension-Type}'
typeHandlerVersion: '{handler-version}'
networkProfile:
networkInterfaceConfigurations:
- enableIPForwarding: true
ipConfigurations:
- name: '{vmss-name}'
subnet:
id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}
name: '{vmss-name}'
primary: true
osProfile:
adminPassword: '{your-password}'
adminUsername: '{your-username}'
computerNamePrefix: '{vmss-name}'
storageProfile:
imageReference:
offer: WindowsServer
publisher: MicrosoftWindowsServer
sku: 2016-Datacenter
version: latest
osDisk:
caching: ReadWrite
createOption: FromImage
managedDisk:
storageAccountType: Standard_LRS
vmScaleSetName: '{vmss-name}'
Extensions execute on each VM instance after deployment. The extensionProfile defines which extensions to install, specifying the publisher, type, and typeHandlerVersion. The suppressFailures property determines whether extension failures prevent VM provisioning; when true, the VM continues to run even if the extension fails.
Deploy from a custom managed image
Teams that maintain golden images for their workloads can deploy scale sets from custom images stored in Azure Compute Gallery or as standalone managed images.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const virtualMachineScaleSet = new azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet", {
location: "westus",
overprovision: true,
resourceGroupName: "myResourceGroup",
sku: {
capacity: 3,
name: "Standard_D1_v2",
tier: "Standard",
},
upgradePolicy: {
mode: azure_native.compute.UpgradeMode.Manual,
},
virtualMachineProfile: {
networkProfile: {
networkInterfaceConfigurations: [{
enableIPForwarding: true,
ipConfigurations: [{
name: "{vmss-name}",
subnet: {
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
name: "{vmss-name}",
primary: true,
}],
},
osProfile: {
adminPassword: "{your-password}",
adminUsername: "{your-username}",
computerNamePrefix: "{vmss-name}",
},
storageProfile: {
imageReference: {
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/images/{existing-custom-image-name}",
},
osDisk: {
caching: azure_native.compute.CachingTypes.ReadWrite,
createOption: azure_native.compute.DiskCreateOptionTypes.FromImage,
managedDisk: {
storageAccountType: azure_native.compute.StorageAccountTypes.Standard_LRS,
},
},
},
},
vmScaleSetName: "{vmss-name}",
});
import pulumi
import pulumi_azure_native as azure_native
virtual_machine_scale_set = azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet",
location="westus",
overprovision=True,
resource_group_name="myResourceGroup",
sku={
"capacity": 3,
"name": "Standard_D1_v2",
"tier": "Standard",
},
upgrade_policy={
"mode": azure_native.compute.UpgradeMode.MANUAL,
},
virtual_machine_profile={
"network_profile": {
"network_interface_configurations": [{
"enable_ip_forwarding": True,
"ip_configurations": [{
"name": "{vmss-name}",
"subnet": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
"name": "{vmss-name}",
"primary": True,
}],
},
"os_profile": {
"admin_password": "{your-password}",
"admin_username": "{your-username}",
"computer_name_prefix": "{vmss-name}",
},
"storage_profile": {
"image_reference": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/images/{existing-custom-image-name}",
},
"os_disk": {
"caching": azure_native.compute.CachingTypes.READ_WRITE,
"create_option": azure_native.compute.DiskCreateOptionTypes.FROM_IMAGE,
"managed_disk": {
"storage_account_type": azure_native.compute.StorageAccountTypes.STANDARD_LRS,
},
},
},
},
vm_scale_set_name="{vmss-name}")
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewVirtualMachineScaleSet(ctx, "virtualMachineScaleSet", &compute.VirtualMachineScaleSetArgs{
Location: pulumi.String("westus"),
Overprovision: pulumi.Bool(true),
ResourceGroupName: pulumi.String("myResourceGroup"),
Sku: &compute.SkuArgs{
Capacity: pulumi.Float64(3),
Name: pulumi.String("Standard_D1_v2"),
Tier: pulumi.String("Standard"),
},
UpgradePolicy: &compute.UpgradePolicyArgs{
Mode: compute.UpgradeModeManual,
},
VirtualMachineProfile: &compute.VirtualMachineScaleSetVMProfileArgs{
NetworkProfile: &compute.VirtualMachineScaleSetNetworkProfileArgs{
NetworkInterfaceConfigurations: compute.VirtualMachineScaleSetNetworkConfigurationArray{
&compute.VirtualMachineScaleSetNetworkConfigurationArgs{
EnableIPForwarding: pulumi.Bool(true),
IpConfigurations: compute.VirtualMachineScaleSetIPConfigurationArray{
&compute.VirtualMachineScaleSetIPConfigurationArgs{
Name: pulumi.String("{vmss-name}"),
Subnet: &compute.ApiEntityReferenceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}"),
},
},
},
Name: pulumi.String("{vmss-name}"),
Primary: pulumi.Bool(true),
},
},
},
OsProfile: &compute.VirtualMachineScaleSetOSProfileArgs{
AdminPassword: pulumi.String("{your-password}"),
AdminUsername: pulumi.String("{your-username}"),
ComputerNamePrefix: pulumi.String("{vmss-name}"),
},
StorageProfile: &compute.VirtualMachineScaleSetStorageProfileArgs{
ImageReference: &compute.ImageReferenceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/images/{existing-custom-image-name}"),
},
OsDisk: &compute.VirtualMachineScaleSetOSDiskArgs{
Caching: compute.CachingTypesReadWrite,
CreateOption: pulumi.String(compute.DiskCreateOptionTypesFromImage),
ManagedDisk: &compute.VirtualMachineScaleSetManagedDiskParametersArgs{
StorageAccountType: pulumi.String(compute.StorageAccountTypes_Standard_LRS),
},
},
},
},
VmScaleSetName: pulumi.String("{vmss-name}"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var virtualMachineScaleSet = new AzureNative.Compute.VirtualMachineScaleSet("virtualMachineScaleSet", new()
{
Location = "westus",
Overprovision = true,
ResourceGroupName = "myResourceGroup",
Sku = new AzureNative.Compute.Inputs.SkuArgs
{
Capacity = 3,
Name = "Standard_D1_v2",
Tier = "Standard",
},
UpgradePolicy = new AzureNative.Compute.Inputs.UpgradePolicyArgs
{
Mode = AzureNative.Compute.UpgradeMode.Manual,
},
VirtualMachineProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetVMProfileArgs
{
NetworkProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkProfileArgs
{
NetworkInterfaceConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkConfigurationArgs
{
EnableIPForwarding = true,
IpConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetIPConfigurationArgs
{
Name = "{vmss-name}",
Subnet = new AzureNative.Compute.Inputs.ApiEntityReferenceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
},
},
Name = "{vmss-name}",
Primary = true,
},
},
},
OsProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSProfileArgs
{
AdminPassword = "{your-password}",
AdminUsername = "{your-username}",
ComputerNamePrefix = "{vmss-name}",
},
StorageProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetStorageProfileArgs
{
ImageReference = new AzureNative.Compute.Inputs.ImageReferenceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/images/{existing-custom-image-name}",
},
OsDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSDiskArgs
{
Caching = AzureNative.Compute.CachingTypes.ReadWrite,
CreateOption = AzureNative.Compute.DiskCreateOptionTypes.FromImage,
ManagedDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetManagedDiskParametersArgs
{
StorageAccountType = AzureNative.Compute.StorageAccountTypes.Standard_LRS,
},
},
},
},
VmScaleSetName = "{vmss-name}",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.VirtualMachineScaleSet;
import com.pulumi.azurenative.compute.VirtualMachineScaleSetArgs;
import com.pulumi.azurenative.compute.inputs.SkuArgs;
import com.pulumi.azurenative.compute.inputs.UpgradePolicyArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetVMProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetNetworkProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetStorageProfileArgs;
import com.pulumi.azurenative.compute.inputs.ImageReferenceArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSDiskArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetManagedDiskParametersArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var virtualMachineScaleSet = new VirtualMachineScaleSet("virtualMachineScaleSet", VirtualMachineScaleSetArgs.builder()
.location("westus")
.overprovision(true)
.resourceGroupName("myResourceGroup")
.sku(SkuArgs.builder()
.capacity(3.0)
.name("Standard_D1_v2")
.tier("Standard")
.build())
.upgradePolicy(UpgradePolicyArgs.builder()
.mode("Manual")
.build())
.virtualMachineProfile(VirtualMachineScaleSetVMProfileArgs.builder()
.networkProfile(VirtualMachineScaleSetNetworkProfileArgs.builder()
.networkInterfaceConfigurations(VirtualMachineScaleSetNetworkConfigurationArgs.builder()
.enableIPForwarding(true)
.ipConfigurations(VirtualMachineScaleSetIPConfigurationArgs.builder()
.name("{vmss-name}")
.subnet(ApiEntityReferenceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}")
.build())
.build())
.name("{vmss-name}")
.primary(true)
.build())
.build())
.osProfile(VirtualMachineScaleSetOSProfileArgs.builder()
.adminPassword("{your-password}")
.adminUsername("{your-username}")
.computerNamePrefix("{vmss-name}")
.build())
.storageProfile(VirtualMachineScaleSetStorageProfileArgs.builder()
.imageReference(ImageReferenceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/images/{existing-custom-image-name}")
.build())
.osDisk(VirtualMachineScaleSetOSDiskArgs.builder()
.caching("ReadWrite")
.createOption("FromImage")
.managedDisk(VirtualMachineScaleSetManagedDiskParametersArgs.builder()
.storageAccountType("Standard_LRS")
.build())
.build())
.build())
.build())
.vmScaleSetName("{vmss-name}")
.build());
}
}
resources:
virtualMachineScaleSet:
type: azure-native:compute:VirtualMachineScaleSet
properties:
location: westus
overprovision: true
resourceGroupName: myResourceGroup
sku:
capacity: 3
name: Standard_D1_v2
tier: Standard
upgradePolicy:
mode: Manual
virtualMachineProfile:
networkProfile:
networkInterfaceConfigurations:
- enableIPForwarding: true
ipConfigurations:
- name: '{vmss-name}'
subnet:
id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}
name: '{vmss-name}'
primary: true
osProfile:
adminPassword: '{your-password}'
adminUsername: '{your-username}'
computerNamePrefix: '{vmss-name}'
storageProfile:
imageReference:
id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/images/{existing-custom-image-name}
osDisk:
caching: ReadWrite
createOption: FromImage
managedDisk:
storageAccountType: Standard_LRS
vmScaleSetName: '{vmss-name}'
The imageReference.id points to your custom managed image resource. Instead of specifying offer, publisher, and sku (used for marketplace images), you provide the full resource ID of your pre-configured image. The scale set creates VMs by cloning this image.
