The azure-native:compute:VirtualMachineScaleSet resource, part of the Pulumi Azure Native provider, defines a Virtual Machine Scale Set that provisions and manages groups of identical VMs. This guide focuses on three scale set capabilities: VM extensions and custom images, security configurations, and load balancer integration.
Scale sets depend on virtual networks, subnets, and often reference custom images, load balancers, or storage accounts. The examples are intentionally small. Combine them with your own networking, image repositories, and load balancing infrastructure.
Deploy a scale set with VM extensions
Scale sets often need to run post-deployment configuration tasks like installing monitoring agents or applying security policies.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const virtualMachineScaleSet = new azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet", {
location: "westus",
overprovision: true,
resourceGroupName: "myResourceGroup",
sku: {
capacity: 3,
name: "Standard_D1_v2",
tier: "Standard",
},
upgradePolicy: {
mode: azure_native.compute.UpgradeMode.Manual,
},
virtualMachineProfile: {
diagnosticsProfile: {
bootDiagnostics: {
enabled: true,
storageUri: "http://{existing-storage-account-name}.blob.core.windows.net",
},
},
extensionProfile: {
extensions: [{
autoUpgradeMinorVersion: false,
name: "{extension-name}",
publisher: "{extension-Publisher}",
settings: {},
suppressFailures: true,
type: "{extension-Type}",
typeHandlerVersion: "{handler-version}",
}],
},
networkProfile: {
networkInterfaceConfigurations: [{
enableIPForwarding: true,
ipConfigurations: [{
name: "{vmss-name}",
subnet: {
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
name: "{vmss-name}",
primary: true,
}],
},
osProfile: {
adminPassword: "{your-password}",
adminUsername: "{your-username}",
computerNamePrefix: "{vmss-name}",
},
storageProfile: {
imageReference: {
offer: "WindowsServer",
publisher: "MicrosoftWindowsServer",
sku: "2016-Datacenter",
version: "latest",
},
osDisk: {
caching: azure_native.compute.CachingTypes.ReadWrite,
createOption: azure_native.compute.DiskCreateOptionTypes.FromImage,
managedDisk: {
storageAccountType: azure_native.compute.StorageAccountTypes.Standard_LRS,
},
},
},
},
vmScaleSetName: "{vmss-name}",
});
import pulumi
import pulumi_azure_native as azure_native
virtual_machine_scale_set = azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet",
location="westus",
overprovision=True,
resource_group_name="myResourceGroup",
sku={
"capacity": 3,
"name": "Standard_D1_v2",
"tier": "Standard",
},
upgrade_policy={
"mode": azure_native.compute.UpgradeMode.MANUAL,
},
virtual_machine_profile={
"diagnostics_profile": {
"boot_diagnostics": {
"enabled": True,
"storage_uri": "http://{existing-storage-account-name}.blob.core.windows.net",
},
},
"extension_profile": {
"extensions": [{
"auto_upgrade_minor_version": False,
"name": "{extension-name}",
"publisher": "{extension-Publisher}",
"settings": {},
"suppress_failures": True,
"type": "{extension-Type}",
"type_handler_version": "{handler-version}",
}],
},
"network_profile": {
"network_interface_configurations": [{
"enable_ip_forwarding": True,
"ip_configurations": [{
"name": "{vmss-name}",
"subnet": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
"name": "{vmss-name}",
"primary": True,
}],
},
"os_profile": {
"admin_password": "{your-password}",
"admin_username": "{your-username}",
"computer_name_prefix": "{vmss-name}",
},
"storage_profile": {
"image_reference": {
"offer": "WindowsServer",
"publisher": "MicrosoftWindowsServer",
"sku": "2016-Datacenter",
"version": "latest",
},
"os_disk": {
"caching": azure_native.compute.CachingTypes.READ_WRITE,
"create_option": azure_native.compute.DiskCreateOptionTypes.FROM_IMAGE,
"managed_disk": {
"storage_account_type": azure_native.compute.StorageAccountTypes.STANDARD_LRS,
},
},
},
},
vm_scale_set_name="{vmss-name}")
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewVirtualMachineScaleSet(ctx, "virtualMachineScaleSet", &compute.VirtualMachineScaleSetArgs{
Location: pulumi.String("westus"),
Overprovision: pulumi.Bool(true),
ResourceGroupName: pulumi.String("myResourceGroup"),
Sku: &compute.SkuArgs{
Capacity: pulumi.Float64(3),
Name: pulumi.String("Standard_D1_v2"),
Tier: pulumi.String("Standard"),
},
UpgradePolicy: &compute.UpgradePolicyArgs{
Mode: compute.UpgradeModeManual,
},
VirtualMachineProfile: &compute.VirtualMachineScaleSetVMProfileArgs{
DiagnosticsProfile: &compute.DiagnosticsProfileArgs{
BootDiagnostics: &compute.BootDiagnosticsArgs{
Enabled: pulumi.Bool(true),
StorageUri: pulumi.String("http://{existing-storage-account-name}.blob.core.windows.net"),
},
},
ExtensionProfile: &compute.VirtualMachineScaleSetExtensionProfileArgs{
Extensions: compute.VirtualMachineScaleSetExtensionTypeArray{
&compute.VirtualMachineScaleSetExtensionTypeArgs{
AutoUpgradeMinorVersion: pulumi.Bool(false),
Name: pulumi.String("{extension-name}"),
Publisher: pulumi.String("{extension-Publisher}"),
Settings: pulumi.Any(map[string]interface{}{}),
SuppressFailures: pulumi.Bool(true),
Type: pulumi.String("{extension-Type}"),
TypeHandlerVersion: pulumi.String("{handler-version}"),
},
},
},
NetworkProfile: &compute.VirtualMachineScaleSetNetworkProfileArgs{
NetworkInterfaceConfigurations: compute.VirtualMachineScaleSetNetworkConfigurationArray{
&compute.VirtualMachineScaleSetNetworkConfigurationArgs{
EnableIPForwarding: pulumi.Bool(true),
IpConfigurations: compute.VirtualMachineScaleSetIPConfigurationArray{
&compute.VirtualMachineScaleSetIPConfigurationArgs{
Name: pulumi.String("{vmss-name}"),
Subnet: &compute.ApiEntityReferenceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}"),
},
},
},
Name: pulumi.String("{vmss-name}"),
Primary: pulumi.Bool(true),
},
},
},
OsProfile: &compute.VirtualMachineScaleSetOSProfileArgs{
AdminPassword: pulumi.String("{your-password}"),
AdminUsername: pulumi.String("{your-username}"),
ComputerNamePrefix: pulumi.String("{vmss-name}"),
},
StorageProfile: &compute.VirtualMachineScaleSetStorageProfileArgs{
ImageReference: &compute.ImageReferenceArgs{
Offer: pulumi.String("WindowsServer"),
Publisher: pulumi.String("MicrosoftWindowsServer"),
Sku: pulumi.String("2016-Datacenter"),
Version: pulumi.String("latest"),
},
OsDisk: &compute.VirtualMachineScaleSetOSDiskArgs{
Caching: compute.CachingTypesReadWrite,
CreateOption: pulumi.String(compute.DiskCreateOptionTypesFromImage),
ManagedDisk: &compute.VirtualMachineScaleSetManagedDiskParametersArgs{
StorageAccountType: pulumi.String(compute.StorageAccountTypes_Standard_LRS),
},
},
},
},
VmScaleSetName: pulumi.String("{vmss-name}"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var virtualMachineScaleSet = new AzureNative.Compute.VirtualMachineScaleSet("virtualMachineScaleSet", new()
{
Location = "westus",
Overprovision = true,
ResourceGroupName = "myResourceGroup",
Sku = new AzureNative.Compute.Inputs.SkuArgs
{
Capacity = 3,
Name = "Standard_D1_v2",
Tier = "Standard",
},
UpgradePolicy = new AzureNative.Compute.Inputs.UpgradePolicyArgs
{
Mode = AzureNative.Compute.UpgradeMode.Manual,
},
VirtualMachineProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetVMProfileArgs
{
DiagnosticsProfile = new AzureNative.Compute.Inputs.DiagnosticsProfileArgs
{
BootDiagnostics = new AzureNative.Compute.Inputs.BootDiagnosticsArgs
{
Enabled = true,
StorageUri = "http://{existing-storage-account-name}.blob.core.windows.net",
},
},
ExtensionProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetExtensionProfileArgs
{
Extensions = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetExtensionArgs
{
AutoUpgradeMinorVersion = false,
Name = "{extension-name}",
Publisher = "{extension-Publisher}",
Settings = null,
SuppressFailures = true,
Type = "{extension-Type}",
TypeHandlerVersion = "{handler-version}",
},
},
},
NetworkProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkProfileArgs
{
NetworkInterfaceConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkConfigurationArgs
{
EnableIPForwarding = true,
IpConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetIPConfigurationArgs
{
Name = "{vmss-name}",
Subnet = new AzureNative.Compute.Inputs.ApiEntityReferenceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
},
},
Name = "{vmss-name}",
Primary = true,
},
},
},
OsProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSProfileArgs
{
AdminPassword = "{your-password}",
AdminUsername = "{your-username}",
ComputerNamePrefix = "{vmss-name}",
},
StorageProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetStorageProfileArgs
{
ImageReference = new AzureNative.Compute.Inputs.ImageReferenceArgs
{
Offer = "WindowsServer",
Publisher = "MicrosoftWindowsServer",
Sku = "2016-Datacenter",
Version = "latest",
},
OsDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSDiskArgs
{
Caching = AzureNative.Compute.CachingTypes.ReadWrite,
CreateOption = AzureNative.Compute.DiskCreateOptionTypes.FromImage,
ManagedDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetManagedDiskParametersArgs
{
StorageAccountType = AzureNative.Compute.StorageAccountTypes.Standard_LRS,
},
},
},
},
VmScaleSetName = "{vmss-name}",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.VirtualMachineScaleSet;
import com.pulumi.azurenative.compute.VirtualMachineScaleSetArgs;
import com.pulumi.azurenative.compute.inputs.SkuArgs;
import com.pulumi.azurenative.compute.inputs.UpgradePolicyArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetVMProfileArgs;
import com.pulumi.azurenative.compute.inputs.DiagnosticsProfileArgs;
import com.pulumi.azurenative.compute.inputs.BootDiagnosticsArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetExtensionProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetNetworkProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetStorageProfileArgs;
import com.pulumi.azurenative.compute.inputs.ImageReferenceArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSDiskArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetManagedDiskParametersArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var virtualMachineScaleSet = new VirtualMachineScaleSet("virtualMachineScaleSet", VirtualMachineScaleSetArgs.builder()
.location("westus")
.overprovision(true)
.resourceGroupName("myResourceGroup")
.sku(SkuArgs.builder()
.capacity(3.0)
.name("Standard_D1_v2")
.tier("Standard")
.build())
.upgradePolicy(UpgradePolicyArgs.builder()
.mode("Manual")
.build())
.virtualMachineProfile(VirtualMachineScaleSetVMProfileArgs.builder()
.diagnosticsProfile(DiagnosticsProfileArgs.builder()
.bootDiagnostics(BootDiagnosticsArgs.builder()
.enabled(true)
.storageUri("http://{existing-storage-account-name}.blob.core.windows.net")
.build())
.build())
.extensionProfile(VirtualMachineScaleSetExtensionProfileArgs.builder()
.extensions(VirtualMachineScaleSetExtensionArgs.builder()
.autoUpgradeMinorVersion(false)
.name("{extension-name}")
.publisher("{extension-Publisher}")
.settings(Map.ofEntries(
))
.suppressFailures(true)
.type("{extension-Type}")
.typeHandlerVersion("{handler-version}")
.build())
.build())
.networkProfile(VirtualMachineScaleSetNetworkProfileArgs.builder()
.networkInterfaceConfigurations(VirtualMachineScaleSetNetworkConfigurationArgs.builder()
.enableIPForwarding(true)
.ipConfigurations(VirtualMachineScaleSetIPConfigurationArgs.builder()
.name("{vmss-name}")
.subnet(ApiEntityReferenceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}")
.build())
.build())
.name("{vmss-name}")
.primary(true)
.build())
.build())
.osProfile(VirtualMachineScaleSetOSProfileArgs.builder()
.adminPassword("{your-password}")
.adminUsername("{your-username}")
.computerNamePrefix("{vmss-name}")
.build())
