subcategory | layout | page_title | description |
---|---|---|---|
Compute |
azurerm |
Azure Resource Manager: azurerm_windows_virtual_machine_scale_set |
Manages a Windows Virtual Machine Scale Set. |
Manages a Windows Virtual Machine Scale Set.
~> Note: All arguments including the administrator login and password will be stored in the raw state as plain-text. Read more about sensitive data in state.
-> Note Terraform will automatically update & reimage the nodes in the Scale Set (if Required) during an Update - this behaviour can be configured using the features
setting within the Provider block.
~> Note: This resource does not support Unmanaged Disks. If you need to use Unmanaged Disks you can continue to use the azurerm_virtual_machine_scale_set
resource instead
This example provisions a basic Windows Virtual Machine Scale Set on an internal network. Additional examples of how to use the azurerm_windows_virtual_machine_scale_set
resource can be found in the ./examples/vm-scale-set/windows` directory within the Github Repository.
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_virtual_network" "example" {
name = "example-network"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
address_space = ["10.0.0.0/16"]
}
resource "azurerm_subnet" "internal" {
name = "internal"
resource_group_name = azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefix = "10.0.2.0/24"
}
resource "azurerm_windows_virtual_machine_scale_set" "example" {
name = "example-vmss"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
sku = "Standard_F2"
instances = 1
admin_password = "P@55w0rd1234!"
admin_username = "adminuser"
source_image_reference {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2016-Datacenter-Server-Core"
version = "latest"
}
os_disk {
storage_account_type = "Standard_LRS"
caching = "ReadWrite"
}
network_interface {
name = "example"
primary = true
ip_configuration {
name = "internal"
primary = true
subnet_id = azurerm_subnet.internal.id
}
}
}
The following arguments are supported:
-
name
- (Required) The name of the Windows Virtual Machine Scale Set. Changing this forces a new resource to be created. -
location
- (Required) The Azure location where the Windows Virtual Machine Scale Set should exist. Changing this forces a new resource to be created. -
resource_group_name
- (Required) The name of the Resource Group in which the Windows Virtual Machine Scale Set should be exist. Changing this forces a new resource to be created. -
admin_password
- (Required) The Password which should be used for the local-administrator on this Virtual Machine. Changing this forces a new resource to be created. -
admin_username
- (Required) The username of the local administrator on each Virtual Machine Scale Set instance. Changing this forces a new resource to be created. -
instances
- (Required) The number of Virtual Machines in the Scale Set.
-> NOTE: If you're using AutoScaling, you may wish to use Terraform's ignore_changes
functionality to ignore changes to this field.
-
sku
- (Required) The Virtual Machine SKU for the Scale Set, such asStandard_F2
. -
network_interface
- (Required) One or morenetwork_interface
blocks as defined below. -
os_disk
- (Required) Anos_disk
block as defined below.
-
additional_capabilities
- (Optional) Aadditional_capabilities
block as defined below. -
additional_unattend_content
- (Optional) One or moreadditional_unattend_content
blocks as defined below. -
automatic_os_upgrade_policy
- (Optional) Aautomatic_os_upgrade_policy
block as defined below. This is Required and can only be specified whenupgrade_mode
is set toAutomatic
. -
automatic_instance_repair
- (Optional) Aautomatic_instance_repair
block as defined below. To enable the automatic instance repair, this Virtual Machine Scale Set must have a validhealth_probe_id
or an Application Health Extension.
~> NOTE: For more information about Automatic Instance Repair, please refer to this doc.
-
boot_diagnostics
- (Optional) Aboot_diagnostics
block as defined below. -
computer_name_prefix
- (Optional) The prefix which should be used for the name of the Virtual Machines in this Scale Set. If unspecified this defaults to the value for thename
field. If the value of thename
field is not a validcomputer_name_prefix
, then you must specifycomputer_name_prefix
. -
custom_data
- (Optional) The Base64-Encoded Custom Data which should be used for this Virtual Machine Scale Set.
-> NOTE: When Custom Data has been configured, it's not possible to remove it without tainting the Virtual Machine Scale Set, due to a limitation of the Azure API.