Deploy from Azure Compute Gallery shared images
Azure Compute Gallery enables centralized image management and distribution across subscriptions and regions.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const virtualMachineScaleSet = new azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet", {
location: "westus",
overprovision: true,
resourceGroupName: "myResourceGroup",
sku: {
capacity: 3,
name: "Standard_D1_v2",
tier: "Standard",
},
upgradePolicy: {
mode: azure_native.compute.UpgradeMode.Manual,
},
virtualMachineProfile: {
networkProfile: {
networkInterfaceConfigurations: [{
enableIPForwarding: true,
ipConfigurations: [{
name: "{vmss-name}",
subnet: {
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
name: "{vmss-name}",
primary: true,
}],
},
osProfile: {
adminPassword: "{your-password}",
adminUsername: "{your-username}",
computerNamePrefix: "{vmss-name}",
},
storageProfile: {
imageReference: {
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/galleries/mySharedGallery/images/mySharedImage",
},
osDisk: {
caching: azure_native.compute.CachingTypes.ReadWrite,
createOption: azure_native.compute.DiskCreateOptionTypes.FromImage,
managedDisk: {
storageAccountType: azure_native.compute.StorageAccountTypes.Standard_LRS,
},
},
},
},
vmScaleSetName: "{vmss-name}",
});
import pulumi
import pulumi_azure_native as azure_native
virtual_machine_scale_set = azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet",
location="westus",
overprovision=True,
resource_group_name="myResourceGroup",
sku={
"capacity": 3,
"name": "Standard_D1_v2",
"tier": "Standard",
},
upgrade_policy={
"mode": azure_native.compute.UpgradeMode.MANUAL,
},
virtual_machine_profile={
"network_profile": {
"network_interface_configurations": [{
"enable_ip_forwarding": True,
"ip_configurations": [{
"name": "{vmss-name}",
"subnet": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
"name": "{vmss-name}",
"primary": True,
}],
},
"os_profile": {
"admin_password": "{your-password}",
"admin_username": "{your-username}",
"computer_name_prefix": "{vmss-name}",
},
"storage_profile": {
"image_reference": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/galleries/mySharedGallery/images/mySharedImage",
},
"os_disk": {
"caching": azure_native.compute.CachingTypes.READ_WRITE,
"create_option": azure_native.compute.DiskCreateOptionTypes.FROM_IMAGE,
"managed_disk": {
"storage_account_type": azure_native.compute.StorageAccountTypes.STANDARD_LRS,
},
},
},
},
vm_scale_set_name="{vmss-name}")
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewVirtualMachineScaleSet(ctx, "virtualMachineScaleSet", &compute.VirtualMachineScaleSetArgs{
Location: pulumi.String("westus"),
Overprovision: pulumi.Bool(true),
ResourceGroupName: pulumi.String("myResourceGroup"),
Sku: &compute.SkuArgs{
Capacity: pulumi.Float64(3),
Name: pulumi.String("Standard_D1_v2"),
Tier: pulumi.String("Standard"),
},
UpgradePolicy: &compute.UpgradePolicyArgs{
Mode: compute.UpgradeModeManual,
},
VirtualMachineProfile: &compute.VirtualMachineScaleSetVMProfileArgs{
NetworkProfile: &compute.VirtualMachineScaleSetNetworkProfileArgs{
NetworkInterfaceConfigurations: compute.VirtualMachineScaleSetNetworkConfigurationArray{
&compute.VirtualMachineScaleSetNetworkConfigurationArgs{
EnableIPForwarding: pulumi.Bool(true),
IpConfigurations: compute.VirtualMachineScaleSetIPConfigurationArray{
&compute.VirtualMachineScaleSetIPConfigurationArgs{
Name: pulumi.String("{vmss-name}"),
Subnet: &compute.ApiEntityReferenceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}"),
},
},
},
Name: pulumi.String("{vmss-name}"),
Primary: pulumi.Bool(true),
},
},
},
OsProfile: &compute.VirtualMachineScaleSetOSProfileArgs{
AdminPassword: pulumi.String("{your-password}"),
AdminUsername: pulumi.String("{your-username}"),
ComputerNamePrefix: pulumi.String("{vmss-name}"),
},
StorageProfile: &compute.VirtualMachineScaleSetStorageProfileArgs{
ImageReference: &compute.ImageReferenceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/galleries/mySharedGallery/images/mySharedImage"),
},
OsDisk: &compute.VirtualMachineScaleSetOSDiskArgs{
Caching: compute.CachingTypesReadWrite,
CreateOption: pulumi.String(compute.DiskCreateOptionTypesFromImage),
ManagedDisk: &compute.VirtualMachineScaleSetManagedDiskParametersArgs{
StorageAccountType: pulumi.String(compute.StorageAccountTypes_Standard_LRS),
},
},
},
},
VmScaleSetName: pulumi.String("{vmss-name}"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var virtualMachineScaleSet = new AzureNative.Compute.VirtualMachineScaleSet("virtualMachineScaleSet", new()
{
Location = "westus",
Overprovision = true,
ResourceGroupName = "myResourceGroup",
Sku = new AzureNative.Compute.Inputs.SkuArgs
{
Capacity = 3,
Name = "Standard_D1_v2",
Tier = "Standard",
},
UpgradePolicy = new AzureNative.Compute.Inputs.UpgradePolicyArgs
{
Mode = AzureNative.Compute.UpgradeMode.Manual,
},
VirtualMachineProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetVMProfileArgs
{
NetworkProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkProfileArgs
{
NetworkInterfaceConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkConfigurationArgs
{
EnableIPForwarding = true,
IpConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetIPConfigurationArgs
{
Name = "{vmss-name}",
Subnet = new AzureNative.Compute.Inputs.ApiEntityReferenceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
},
},
Name = "{vmss-name}",
Primary = true,
},
},
},
OsProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSProfileArgs
{
AdminPassword = "{your-password}",
AdminUsername = "{your-username}",
ComputerNamePrefix = "{vmss-name}",
},
StorageProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetStorageProfileArgs
{
ImageReference = new AzureNative.Compute.Inputs.ImageReferenceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/galleries/mySharedGallery/images/mySharedImage",
},
OsDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSDiskArgs
{
Caching = AzureNative.Compute.CachingTypes.ReadWrite,
CreateOption = AzureNative.Compute.DiskCreateOptionTypes.FromImage,
ManagedDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetManagedDiskParametersArgs
{
StorageAccountType = AzureNative.Compute.StorageAccountTypes.Standard_LRS,
},
},
},
},
VmScaleSetName = "{vmss-name}",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.VirtualMachineScaleSet;
import com.pulumi.azurenative.compute.VirtualMachineScaleSetArgs;
import com.pulumi.azurenative.compute.inputs.SkuArgs;
import com.pulumi.azurenative.compute.inputs.UpgradePolicyArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetVMProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetNetworkProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetStorageProfileArgs;
import com.pulumi.azurenative.compute.inputs.ImageReferenceArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSDiskArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetManagedDiskParametersArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var virtualMachineScaleSet = new VirtualMachineScaleSet("virtualMachineScaleSet", VirtualMachineScaleSetArgs.builder()
.location("westus")
.overprovision(true)
.resourceGroupName("myResourceGroup")
.sku(SkuArgs.builder()
.capacity(3.0)
.name("Standard_D1_v2")
.tier("Standard")
.build())
.upgradePolicy(UpgradePolicyArgs.builder()
.mode("Manual")
.build())
.virtualMachineProfile(VirtualMachineScaleSetVMProfileArgs.builder()
.networkProfile(VirtualMachineScaleSetNetworkProfileArgs.builder()
.networkInterfaceConfigurations(VirtualMachineScaleSetNetworkConfigurationArgs.builder()
.enableIPForwarding(true)
.ipConfigurations(VirtualMachineScaleSetIPConfigurationArgs.builder()
.name("{vmss-name}")
.subnet(ApiEntityReferenceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}")
.build())
.build())
.name("{vmss-name}")
.primary(true)
.build())
.build())
.osProfile(VirtualMachineScaleSetOSProfileArgs.builder()
.adminPassword("{your-password}")
.adminUsername("{your-username}")
.computerNamePrefix("{vmss-name}")
.build())
.storageProfile(VirtualMachineScaleSetStorageProfileArgs.builder()
.imageReference(ImageReferenceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/galleries/mySharedGallery/images/mySharedImage")
.build())
.osDisk(VirtualMachineScaleSetOSDiskArgs.builder()
.caching("ReadWrite")
.createOption("FromImage")
.managedDisk(VirtualMachineScaleSetManagedDiskParametersArgs.builder()
.storageAccountType("Standard_LRS")
.build())
.build())
.build())
.build())
.vmScaleSetName("{vmss-name}")
.build());
}
}
resources:
virtualMachineScaleSet:
type: azure-native:compute:VirtualMachineScaleSet
properties:
location: westus
overprovision: true
resourceGroupName: myResourceGroup
sku:
capacity: 3
name: Standard_D1_v2
tier: Standard
upgradePolicy:
mode: Manual
virtualMachineProfile:
networkProfile:
networkInterfaceConfigurations:
- enableIPForwarding: true
ipConfigurations:
- name: '{vmss-name}'
subnet:
id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}
name: '{vmss-name}'
primary: true
osProfile:
adminPassword: '{your-password}'
adminUsername: '{your-username}'
computerNamePrefix: '{vmss-name}'
storageProfile:
imageReference:
id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/galleries/mySharedGallery/images/mySharedImage
osDisk:
caching: ReadWrite
createOption: FromImage
managedDisk:
storageAccountType: Standard_LRS
vmScaleSetName: '{vmss-name}'
The imageReference.id references an image definition in your gallery using the path format /subscriptions/.../galleries/.../images/.... Gallery images support versioning and replication, allowing you to maintain consistent VM configurations across multiple scale sets and regions.