.storageProfile(VirtualMachineScaleSetStorageProfileArgs.builder()
.imageReference(ImageReferenceArgs.builder()
.offer("WindowsServer")
.publisher("MicrosoftWindowsServer")
.sku("2016-Datacenter")
.version("latest")
.build())
.osDisk(VirtualMachineScaleSetOSDiskArgs.builder()
.caching("ReadWrite")
.createOption("FromImage")
.managedDisk(VirtualMachineScaleSetManagedDiskParametersArgs.builder()
.storageAccountType("Standard_LRS")
.build())
.build())
.build())
.build())
.vmScaleSetName("{vmss-name}")
.build());
}
}
resources:
virtualMachineScaleSet:
type: azure-native:compute:VirtualMachineScaleSet
properties:
location: westus
overprovision: true
resourceGroupName: myResourceGroup
sku:
capacity: 3
name: Standard_D1_v2
tier: Standard
upgradePolicy:
mode: Manual
virtualMachineProfile:
diagnosticsProfile:
bootDiagnostics:
enabled: true
storageUri: http://{existing-storage-account-name}.blob.core.windows.net
extensionProfile:
extensions:
- autoUpgradeMinorVersion: false
name: '{extension-name}'
publisher: '{extension-Publisher}'
settings: {}
suppressFailures: true
type: '{extension-Type}'
typeHandlerVersion: '{handler-version}'
networkProfile:
networkInterfaceConfigurations:
- enableIPForwarding: true
ipConfigurations:
- name: '{vmss-name}'
subnet:
id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}
name: '{vmss-name}'
primary: true
osProfile:
adminPassword: '{your-password}'
adminUsername: '{your-username}'
computerNamePrefix: '{vmss-name}'
storageProfile:
imageReference:
offer: WindowsServer
publisher: MicrosoftWindowsServer
sku: 2016-Datacenter
version: latest
osDisk:
caching: ReadWrite
createOption: FromImage
managedDisk:
storageAccountType: Standard_LRS
vmScaleSetName: '{vmss-name}'
Extensions execute on each VM instance after deployment. The extensionProfile defines which extensions to install, specifying the publisher, type, and typeHandlerVersion. The suppressFailures property determines whether extension failures prevent VM provisioning; when true, the VM continues to run even if the extension fails.
Deploy from a custom managed image
Teams that maintain golden images for their workloads can deploy scale sets from custom images stored in Azure Compute Gallery or as standalone managed images.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const virtualMachineScaleSet = new azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet", {
location: "westus",
overprovision: true,
resourceGroupName: "myResourceGroup",
sku: {
capacity: 3,
name: "Standard_D1_v2",
tier: "Standard",
},
upgradePolicy: {
mode: azure_native.compute.UpgradeMode.Manual,
},
virtualMachineProfile: {
networkProfile: {
networkInterfaceConfigurations: [{
enableIPForwarding: true,
ipConfigurations: [{
name: "{vmss-name}",
subnet: {
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
name: "{vmss-name}",
primary: true,
}],
},
osProfile: {
adminPassword: "{your-password}",
adminUsername: "{your-username}",
computerNamePrefix: "{vmss-name}",
},
storageProfile: {
imageReference: {
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/images/{existing-custom-image-name}",
},
osDisk: {
caching: azure_native.compute.CachingTypes.ReadWrite,
createOption: azure_native.compute.DiskCreateOptionTypes.FromImage,
managedDisk: {
storageAccountType: azure_native.compute.StorageAccountTypes.Standard_LRS,
},
},
},
},
vmScaleSetName: "{vmss-name}",
});
import pulumi
import pulumi_azure_native as azure_native
virtual_machine_scale_set = azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet",
location="westus",
overprovision=True,
resource_group_name="myResourceGroup",
sku={
"capacity": 3,
"name": "Standard_D1_v2",
"tier": "Standard",
},
upgrade_policy={
"mode": azure_native.compute.UpgradeMode.MANUAL,
},
virtual_machine_profile={
"network_profile": {
"network_interface_configurations": [{
"enable_ip_forwarding": True,
"ip_configurations": [{
"name": "{vmss-name}",
"subnet": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
"name": "{vmss-name}",
"primary": True,
}],
},
"os_profile": {
"admin_password": "{your-password}",
"admin_username": "{your-username}",
"computer_name_prefix": "{vmss-name}",
},
"storage_profile": {
"image_reference": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/images/{existing-custom-image-name}",
},
"os_disk": {
"caching": azure_native.compute.CachingTypes.READ_WRITE,
"create_option": azure_native.compute.DiskCreateOptionTypes.FROM_IMAGE,
"managed_disk": {
"storage_account_type": azure_native.compute.StorageAccountTypes.STANDARD_LRS,
},
},
},
},
vm_scale_set_name="{vmss-name}")
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewVirtualMachineScaleSet(ctx, "virtualMachineScaleSet", &compute.VirtualMachineScaleSetArgs{
Location: pulumi.String("westus"),
Overprovision: pulumi.Bool(true),
ResourceGroupName: pulumi.String("myResourceGroup"),
Sku: &compute.SkuArgs{
Capacity: pulumi.Float64(3),
Name: pulumi.String("Standard_D1_v2"),
Tier: pulumi.String("Standard"),
},
UpgradePolicy: &compute.UpgradePolicyArgs{
Mode: compute.UpgradeModeManual,
},
VirtualMachineProfile: &compute.VirtualMachineScaleSetVMProfileArgs{
NetworkProfile: &compute.VirtualMachineScaleSetNetworkProfileArgs{
NetworkInterfaceConfigurations: compute.VirtualMachineScaleSetNetworkConfigurationArray{
&compute.VirtualMachineScaleSetNetworkConfigurationArgs{
EnableIPForwarding: pulumi.Bool(true),
IpConfigurations: compute.VirtualMachineScaleSetIPConfigurationArray{
&compute.VirtualMachineScaleSetIPConfigurationArgs{
Name: pulumi.String("{vmss-name}"),
Subnet: &compute.ApiEntityReferenceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}"),
},
},
},
Name: pulumi.String("{vmss-name}"),
Primary: pulumi.Bool(true),
},
},
},
OsProfile: &compute.VirtualMachineScaleSetOSProfileArgs{
AdminPassword: pulumi.String("{your-password}"),
AdminUsername: pulumi.String("{your-username}"),
ComputerNamePrefix: pulumi.String("{vmss-name}"),
},
StorageProfile: &compute.VirtualMachineScaleSetStorageProfileArgs{
ImageReference: &compute.ImageReferenceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/images/{existing-custom-image-name}"),
},
OsDisk: &compute.VirtualMachineScaleSetOSDiskArgs{
Caching: compute.CachingTypesReadWrite,
CreateOption: pulumi.String(compute.DiskCreateOptionTypesFromImage),
ManagedDisk: &compute.VirtualMachineScaleSetManagedDiskParametersArgs{
StorageAccountType: pulumi.String(compute.StorageAccountTypes_Standard_LRS),
},
},
},
},
VmScaleSetName: pulumi.String("{vmss-name}"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var virtualMachineScaleSet = new AzureNative.Compute.VirtualMachineScaleSet("virtualMachineScaleSet", new()
{
Location = "westus",
Overprovision = true,
ResourceGroupName = "myResourceGroup",
Sku = new AzureNative.Compute.Inputs.SkuArgs
{
Capacity = 3,
Name = "Standard_D1_v2",
Tier = "Standard",
},
UpgradePolicy = new AzureNative.Compute.Inputs.UpgradePolicyArgs
{
Mode = AzureNative.Compute.UpgradeMode.Manual,
},
VirtualMachineProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetVMProfileArgs
{
NetworkProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkProfileArgs
{
NetworkInterfaceConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkConfigurationArgs
{
EnableIPForwarding = true,
IpConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetIPConfigurationArgs
{
Name = "{vmss-name}",
Subnet = new AzureNative.Compute.Inputs.ApiEntityReferenceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
},
},
Name = "{vmss-name}",
Primary = true,
},
},
},
OsProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSProfileArgs
{
AdminPassword = "{your-password}",
AdminUsername = "{your-username}",
ComputerNamePrefix = "{vmss-name}",
},
StorageProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetStorageProfileArgs
{
ImageReference = new AzureNative.Compute.Inputs.ImageReferenceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/images/{existing-custom-image-name}",
},
OsDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSDiskArgs
{
Caching = AzureNative.Compute.CachingTypes.ReadWrite,
CreateOption = AzureNative.Compute.DiskCreateOptionTypes.FromImage,
ManagedDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetManagedDiskParametersArgs
{
StorageAccountType = AzureNative.Compute.StorageAccountTypes.Standard_LRS,
},
},
},
},
VmScaleSetName = "{vmss-name}",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.VirtualMachineScaleSet;
import com.pulumi.azurenative.compute.VirtualMachineScaleSetArgs;
import com.pulumi.azurenative.compute.inputs.SkuArgs;
import com.pulumi.azurenative.compute.inputs.UpgradePolicyArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetVMProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetNetworkProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetStorageProfileArgs;
import com.pulumi.azurenative.compute.inputs.ImageReferenceArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSDiskArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetManagedDiskParametersArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var virtualMachineScaleSet = new VirtualMachineScaleSet("virtualMachineScaleSet", VirtualMachineScaleSetArgs.builder()
.location("westus")
.overprovision(true)
.resourceGroupName("myResourceGroup")
.sku(SkuArgs.builder()
.capacity(3.0)
.name("Standard_D1_v2")
.tier("Standard")
.build())
.upgradePolicy(UpgradePolicyArgs.builder()
.mode("Manual")
.build())
.virtualMachineProfile(VirtualMachineScaleSetVMProfileArgs.builder()
.networkProfile(VirtualMachineScaleSetNetworkProfileArgs.builder()
.networkInterfaceConfigurations(VirtualMachineScaleSetNetworkConfigurationArgs.builder()
.enableIPForwarding(true)
.ipConfigurations(VirtualMachineScaleSetIPConfigurationArgs.builder()
.name("{vmss-name}")
.subnet(ApiEntityReferenceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}")
.build())
.build())
.name("{vmss-name}")
.primary(true)
.build())
.build())
.osProfile(VirtualMachineScaleSetOSProfileArgs.builder()
.adminPassword("{your-password}")
.adminUsername("{your-username}")
.computerNamePrefix("{vmss-name}")
.build())
.storageProfile(VirtualMachineScaleSetStorageProfileArgs.builder()
.imageReference(ImageReferenceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/images/{existing-custom-image-name}")
.build())
.osDisk(VirtualMachineScaleSetOSDiskArgs.builder()
.caching("ReadWrite")
.createOption("FromImage")
.managedDisk(VirtualMachineScaleSetManagedDiskParametersArgs.builder()
.storageAccountType("Standard_LRS")
.build())
.build())
.build())
.build())
.vmScaleSetName("{vmss-name}")
.build());
}
}
resources:
virtualMachineScaleSet:
type: azure-native:compute:VirtualMachineScaleSet
properties:
location: westus
overprovision: true
resourceGroupName: myResourceGroup
sku:
capacity: 3
name: Standard_D1_v2
tier: Standard
upgradePolicy:
mode: Manual
virtualMachineProfile:
networkProfile:
networkInterfaceConfigurations:
- enableIPForwarding: true
ipConfigurations:
- name: '{vmss-name}'
subnet:
id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}
name: '{vmss-name}'
primary: true
osProfile:
adminPassword: '{your-password}'
adminUsername: '{your-username}'
computerNamePrefix: '{vmss-name}'
storageProfile:
imageReference:
id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/images/{existing-custom-image-name}
osDisk:
caching: ReadWrite
createOption: FromImage
managedDisk:
storageAccountType: Standard_LRS
vmScaleSetName: '{vmss-name}'
The imageReference.id points to your custom managed image resource. Instead of specifying offer, publisher, and sku (used for marketplace images), you provide the full resource ID of your pre-configured image. The scale set creates VMs by cloning this image.