-
data_disk
- (Optional) One or moredata_disk
blocks as defined below. -
do_not_run_extensions_on_overprovisioned_machines
- (Optional) Should Virtual Machine Extensions be run on Overprovisioned Virtual Machines in the Scale Set? Defaults tofalse
. -
enable_automatic_updates
- (Optional) Are automatic updates enabled for this Virtual Machine? Defaults totrue
. -
eviction_policy
- (Optional) The Policy which should be used Virtual Machines are Evicted from the Scale Set. Changing this forces a new resource to be created.
-> NOTE: This can only be configured when priority
is set to Spot
.
-
health_probe_id
- (Optional) The ID of a Load Balancer Probe which should be used to determine the health of an instance. Changing this forces a new resource to be created. This is Required and can only be specified whenupgrade_mode
is set toAutomatic
orRolling
. -
identity
- (Optional) Aidentity
block as defined below. -
license_type
- (Optional) Specifies the type of on-premise license (also known as Azure Hybrid Use Benefit) which should be used for this Virtual Machine Scale Set. Possible values areNone
,Windows_Client
andWindows_Server
. Changing this forces a new resource to be created. -
max_bid_price
- (Optional) The maximum price you're willing to pay for each Virtual Machine in this Scale Set, in US Dollars; which must be greater than the current spot price. If this bid price falls below the current spot price the Virtual Machines in the Scale Set will be evicted using theeviction_policy
. Defaults to-1
, which means that each Virtual Machine in the Scale Set should not be evicted for price reasons.
-> NOTE: This can only be configured when priority
is set to Spot
.
-
overprovision
- (Optional) Should Azure over-provision Virtual Machines in this Scale Set? This means that multiple Virtual Machines will be provisioned and Azure will keep the instances which become available first - which improves provisioning success rates and improves deployment time. You're not billed for these over-provisioned VM's and they don't count towards the Subscription Quota. Defaults totrue
. -
priority
- (Optional) The Priority of this Virtual Machine Scale Set. Possible values areRegular
andSpot
. Defaults toRegular
. Changing this value forces a new resource.
-> NOTE: When priority
is set to Spot
an eviction_policy
must be specified.
-
provision_vm_agent
- (Optional) Should the Azure VM Agent be provisioned on each Virtual Machine in the Scale Set? Defaults totrue
. Changing this value forces a new resource to be created. -
proximity_placement_group_id
- (Optional) The ID of the Proximity Placement Group in which the Virtual Machine Scale Set should be assigned to. Changing this forces a new resource to be created. -
rolling_upgrade_policy
- (Optional) Arolling_upgrade_policy
block as defined below. This is Required and can only be specified whenupgrade_mode
is set toAutomatic
orRolling
. -
scale_in_policy
- (Optional) The scale-in policy rule that decides which virtual machines are chosen for removal when a Virtual Machine Scale Set is scaled in. Possible values for the scale-in policy rules areDefault
,NewestVM
andOldestVM
, defaults toDefault
. For more information about scale in policy, please refer to this doc. -
secret
- (Optional) One or moresecret
blocks as defined below. -
single_placement_group
- (Optional) Should this Virtual Machine Scale Set be limited to a Single Placement Group, which means the number of instances will be capped at 100 Virtual Machines. Defaults totrue
. -
source_image_id
- (Optional) The ID of an Image which each Virtual Machine in this Scale Set should be based on.
-> NOTE: One of either source_image_id
or source_image_reference
must be set.
source_image_reference
- (Optional) Asource_image_reference
block as defined below.
-> NOTE: One of either source_image_id
or source_image_reference
must be set.
-
tags
- (Optional) A mapping of tags which should be assigned to this Virtual Machine Scale Set. -
terminate_notification
- (Optional) Aterminate_notification
block as defined below. -
timezone
- (Optional) Specifies the time zone of the virtual machine, the possible values are defined here. -
upgrade_mode
- (Optional) Specifies how Upgrades (e.g. changing the Image/SKU) should be performed to Virtual Machine Instances. Possible values areAutomatic
,Manual
andRolling
. Defaults toManual
. -
winrm_listener
- (Optional) One or morewinrm_listener
blocks as defined below. -
zone_balance
- (Optional) Should the Virtual Machines in this Scale Set be strictly evenly distributed across Availability Zones? Defaults tofalse
. Changing this forces a new resource to be created.