Enable host-based encryption for VM disks
Workloads with strict compliance requirements can encrypt data at the VM host level, ensuring encryption for both OS and data disks including temporary storage.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const virtualMachineScaleSet = new azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet", {
location: "westus",
overprovision: true,
plan: {
name: "windows2016",
product: "windows-data-science-vm",
publisher: "microsoft-ads",
},
resourceGroupName: "myResourceGroup",
sku: {
capacity: 3,
name: "Standard_DS1_v2",
tier: "Standard",
},
upgradePolicy: {
mode: azure_native.compute.UpgradeMode.Manual,
},
virtualMachineProfile: {
networkProfile: {
networkInterfaceConfigurations: [{
enableIPForwarding: true,
ipConfigurations: [{
name: "{vmss-name}",
subnet: {
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
name: "{vmss-name}",
primary: true,
}],
},
osProfile: {
adminPassword: "{your-password}",
adminUsername: "{your-username}",
computerNamePrefix: "{vmss-name}",
},
securityProfile: {
encryptionAtHost: true,
},
storageProfile: {
imageReference: {
offer: "windows-data-science-vm",
publisher: "microsoft-ads",
sku: "windows2016",
version: "latest",
},
osDisk: {
caching: azure_native.compute.CachingTypes.ReadOnly,
createOption: azure_native.compute.DiskCreateOptionTypes.FromImage,
managedDisk: {
storageAccountType: azure_native.compute.StorageAccountTypes.Standard_LRS,
},
},
},
},
vmScaleSetName: "{vmss-name}",
});
import pulumi
import pulumi_azure_native as azure_native
virtual_machine_scale_set = azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet",
location="westus",
overprovision=True,
plan={
"name": "windows2016",
"product": "windows-data-science-vm",
"publisher": "microsoft-ads",
},
resource_group_name="myResourceGroup",
sku={
"capacity": 3,
"name": "Standard_DS1_v2",
"tier": "Standard",
},
upgrade_policy={
"mode": azure_native.compute.UpgradeMode.MANUAL,
},
virtual_machine_profile={
"network_profile": {
"network_interface_configurations": [{
"enable_ip_forwarding": True,
"ip_configurations": [{
"name": "{vmss-name}",
"subnet": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
"name": "{vmss-name}",
"primary": True,
}],
},
"os_profile": {
"admin_password": "{your-password}",
"admin_username": "{your-username}",
"computer_name_prefix": "{vmss-name}",
},
"security_profile": {
"encryption_at_host": True,
},
"storage_profile": {
"image_reference": {
"offer": "windows-data-science-vm",
"publisher": "microsoft-ads",
"sku": "windows2016",
"version": "latest",
},
"os_disk": {
"caching": azure_native.compute.CachingTypes.READ_ONLY,
"create_option": azure_native.compute.DiskCreateOptionTypes.FROM_IMAGE,
"managed_disk": {
"storage_account_type": azure_native.compute.StorageAccountTypes.STANDARD_LRS,
},
},
},
},
vm_scale_set_name="{vmss-name}")
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewVirtualMachineScaleSet(ctx, "virtualMachineScaleSet", &compute.VirtualMachineScaleSetArgs{
Location: pulumi.String("westus"),
Overprovision: pulumi.Bool(true),
Plan: &compute.PlanArgs{
Name: pulumi.String("windows2016"),
Product: pulumi.String("windows-data-science-vm"),
Publisher: pulumi.String("microsoft-ads"),
},
ResourceGroupName: pulumi.String("myResourceGroup"),
Sku: &compute.SkuArgs{
Capacity: pulumi.Float64(3),
Name: pulumi.String("Standard_DS1_v2"),
Tier: pulumi.String("Standard"),
},
UpgradePolicy: &compute.UpgradePolicyArgs{
Mode: compute.UpgradeModeManual,
},
VirtualMachineProfile: &compute.VirtualMachineScaleSetVMProfileArgs{
NetworkProfile: &compute.VirtualMachineScaleSetNetworkProfileArgs{
NetworkInterfaceConfigurations: compute.VirtualMachineScaleSetNetworkConfigurationArray{
&compute.VirtualMachineScaleSetNetworkConfigurationArgs{
EnableIPForwarding: pulumi.Bool(true),
IpConfigurations: compute.VirtualMachineScaleSetIPConfigurationArray{
&compute.VirtualMachineScaleSetIPConfigurationArgs{
Name: pulumi.String("{vmss-name}"),
Subnet: &compute.ApiEntityReferenceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}"),
},
},
},
Name: pulumi.String("{vmss-name}"),
Primary: pulumi.Bool(true),
},
},
},
OsProfile: &compute.VirtualMachineScaleSetOSProfileArgs{
AdminPassword: pulumi.String("{your-password}"),
AdminUsername: pulumi.String("{your-username}"),
ComputerNamePrefix: pulumi.String("{vmss-name}"),
},
SecurityProfile: &compute.SecurityProfileArgs{
EncryptionAtHost: pulumi.Bool(true),
},
StorageProfile: &compute.VirtualMachineScaleSetStorageProfileArgs{
ImageReference: &compute.ImageReferenceArgs{
Offer: pulumi.String("windows-data-science-vm"),
Publisher: pulumi.String("microsoft-ads"),
Sku: pulumi.String("windows2016"),
Version: pulumi.String("latest"),
},
OsDisk: &compute.VirtualMachineScaleSetOSDiskArgs{
Caching: compute.CachingTypesReadOnly,
CreateOption: pulumi.String(compute.DiskCreateOptionTypesFromImage),
ManagedDisk: &compute.VirtualMachineScaleSetManagedDiskParametersArgs{
StorageAccountType: pulumi.String(compute.StorageAccountTypes_Standard_LRS),
},
},
},
},
VmScaleSetName: pulumi.String("{vmss-name}"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var virtualMachineScaleSet = new AzureNative.Compute.VirtualMachineScaleSet("virtualMachineScaleSet", new()
{
Location = "westus",
Overprovision = true,
Plan = new AzureNative.Compute.Inputs.PlanArgs
{
Name = "windows2016",
Product = "windows-data-science-vm",
Publisher = "microsoft-ads",
},
ResourceGroupName = "myResourceGroup",
Sku = new AzureNative.Compute.Inputs.SkuArgs
{
Capacity = 3,
Name = "Standard_DS1_v2",
Tier = "Standard",
},
UpgradePolicy = new AzureNative.Compute.Inputs.UpgradePolicyArgs
{
Mode = AzureNative.Compute.UpgradeMode.Manual,
},
VirtualMachineProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetVMProfileArgs
{
NetworkProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkProfileArgs
{
NetworkInterfaceConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkConfigurationArgs
{
EnableIPForwarding = true,
IpConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetIPConfigurationArgs
{
Name = "{vmss-name}",
Subnet = new AzureNative.Compute.Inputs.ApiEntityReferenceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
},
},
Name = "{vmss-name}",
Primary = true,
},
},
},
OsProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSProfileArgs
{
AdminPassword = "{your-password}",
AdminUsername = "{your-username}",
ComputerNamePrefix = "{vmss-name}",
},
SecurityProfile = new AzureNative.Compute.Inputs.SecurityProfileArgs
{
EncryptionAtHost = true,
},
StorageProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetStorageProfileArgs
{
ImageReference = new AzureNative.Compute.Inputs.ImageReferenceArgs
{
Offer = "windows-data-science-vm",
Publisher = "microsoft-ads",
Sku = "windows2016",
Version = "latest",
},
OsDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSDiskArgs
{
Caching = AzureNative.Compute.CachingTypes.ReadOnly,
CreateOption = AzureNative.Compute.DiskCreateOptionTypes.FromImage,
ManagedDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetManagedDiskParametersArgs
{
StorageAccountType = AzureNative.Compute.StorageAccountTypes.Standard_LRS,
},
},
},
},
VmScaleSetName = "{vmss-name}",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.VirtualMachineScaleSet;
import com.pulumi.azurenative.compute.VirtualMachineScaleSetArgs;
import com.pulumi.azurenative.compute.inputs.PlanArgs;
import com.pulumi.azurenative.compute.inputs.SkuArgs;