Deploy from Azure Compute Gallery shared images
Azure Compute Gallery enables centralized image management and distribution across subscriptions and regions.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const virtualMachineScaleSet = new azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet", {
location: "westus",
overprovision: true,
resourceGroupName: "myResourceGroup",
sku: {
capacity: 3,
name: "Standard_D1_v2",
tier: "Standard",
},
upgradePolicy: {
mode: azure_native.compute.UpgradeMode.Manual,
},
virtualMachineProfile: {
networkProfile: {
networkInterfaceConfigurations: [{
enableIPForwarding: true,
ipConfigurations: [{
name: "{vmss-name}",
subnet: {
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
name: "{vmss-name}",
primary: true,
}],
},
osProfile: {
adminPassword: "{your-password}",
adminUsername: "{your-username}",
computerNamePrefix: "{vmss-name}",
},
storageProfile: {
imageReference: {
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/galleries/mySharedGallery/images/mySharedImage",
},
osDisk: {
caching: azure_native.compute.CachingTypes.ReadWrite,
createOption: azure_native.compute.DiskCreateOptionTypes.FromImage,
managedDisk: {
storageAccountType: azure_native.compute.StorageAccountTypes.Standard_LRS,
},
},
},
},
vmScaleSetName: "{vmss-name}",
});
import pulumi
import pulumi_azure_native as azure_native
virtual_machine_scale_set = azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet",
location="westus",
overprovision=True,
resource_group_name="myResourceGroup",
sku={
"capacity": 3,
"name": "Standard_D1_v2",
"tier": "Standard",
},
upgrade_policy={
"mode": azure_native.compute.UpgradeMode.MANUAL,
},
virtual_machine_profile={
"network_profile": {
"network_interface_configurations": [{
"enable_ip_forwarding": True,
"ip_configurations": [{
"name": "{vmss-name}",
"subnet": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
"name": "{vmss-name}",
"primary": True,
}],
},
"os_profile": {
"admin_password": "{your-password}",
"admin_username": "{your-username}",
"computer_name_prefix": "{vmss-name}",
},
"storage_profile": {
"image_reference": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/galleries/mySharedGallery/images/mySharedImage",
},
"os_disk": {
"caching": azure_native.compute.CachingTypes.READ_WRITE,
"create_option": azure_native.compute.DiskCreateOptionTypes.FROM_IMAGE,
"managed_disk": {
"storage_account_type": azure_native.compute.StorageAccountTypes.STANDARD_LRS,
},
},
},
},
vm_scale_set_name="{vmss-name}")
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewVirtualMachineScaleSet(ctx, "virtualMachineScaleSet", &compute.VirtualMachineScaleSetArgs{
Location: pulumi.String("westus"),
Overprovision: pulumi.Bool(true),
ResourceGroupName: pulumi.String("myResourceGroup"),
Sku: &compute.SkuArgs{
Capacity: pulumi.Float64(3),
Name: pulumi.String("Standard_D1_v2"),
Tier: pulumi.String("Standard"),
},
UpgradePolicy: &compute.UpgradePolicyArgs{
Mode: compute.UpgradeModeManual,
},
VirtualMachineProfile: &compute.VirtualMachineScaleSetVMProfileArgs{
NetworkProfile: &compute.VirtualMachineScaleSetNetworkProfileArgs{
NetworkInterfaceConfigurations: compute.VirtualMachineScaleSetNetworkConfigurationArray{
&compute.VirtualMachineScaleSetNetworkConfigurationArgs{
EnableIPForwarding: pulumi.Bool(true),
IpConfigurations: compute.VirtualMachineScaleSetIPConfigurationArray{
&compute.VirtualMachineScaleSetIPConfigurationArgs{
Name: pulumi.String("{vmss-name}"),
Subnet: &compute.ApiEntityReferenceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}"),
},
},
},
Name: pulumi.String("{vmss-name}"),
Primary: pulumi.Bool(true),
},
},
},
OsProfile: &compute.VirtualMachineScaleSetOSProfileArgs{
AdminPassword: pulumi.String("{your-password}"),
AdminUsername: pulumi.String("{your-username}"),
ComputerNamePrefix: pulumi.String("{vmss-name}"),
},
StorageProfile: &compute.VirtualMachineScaleSetStorageProfileArgs{
ImageReference: &compute.ImageReferenceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/galleries/mySharedGallery/images/mySharedImage"),
},
OsDisk: &compute.VirtualMachineScaleSetOSDiskArgs{
Caching: compute.CachingTypesReadWrite,
CreateOption: pulumi.String(compute.DiskCreateOptionTypesFromImage),
ManagedDisk: &compute.VirtualMachineScaleSetManagedDiskParametersArgs{
StorageAccountType: pulumi.String(compute.StorageAccountTypes_Standard_LRS),
},
},
},
},
VmScaleSetName: pulumi.String("{vmss-name}"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var virtualMachineScaleSet = new AzureNative.Compute.VirtualMachineScaleSet("virtualMachineScaleSet", new()
{
Location = "westus",
Overprovision = true,
ResourceGroupName = "myResourceGroup",
Sku = new AzureNative.Compute.Inputs.SkuArgs
{
Capacity = 3,
Name = "Standard_D1_v2",
Tier = "Standard",
},
UpgradePolicy = new AzureNative.Compute.Inputs.UpgradePolicyArgs
{
Mode = AzureNative.Compute.UpgradeMode.Manual,
},
VirtualMachineProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetVMProfileArgs
{
NetworkProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkProfileArgs
{
NetworkInterfaceConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkConfigurationArgs
{
EnableIPForwarding = true,
IpConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetIPConfigurationArgs
{
Name = "{vmss-name}",
Subnet = new AzureNative.Compute.Inputs.ApiEntityReferenceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
},
},
Name = "{vmss-name}",
Primary = true,
},
},
},
OsProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSProfileArgs
{
AdminPassword = "{your-password}",
AdminUsername = "{your-username}",
ComputerNamePrefix = "{vmss-name}",
},
StorageProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetStorageProfileArgs
{
ImageReference = new AzureNative.Compute.Inputs.ImageReferenceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/galleries/mySharedGallery/images/mySharedImage",
},
OsDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSDiskArgs
{
Caching = AzureNative.Compute.CachingTypes.ReadWrite,
CreateOption = AzureNative.Compute.DiskCreateOptionTypes.FromImage,
ManagedDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetManagedDiskParametersArgs
{
StorageAccountType = AzureNative.Compute.StorageAccountTypes.Standard_LRS,
},
},
},
},
VmScaleSetName = "{vmss-name}",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.VirtualMachineScaleSet;
import com.pulumi.azurenative.compute.VirtualMachineScaleSetArgs;
import com.pulumi.azurenative.compute.inputs.SkuArgs;
import com.pulumi.azurenative.compute.inputs.UpgradePolicyArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetVMProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetNetworkProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetStorageProfileArgs;
import com.pulumi.azurenative.compute.inputs.ImageReferenceArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSDiskArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetManagedDiskParametersArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var virtualMachineScaleSet = new VirtualMachineScaleSet("virtualMachineScaleSet", VirtualMachineScaleSetArgs.builder()
.location("westus")
.overprovision(true)
.resourceGroupName("myResourceGroup")
.sku(SkuArgs.builder()
.capacity(3.0)
.name("Standard_D1_v2")
.tier("Standard")
.build())
.upgradePolicy(UpgradePolicyArgs.builder()
.mode("Manual")
.build())
.virtualMachineProfile(VirtualMachineScaleSetVMProfileArgs.builder()
.networkProfile(VirtualMachineScaleSetNetworkProfileArgs.builder()
.networkInterfaceConfigurations(VirtualMachineScaleSetNetworkConfigurationArgs.builder()
.enableIPForwarding(true)
.ipConfigurations(VirtualMachineScaleSetIPConfigurationArgs.builder()
.name("{vmss-name}")
.subnet(ApiEntityReferenceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}")
.build())
.build())
.name("{vmss-name}")
.primary(true)
.build())
.build())
.osProfile(VirtualMachineScaleSetOSProfileArgs.builder()
.adminPassword("{your-password}")
.adminUsername("{your-username}")
.computerNamePrefix("{vmss-name}")
.build())
.storageProfile(VirtualMachineScaleSetStorageProfileArgs.builder()
.imageReference(ImageReferenceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/galleries/mySharedGallery/images/mySharedImage")
.build())
.osDisk(VirtualMachineScaleSetOSDiskArgs.builder()
.caching("ReadWrite")
.createOption("FromImage")
.managedDisk(VirtualMachineScaleSetManagedDiskParametersArgs.builder()
.storageAccountType("Standard_LRS")
.build())
.build())
.build())
.build())
.vmScaleSetName("{vmss-name}")
.build());
}
}
resources:
virtualMachineScaleSet:
type: azure-native:compute:VirtualMachineScaleSet
properties:
location: westus
overprovision: true
resourceGroupName: myResourceGroup
sku:
capacity: 3
name: Standard_D1_v2
tier: Standard
upgradePolicy:
mode: Manual
virtualMachineProfile:
networkProfile:
networkInterfaceConfigurations:
- enableIPForwarding: true
ipConfigurations:
- name: '{vmss-name}'
subnet:
id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}
name: '{vmss-name}'
primary: true
osProfile:
adminPassword: '{your-password}'
adminUsername: '{your-username}'
computerNamePrefix: '{vmss-name}'
storageProfile:
imageReference:
id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/galleries/mySharedGallery/images/mySharedImage
osDisk:
caching: ReadWrite
createOption: FromImage
managedDisk:
storageAccountType: Standard_LRS
vmScaleSetName: '{vmss-name}'
The imageReference.id references an image definition in your gallery using the path format /subscriptions/.../galleries/.../images/.... Gallery images support versioning and replication, allowing you to maintain consistent VM configurations across multiple scale sets and regions.