-> NOTE: This can only be set to true
when one or more zones
are configured.
zones
- (Optional) A list of Availability Zones in which the Virtual Machines in this Scale Set should be created in. Changing this forces a new resource to be created.
A additional_capabilities
block supports the following:
ultra_ssd_enabled
- (Optional) Should the capacity to enable Data Disks of theUltraSSD_LRS
storage account type be supported on this Virtual Machine Scale Set? Defaults tofalse
. Changing this forces a new resource to be created.
A additional_unattend_content
block supports the following:
-
content
- (Required) The XML formatted content that is added to the unattend.xml file for the specified path and component. Changing this forces a new resource to be created. -
setting
- (Required) The name of the setting to which the content applies. Possible values areAutoLogon
andFirstLogonCommands
. Changing this forces a new resource to be created.
A automatic_os_upgrade_policy
block supports the following:
-
disable_automatic_rollback
- (Required) Should automatic rollbacks be disabled? Changing this forces a new resource to be created. -
enable_automatic_os_upgrade
- (Required) Should OS Upgrades automatically be applied to Scale Set instances in a rolling fashion when a newer version of the OS Image becomes available? Changing this forces a new resource to be created.
A automatic_instance_repair
block supports the following:
-
enabled
- (Required) Should the automatic instance repair be enabled on this Virtual Machine Scale Set? -
grace_period
- (Optional) Amount of time (in minutes, between 30 and 90, defaults to 30 minutes) for which automatic repairs will be delayed. The grace period starts right after the VM is found unhealthy. The time duration should be specified in ISO 8601 format.
A boot_diagnostics
block supports the following:
storage_account_uri
- (Required) The Primary/Secondary Endpoint for the Azure Storage Account which should be used to store Boot Diagnostics, including Console Output and Screenshots from the Hypervisor.
A certificate
block supports the following:
-
store
- (Required) The certificate store on the Virtual Machine where the certificate should be added. -
url
- (Required) The Secret URL of a Key Vault Certificate.
-> NOTE: This can be sourced from the secret_id
field within the azurerm_key_vault_certificate
Resource.
A data_disk
block supports the following:
-
caching
- (Required) The type of Caching which should be used for this Data Disk. Possible values areNone
,ReadOnly
andReadWrite
. -
create_option
- (Optional) The create option which should be used for this Data Disk. Possible values areEmpty
andFromImage
. Defaults toEmpty
. (FromImage
should only be used if the source image includes data disks). -
disk_size_gb
- (Required) The size of the Data Disk which should be created. -
lun
- (Required) The Logical Unit Number of the Data Disk, which must be unique within the Virtual Machine. -
storage_account_type
- (Required) The Type of Storage Account which should back this Data Disk. Possible values includeStandard_LRS
,StandardSSD_LRS
,Premium_LRS
andUltraSSD_LRS
.
-> NOTE: UltraSSD_LRS
is only supported when ultra_ssd_enabled
within the additional_capabilities
block is enabled.
disk_encryption_set_id
- (Optional) The ID of the Disk Encryption Set which should be used to encrypt this Data Disk.
-> NOTE: The Disk Encryption Set must have the Reader
Role Assignment scoped on the Key Vault - in addition to an Access Policy to the Key Vault
~> NOTE: Disk Encryption Sets are in Public Preview in a limited set of regions
write_accelerator_enabled
- (Optional) Should Write Accelerator be enabled for this Data Disk? Defaults tofalse
.
-> NOTE: This requires that the storage_account_type
is set to Premium_LRS
and that caching
is set to None
.
A diff_disk_settings
block supports the following:
option
- (Required) Specifies the Ephemeral Disk Settings for the OS Disk. At this time the only possible value is Local
. Changing this forces a new resource to be created.