import com.pulumi.azurenative.compute.inputs.UpgradePolicyArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetVMProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetNetworkProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSProfileArgs;
import com.pulumi.azurenative.compute.inputs.SecurityProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetStorageProfileArgs;
import com.pulumi.azurenative.compute.inputs.ImageReferenceArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSDiskArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetManagedDiskParametersArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var virtualMachineScaleSet = new VirtualMachineScaleSet("virtualMachineScaleSet", VirtualMachineScaleSetArgs.builder()
.location("westus")
.overprovision(true)
.plan(PlanArgs.builder()
.name("windows2016")
.product("windows-data-science-vm")
.publisher("microsoft-ads")
.build())
.resourceGroupName("myResourceGroup")
.sku(SkuArgs.builder()
.capacity(3.0)
.name("Standard_DS1_v2")
.tier("Standard")
.build())
.upgradePolicy(UpgradePolicyArgs.builder()
.mode("Manual")
.build())
.virtualMachineProfile(VirtualMachineScaleSetVMProfileArgs.builder()
.networkProfile(VirtualMachineScaleSetNetworkProfileArgs.builder()
.networkInterfaceConfigurations(VirtualMachineScaleSetNetworkConfigurationArgs.builder()
.enableIPForwarding(true)
.ipConfigurations(VirtualMachineScaleSetIPConfigurationArgs.builder()
.name("{vmss-name}")
.subnet(ApiEntityReferenceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}")
.build())
.build())
.name("{vmss-name}")
.primary(true)
.build())
.build())
.osProfile(VirtualMachineScaleSetOSProfileArgs.builder()
.adminPassword("{your-password}")
.adminUsername("{your-username}")
.computerNamePrefix("{vmss-name}")
.build())
.securityProfile(SecurityProfileArgs.builder()
.encryptionAtHost(true)
.build())
.storageProfile(VirtualMachineScaleSetStorageProfileArgs.builder()
.imageReference(ImageReferenceArgs.builder()
.offer("windows-data-science-vm")
.publisher("microsoft-ads")
.sku("windows2016")
.version("latest")
.build())
.osDisk(VirtualMachineScaleSetOSDiskArgs.builder()
.caching("ReadOnly")
.createOption("FromImage")
.managedDisk(VirtualMachineScaleSetManagedDiskParametersArgs.builder()
.storageAccountType("Standard_LRS")
.build())
.build())
.build())
.build())
.vmScaleSetName("{vmss-name}")
.build());
}
}
resources:
virtualMachineScaleSet:
type: azure-native:compute:VirtualMachineScaleSet
properties:
location: westus
overprovision: true
plan:
name: windows2016
product: windows-data-science-vm
publisher: microsoft-ads
resourceGroupName: myResourceGroup
sku:
capacity: 3
name: Standard_DS1_v2
tier: Standard
upgradePolicy:
mode: Manual
virtualMachineProfile:
networkProfile:
networkInterfaceConfigurations:
- enableIPForwarding: true
ipConfigurations:
- name: '{vmss-name}'
subnet:
id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}
name: '{vmss-name}'
primary: true
osProfile:
adminPassword: '{your-password}'
adminUsername: '{your-username}'
computerNamePrefix: '{vmss-name}'
securityProfile:
encryptionAtHost: true
storageProfile:
imageReference:
offer: windows-data-science-vm
publisher: microsoft-ads
sku: windows2016
version: latest
osDisk:
caching: ReadOnly
createOption: FromImage
managedDisk:
storageAccountType: Standard_LRS
vmScaleSetName: '{vmss-name}'
The securityProfile.encryptionAtHost property enables encryption at the physical host before data reaches the storage layer. This encrypts all disk types including temporary disks, providing defense-in-depth beyond standard Azure Storage encryption. Requires subscription-level feature registration.
Configure Trusted Launch with secure boot and vTPM
Trusted Launch protects VMs against boot kits and rootkits by enabling secure boot and virtual Trusted Platform Module capabilities.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const virtualMachineScaleSet = new azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet", {
location: "westus",
overprovision: true,
resourceGroupName: "myResourceGroup",
sku: {
capacity: 3,
name: "Standard_D2s_v3",
tier: "Standard",
},
upgradePolicy: {
mode: azure_native.compute.UpgradeMode.Manual,
},
virtualMachineProfile: {
networkProfile: {
networkInterfaceConfigurations: [{
enableIPForwarding: true,
ipConfigurations: [{
name: "{vmss-name}",
subnet: {
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
name: "{vmss-name}",
primary: true,
}],
},
osProfile: {
adminPassword: "{your-password}",
adminUsername: "{your-username}",
computerNamePrefix: "{vmss-name}",
},
securityProfile: {
securityType: azure_native.compute.SecurityTypes.TrustedLaunch,
uefiSettings: {
secureBootEnabled: true,
vTpmEnabled: true,
},
},
storageProfile: {
imageReference: {
offer: "windowsserver-gen2preview-preview",
publisher: "MicrosoftWindowsServer",
sku: "windows10-tvm",
version: "18363.592.2001092016",
},
osDisk: {
caching: azure_native.compute.CachingTypes.ReadOnly,
createOption: azure_native.compute.DiskCreateOptionTypes.FromImage,
managedDisk: {
storageAccountType: azure_native.compute.StorageAccountTypes.StandardSSD_LRS,
},
},
},
},
vmScaleSetName: "{vmss-name}",
});
import pulumi
import pulumi_azure_native as azure_native
virtual_machine_scale_set = azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet",
location="westus",
overprovision=True,
resource_group_name="myResourceGroup",
sku={
"capacity": 3,
"name": "Standard_D2s_v3",
"tier": "Standard",
},
upgrade_policy={
"mode": azure_native.compute.UpgradeMode.MANUAL,
},
virtual_machine_profile={
"network_profile": {
"network_interface_configurations": [{
"enable_ip_forwarding": True,
"ip_configurations": [{
"name": "{vmss-name}",
"subnet": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
"name": "{vmss-name}",
"primary": True,
}],
},
"os_profile": {
"admin_password": "{your-password}",
"admin_username": "{your-username}",
"computer_name_prefix": "{vmss-name}",
},
"security_profile": {
"security_type": azure_native.compute.SecurityTypes.TRUSTED_LAUNCH,
"uefi_settings": {
"secure_boot_enabled": True,
"v_tpm_enabled": True,
},
},
"storage_profile": {
"image_reference": {
"offer": "windowsserver-gen2preview-preview",
"publisher": "MicrosoftWindowsServer",
"sku": "windows10-tvm",
"version": "18363.592.2001092016",
},
"os_disk": {
"caching": azure_native.compute.CachingTypes.READ_ONLY,
"create_option": azure_native.compute.DiskCreateOptionTypes.FROM_IMAGE,
"managed_disk": {
"storage_account_type": azure_native.compute.StorageAccountTypes.STANDARD_SS_D_LRS,
},
},
},
},
vm_scale_set_name="{vmss-name}")
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewVirtualMachineScaleSet(ctx, "virtualMachineScaleSet", &compute.VirtualMachineScaleSetArgs{
Location: pulumi.String("westus"),
Overprovision: pulumi.Bool(true),
ResourceGroupName: pulumi.String("myResourceGroup"),
Sku: &compute.SkuArgs{
Capacity: pulumi.Float64(3),
Name: pulumi.String("Standard_D2s_v3"),
Tier: pulumi.String("Standard"),
},
UpgradePolicy: &compute.UpgradePolicyArgs{
Mode: compute.UpgradeModeManual,
},
VirtualMachineProfile: &compute.VirtualMachineScaleSetVMProfileArgs{
NetworkProfile: &compute.VirtualMachineScaleSetNetworkProfileArgs{
NetworkInterfaceConfigurations: compute.VirtualMachineScaleSetNetworkConfigurationArray{
&compute.VirtualMachineScaleSetNetworkConfigurationArgs{
EnableIPForwarding: pulumi.Bool(true),
IpConfigurations: compute.VirtualMachineScaleSetIPConfigurationArray{
&compute.VirtualMachineScaleSetIPConfigurationArgs{