Enable host-based encryption for VM disks
Workloads with strict compliance requirements can encrypt data at the VM host level, ensuring encryption for both OS and data disks including temporary storage.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const virtualMachineScaleSet = new azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet", {
location: "westus",
overprovision: true,
plan: {
name: "windows2016",
product: "windows-data-science-vm",
publisher: "microsoft-ads",
},
resourceGroupName: "myResourceGroup",
sku: {
capacity: 3,
name: "Standard_DS1_v2",
tier: "Standard",
},
upgradePolicy: {
mode: azure_native.compute.UpgradeMode.Manual,
},
virtualMachineProfile: {
networkProfile: {
networkInterfaceConfigurations: [{
enableIPForwarding: true,
ipConfigurations: [{
name: "{vmss-name}",
subnet: {
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
name: "{vmss-name}",
primary: true,
}],
},
osProfile: {
adminPassword: "{your-password}",
adminUsername: "{your-username}",
computerNamePrefix: "{vmss-name}",
},
securityProfile: {
encryptionAtHost: true,
},
storageProfile: {
imageReference: {
offer: "windows-data-science-vm",
publisher: "microsoft-ads",
sku: "windows2016",
version: "latest",
},
osDisk: {
caching: azure_native.compute.CachingTypes.ReadOnly,
createOption: azure_native.compute.DiskCreateOptionTypes.FromImage,
managedDisk: {
storageAccountType: azure_native.compute.StorageAccountTypes.Standard_LRS,
},
},
},
},
vmScaleSetName: "{vmss-name}",
});
import pulumi
import pulumi_azure_native as azure_native
virtual_machine_scale_set = azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet",
location="westus",
overprovision=True,
plan={
"name": "windows2016",
"product": "windows-data-science-vm",
"publisher": "microsoft-ads",
},
resource_group_name="myResourceGroup",
sku={
"capacity": 3,
"name": "Standard_DS1_v2",
"tier": "Standard",
},
upgrade_policy={
"mode": azure_native.compute.UpgradeMode.MANUAL,
},
virtual_machine_profile={
"network_profile": {
"network_interface_configurations": [{
"enable_ip_forwarding": True,
"ip_configurations": [{
"name": "{vmss-name}",
"subnet": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
"name": "{vmss-name}",
"primary": True,
}],
},
"os_profile": {
"admin_password": "{your-password}",
"admin_username": "{your-username}",
"computer_name_prefix": "{vmss-name}",
},
"security_profile": {
"encryption_at_host": True,
},
"storage_profile": {
"image_reference": {
"offer": "windows-data-science-vm",
"publisher": "microsoft-ads",
"sku": "windows2016",
"version": "latest",
},
"os_disk": {
"caching": azure_native.compute.CachingTypes.READ_ONLY,
"create_option": azure_native.compute.DiskCreateOptionTypes.FROM_IMAGE,
"managed_disk": {
"storage_account_type": azure_native.compute.StorageAccountTypes.STANDARD_LRS,
},
},
},
},
vm_scale_set_name="{vmss-name}")
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewVirtualMachineScaleSet(ctx, "virtualMachineScaleSet", &compute.VirtualMachineScaleSetArgs{
Location: pulumi.String("westus"),
Overprovision: pulumi.Bool(true),
Plan: &compute.PlanArgs{
Name: pulumi.String("windows2016"),
Product: pulumi.String("windows-data-science-vm"),
Publisher: pulumi.String("microsoft-ads"),
},
ResourceGroupName: pulumi.String("myResourceGroup"),
Sku: &compute.SkuArgs{
Capacity: pulumi.Float64(3),
Name: pulumi.String("Standard_DS1_v2"),
Tier: pulumi.String("Standard"),
},
UpgradePolicy: &compute.UpgradePolicyArgs{
Mode: compute.UpgradeModeManual,
},
VirtualMachineProfile: &compute.VirtualMachineScaleSetVMProfileArgs{
NetworkProfile: &compute.VirtualMachineScaleSetNetworkProfileArgs{
NetworkInterfaceConfigurations: compute.VirtualMachineScaleSetNetworkConfigurationArray{
&compute.VirtualMachineScaleSetNetworkConfigurationArgs{
EnableIPForwarding: pulumi.Bool(true),
IpConfigurations: compute.VirtualMachineScaleSetIPConfigurationArray{
&compute.VirtualMachineScaleSetIPConfigurationArgs{
Name: pulumi.String("{vmss-name}"),
Subnet: &compute.ApiEntityReferenceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}"),
},
},
},
Name: pulumi.String("{vmss-name}"),
Primary: pulumi.Bool(true),
},
},
},
OsProfile: &compute.VirtualMachineScaleSetOSProfileArgs{
AdminPassword: pulumi.String("{your-password}"),
AdminUsername: pulumi.String("{your-username}"),
ComputerNamePrefix: pulumi.String("{vmss-name}"),
},
SecurityProfile: &compute.SecurityProfileArgs{
EncryptionAtHost: pulumi.Bool(true),
},
StorageProfile: &compute.VirtualMachineScaleSetStorageProfileArgs{
ImageReference: &compute.ImageReferenceArgs{
Offer: pulumi.String("windows-data-science-vm"),
Publisher: pulumi.String("microsoft-ads"),
Sku: pulumi.String("windows2016"),
Version: pulumi.String("latest"),
},
OsDisk: &compute.VirtualMachineScaleSetOSDiskArgs{
Caching: compute.CachingTypesReadOnly,
CreateOption: pulumi.String(compute.DiskCreateOptionTypesFromImage),
ManagedDisk: &compute.VirtualMachineScaleSetManagedDiskParametersArgs{
StorageAccountType: pulumi.String(compute.StorageAccountTypes_Standard_LRS),
},
},
},
},
VmScaleSetName: pulumi.String("{vmss-name}"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var virtualMachineScaleSet = new AzureNative.Compute.VirtualMachineScaleSet("virtualMachineScaleSet", new()
{
Location = "westus",
Overprovision = true,
Plan = new AzureNative.Compute.Inputs.PlanArgs
{
Name = "windows2016",
Product = "windows-data-science-vm",
Publisher = "microsoft-ads",
},
ResourceGroupName = "myResourceGroup",
Sku = new AzureNative.Compute.Inputs.SkuArgs
{
Capacity = 3,
Name = "Standard_DS1_v2",
Tier = "Standard",
},
UpgradePolicy = new AzureNative.Compute.Inputs.UpgradePolicyArgs
{
Mode = AzureNative.Compute.UpgradeMode.Manual,
},
VirtualMachineProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetVMProfileArgs
{
NetworkProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkProfileArgs
{
NetworkInterfaceConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkConfigurationArgs
{
EnableIPForwarding = true,
IpConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetIPConfigurationArgs
{
Name = "{vmss-name}",
Subnet = new AzureNative.Compute.Inputs.ApiEntityReferenceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
},
},
Name = "{vmss-name}",
Primary = true,
},
},
},
OsProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSProfileArgs
{
AdminPassword = "{your-password}",
AdminUsername = "{your-username}",
ComputerNamePrefix = "{vmss-name}",
},
SecurityProfile = new AzureNative.Compute.Inputs.SecurityProfileArgs
{
EncryptionAtHost = true,
},
StorageProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetStorageProfileArgs
{
ImageReference = new AzureNative.Compute.Inputs.ImageReferenceArgs
{
Offer = "windows-data-science-vm",
Publisher = "microsoft-ads",
Sku = "windows2016",
Version = "latest",
},
OsDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSDiskArgs
{
Caching = AzureNative.Compute.CachingTypes.ReadOnly,
CreateOption = AzureNative.Compute.DiskCreateOptionTypes.FromImage,
ManagedDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetManagedDiskParametersArgs
{
StorageAccountType = AzureNative.Compute.StorageAccountTypes.Standard_LRS,
},
},
},
},
VmScaleSetName = "{vmss-name}",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.VirtualMachineScaleSet;
import com.pulumi.azurenative.compute.VirtualMachineScaleSetArgs;
import com.pulumi.azurenative.compute.inputs.PlanArgs;
import com.pulumi.azurenative.compute.inputs.SkuArgs;
import com.pulumi.azurenative.compute.inputs.UpgradePolicyArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetVMProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetNetworkProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSProfileArgs;
import com.pulumi.azurenative.compute.inputs.SecurityProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetStorageProfileArgs;
import com.pulumi.azurenative.compute.inputs.ImageReferenceArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSDiskArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetManagedDiskParametersArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var virtualMachineScaleSet = new VirtualMachineScaleSet("virtualMachineScaleSet", VirtualMachineScaleSetArgs.builder()
.location("westus")
.overprovision(true)
.plan(PlanArgs.builder()
.name("windows2016")
.product("windows-data-science-vm")
.publisher("microsoft-ads")
.build())
.resourceGroupName("myResourceGroup")
.sku(SkuArgs.builder()
.capacity(3.0)
.name("Standard_DS1_v2")
.tier("Standard")
.build())
.upgradePolicy(UpgradePolicyArgs.builder()
.mode("Manual")
.build())
.virtualMachineProfile(VirtualMachineScaleSetVMProfileArgs.builder()
.networkProfile(VirtualMachineScaleSetNetworkProfileArgs.builder()
.networkInterfaceConfigurations(VirtualMachineScaleSetNetworkConfigurationArgs.builder()
.enableIPForwarding(true)
.ipConfigurations(VirtualMachineScaleSetIPConfigurationArgs.builder()
.name("{vmss-name}")
.subnet(ApiEntityReferenceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}")
.build())
.build())
.name("{vmss-name}")
.primary(true)
.build())
.build())
.osProfile(VirtualMachineScaleSetOSProfileArgs.builder()
.adminPassword("{your-password}")
.adminUsername("{your-username}")
.computerNamePrefix("{vmss-name}")
.build())
.securityProfile(SecurityProfileArgs.builder()
.encryptionAtHost(true)
.build())
.storageProfile(VirtualMachineScaleSetStorageProfileArgs.builder()
.imageReference(ImageReferenceArgs.builder()
.offer("windows-data-science-vm")
.publisher("microsoft-ads")
.sku("windows2016")
.version("latest")
.build())
.osDisk(VirtualMachineScaleSetOSDiskArgs.builder()
.caching("ReadOnly")
.createOption("FromImage")
.managedDisk(VirtualMachineScaleSetManagedDiskParametersArgs.builder()
.storageAccountType("Standard_LRS")
.build())
.build())
.build())
.build())
.vmScaleSetName("{vmss-name}")
.build());
}
}
resources:
virtualMachineScaleSet:
type: azure-native:compute:VirtualMachineScaleSet
properties:
location: westus
overprovision: true
plan:
name: windows2016
product: windows-data-science-vm
publisher: microsoft-ads
resourceGroupName: myResourceGroup
sku:
capacity: 3
name: Standard_DS1_v2
tier: Standard
upgradePolicy:
mode: Manual
virtualMachineProfile:
networkProfile:
networkInterfaceConfigurations:
- enableIPForwarding: true
ipConfigurations:
- name: '{vmss-name}'
subnet:
id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}
name: '{vmss-name}'
primary: true
osProfile:
adminPassword: '{your-password}'
adminUsername: '{your-username}'
computerNamePrefix: '{vmss-name}'
securityProfile:
encryptionAtHost: true
storageProfile:
imageReference:
offer: windows-data-science-vm
publisher: microsoft-ads
sku: windows2016
version: latest
osDisk:
caching: ReadOnly
createOption: FromImage
managedDisk:
storageAccountType: Standard_LRS
vmScaleSetName: '{vmss-name}'
The securityProfile.encryptionAtHost property enables encryption at the physical host before data reaches the storage layer. This encrypts all disk types including temporary disks, providing defense-in-depth beyond standard Azure Storage encryption. Requires subscription-level feature registration.