A identity
block supports the following:
-
type
- (Required) The type of Managed Identity which should be assigned to the Windows Virtual Machine Scale Set. Possible values areSystemAssigned
,UserAssigned
andSystemAssigned, UserAssigned
. -
identity_ids
- (Optional) A list of User Managed Identity ID's which should be assigned to the Windows Virtual Machine Scale Set.
~> NOTE: This is required when type
is set to UserAssigned
.
A ip_configuration
block supports the following:
-
name
- (Required) The Name which should be used for this IP Configuration. -
application_gateway_backend_address_pool_ids
- (Optional) A list of Backend Address Pools ID's from a Application Gateway which this Virtual Machine Scale Set should be connected to. -
application_security_group_ids
- (Optional) A list of Application Security Group ID's which this Virtual Machine Scale Set should be connected to. -
load_balancer_backend_address_pool_ids
- (Optional) A list of Backend Address Pools ID's from a Load Balancer which this Virtual Machine Scale Set should be connected to.
-> NOTE: When using this field you'll also need to configure a Rule for the Load Balancer, and use a depends_on
between this resource and the Load Balancer Rule.
load_balancer_inbound_nat_rules_ids
- (Optional) A list of NAT Rule ID's from a Load Balancer which this Virtual Machine Scale Set should be connected to.
-> NOTE: When using this field you'll also need to configure a Rule for the Load Balancer, and use a depends_on
between this resource and the Load Balancer Rule.
primary
- (Optional) Is this the Primary IP Configuration for this Network Interface? Defaults tofalse
.
-> NOTE: One ip_configuration
block must be marked as Primary for each Network Interface.
-
public_ip_address
- (Optional) Apublic_ip_address
block as defined below. -
subnet_id
- (Optional) The ID of the Subnet which this IP Configuration should be connected to.
~> subnet_id
is required if version
is set to IPv4
.
version
- (Optional) The Internet Protocol Version which should be used for this IP Configuration. Possible values areIPv4
andIPv6
. Defaults toIPv4
.
A ip_tag
block supports the following:
-
tag
- The IP Tag associated with the Public IP, such asSQL
orStorage
. -
type
- The Type of IP Tag, such asFirstPartyUsage
.
A network_interface
block supports the following:
-
name
- (Required) The Name which should be used for this Network Interface. Changing this forces a new resource to be created. -
ip_configuration
- (Required) One or moreip_configuration
blocks as defined above. -
dns_servers
- (Optional) A list of IP Addresses of DNS Servers which should be assigned to the Network Interface. -
enable_accelerated_networking
- (Optional) Does this Network Interface support Accelerated Networking? Defaults tofalse
. -
enable_ip_forwarding
- (Optional) Does this Network Interface support IP Forwarding? Defaults tofalse
. -
network_security_group_id
- (Optional) The ID of a Network Security Group which should be assigned to this Network Interface. -
primary
- (Optional) Is this the Primary IP Configuration?
-> NOTE: If multiple network_interface
blocks are specified, one must be set to primary
.
A os_disk
block supports the following:
-
caching
- (Required) The Type of Caching which should be used for the Internal OS Disk. Possible values areNone
,ReadOnly
andReadWrite
. -
storage_account_type
- (Required) The Type of Storage Account which should back this the Internal OS Disk. Possible values includeStandard_LRS
,StandardSSD_LRS
andPremium_LRS
. -
diff_disk_settings
- (Optional) Adiff_disk_settings
block as defined above. Changing this forces a new resource to be created. -
disk_encryption_set_id
- (Optional) The ID of the Disk Encryption Set which should be used to encrypt this OS Disk.
-> NOTE: The Disk Encryption Set must have the Reader
Role Assignment scoped on the Key Vault - in addition to an Access Policy to the Key Vault
~> NOTE: Disk Encryption Sets are in Public Preview in a limited set of regions
disk_size_gb
- (Optional) The Size of the Internal OS Disk in GB, if you wish to vary from the size used in the image this Virtual Machine Scale Set is sourced from.