Name: pulumi.String("{vmss-name}"),
Subnet: &compute.ApiEntityReferenceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}"),
},
},
},
Name: pulumi.String("{vmss-name}"),
Primary: pulumi.Bool(true),
},
},
},
OsProfile: &compute.VirtualMachineScaleSetOSProfileArgs{
AdminPassword: pulumi.String("{your-password}"),
AdminUsername: pulumi.String("{your-username}"),
ComputerNamePrefix: pulumi.String("{vmss-name}"),
},
SecurityProfile: &compute.SecurityProfileArgs{
SecurityType: pulumi.String(compute.SecurityTypesTrustedLaunch),
UefiSettings: &compute.UefiSettingsArgs{
SecureBootEnabled: pulumi.Bool(true),
VTpmEnabled: pulumi.Bool(true),
},
},
StorageProfile: &compute.VirtualMachineScaleSetStorageProfileArgs{
ImageReference: &compute.ImageReferenceArgs{
Offer: pulumi.String("windowsserver-gen2preview-preview"),
Publisher: pulumi.String("MicrosoftWindowsServer"),
Sku: pulumi.String("windows10-tvm"),
Version: pulumi.String("18363.592.2001092016"),
},
OsDisk: &compute.VirtualMachineScaleSetOSDiskArgs{
Caching: compute.CachingTypesReadOnly,
CreateOption: pulumi.String(compute.DiskCreateOptionTypesFromImage),
ManagedDisk: &compute.VirtualMachineScaleSetManagedDiskParametersArgs{
StorageAccountType: pulumi.String(compute.StorageAccountTypes_StandardSSD_LRS),
},
},
},
},
VmScaleSetName: pulumi.String("{vmss-name}"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var virtualMachineScaleSet = new AzureNative.Compute.VirtualMachineScaleSet("virtualMachineScaleSet", new()
{
Location = "westus",
Overprovision = true,
ResourceGroupName = "myResourceGroup",
Sku = new AzureNative.Compute.Inputs.SkuArgs
{
Capacity = 3,
Name = "Standard_D2s_v3",
Tier = "Standard",
},
UpgradePolicy = new AzureNative.Compute.Inputs.UpgradePolicyArgs
{
Mode = AzureNative.Compute.UpgradeMode.Manual,
},
VirtualMachineProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetVMProfileArgs
{
NetworkProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkProfileArgs
{
NetworkInterfaceConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkConfigurationArgs
{
EnableIPForwarding = true,
IpConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetIPConfigurationArgs
{
Name = "{vmss-name}",
Subnet = new AzureNative.Compute.Inputs.ApiEntityReferenceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
},
},
Name = "{vmss-name}",
Primary = true,
},
},
},
OsProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSProfileArgs
{
AdminPassword = "{your-password}",
AdminUsername = "{your-username}",
ComputerNamePrefix = "{vmss-name}",
},
SecurityProfile = new AzureNative.Compute.Inputs.SecurityProfileArgs
{
SecurityType = AzureNative.Compute.SecurityTypes.TrustedLaunch,
UefiSettings = new AzureNative.Compute.Inputs.UefiSettingsArgs
{
SecureBootEnabled = true,
VTpmEnabled = true,
},
},
StorageProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetStorageProfileArgs
{
ImageReference = new AzureNative.Compute.Inputs.ImageReferenceArgs
{
Offer = "windowsserver-gen2preview-preview",
Publisher = "MicrosoftWindowsServer",
Sku = "windows10-tvm",
Version = "18363.592.2001092016",
},
OsDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSDiskArgs
{
Caching = AzureNative.Compute.CachingTypes.ReadOnly,
CreateOption = AzureNative.Compute.DiskCreateOptionTypes.FromImage,
ManagedDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetManagedDiskParametersArgs
{
StorageAccountType = AzureNative.Compute.StorageAccountTypes.StandardSSD_LRS,
},
},
},
},
VmScaleSetName = "{vmss-name}",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.VirtualMachineScaleSet;
import com.pulumi.azurenative.compute.VirtualMachineScaleSetArgs;
import com.pulumi.azurenative.compute.inputs.SkuArgs;
import com.pulumi.azurenative.compute.inputs.UpgradePolicyArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetVMProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetNetworkProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSProfileArgs;
import com.pulumi.azurenative.compute.inputs.SecurityProfileArgs;
import com.pulumi.azurenative.compute.inputs.UefiSettingsArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetStorageProfileArgs;
import com.pulumi.azurenative.compute.inputs.ImageReferenceArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSDiskArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetManagedDiskParametersArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var virtualMachineScaleSet = new VirtualMachineScaleSet("virtualMachineScaleSet", VirtualMachineScaleSetArgs.builder()
.location("westus")
.overprovision(true)
.resourceGroupName("myResourceGroup")
.sku(SkuArgs.builder()
.capacity(3.0)
.name("Standard_D2s_v3")
.tier("Standard")
.build())
.upgradePolicy(UpgradePolicyArgs.builder()
.mode("Manual")
.build())
.virtualMachineProfile(VirtualMachineScaleSetVMProfileArgs.builder()
.networkProfile(VirtualMachineScaleSetNetworkProfileArgs.builder()
.networkInterfaceConfigurations(VirtualMachineScaleSetNetworkConfigurationArgs.builder()
.enableIPForwarding(true)
.ipConfigurations(VirtualMachineScaleSetIPConfigurationArgs.builder()
.name("{vmss-name}")
.subnet(ApiEntityReferenceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}")
.build())
.build())
.name("{vmss-name}")
.primary(true)
.build())
.build())
.osProfile(VirtualMachineScaleSetOSProfileArgs.builder()
.adminPassword("{your-password}")
.adminUsername("{your-username}")
.computerNamePrefix("{vmss-name}")
.build())
.securityProfile(SecurityProfileArgs.builder()
.securityType("TrustedLaunch")
.uefiSettings(UefiSettingsArgs.builder()
.secureBootEnabled(true)
.vTpmEnabled(true)
.build())
.build())
.storageProfile(VirtualMachineScaleSetStorageProfileArgs.builder()
.imageReference(ImageReferenceArgs.builder()
.offer("windowsserver-gen2preview-preview")
.publisher("MicrosoftWindowsServer")
.sku("windows10-tvm")
.version("18363.592.2001092016")
.build())
.osDisk(VirtualMachineScaleSetOSDiskArgs.builder()
.caching("ReadOnly")
.createOption("FromImage")
.managedDisk(VirtualMachineScaleSetManagedDiskParametersArgs.builder()
.storageAccountType("StandardSSD_LRS")
.build())
.build())
.build())
.build())
.vmScaleSetName("{vmss-name}")
.build());
}
}
resources:
virtualMachineScaleSet:
type: azure-native:compute:VirtualMachineScaleSet
properties:
location: westus
overprovision: true
resourceGroupName: myResourceGroup
sku:
capacity: 3
name: Standard_D2s_v3
tier: Standard
upgradePolicy:
mode: Manual
virtualMachineProfile:
networkProfile:
networkInterfaceConfigurations:
- enableIPForwarding: true
ipConfigurations:
- name: '{vmss-name}'
subnet:
id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}
name: '{vmss-name}'
primary: true
osProfile:
adminPassword: '{your-password}'
adminUsername: '{your-username}'
computerNamePrefix: '{vmss-name}'
securityProfile:
securityType: TrustedLaunch
uefiSettings:
secureBootEnabled: true
vTpmEnabled: true
storageProfile:
imageReference:
offer: windowsserver-gen2preview-preview
publisher: MicrosoftWindowsServer
sku: windows10-tvm
version: 18363.592.2001092016
osDisk:
caching: ReadOnly
createOption: FromImage
managedDisk:
storageAccountType: StandardSSD_LRS
vmScaleSetName: '{vmss-name}'
The securityProfile.securityType must be set to “TrustedLaunch”, with uefiSettings.secureBootEnabled and uefiSettings.vTpmEnabled both true. Secure boot validates boot components against trusted signatures, while vTPM provides hardware-based cryptographic operations. Requires Generation 2 VM images.