Configure Trusted Launch with secure boot and vTPM
Trusted Launch protects VMs against boot kits and rootkits by enabling secure boot and virtual Trusted Platform Module capabilities.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const virtualMachineScaleSet = new azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet", {
location: "westus",
overprovision: true,
resourceGroupName: "myResourceGroup",
sku: {
capacity: 3,
name: "Standard_D2s_v3",
tier: "Standard",
},
upgradePolicy: {
mode: azure_native.compute.UpgradeMode.Manual,
},
virtualMachineProfile: {
networkProfile: {
networkInterfaceConfigurations: [{
enableIPForwarding: true,
ipConfigurations: [{
name: "{vmss-name}",
subnet: {
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
name: "{vmss-name}",
primary: true,
}],
},
osProfile: {
adminPassword: "{your-password}",
adminUsername: "{your-username}",
computerNamePrefix: "{vmss-name}",
},
securityProfile: {
securityType: azure_native.compute.SecurityTypes.TrustedLaunch,
uefiSettings: {
secureBootEnabled: true,
vTpmEnabled: true,
},
},
storageProfile: {
imageReference: {
offer: "windowsserver-gen2preview-preview",
publisher: "MicrosoftWindowsServer",
sku: "windows10-tvm",
version: "18363.592.2001092016",
},
osDisk: {
caching: azure_native.compute.CachingTypes.ReadOnly,
createOption: azure_native.compute.DiskCreateOptionTypes.FromImage,
managedDisk: {
storageAccountType: azure_native.compute.StorageAccountTypes.StandardSSD_LRS,
},
},
},
},
vmScaleSetName: "{vmss-name}",
});
import pulumi
import pulumi_azure_native as azure_native
virtual_machine_scale_set = azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet",
location="westus",
overprovision=True,
resource_group_name="myResourceGroup",
sku={
"capacity": 3,
"name": "Standard_D2s_v3",
"tier": "Standard",
},
upgrade_policy={
"mode": azure_native.compute.UpgradeMode.MANUAL,
},
virtual_machine_profile={
"network_profile": {
"network_interface_configurations": [{
"enable_ip_forwarding": True,
"ip_configurations": [{
"name": "{vmss-name}",
"subnet": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
"name": "{vmss-name}",
"primary": True,
}],
},
"os_profile": {
"admin_password": "{your-password}",
"admin_username": "{your-username}",
"computer_name_prefix": "{vmss-name}",
},
"security_profile": {
"security_type": azure_native.compute.SecurityTypes.TRUSTED_LAUNCH,
"uefi_settings": {
"secure_boot_enabled": True,
"v_tpm_enabled": True,
},
},
"storage_profile": {
"image_reference": {
"offer": "windowsserver-gen2preview-preview",
"publisher": "MicrosoftWindowsServer",
"sku": "windows10-tvm",
"version": "18363.592.2001092016",
},
"os_disk": {
"caching": azure_native.compute.CachingTypes.READ_ONLY,
"create_option": azure_native.compute.DiskCreateOptionTypes.FROM_IMAGE,
"managed_disk": {
"storage_account_type": azure_native.compute.StorageAccountTypes.STANDARD_SS_D_LRS,
},
},
},
},
vm_scale_set_name="{vmss-name}")
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewVirtualMachineScaleSet(ctx, "virtualMachineScaleSet", &compute.VirtualMachineScaleSetArgs{
Location: pulumi.String("westus"),
Overprovision: pulumi.Bool(true),
ResourceGroupName: pulumi.String("myResourceGroup"),
Sku: &compute.SkuArgs{
Capacity: pulumi.Float64(3),
Name: pulumi.String("Standard_D2s_v3"),
Tier: pulumi.String("Standard"),
},
UpgradePolicy: &compute.UpgradePolicyArgs{
Mode: compute.UpgradeModeManual,
},
VirtualMachineProfile: &compute.VirtualMachineScaleSetVMProfileArgs{
NetworkProfile: &compute.VirtualMachineScaleSetNetworkProfileArgs{
NetworkInterfaceConfigurations: compute.VirtualMachineScaleSetNetworkConfigurationArray{
&compute.VirtualMachineScaleSetNetworkConfigurationArgs{
EnableIPForwarding: pulumi.Bool(true),
IpConfigurations: compute.VirtualMachineScaleSetIPConfigurationArray{
&compute.VirtualMachineScaleSetIPConfigurationArgs{
Name: pulumi.String("{vmss-name}"),
Subnet: &compute.ApiEntityReferenceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}"),
},
},
},
Name: pulumi.String("{vmss-name}"),
Primary: pulumi.Bool(true),
},
},
},
OsProfile: &compute.VirtualMachineScaleSetOSProfileArgs{
AdminPassword: pulumi.String("{your-password}"),
AdminUsername: pulumi.String("{your-username}"),
ComputerNamePrefix: pulumi.String("{vmss-name}"),
},
SecurityProfile: &compute.SecurityProfileArgs{
SecurityType: pulumi.String(compute.SecurityTypesTrustedLaunch),
UefiSettings: &compute.UefiSettingsArgs{
SecureBootEnabled: pulumi.Bool(true),
VTpmEnabled: pulumi.Bool(true),
},
},
StorageProfile: &compute.VirtualMachineScaleSetStorageProfileArgs{
ImageReference: &compute.ImageReferenceArgs{
Offer: pulumi.String("windowsserver-gen2preview-preview"),
Publisher: pulumi.String("MicrosoftWindowsServer"),
Sku: pulumi.String("windows10-tvm"),
Version: pulumi.String("18363.592.2001092016"),
},
OsDisk: &compute.VirtualMachineScaleSetOSDiskArgs{
Caching: compute.CachingTypesReadOnly,
CreateOption: pulumi.String(compute.DiskCreateOptionTypesFromImage),
ManagedDisk: &compute.VirtualMachineScaleSetManagedDiskParametersArgs{
StorageAccountType: pulumi.String(compute.StorageAccountTypes_StandardSSD_LRS),
},
},
},
},
VmScaleSetName: pulumi.String("{vmss-name}"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var virtualMachineScaleSet = new AzureNative.Compute.VirtualMachineScaleSet("virtualMachineScaleSet", new()
{
Location = "westus",
Overprovision = true,
ResourceGroupName = "myResourceGroup",
Sku = new AzureNative.Compute.Inputs.SkuArgs
{
Capacity = 3,
Name = "Standard_D2s_v3",
Tier = "Standard",
},
UpgradePolicy = new AzureNative.Compute.Inputs.UpgradePolicyArgs
{
Mode = AzureNative.Compute.UpgradeMode.Manual,
},
VirtualMachineProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetVMProfileArgs
{
NetworkProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkProfileArgs
{
NetworkInterfaceConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkConfigurationArgs
{
EnableIPForwarding = true,
IpConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetIPConfigurationArgs
{
Name = "{vmss-name}",
Subnet = new AzureNative.Compute.Inputs.ApiEntityReferenceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
},
},
Name = "{vmss-name}",
Primary = true,
},
},
},
OsProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSProfileArgs
{
AdminPassword = "{your-password}",
AdminUsername = "{your-username}",
ComputerNamePrefix = "{vmss-name}",
},
SecurityProfile = new AzureNative.Compute.Inputs.SecurityProfileArgs
{
SecurityType = AzureNative.Compute.SecurityTypes.TrustedLaunch,
UefiSettings = new AzureNative.Compute.Inputs.UefiSettingsArgs
{
SecureBootEnabled = true,
VTpmEnabled = true,
},
},
StorageProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetStorageProfileArgs
{
ImageReference = new AzureNative.Compute.Inputs.ImageReferenceArgs
{
Offer = "windowsserver-gen2preview-preview",
Publisher = "MicrosoftWindowsServer",
Sku = "windows10-tvm",
Version = "18363.592.2001092016",
},
OsDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSDiskArgs
{
Caching = AzureNative.Compute.CachingTypes.ReadOnly,
CreateOption = AzureNative.Compute.DiskCreateOptionTypes.FromImage,
ManagedDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetManagedDiskParametersArgs
{
StorageAccountType = AzureNative.Compute.StorageAccountTypes.StandardSSD_LRS,
},
},
},
},
VmScaleSetName = "{vmss-name}",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.VirtualMachineScaleSet;
import com.pulumi.azurenative.compute.VirtualMachineScaleSetArgs;
import com.pulumi.azurenative.compute.inputs.SkuArgs;
import com.pulumi.azurenative.compute.inputs.UpgradePolicyArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetVMProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetNetworkProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSProfileArgs;
import com.pulumi.azurenative.compute.inputs.SecurityProfileArgs;
import com.pulumi.azurenative.compute.inputs.UefiSettingsArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetStorageProfileArgs;
import com.pulumi.azurenative.compute.inputs.ImageReferenceArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSDiskArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetManagedDiskParametersArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var virtualMachineScaleSet = new VirtualMachineScaleSet("virtualMachineScaleSet", VirtualMachineScaleSetArgs.builder()
.location("westus")
.overprovision(true)
.resourceGroupName("myResourceGroup")
.sku(SkuArgs.builder()
.capacity(3.0)
.name("Standard_D2s_v3")
.tier("Standard")
.build())
.upgradePolicy(UpgradePolicyArgs.builder()
.mode("Manual")
.build())
.virtualMachineProfile(VirtualMachineScaleSetVMProfileArgs.builder()
.networkProfile(VirtualMachineScaleSetNetworkProfileArgs.builder()
.networkInterfaceConfigurations(VirtualMachineScaleSetNetworkConfigurationArgs.builder()
.enableIPForwarding(true)
.ipConfigurations(VirtualMachineScaleSetIPConfigurationArgs.builder()
.name("{vmss-name}")
.subnet(ApiEntityReferenceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}")
.build())
.build())
.name("{vmss-name}")
.primary(true)
.build())
.build())
.osProfile(VirtualMachineScaleSetOSProfileArgs.builder()
.adminPassword("{your-password}")
.adminUsername("{your-username}")
.computerNamePrefix("{vmss-name}")
.build())
.securityProfile(SecurityProfileArgs.builder()
.securityType("TrustedLaunch")
.uefiSettings(UefiSettingsArgs.builder()
.secureBootEnabled(true)
.vTpmEnabled(true)
.build())
.build())
.storageProfile(VirtualMachineScaleSetStorageProfileArgs.builder()
.imageReference(ImageReferenceArgs.builder()
.offer("windowsserver-gen2preview-preview")
.publisher("MicrosoftWindowsServer")
.sku("windows10-tvm")
.version("18363.592.2001092016")
.build())
.osDisk(VirtualMachineScaleSetOSDiskArgs.builder()
.caching("ReadOnly")
.createOption("FromImage")
.managedDisk(VirtualMachineScaleSetManagedDiskParametersArgs.builder()
.storageAccountType("StandardSSD_LRS")
.build())
.build())
.build())
.build())
.vmScaleSetName("{vmss-name}")
.build());
}
}
resources:
virtualMachineScaleSet:
type: azure-native:compute:VirtualMachineScaleSet
properties:
location: westus
overprovision: true
resourceGroupName: myResourceGroup
sku:
capacity: 3
name: Standard_D2s_v3
tier: Standard
upgradePolicy:
mode: Manual
virtualMachineProfile:
networkProfile:
networkInterfaceConfigurations:
- enableIPForwarding: true
ipConfigurations:
- name: '{vmss-name}'
subnet:
id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}
name: '{vmss-name}'
primary: true
osProfile:
adminPassword: '{your-password}'
adminUsername: '{your-username}'
computerNamePrefix: '{vmss-name}'
securityProfile:
securityType: TrustedLaunch
uefiSettings:
secureBootEnabled: true
vTpmEnabled: true
storageProfile:
imageReference:
offer: windowsserver-gen2preview-preview
publisher: MicrosoftWindowsServer
sku: windows10-tvm
version: 18363.592.2001092016
osDisk:
caching: ReadOnly
createOption: FromImage
managedDisk:
storageAccountType: StandardSSD_LRS
vmScaleSetName: '{vmss-name}'
The securityProfile.securityType must be set to “TrustedLaunch”, with uefiSettings.secureBootEnabled and uefiSettings.vTpmEnabled both true. Secure boot validates boot components against trusted signatures, while vTPM provides hardware-based cryptographic operations. Requires Generation 2 VM images.