-> NOTE: If specified this must be equal to or larger than the size of the Image the VM Scale Set is based on. When creating a larger disk than exists in the image you'll need to repartition the disk to use the remaining space.
write_accelerator_enabled
- (Optional) Should Write Accelerator be Enabled for this OS Disk? Defaults tofalse
.
-> NOTE: This requires that the storage_account_type
is set to Premium_LRS
and that caching
is set to None
.
A public_ip_address
block supports the following:
-
name
- (Required) The Name of the Public IP Address Configuration. -
domain_name_label
- (Optional) The Prefix which should be used for the Domain Name Label for each Virtual Machine Instance. Azure concatenates the Domain Name Label and Virtual Machine Index to create a unique Domain Name Label for each Virtual Machine. -
idle_timeout_in_minutes
- (Optional) The Idle Timeout in Minutes for the Public IP Address. Possible values are in the range4
to32
. -
ip_tag
- (Optional) One or moreip_tag
blocks as defined above. -
public_ip_prefix_id
- (Optional) The ID of the Public IP Address Prefix from where Public IP Addresses should be allocated. Changing this forces a new resource to be created.
~> NOTE: This functionality is in Preview and must be opted into via az feature register --namespace Microsoft.Network --name AllowBringYourOwnPublicIpAddress
and then az provider register -n Microsoft.Network
.
A rolling_upgrade_policy
block supports the following:
-
max_batch_instance_percent
- (Required) The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. Changing this forces a new resource to be created. -
max_unhealthy_instance_percent
- (Required) The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. Changing this forces a new resource to be created. -
max_unhealthy_upgraded_instance_percent
- (Required) The maximum percentage of upgraded virtual machine instances that can be found to be in an unhealthy state. This check will happen after each batch is upgraded. If this percentage is ever exceeded, the rolling update aborts. Changing this forces a new resource to be created. -
pause_time_between_batches
- (Required) The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. Changing this forces a new resource to be created.
A secret
block supports the following:
-
certificate
- (Required) One or morecertificate
blocks as defined above. -
key_vault_id
- (Required) The ID of the Key Vault from which all Secrets should be sourced.
A terminate_notification
block supports the following:
-
enabled
- (Required) Should the terminate notification be enabled on this Virtual Machine Scale Set? Defaults tofalse
. -
timeout
- (Optional) Length of time (in minutes, between 5 and 15) a notification to be sent to the VM on the instance metadata server till the VM gets deleted. The time duration should be specified in ISO 8601 format.
~> For more information about the terminate notification, please refer to this doc.
A winrm_listener
block supports the following:
certificate_url
- (Optional) The Secret URL of a Key Vault Certificate, which must be specified whenprotocol
is set toHttps
.
-> NOTE: This can be sourced from the secret_id
field within the azurerm_key_vault_certificate
Resource.
protocol
- (Required) The Protocol of the WinRM Listener. Possible values areHttp
andHttps
.
source_image_reference
supports the following:
-
publisher
- (Optional) Specifies the publisher of the image used to create the virtual machines. -
offer
- (Optional) Specifies the offer of the image used to create the virtual machines. -
sku
- (Optional) Specifies the SKU of the image used to create the virtual machines. -
version
- (Optional) Specifies the version of the image used to create the virtual machines.
In addition to all arguments above, the following attributes are exported:
-
id
- The ID of the Windows Virtual Machine Scale Set. -
identity
- Anidentity
block as defined below. -
unique_id
- The Unique ID for this Windows Virtual Machine Scale Set.
An identity
block exports the following:
principal_id
- The ID of the System Managed Service Principal.
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the Windows Virtual Machine Scale Set.update
- (Defaults to 60 minutes) Used when updating (and rolling the instances of) the Windows Virtual Machine Scale Set (e.g. when changing SKU).delete
- (Defaults to 30 minutes) Used when deleting the Windows Virtual Machine Scale Set.
Windows Virtual Machine Scale Sets can be imported using the resource id
, e.g.
terraform import azurerm_windows_virtual_machine_scale_set.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/Microsoft.Compute/virtualMachineScaleSets/scaleset1