Integrate with Azure Load Balancer for traffic distribution
Scale sets commonly sit behind load balancers to distribute incoming traffic across VM instances and provide health monitoring.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const virtualMachineScaleSet = new azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet", {
location: "westus",
overprovision: true,
resourceGroupName: "myResourceGroup",
sku: {
capacity: 3,
name: "Standard_D1_v2",
tier: "Standard",
},
upgradePolicy: {
mode: azure_native.compute.UpgradeMode.Manual,
},
virtualMachineProfile: {
networkProfile: {
networkInterfaceConfigurations: [{
enableIPForwarding: true,
ipConfigurations: [{
applicationGatewayBackendAddressPools: [{
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/applicationGateways/{existing-application-gateway-name}/backendAddressPools/{existing-backend-address-pool-name}",
}],
name: "{vmss-name}",
subnet: {
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
name: "{vmss-name}",
primary: true,
}],
},
osProfile: {
adminPassword: "{your-password}",
adminUsername: "{your-username}",
computerNamePrefix: "{vmss-name}",
},
storageProfile: {
imageReference: {
offer: "WindowsServer",
publisher: "MicrosoftWindowsServer",
sku: "2016-Datacenter",
version: "latest",
},
osDisk: {
caching: azure_native.compute.CachingTypes.ReadWrite,
createOption: azure_native.compute.DiskCreateOptionTypes.FromImage,
managedDisk: {
storageAccountType: azure_native.compute.StorageAccountTypes.Standard_LRS,
},
},
},
},
vmScaleSetName: "{vmss-name}",
});
import pulumi
import pulumi_azure_native as azure_native
virtual_machine_scale_set = azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet",
location="westus",
overprovision=True,
resource_group_name="myResourceGroup",
sku={
"capacity": 3,
"name": "Standard_D1_v2",
"tier": "Standard",
},
upgrade_policy={
"mode": azure_native.compute.UpgradeMode.MANUAL,
},
virtual_machine_profile={
"network_profile": {
"network_interface_configurations": [{
"enable_ip_forwarding": True,
"ip_configurations": [{
"application_gateway_backend_address_pools": [{
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/applicationGateways/{existing-application-gateway-name}/backendAddressPools/{existing-backend-address-pool-name}",
}],
"name": "{vmss-name}",
"subnet": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
"name": "{vmss-name}",
"primary": True,
}],
},
"os_profile": {
"admin_password": "{your-password}",
"admin_username": "{your-username}",
"computer_name_prefix": "{vmss-name}",
},
"storage_profile": {
"image_reference": {
"offer": "WindowsServer",
"publisher": "MicrosoftWindowsServer",
"sku": "2016-Datacenter",
"version": "latest",
},
"os_disk": {
"caching": azure_native.compute.CachingTypes.READ_WRITE,
"create_option": azure_native.compute.DiskCreateOptionTypes.FROM_IMAGE,
"managed_disk": {
"storage_account_type": azure_native.compute.StorageAccountTypes.STANDARD_LRS,
},
},
},
},
vm_scale_set_name="{vmss-name}")
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewVirtualMachineScaleSet(ctx, "virtualMachineScaleSet", &compute.VirtualMachineScaleSetArgs{
Location: pulumi.String("westus"),
Overprovision: pulumi.Bool(true),
ResourceGroupName: pulumi.String("myResourceGroup"),
Sku: &compute.SkuArgs{
Capacity: pulumi.Float64(3),
Name: pulumi.String("Standard_D1_v2"),
Tier: pulumi.String("Standard"),
},
UpgradePolicy: &compute.UpgradePolicyArgs{
Mode: compute.UpgradeModeManual,
},
VirtualMachineProfile: &compute.VirtualMachineScaleSetVMProfileArgs{
NetworkProfile: &compute.VirtualMachineScaleSetNetworkProfileArgs{
NetworkInterfaceConfigurations: compute.VirtualMachineScaleSetNetworkConfigurationArray{
&compute.VirtualMachineScaleSetNetworkConfigurationArgs{
EnableIPForwarding: pulumi.Bool(true),
IpConfigurations: compute.VirtualMachineScaleSetIPConfigurationArray{
&compute.VirtualMachineScaleSetIPConfigurationArgs{
ApplicationGatewayBackendAddressPools: compute.SubResourceArray{
&compute.SubResourceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/applicationGateways/{existing-application-gateway-name}/backendAddressPools/{existing-backend-address-pool-name}"),
},
},
Name: pulumi.String("{vmss-name}"),
Subnet: &compute.ApiEntityReferenceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}"),
},
},
},
Name: pulumi.String("{vmss-name}"),
Primary: pulumi.Bool(true),
},
},
},
OsProfile: &compute.VirtualMachineScaleSetOSProfileArgs{
AdminPassword: pulumi.String("{your-password}"),
AdminUsername: pulumi.String("{your-username}"),
ComputerNamePrefix: pulumi.String("{vmss-name}"),
},
StorageProfile: &compute.VirtualMachineScaleSetStorageProfileArgs{
ImageReference: &compute.ImageReferenceArgs{
Offer: pulumi.String("WindowsServer"),
Publisher: pulumi.String("MicrosoftWindowsServer"),
Sku: pulumi.String("2016-Datacenter"),
Version: pulumi.String("latest"),
},
OsDisk: &compute.VirtualMachineScaleSetOSDiskArgs{
Caching: compute.CachingTypesReadWrite,
CreateOption: pulumi.String(compute.DiskCreateOptionTypesFromImage),
ManagedDisk: &compute.VirtualMachineScaleSetManagedDiskParametersArgs{
StorageAccountType: pulumi.String(compute.StorageAccountTypes_Standard_LRS),
},
},
},
},
VmScaleSetName: pulumi.String("{vmss-name}"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var virtualMachineScaleSet = new AzureNative.Compute.VirtualMachineScaleSet("virtualMachineScaleSet", new()
{
Location = "westus",
Overprovision = true,
ResourceGroupName = "myResourceGroup",
Sku = new AzureNative.Compute.Inputs.SkuArgs
{
Capacity = 3,
Name = "Standard_D1_v2",
Tier = "Standard",
},
UpgradePolicy = new AzureNative.Compute.Inputs.UpgradePolicyArgs
{
Mode = AzureNative.Compute.UpgradeMode.Manual,
},
VirtualMachineProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetVMProfileArgs
{
NetworkProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkProfileArgs
{
NetworkInterfaceConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkConfigurationArgs
{
EnableIPForwarding = true,
IpConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetIPConfigurationArgs
{
ApplicationGatewayBackendAddressPools = new[]
{
new AzureNative.Compute.Inputs.SubResourceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/applicationGateways/{existing-application-gateway-name}/backendAddressPools/{existing-backend-address-pool-name}",
},
},
Name = "{vmss-name}",
Subnet = new AzureNative.Compute.Inputs.ApiEntityReferenceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
},
},
Name = "{vmss-name}",
Primary = true,
},
},
},
OsProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSProfileArgs
{
AdminPassword = "{your-password}",
AdminUsername = "{your-username}",
ComputerNamePrefix = "{vmss-name}",
},
StorageProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetStorageProfileArgs
{
ImageReference = new AzureNative.Compute.Inputs.ImageReferenceArgs
{
Offer = "WindowsServer",
Publisher = "MicrosoftWindowsServer",
Sku = "2016-Datacenter",
Version = "latest",
},
OsDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSDiskArgs
{
Caching = AzureNative.Compute.CachingTypes.ReadWrite,
CreateOption = AzureNative.Compute.DiskCreateOptionTypes.FromImage,
ManagedDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetManagedDiskParametersArgs
{
StorageAccountType = AzureNative.Compute.StorageAccountTypes.Standard_LRS,
},
},
},
},
VmScaleSetName = "{vmss-name}",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.VirtualMachineScaleSet;
import com.pulumi.azurenative.compute.VirtualMachineScaleSetArgs;
import com.pulumi.azurenative.compute.inputs.SkuArgs;
import com.pulumi.azurenative.compute.inputs.UpgradePolicyArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetVMProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetNetworkProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetStorageProfileArgs;
import com.pulumi.azurenative.compute.inputs.ImageReferenceArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSDiskArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetManagedDiskParametersArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var virtualMachineScaleSet = new VirtualMachineScaleSet("virtualMachineScaleSet", VirtualMachineScaleSetArgs.builder()
.location("westus")
.overprovision(true)
.resourceGroupName("myResourceGroup")
.sku(SkuArgs.builder()
.capacity(3.0)
.name("Standard_D1_v2")
.tier("Standard")
.build())
.upgradePolicy(UpgradePolicyArgs.builder()
.mode("Manual")
.build())
.virtualMachineProfile(VirtualMachineScaleSetVMProfileArgs.builder()
.networkProfile(VirtualMachineScaleSetNetworkProfileArgs.builder()
.networkInterfaceConfigurations(VirtualMachineScaleSetNetworkConfigurationArgs.builder()
.enableIPForwarding(true)
.ipConfigurations(VirtualMachineScaleSetIPConfigurationArgs.builder()
.applicationGatewayBackendAddressPools(SubResourceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/applicationGateways/{existing-application-gateway-name}/backendAddressPools/{existing-backend-address-pool-name}")
.build())
.name("{vmss-name}")
.subnet(ApiEntityReferenceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}")
.build())
.build())
.name("{vmss-name}")
.primary(true)
.build())
.build())
.osProfile(VirtualMachineScaleSetOSProfileArgs.builder()
.adminPassword("{your-password}")
.adminUsername("{your-username}")
.computerNamePrefix("{vmss-name}")
.build())
.storageProfile(VirtualMachineScaleSetStorageProfileArgs.builder()
.imageReference(ImageReferenceArgs.builder()
.offer("WindowsServer")
.publisher("MicrosoftWindowsServer")
.sku("2016-Datacenter")
.version("latest")
.build())
.osDisk(VirtualMachineScaleSetOSDiskArgs.builder()
.caching("ReadWrite")
.createOption("FromImage")
.managedDisk(VirtualMachineScaleSetManagedDiskParametersArgs.builder()
.storageAccountType("Standard_LRS")
.build())
.build())
.build())
.build())
.vmScaleSetName("{vmss-name}")
.build());
}
}
resources:
virtualMachineScaleSet:
type: azure-native:compute:VirtualMachineScaleSet
properties:
location: westus
overprovision: true
resourceGroupName: myResourceGroup
sku:
capacity: 3
name: Standard_D1_v2
tier: Standard
upgradePolicy:
mode: Manual
virtualMachineProfile:
networkProfile:
networkInterfaceConfigurations:
- enableIPForwarding: true
ipConfigurations:
- applicationGatewayBackendAddressPools:
- id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/applicationGateways/{existing-application-gateway-name}/backendAddressPools/{existing-backend-address-pool-name}
name: '{vmss-name}'
subnet:
id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}
name: '{vmss-name}'
primary: true
osProfile:
adminPassword: '{your-password}'
adminUsername: '{your-username}'
computerNamePrefix: '{vmss-name}'
storageProfile:
imageReference:
offer: WindowsServer
publisher: MicrosoftWindowsServer
sku: 2016-Datacenter
version: latest
osDisk:
caching: ReadWrite
createOption: FromImage
managedDisk:
storageAccountType: Standard_LRS
vmScaleSetName: '{vmss-name}'
The ipConfigurations array includes loadBalancerBackendAddressPools to connect instances to the load balancer’s backend pool, and loadBalancerInboundNatPools for SSH or RDP access to individual instances. The publicIPAddressConfiguration assigns public IPs to each instance when needed.