Integrate with Azure Load Balancer for traffic distribution
Scale sets commonly sit behind load balancers to distribute incoming traffic across VM instances and provide health monitoring.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const virtualMachineScaleSet = new azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet", {
location: "westus",
overprovision: true,
resourceGroupName: "myResourceGroup",
sku: {
capacity: 3,
name: "Standard_D1_v2",
tier: "Standard",
},
upgradePolicy: {
mode: azure_native.compute.UpgradeMode.Manual,
},
virtualMachineProfile: {
networkProfile: {
networkInterfaceConfigurations: [{
enableIPForwarding: true,
ipConfigurations: [{
applicationGatewayBackendAddressPools: [{
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/applicationGateways/{existing-application-gateway-name}/backendAddressPools/{existing-backend-address-pool-name}",
}],
name: "{vmss-name}",
subnet: {
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
name: "{vmss-name}",
primary: true,
}],
},
osProfile: {
adminPassword: "{your-password}",
adminUsername: "{your-username}",
computerNamePrefix: "{vmss-name}",
},
storageProfile: {
imageReference: {
offer: "WindowsServer",
publisher: "MicrosoftWindowsServer",
sku: "2016-Datacenter",
version: "latest",
},
osDisk: {
caching: azure_native.compute.CachingTypes.ReadWrite,
createOption: azure_native.compute.DiskCreateOptionTypes.FromImage,
managedDisk: {
storageAccountType: azure_native.compute.StorageAccountTypes.Standard_LRS,
},
},
},
},
vmScaleSetName: "{vmss-name}",
});
import pulumi
import pulumi_azure_native as azure_native
virtual_machine_scale_set = azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet",
location="westus",
overprovision=True,
resource_group_name="myResourceGroup",
sku={
"capacity": 3,
"name": "Standard_D1_v2",
"tier": "Standard",
},
upgrade_policy={
"mode": azure_native.compute.UpgradeMode.MANUAL,
},
virtual_machine_profile={
"network_profile": {
"network_interface_configurations": [{
"enable_ip_forwarding": True,
"ip_configurations": [{
"application_gateway_backend_address_pools": [{
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/applicationGateways/{existing-application-gateway-name}/backendAddressPools/{existing-backend-address-pool-name}",
}],
"name": "{vmss-name}",
"subnet": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
"name": "{vmss-name}",
"primary": True,
}],
},
"os_profile": {
"admin_password": "{your-password}",
"admin_username": "{your-username}",
"computer_name_prefix": "{vmss-name}",
},
"storage_profile": {
"image_reference": {
"offer": "WindowsServer",
"publisher": "MicrosoftWindowsServer",
"sku": "2016-Datacenter",
"version": "latest",
},
"os_disk": {
"caching": azure_native.compute.CachingTypes.READ_WRITE,
"create_option": azure_native.compute.DiskCreateOptionTypes.FROM_IMAGE,
"managed_disk": {
"storage_account_type": azure_native.compute.StorageAccountTypes.STANDARD_LRS,
},
},
},
},
vm_scale_set_name="{vmss-name}")
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewVirtualMachineScaleSet(ctx, "virtualMachineScaleSet", &compute.VirtualMachineScaleSetArgs{
Location: pulumi.String("westus"),
Overprovision: pulumi.Bool(true),
ResourceGroupName: pulumi.String("myResourceGroup"),
Sku: &compute.SkuArgs{
Capacity: pulumi.Float64(3),
Name: pulumi.String("Standard_D1_v2"),
Tier: pulumi.String("Standard"),
},
UpgradePolicy: &compute.UpgradePolicyArgs{
Mode: compute.UpgradeModeManual,
},
VirtualMachineProfile: &compute.VirtualMachineScaleSetVMProfileArgs{
NetworkProfile: &compute.VirtualMachineScaleSetNetworkProfileArgs{
NetworkInterfaceConfigurations: compute.VirtualMachineScaleSetNetworkConfigurationArray{
&compute.VirtualMachineScaleSetNetworkConfigurationArgs{
EnableIPForwarding: pulumi.Bool(true),
IpConfigurations: compute.VirtualMachineScaleSetIPConfigurationArray{
&compute.VirtualMachineScaleSetIPConfigurationArgs{
ApplicationGatewayBackendAddressPools: compute.SubResourceArray{
&compute.SubResourceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/applicationGateways/{existing-application-gateway-name}/backendAddressPools/{existing-backend-address-pool-name}"),
},
},
Name: pulumi.String("{vmss-name}"),
Subnet: &compute.ApiEntityReferenceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}"),
},
},
},
Name: pulumi.String("{vmss-name}"),
Primary: pulumi.Bool(true),
},
},
},
OsProfile: &compute.VirtualMachineScaleSetOSProfileArgs{
AdminPassword: pulumi.String("{your-password}"),
AdminUsername: pulumi.String("{your-username}"),
ComputerNamePrefix: pulumi.String("{vmss-name}"),
},
StorageProfile: &compute.VirtualMachineScaleSetStorageProfileArgs{
ImageReference: &compute.ImageReferenceArgs{
Offer: pulumi.String("WindowsServer"),
Publisher: pulumi.String("MicrosoftWindowsServer"),
Sku: pulumi.String("2016-Datacenter"),
Version: pulumi.String("latest"),
},
OsDisk: &compute.VirtualMachineScaleSetOSDiskArgs{
Caching: compute.CachingTypesReadWrite,
CreateOption: pulumi.String(compute.DiskCreateOptionTypesFromImage),
ManagedDisk: &compute.VirtualMachineScaleSetManagedDiskParametersArgs{
StorageAccountType: pulumi.String(compute.StorageAccountTypes_Standard_LRS),
},
},
},
},
VmScaleSetName: pulumi.String("{vmss-name}"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var virtualMachineScaleSet = new AzureNative.Compute.VirtualMachineScaleSet("virtualMachineScaleSet", new()
{
Location = "westus",
Overprovision = true,
ResourceGroupName = "myResourceGroup",
Sku = new AzureNative.Compute.Inputs.SkuArgs
{
Capacity = 3,
Name = "Standard_D1_v2",
Tier = "Standard",
},
UpgradePolicy = new AzureNative.Compute.Inputs.UpgradePolicyArgs
{
Mode = AzureNative.Compute.UpgradeMode.Manual,
},
VirtualMachineProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetVMProfileArgs
{
NetworkProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkProfileArgs
{
NetworkInterfaceConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkConfigurationArgs
{
EnableIPForwarding = true,
IpConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetIPConfigurationArgs
{
ApplicationGatewayBackendAddressPools = new[]
{
new AzureNative.Compute.Inputs.SubResourceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/applicationGateways/{existing-application-gateway-name}/backendAddressPools/{existing-backend-address-pool-name}",
},
},
Name = "{vmss-name}",
Subnet = new AzureNative.Compute.Inputs.ApiEntityReferenceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
},
},
Name = "{vmss-name}",
Primary = true,
},
},
},
OsProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSProfileArgs
{
AdminPassword = "{your-password}",
AdminUsername = "{your-username}",
ComputerNamePrefix = "{vmss-name}",
},
StorageProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetStorageProfileArgs
{
ImageReference = new AzureNative.Compute.Inputs.ImageReferenceArgs
{
Offer = "WindowsServer",
Publisher = "MicrosoftWindowsServer",
Sku = "2016-Datacenter",
Version = "latest",
},
OsDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSDiskArgs
{
Caching = AzureNative.Compute.CachingTypes.ReadWrite,
CreateOption = AzureNative.Compute.DiskCreateOptionTypes.FromImage,
ManagedDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetManagedDiskParametersArgs
{
StorageAccountType = AzureNative.Compute.StorageAccountTypes.Standard_LRS,
},
},
},
},
VmScaleSetName = "{vmss-name}",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.VirtualMachineScaleSet;
import com.pulumi.azurenative.compute.VirtualMachineScaleSetArgs;
import com.pulumi.azurenative.compute.inputs.SkuArgs;
import com.pulumi.azurenative.compute.inputs.UpgradePolicyArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetVMProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetNetworkProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetStorageProfileArgs;
import com.pulumi.azurenative.compute.inputs.ImageReferenceArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSDiskArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetManagedDiskParametersArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var virtualMachineScaleSet = new VirtualMachineScaleSet("virtualMachineScaleSet", VirtualMachineScaleSetArgs.builder()
.location("westus")
.overprovision(true)
.resourceGroupName("myResourceGroup")
.sku(SkuArgs.builder()
.capacity(3.0)
.name("Standard_D1_v2")
.tier("Standard")
.build())
.upgradePolicy(UpgradePolicyArgs.builder()
.mode("Manual")
.build())
.virtualMachineProfile(VirtualMachineScaleSetVMProfileArgs.builder()
.networkProfile(VirtualMachineScaleSetNetworkProfileArgs.builder()
.networkInterfaceConfigurations(VirtualMachineScaleSetNetworkConfigurationArgs.builder()
.enableIPForwarding(true)
.ipConfigurations(VirtualMachineScaleSetIPConfigurationArgs.builder()
.applicationGatewayBackendAddressPools(SubResourceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/applicationGateways/{existing-application-gateway-name}/backendAddressPools/{existing-backend-address-pool-name}")
.build())
.name("{vmss-name}")
.subnet(ApiEntityReferenceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}")
.build())
.build())
.name("{vmss-name}")
.primary(true)
.build())
.build())
.osProfile(VirtualMachineScaleSetOSProfileArgs.builder()
.adminPassword("{your-password}")
.adminUsername("{your-username}")
.computerNamePrefix("{vmss-name}")
.build())
.storageProfile(VirtualMachineScaleSetStorageProfileArgs.builder()
.imageReference(ImageReferenceArgs.builder()
.offer("WindowsServer")
.publisher("MicrosoftWindowsServer")
.sku("2016-Datacenter")
.version("latest")
.build())
.osDisk(VirtualMachineScaleSetOSDiskArgs.builder()
.caching("ReadWrite")
.createOption("FromImage")
.managedDisk(VirtualMachineScaleSetManagedDiskParametersArgs.builder()
.storageAccountType("Standard_LRS")
.build())
.build())
.build())
.build())
.vmScaleSetName("{vmss-name}")
.build());
}
}
resources:
virtualMachineScaleSet:
type: azure-native:compute:VirtualMachineScaleSet
properties:
location: westus
overprovision: true
resourceGroupName: myResourceGroup
sku:
capacity: 3
name: Standard_D1_v2
tier: Standard
upgradePolicy:
mode: Manual
virtualMachineProfile:
networkProfile:
networkInterfaceConfigurations:
- enableIPForwarding: true
ipConfigurations:
- applicationGatewayBackendAddressPools:
- id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/applicationGateways/{existing-application-gateway-name}/backendAddressPools/{existing-backend-address-pool-name}
name: '{vmss-name}'
subnet:
id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}
name: '{vmss-name}'
primary: true
osProfile:
adminPassword: '{your-password}'
adminUsername: '{your-username}'
computerNamePrefix: '{vmss-name}'
storageProfile:
imageReference:
offer: WindowsServer
publisher: MicrosoftWindowsServer
sku: 2016-Datacenter
version: latest
osDisk:
caching: ReadWrite
createOption: FromImage
managedDisk:
storageAccountType: Standard_LRS
vmScaleSetName: '{vmss-name}'
The ipConfigurations array includes loadBalancerBackendAddressPools to connect instances to the load balancer’s backend pool, and loadBalancerInboundNatPools for SSH or RDP access to individual instances. The publicIPAddressConfiguration assigns public IPs to each instance when needed.
Enable automatic instance repairs with health monitoring
Scale sets can automatically detect and replace unhealthy instances based on health probe signals, maintaining application availability without manual intervention.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const virtualMachineScaleSet = new azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet", {
location: "westus",
overprovision: true,
resourceGroupName: "myResourceGroup",
sku: {
capacity: 3,
name: "Standard_D1_v2",
tier: "Standard",
},
upgradePolicy: {
mode: azure_native.compute.UpgradeMode.Manual,
},
virtualMachineProfile: {
networkProfile: {
networkInterfaceConfigurations: [{
enableIPForwarding: true,
ipConfigurations: [{
loadBalancerBackendAddressPools: [{
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/{existing-load-balancer-name}/backendAddressPools/{existing-backend-address-pool-name}",
}],
loadBalancerInboundNatPools: [{
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/{existing-load-balancer-name}/inboundNatPools/{existing-nat-pool-name}",
}],
name: "{vmss-name}",
publicIPAddressConfiguration: {
name: "{vmss-name}",
publicIPAddressVersion: azure_native.compute.IPVersion.IPv4,
},
subnet: {
id: "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
name: "{vmss-name}",
primary: true,
}],
},
osProfile: {
adminPassword: "{your-password}",
adminUsername: "{your-username}",
computerNamePrefix: "{vmss-name}",
},
storageProfile: {
imageReference: {
offer: "WindowsServer",
publisher: "MicrosoftWindowsServer",
sku: "2016-Datacenter",
version: "latest",
},
osDisk: {
caching: azure_native.compute.CachingTypes.ReadWrite,
createOption: azure_native.compute.DiskCreateOptionTypes.FromImage,
managedDisk: {
storageAccountType: azure_native.compute.StorageAccountTypes.Standard_LRS,
},
},
},
},
vmScaleSetName: "{vmss-name}",
});
import pulumi
import pulumi_azure_native as azure_native
virtual_machine_scale_set = azure_native.compute.VirtualMachineScaleSet("virtualMachineScaleSet",
location="westus",
overprovision=True,
resource_group_name="myResourceGroup",
sku={
"capacity": 3,
"name": "Standard_D1_v2",
"tier": "Standard",
},
upgrade_policy={
"mode": azure_native.compute.UpgradeMode.MANUAL,
},
virtual_machine_profile={
"network_profile": {
"network_interface_configurations": [{
"enable_ip_forwarding": True,
"ip_configurations": [{
"load_balancer_backend_address_pools": [{
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/{existing-load-balancer-name}/backendAddressPools/{existing-backend-address-pool-name}",
}],
"load_balancer_inbound_nat_pools": [{
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/{existing-load-balancer-name}/inboundNatPools/{existing-nat-pool-name}",
}],
"name": "{vmss-name}",
"public_ip_address_configuration": {
"name": "{vmss-name}",
"public_ip_address_version": azure_native.compute.IPVersion.I_PV4,
},
"subnet": {
"id": "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
}],
"name": "{vmss-name}",
"primary": True,
}],
},
"os_profile": {
"admin_password": "{your-password}",
"admin_username": "{your-username}",
"computer_name_prefix": "{vmss-name}",
},
"storage_profile": {
"image_reference": {
"offer": "WindowsServer",
"publisher": "MicrosoftWindowsServer",
"sku": "2016-Datacenter",
"version": "latest",
},
"os_disk": {
"caching": azure_native.compute.CachingTypes.READ_WRITE,
"create_option": azure_native.compute.DiskCreateOptionTypes.FROM_IMAGE,
"managed_disk": {
"storage_account_type": azure_native.compute.StorageAccountTypes.STANDARD_LRS,
},
},
},
},
vm_scale_set_name="{vmss-name}")
package main
import (
compute "github.com/pulumi/pulumi-azure-native-sdk/compute/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewVirtualMachineScaleSet(ctx, "virtualMachineScaleSet", &compute.VirtualMachineScaleSetArgs{
Location: pulumi.String("westus"),
Overprovision: pulumi.Bool(true),
ResourceGroupName: pulumi.String("myResourceGroup"),
Sku: &compute.SkuArgs{
Capacity: pulumi.Float64(3),
Name: pulumi.String("Standard_D1_v2"),
Tier: pulumi.String("Standard"),
},
UpgradePolicy: &compute.UpgradePolicyArgs{
Mode: compute.UpgradeModeManual,
},
VirtualMachineProfile: &compute.VirtualMachineScaleSetVMProfileArgs{
NetworkProfile: &compute.VirtualMachineScaleSetNetworkProfileArgs{
NetworkInterfaceConfigurations: compute.VirtualMachineScaleSetNetworkConfigurationArray{
&compute.VirtualMachineScaleSetNetworkConfigurationArgs{
EnableIPForwarding: pulumi.Bool(true),
IpConfigurations: compute.VirtualMachineScaleSetIPConfigurationArray{
&compute.VirtualMachineScaleSetIPConfigurationArgs{
LoadBalancerBackendAddressPools: compute.SubResourceArray{
&compute.SubResourceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/{existing-load-balancer-name}/backendAddressPools/{existing-backend-address-pool-name}"),
},
},
LoadBalancerInboundNatPools: compute.SubResourceArray{
&compute.SubResourceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/{existing-load-balancer-name}/inboundNatPools/{existing-nat-pool-name}"),
},
},
Name: pulumi.String("{vmss-name}"),
PublicIPAddressConfiguration: &compute.VirtualMachineScaleSetPublicIPAddressConfigurationArgs{
Name: pulumi.String("{vmss-name}"),
PublicIPAddressVersion: pulumi.String(compute.IPVersionIPv4),
},
Subnet: &compute.ApiEntityReferenceArgs{
Id: pulumi.String("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}"),
},
},
},
Name: pulumi.String("{vmss-name}"),
Primary: pulumi.Bool(true),
},
},
},
OsProfile: &compute.VirtualMachineScaleSetOSProfileArgs{
AdminPassword: pulumi.String("{your-password}"),
AdminUsername: pulumi.String("{your-username}"),
ComputerNamePrefix: pulumi.String("{vmss-name}"),
},
StorageProfile: &compute.VirtualMachineScaleSetStorageProfileArgs{
ImageReference: &compute.ImageReferenceArgs{
Offer: pulumi.String("WindowsServer"),
Publisher: pulumi.String("MicrosoftWindowsServer"),
Sku: pulumi.String("2016-Datacenter"),
Version: pulumi.String("latest"),
},
OsDisk: &compute.VirtualMachineScaleSetOSDiskArgs{
Caching: compute.CachingTypesReadWrite,
CreateOption: pulumi.String(compute.DiskCreateOptionTypesFromImage),
ManagedDisk: &compute.VirtualMachineScaleSetManagedDiskParametersArgs{
StorageAccountType: pulumi.String(compute.StorageAccountTypes_Standard_LRS),
},
},
},
},
VmScaleSetName: pulumi.String("{vmss-name}"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var virtualMachineScaleSet = new AzureNative.Compute.VirtualMachineScaleSet("virtualMachineScaleSet", new()
{
Location = "westus",
Overprovision = true,
ResourceGroupName = "myResourceGroup",
Sku = new AzureNative.Compute.Inputs.SkuArgs
{
Capacity = 3,
Name = "Standard_D1_v2",
Tier = "Standard",
},
UpgradePolicy = new AzureNative.Compute.Inputs.UpgradePolicyArgs
{
Mode = AzureNative.Compute.UpgradeMode.Manual,
},
VirtualMachineProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetVMProfileArgs
{
NetworkProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkProfileArgs
{
NetworkInterfaceConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetNetworkConfigurationArgs
{
EnableIPForwarding = true,
IpConfigurations = new[]
{
new AzureNative.Compute.Inputs.VirtualMachineScaleSetIPConfigurationArgs
{
LoadBalancerBackendAddressPools = new[]
{
new AzureNative.Compute.Inputs.SubResourceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/{existing-load-balancer-name}/backendAddressPools/{existing-backend-address-pool-name}",
},
},
LoadBalancerInboundNatPools = new[]
{
new AzureNative.Compute.Inputs.SubResourceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/{existing-load-balancer-name}/inboundNatPools/{existing-nat-pool-name}",
},
},
Name = "{vmss-name}",
PublicIPAddressConfiguration = new AzureNative.Compute.Inputs.VirtualMachineScaleSetPublicIPAddressConfigurationArgs
{
Name = "{vmss-name}",
PublicIPAddressVersion = AzureNative.Compute.IPVersion.IPv4,
},
Subnet = new AzureNative.Compute.Inputs.ApiEntityReferenceArgs
{
Id = "/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}",
},
},
},
Name = "{vmss-name}",
Primary = true,
},
},
},
OsProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSProfileArgs
{
AdminPassword = "{your-password}",
AdminUsername = "{your-username}",
ComputerNamePrefix = "{vmss-name}",
},
StorageProfile = new AzureNative.Compute.Inputs.VirtualMachineScaleSetStorageProfileArgs
{
ImageReference = new AzureNative.Compute.Inputs.ImageReferenceArgs
{
Offer = "WindowsServer",