Enable automatic instance repairs with health monitoring
Scale sets can automatically detect and replace unhealthy instances based on health probe signals, maintaining application availability without manual intervention.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const virtualMachineScaleSet = new azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet", {
location: "westus",
overprovision: true,
resourceGroupName: "myResourceGroup",
sku: {
capacity: 3,
name: "Standard_D1_v2",
tier: "Standard",
},
upgradePolicy: {
mode: azure_native.compute.UpgradeMode.Manual,
},
virtualMachineProfile: {
networkProfile: {
networkInterfaceConfigurations: [{
enableIPForwarding: true,
ipConfigurations: [{
loadBalancerBackendAddressPools: [{
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/{existing-load-balancer-name}/backendAddressPools/{existing-backend-address-pool-name}",
}],
loadBalancerInboundNatPools: [{
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/{existing-load-balancer-name}/inboundNatPools/{existing-nat-pool-name}",
}],
name: "{vmss-name}",
publicIPAddressConfiguration: {
name: "{vmss-name}",
publicIPAddressVersion: azure_native.compute.IPVersion.IPv4,
},
subnet: {
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
name: "{vmss-name}",
primary: true,
}],
},
osProfile: {
adminPassword: "{your-password}",
adminUsername: "{your-username}",
computerNamePrefix: "{vmss-name}",
},
storageProfile: {
imageReference: {
offer: "WindowsServer",
publisher: "MicrosoftWindowsServer",
sku: "2016-Datacenter",
version: "latest",
},
osDisk: {
caching: azure_native.compute.CachingTypes.ReadWrite,
createOption: azure_native.compute.DiskCreateOptionTypes.FromImage,
managedDisk: {
storageAccountType: azure_native.compute.StorageAccountTypes.Standard_LRS,
},
},
},
},
vmScaleSetName: "{vmss-name}",
});
import pulumi
import pulumi_azure_native as azure_native
virtual_machine_scale_set = azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet",
location="westus",
overprovision=True,
resource_group_name="myResourceGroup",
sku={
"capacity": 3,
"name": "Standard_D1_v2",
"tier": "Standard",
},
upgrade_policy={
"mode": azure_native.compute.UpgradeMode.MANUAL,
},
virtual_machine_profile={
"network_profile": {
"network_interface_configurations": [{
"enable_ip_forwarding": True,
"ip_configurations": [{
"load_balancer_backend_address_pools": [{
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/{existing-load-balancer-name}/backendAddressPools/{existing-backend-address-pool-name}",
}],
"load_balancer_inbound_nat_pools": [{
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/{existing-load-balancer-name}/inboundNatPools/{existing-nat-pool-name}",
}],
"name": "{vmss-name}",
"public_ip_address_configuration": {
"name": "{vmss-name}",
"public_ip_address_version": azure_native.compute.IPVersion.I_PV4,
},
"subnet": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
"name": "{vmss-name}",
"primary": True,
}],
},
"os_profile": {
"admin_password": "{your-password}",
"admin_username": "{your-username}",
"computer_name_prefix": "{vmss-name}",
},
"storage_profile": {
"image_reference": {
"offer": "WindowsServer",
"publisher": "MicrosoftWindowsServer",
"sku": "2016-Datacenter",
"version": "latest",
},
"os_disk": {
"caching": azure_native.compute.CachingTypes.READ_WRITE,
"create_option": azure_native.compute.DiskCreateOptionTypes.FROM_IMAGE,
"managed_disk": {
"storage_account_type": azure_native.compute.StorageAccountTypes.STANDARD_LRS,
},
},
},
},
vm_scale_set_name="{vmss-name}")
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewVirtualMachineScaleSet(ctx, "virtualMachineScaleSet", &compute.VirtualMachineScaleSetArgs{
Location: pulumi.String("westus"),
Overprovision: pulumi.Bool(true),
ResourceGroupName: pulumi.String("myResourceGroup"),
Sku: &compute.SkuArgs{
Capacity: pulumi.Float64(3),
Name: pulumi.String("Standard_D1_v2"),
Tier: pulumi.String("Standard"),
},
UpgradePolicy: &compute.UpgradePolicyArgs{
Mode: compute.UpgradeModeManual,
},
VirtualMachineProfile: &compute.VirtualMachineScaleSetVMProfileArgs{
NetworkProfile: &compute.VirtualMachineScaleSetNetworkProfileArgs{
NetworkInterfaceConfigurations: compute.VirtualMachineScaleSetNetworkConfigurationArray{
&compute.VirtualMachineScaleSetNetworkConfigurationArgs{
EnableIPForwarding: pulumi.Bool(true),
IpConfigurations: compute.VirtualMachineScaleSetIPConfigurationArray{
&compute.VirtualMachineScaleSetIPConfigurationArgs{
LoadBalancerBackendAddressPools: compute.SubResourceArray{
&compute.SubResourceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/{existing-load-balancer-name}/backendAddressPools/{existing-backend-address-pool-name}"),
},
},
LoadBalancerInboundNatPools: compute.SubResourceArray{
&compute.SubResourceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/{existing-load-balancer-name}/inboundNatPools/{existing-nat-pool-name}"),
},
},
Name: pulumi.String("{vmss-name}"),
PublicIPAddressConfiguration: &compute.VirtualMachineScaleSetPublicIPAddressConfigurationArgs{
Name: pulumi.String("{vmss-name}"),
PublicIPAddressVersion: pulumi.String(compute.IPVersionIPv4),
},
Subnet: &compute.ApiEntityReferenceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}"),
},
},
},
Name: pulumi.String("{vmss-name}"),
Primary: pulumi.Bool(true),
},
},
},
OsProfile: &compute.VirtualMachineScaleSetOSProfileArgs{
AdminPassword: pulumi.String("{your-password}"),
AdminUsername: pulumi.String("{your-username}"),
ComputerNamePrefix: pulumi.String("{vmss-name}"),
},
StorageProfile: &compute.VirtualMachineScaleSetStorageProfileArgs{
ImageReference: &compute.ImageReferenceArgs{
Offer: pulumi.String("WindowsServer"),
Publisher: pulumi.String("MicrosoftWindowsServer"),
Sku: pulumi.String("2016-Datacenter"),
Version: pulumi.String("latest"),
},
OsDisk: &compute.VirtualMachineScaleSetOSDiskArgs{
Caching: compute.CachingTypesReadWrite,
CreateOption: pulumi.String(compute.DiskCreateOptionTypesFromImage),
ManagedDisk: &compute.VirtualMachineScaleSetManagedDiskParametersArgs{
StorageAccountType: pulumi.String(compute.StorageAccountTypes_Standard_LRS),
},
},
},
},
VmScaleSetName: pulumi.String("{vmss-name}"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var virtualMachineScaleSet = new AzureNative.Compute.VirtualMachineScaleSet("virtualMachineScaleSet", new()
{
Location = "westus",
Overprovision = true,
ResourceGroupName = "myResourceGroup",
Sku = new AzureNative.Compute.Inputs.SkuArgs
{
Capacity = 3,
Name = "Standard_D1_v2",
Tier = "Standard",
},
UpgradePolicy = new AzureNative.Compute.Inputs.UpgradePolicyArgs
{
Mode = AzureNative.Compute.UpgradeMode.Manual,
},
VirtualMachineProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetVMProfileArgs
{
NetworkProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkProfileArgs
{
NetworkInterfaceConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkConfigurationArgs
{
EnableIPForwarding = true,
IpConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetIPConfigurationArgs
{
LoadBalancerBackendAddressPools = new[]
{
new AzureNative.Compute.Inputs.SubResourceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/{existing-load-balancer-name}/backendAddressPools/{existing-backend-address-pool-name}",
},
},
LoadBalancerInboundNatPools = new[]
{
new AzureNative.Compute.Inputs.SubResourceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/{existing-load-balancer-name}/inboundNatPools/{existing-nat-pool-name}",
},
},
Name = "{vmss-name}",
PublicIPAddressConfiguration = new AzureNative.Compute.Inputs.VirtualMachineScaleSetPublicIPAddressConfigurationArgs
{
Name = "{vmss-name}",
PublicIPAddressVersion = AzureNative.Compute.IPVersion.IPv4,
},
Subnet = new AzureNative.Compute.Inputs.ApiEntityReferenceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
},
},
Name = "{vmss-name}",
Primary = true,
},
},
},
OsProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSProfileArgs
{
AdminPassword = "{your-password}",
AdminUsername = "{your-username}",
ComputerNamePrefix = "{vmss-name}",
},
StorageProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetStorageProfileArgs
{
ImageReference = new AzureNative.Compute.Inputs.ImageReferenceArgs
{
Offer = "WindowsServer",
Publisher = "MicrosoftWindowsServer",
Sku = "2016-Datacenter",
Version = "latest",
},
OsDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSDiskArgs
{
Caching = AzureNative.Compute.CachingTypes.ReadWrite,
CreateOption = AzureNative.Compute.DiskCreateOptionTypes.FromImage,
ManagedDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetManagedDiskParametersArgs
{
StorageAccountType = AzureNative.Compute.StorageAccountTypes.Standard_LRS,
},
},
},
},
VmScaleSetName = "{vmss-name}",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.VirtualMachineScaleSet;
import com.pulumi.azurenative.compute.VirtualMachineScaleSetArgs;