Publisher = "MicrosoftWindowsServer",
Sku = "2016-Datacenter",
Version = "latest",
},
OsDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetOSDiskArgs
{
Caching = AzureNative.Compute.CachingTypes.ReadWrite,
CreateOption = AzureNative.Compute.DiskCreateOptionTypes.FromImage,
ManagedDisk = new AzureNative.Compute.Inputs.VirtualMachineScaleSetManagedDiskParametersArgs
{
StorageAccountType = AzureNative.Compute.StorageAccountTypes.Standard_LRS,
},
},
},
},
VmScaleSetName = "{vmss-name}",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.compute.VirtualMachineScaleSet;
import com.pulumi.azurenative.compute.VirtualMachineScaleSetArgs;
import com.pulumi.azurenative.compute.inputs.SkuArgs;
import com.pulumi.azurenative.compute.inputs.UpgradePolicyArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetVMProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetNetworkProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSProfileArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetStorageProfileArgs;
import com.pulumi.azurenative.compute.inputs.ImageReferenceArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetOSDiskArgs;
import com.pulumi.azurenative.compute.inputs.VirtualMachineScaleSetManagedDiskParametersArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var virtualMachineScaleSet = new VirtualMachineScaleSet("virtualMachineScaleSet", VirtualMachineScaleSetArgs.builder()
.location("westus")
.overprovision(true)
.resourceGroupName("myResourceGroup")
.sku(SkuArgs.builder()
.capacity(3.0)
.name("Standard_D1_v2")
.tier("Standard")
.build())
.upgradePolicy(UpgradePolicyArgs.builder()
.mode("Manual")
.build())
.virtualMachineProfile(VirtualMachineScaleSetVMProfileArgs.builder()
.networkProfile(VirtualMachineScaleSetNetworkProfileArgs.builder()
.networkInterfaceConfigurations(VirtualMachineScaleSetNetworkConfigurationArgs.builder()
.enableIPForwarding(true)
.ipConfigurations(VirtualMachineScaleSetIPConfigurationArgs.builder()
.loadBalancerBackendAddressPools(SubResourceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/{existing-load-balancer-name}/backendAddressPools/{existing-backend-address-pool-name}")
.build())
.loadBalancerInboundNatPools(SubResourceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/{existing-load-balancer-name}/inboundNatPools/{existing-nat-pool-name}")
.build())
.name("{vmss-name}")
.publicIPAddressConfiguration(VirtualMachineScaleSetPublicIPAddressConfigurationArgs.builder()
.name("{vmss-name}")
.publicIPAddressVersion("IPv4")
.build())
.subnet(ApiEntityReferenceArgs.builder()
.id("/subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}")
.build())
.build())
.name("{vmss-name}")
.primary(true)
.build())
.build())
.osProfile(VirtualMachineScaleSetOSProfileArgs.builder()
.adminPassword("{your-password}")
.adminUsername("{your-username}")
.computerNamePrefix("{vmss-name}")
.build())
.storageProfile(VirtualMachineScaleSetStorageProfileArgs.builder()
.imageReference(ImageReferenceArgs.builder()
.offer("WindowsServer")
.publisher("MicrosoftWindowsServer")
.sku("2016-Datacenter")
.version("latest")
.build())
.osDisk(VirtualMachineScaleSetOSDiskArgs.builder()
.caching("ReadWrite")
.createOption("FromImage")
.managedDisk(VirtualMachineScaleSetManagedDiskParametersArgs.builder()
.storageAccountType("Standard_LRS")
.build())
.build())
.build())
.build())
.vmScaleSetName("{vmss-name}")
.build());
}
}
resources:
virtualMachineScaleSet:
type: azure-native:compute:VirtualMachineScaleSet
properties:
location: westus
overprovision: true
resourceGroupName: myResourceGroup
sku:
capacity: 3
name: Standard_D1_v2
tier: Standard
upgradePolicy:
mode: Manual
virtualMachineProfile:
networkProfile:
networkInterfaceConfigurations:
- enableIPForwarding: true
ipConfigurations:
- loadBalancerBackendAddressPools:
- id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/{existing-load-balancer-name}/backendAddressPools/{existing-backend-address-pool-name}
loadBalancerInboundNatPools:
- id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/{existing-load-balancer-name}/inboundNatPools/{existing-nat-pool-name}
name: '{vmss-name}'
publicIPAddressConfiguration:
name: '{vmss-name}'
publicIPAddressVersion: IPv4
subnet:
id: /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/{existing-virtual-network-name}/subnets/{existing-subnet-name}
name: '{vmss-name}'
primary: true
osProfile:
adminPassword: '{your-password}'
adminUsername: '{your-username}'
computerNamePrefix: '{vmss-name}'
storageProfile:
imageReference:
offer: WindowsServer
publisher: MicrosoftWindowsServer
sku: 2016-Datacenter
version: latest
osDisk:
caching: ReadWrite
createOption: FromImage
managedDisk:
storageAccountType: Standard_LRS
vmScaleSetName: '{vmss-name}'
The automaticRepairsPolicy.enabled property activates automatic repairs. The gracePeriod (in ISO 8601 duration format like “PT10M” for 10 minutes) delays repair actions after instance creation or updates, allowing applications time to initialize. Requires either an application health extension or load balancer health probe to signal instance health.
Beyond these examples
These snippets focus on specific scale set features: VM extensions and custom images, security configurations, and load balancer integration. They’re intentionally minimal rather than full VM deployments.
The examples may reference pre-existing infrastructure such as virtual networks and subnets, custom images or gallery images, load balancers or application gateways, and storage accounts for boot diagnostics. They focus on configuring the scale set rather than provisioning everything around it.
To keep things focused, common scale set patterns are omitted, including:
- Upgrade policies (automatic, rolling, manual modes)
- Overprovisioning and capacity management
- Data disk configuration and storage options
- Proximity placement groups and availability zones
- Spot instance pricing and eviction policies
- User-assigned managed identities
These omissions are intentional: the goal is to illustrate how each scale set feature is wired, not provide drop-in VM modules. See the VirtualMachineScaleSet resource reference for all available configuration options.
Let's deploy Azure Virtual Machine Scale Sets
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Image & Storage Configuration
How do I use a custom image instead of a marketplace image?
Set
storageProfile.imageReference.id to the resource ID of your custom image or shared gallery image instead of specifying publisher, offer, and sku.What's the difference between generalized and specialized images?
Generalized images have been sysprepped and require
osProfile configuration with admin credentials. Specialized images retain user accounts and settings, so osProfile is omitted.What's the difference between managed and unmanaged disks?
Managed disks are handled by Azure (specify
managedDisk.storageAccountType), while unmanaged disks require you to manage storage accounts and configure vhdContainers.How do I use customer-managed encryption keys for disks?
Configure
storageProfile.osDisk.managedDisk.diskEncryptionSet.id with the resource ID of your DiskEncryptionSet resource.Security & Encryption
What security types are available for scale sets?
TrustedLaunch (with Secure Boot and vTPM) and ConfidentialVM (with additional encryption options). Set
securityProfile.securityType to the desired type.How do I enable host-based encryption?
Set
virtualMachineProfile.securityProfile.encryptionAtHost to true. This requires a VM size that supports host-based encryption.What are the disk security encryption types for ConfidentialVM?
VMGuestStateOnly encrypts the VM guest state, while NonPersistedTPM encrypts with a non-persisted TPM. Configure via
osDisk.managedDisk.securityProfile.securityEncryptionType.Networking & Load Balancing
How do I attach a scale set to an Azure Load Balancer?
Configure
networkProfile.networkInterfaceConfigurations[].ipConfigurations[].loadBalancerBackendAddressPools with the load balancer’s backend pool resource ID.How do I attach a scale set to an Application Gateway?
Configure
networkProfile.networkInterfaceConfigurations[].ipConfigurations[].applicationGatewayBackendAddressPools with the application gateway’s backend pool resource ID.Reliability & Resilience
How do I enable automatic VM repairs?
Set
automaticRepairsPolicy.enabled to true and configure gracePeriod (e.g., PT10M for 10 minutes) to allow time for transient issues to resolve.What is Resilient VM Creation and when should I use it?
Resilient VM Creation allows the scale set to continue provisioning even if some VMs fail. Enable it by setting
resiliencyPolicy.resilientVMCreationPolicy.enabled to true.How do I enable automatic zone rebalancing?
Set
resiliencyPolicy.automaticZoneRebalancingPolicy.enabled to true and configure rebalanceBehavior (CreateBeforeDelete or DeleteBeforeCreate) and rebalanceStrategy (Recreate).Upgrade & Maintenance
How do I choose between Manual, Automatic, and Rolling upgrade modes?
Manual requires you to manually upgrade each VM. Automatic upgrades VMs automatically when the image changes. Rolling upgrades VMs in batches with configurable policies for controlled rollout.
How do I configure scheduled events for OS image updates?
Set
virtualMachineProfile.scheduledEventsProfile.osImageNotificationProfile.enable to true and configure notBeforeTimeout (e.g., PT15M) to control notification timing.Extensions & Customization
How do I prevent extension failures from blocking VM deployment?
Set
extensionProfile.extensions[].suppressFailures to true to allow VM provisioning to succeed even if the extension fails.How do I enable boot diagnostics?
Configure
virtualMachineProfile.diagnosticsProfile.bootDiagnostics with enabled: true and a storageUri pointing to your storage account.