import com.pulumi.azurenative.compute.inputs.SkuArgs;
import com.pulumi.azurenative.compute.inputs.UpgradePolicyArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetVMProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetNetworkProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetStorageProfileArgs;
import com.pulumi.azurenative.compute.inputs.ImageReferenceArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSDiskArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetManagedDiskParametersArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var virtualMachineScaleSet = new VirtualMachineScaleSet("virtualMachineScaleSet", VirtualMachineScaleSetArgs.builder()
.location("westus")
.overprovision(true)
.resourceGroupName("myResourceGroup")
.sku(SkuArgs.builder()
.capacity(3.0)
.name("Standard_D1_v2")
.tier("Standard")
.build())
.upgradePolicy(UpgradePolicyArgs.builder()
.mode("Manual")
.build())
.virtualMachineProfile(VirtualMachineScaleSetVMProfileArgs.builder()
.networkProfile(VirtualMachineScaleSetNetworkProfileArgs.builder()
.networkInterfaceConfigurations(VirtualMachineScaleSetNetworkConfigurationArgs.builder()
.enableIPForwarding(true)
.ipConfigurations(VirtualMachineScaleSetIPConfigurationArgs.builder()
.loadBalancerBackendAddressPools(SubResourceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/{existing-load-balancer-name}/backendAddressPools/{existing-backend-address-pool-name}")
.build())
.loadBalancerInboundNatPools(SubResourceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/{existing-load-balancer-name}/inboundNatPools/{existing-nat-pool-name}")
.build())
.name("{vmss-name}")
.publicIPAddressConfiguration(VirtualMachineScaleSetPublicIPAddressConfigurationArgs.builder()
.name("{vmss-name}")
.publicIPAddressVersion("IPv4")
.build())
.subnet(ApiEntityReferenceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}")
.build())
.build())
.name("{vmss-name}")
.primary(true)
.build())
.build())
.osProfile(VirtualMachineScaleSetOSProfileArgs.builder()
.adminPassword("{your-password}")
.adminUsername("{your-username}")
.computerNamePrefix("{vmss-name}")
.build())
.storageProfile(VirtualMachineScaleSetStorageProfileArgs.builder()
.imageReference(ImageReferenceArgs.builder()
.offer("WindowsServer")
.publisher("MicrosoftWindowsServer")
.sku("2016-Datacenter")
.version("latest")
.build())
.osDisk(VirtualMachineScaleSetOSDiskArgs.builder()
.caching("ReadWrite")
.createOption("FromImage")
.managedDisk(VirtualMachineScaleSetManagedDiskParametersArgs.builder()
.storageAccountType("Standard_LRS")
.build())
.build())
.build())
.build())
.vmScaleSetName("{vmss-name}")
.build());
}
}
resources:
virtualMachineScaleSet:
type: azure-native:compute:VirtualMachineScaleSet
properties:
location: westus
overprovision: true
resourceGroupName: myResourceGroup
sku:
capacity: 3
name: Standard_D1_v2
tier: Standard
upgradePolicy:
mode: Manual
virtualMachineProfile:
networkProfile:
networkInterfaceConfigurations:
- enableIPForwarding: true
ipConfigurations:
- loadBalancerBackendAddressPools:
- id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/{existing-load-balancer-name}/backendAddressPools/{existing-backend-address-pool-name}
loadBalancerInboundNatPools:
- id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/{existing-load-balancer-name}/inboundNatPools/{existing-nat-pool-name}
name: '{vmss-name}'
publicIPAddressConfiguration:
name: '{vmss-name}'
publicIPAddressVersion: IPv4
subnet:
id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}
name: '{vmss-name}'
primary: true
osProfile:
adminPassword: '{your-password}'
adminUsername: '{your-username}'
computerNamePrefix: '{vmss-name}'
storageProfile:
imageReference:
offer: WindowsServer
publisher: MicrosoftWindowsServer
sku: 2016-Datacenter
version: latest
osDisk:
caching: ReadWrite
createOption: FromImage
managedDisk:
storageAccountType: Standard_LRS
vmScaleSetName: '{vmss-name}'
The automaticRepairsPolicy.enabled property activates automatic repairs. The gracePeriod (in ISO 8601 duration format like “PT10M” for 10 minutes) delays repair actions after instance creation or updates, allowing applications time to initialize. Requires either an application health extension or load balancer health probe to signal instance health.
Beyond these examples
These snippets focus on specific scale set features: VM extensions and custom images, security configurations, and load balancer integration. They’re intentionally minimal rather than full VM deployments.
The examples may reference pre-existing infrastructure such as virtual networks and subnets, custom images or gallery images, load balancers or application gateways, and storage accounts for boot diagnostics. They focus on configuring the scale set rather than provisioning everything around it.
To keep things focused, common scale set patterns are omitted, including:
- Upgrade policies (automatic, rolling, manual modes)
- Overprovisioning and capacity management
- Data disk configuration and storage options
- Proximity placement groups and availability zones
- Spot instance pricing and eviction policies
- User-assigned managed identities
These omissions are intentional: the goal is to illustrate how each scale set feature is wired, not provide drop-in VM modules. See the VirtualMachineScaleSet resource reference for all available configuration options.
Let's deploy Azure Virtual Machine Scale Sets
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Image & Storage Configuration
What types of images can I use for my scale set?
You can use three types of images:
- Platform images - Marketplace images like
MicrosoftWindowsServer/WindowsServer/2016-Datacenter - Custom images - Your own images via
imageReference.idpointing to a managed image - Shared gallery images - Images from Azure Compute Gallery via gallery resource ID
How do I use a custom image from a shared gallery?
Set
storageProfile.imageReference.id to the full gallery image resource ID (e.g., /subscriptions/{id}/resourceGroups/{rg}/providers/Microsoft.Compute/galleries/{gallery}/images/{image}).How do I encrypt disks with a DiskEncryptionSet?
Configure
storageProfile.osDisk.managedDisk.diskEncryptionSet.id with your DiskEncryptionSet resource ID. This applies to both OS and data disks.Networking & Connectivity
How do I connect my scale set to a load balancer?
Configure networkProfile.networkInterfaceConfigurations[].ipConfigurations[] with:
loadBalancerBackendAddressPoolsfor backend poolsloadBalancerInboundNatPoolsfor NAT rules
How do I connect to an Application Gateway?
Set
ipConfigurations[].applicationGatewayBackendAddressPools with the Application Gateway backend pool resource ID.How do I configure public IP addresses with custom DNS settings?
Use
ipConfigurations[].publicIPAddressConfiguration with dnsSettings.domainNameLabel and optionally domainNameLabelScope (e.g., NoReuse).Security & Encryption
What's the difference between TrustedLaunch and ConfidentialVM?
TrustedLaunch provides secure boot and vTPM via
securityProfile.uefiSettings. ConfidentialVM adds memory encryption with securityProfile.securityType: ConfidentialVM and requires osDisk.managedDisk.securityProfile.securityEncryptionType (e.g., VMGuestStateOnly).How do I enable host-based encryption?
Set
virtualMachineProfile.securityProfile.encryptionAtHost to true. This encrypts data at rest on the VM host.How do I use Key Vault secrets in VM extensions?
Configure
extensionProfile.extensions[].protectedSettingsFromKeyVault with secretUrl and sourceVault.id pointing to your Key Vault resource.Scaling & Upgrades
What does overprovision do?
When
overprovision is true, Azure provisions extra VMs during scale-out and deletes extras once the target count is reached, improving scale-out speed.What upgrade modes are available?
upgradePolicy.mode can be Manual (you control upgrades) or Automatic (Azure upgrades VMs automatically). Automatic mode requires automaticOSUpgradePolicy.enableAutomaticOSUpgrade: true.Reliability & Repairs
How do I enable automatic repairs for unhealthy VMs?
Set
automaticRepairsPolicy.enabled to true and configure gracePeriod (e.g., PT10M for 10 minutes) to delay repairs after VM creation.What are resilient VM creation and deletion policies?
resiliencyPolicy.resilientVMCreationPolicy.enabled allows scale set creation to succeed even if some VMs fail. resilientVMDeletionPolicy.enabled allows deletion to proceed despite VM deletion failures.Can I prevent extension failures from blocking deployment?
Yes, set
extensionProfile.extensions[].suppressFailures to true. This allows deployment to continue even if the extension fails to install.How do I enable automatic zone rebalancing?
Configure
resiliencyPolicy.automaticZoneRebalancingPolicy with enabled: true, rebalanceBehavior (e.g., CreateBeforeDelete), and rebalanceStrategy (e.g., Recreate).