az vmss

Manage groupings of virtual machines in an Azure Virtual Machine Scale Set (VMSS).

Commands

az vmss assign-identity Enable managed service identity on a VMSS.
az vmss create Create an Azure Virtual Machine Scale Set.
az vmss deallocate Deallocate virtual machines in a scale set.
az vmss delete Deletes a VM scale set.
az vmss delete-instances Delete virtual machines in a scale set.
az vmss diagnostics Configure the Azure Virtual Machine Scale Set diagnostics extension.
az vmss diagnostics get-default-config Show the default config file which defines data to be collected.
az vmss diagnostics set Enable diagnostics on a virtual machine scale set.
az vmss disk Manage data disks of a VMSS.
az vmss disk attach
az vmss disk detach
az vmss encryption (PREVIEW) Manage encryption of VM scale sets.
az vmss encryption disable Disable the encryption on a VM scale set with managed disks.
az vmss encryption enable Encrypt a VM scale set with managed disks.
az vmss encryption show Show the encryption status.
az vmss extension Manage extensions on a VM scale set.
az vmss extension delete
az vmss extension image Find the available VM extensions for a subscription and region.
az vmss extension image list Vm extension image list.
az vmss extension image list-names Gets a list of virtual machine extension image types.
az vmss extension image list-versions Gets a list of virtual machine extension image versions.
az vmss extension image show Gets a virtual machine extension image.
az vmss extension list
az vmss extension set Create/update extensions for a VMSS in a resource group.
az vmss extension show
az vmss get-instance-view View an instance of a VMSS.
az vmss list List scale sets.
az vmss list-instance-connection-info Get the IP address and port number used to connect to individual VM instances within a set.
az vmss list-instance-public-ips List public IP addresses of VM instances within a set.
az vmss list-instances Gets a list of all virtual machines in a VM scale sets.
az vmss list-skus Gets a list of SKUs available for your VM scale set, including the minimum and maximum VM instances allowed for each SKU.
az vmss nic Manage network interfaces of a VMSS.
az vmss nic list Gets all network interfaces in a virtual machine scale set.
az vmss nic list-vm-nics Gets information about all network interfaces in a virtual machine in a virtual machine scale set.
az vmss nic show Get the specified network interface in a virtual machine scale set.
az vmss reimage Reimage VMs within a VMSS.
az vmss remove-identity (PREVIEW) Remove user assigned identities from a VM scaleset.
az vmss restart Restart virtual machines in a scale set.
az vmss rolling-upgrade
az vmss rolling-upgrade cancel Cancels the current virtual machine scale set rolling upgrade.
az vmss rolling-upgrade get-latest Gets the status of the latest virtual machine scale set rolling upgrade.
az vmss rolling-upgrade start Starts a rolling upgrade to move all virtual machine scale set instances to the latest available Platform Image OS version.
az vmss scale Change the number of VMs in an virtual machine scale set.
az vmss show Get details on VMs within a VMSS.
az vmss start Start virtual machines in a virtual machine scale set.
az vmss stop Power off (stop) virtual machines in a virtual machine scale set.
az vmss update Update a virtual machine scale set.
az vmss update-instances Upgrade virtual machines in a virtual machine scale set.
az vmss wait Place the CLI in a waiting state until a condition of a scale set is met.

az vmss assign-identity

Enable managed service identity on a VMSS.

This is required to authenticate and interact with other Azure services using bearer tokens.

az vmss assign-identity --name
--resource-group
[--identities]
[--port]
[--role]
[--scope]

Examples

Enable identity on a VMSS with the 'Owner' role.

az vmss assign-identity -g MyResourceGroup -n MyVmss --role Owner

Required Parameters

--name -n

Scale set name. You can configure the default using az configure --defaults vmss=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--identities

The identities to assign.

--port

The port to fetch AAD token. Default: 50342.

--role

Role name or id the system assigned identity will have.

default value: Contributor
--scope

Scope that the system assigned identity can access.

az vmss create

Create an Azure Virtual Machine Scale Set.

For an end-to-end tutorial, see https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-linux-create-cli.

az vmss create --image
--name
--resource-group
[--accelerated-networking]
[--admin-password]
[--admin-username]
[--app-gateway]
[--app-gateway-capacity]
[--app-gateway-sku]
[--app-gateway-subnet-address-prefix]
[--assign-identity]
[--authentication-type {password, ssh}]
[--backend-pool-name]
[--backend-port]
[--custom-data]
[--data-disk-caching {None, ReadOnly, ReadWrite}]
[--data-disk-sizes-gb]
[--disable-overprovision]
[--dns-servers]
[--generate-ssh-keys]
[--health-probe]
[--instance-count]
[--lb]
[--lb-nat-pool-name]
[--lb-sku]
[--license-type {Windows_Client, Windows_Server}]
[--location]
[--no-wait]
[--nsg]
[--os-disk-caching {ReadOnly, ReadWrite}]
[--os-disk-name]
[--os-type {linux, windows}]
[--plan-name]
[--plan-product]
[--plan-promotion-code]
[--plan-publisher]
[--public-ip-address]
[--public-ip-address-allocation {dynamic, static}]
[--public-ip-address-dns-name]
[--public-ip-per-vm]
[--role]
[--scope]
[--secrets]
[--single-placement-group {false, true}]
[--ssh-dest-key-path]
[--ssh-key-value]
[--storage-container-name]
[--storage-sku {Premium_LRS, Standard_GRS, Standard_LRS, Standard_RAGRS, Standard_ZRS}]
[--subnet]
[--subnet-address-prefix]
[--tags]
[--upgrade-policy-mode {Automatic, Manual, Rolling}]
[--use-unmanaged-disk]
[--validate]
[--vm-domain-name]
[--vm-sku]
[--vnet-address-prefix]
[--vnet-name]
[--zones {1, 2, 3}]

Examples

Create a Windows VM scale set with 5 instances, a load balancer, a public IP address, and a 2GB data disk.

az vmss create -n MyVmss -g MyResourceGroup --instance-count 5 --image Win2012R2Datacenter --data-disk-sizes-gb 2

Create a Linux VM scale set with an auto-generated ssh key pair, a public IP address, a DNS entry, an existing load balancer, and an existing virtual network.

az vmss create -n MyVmss -g MyResourceGroup --dns-name-for-public-ip MyGloballyUniqueDnsName     --load-balancer MyLoadBalancer --vnet-name MyVnet --subnet MySubnet --image UbuntuLTS     --generate-ssh-keys

Create a Linux VM scale set from a custom image using the default existing public SSH key.

az vmss create -n MyVmss -g MyResourceGroup --image MyImage

Create a Linux VM scale set with a load balancer and custom DNS servers. Each VM has a public-ip address and a custom domain name.

az vmss create -n MyVmss -g MyResourceGroup --image centos     --public-ip-per-vm --vm-domain-name myvmss --dns-servers 10.0.0.6 10.0.0.5

Create a Linux VM scale set using a cloud-init script for configuration. See: https://docs.microsoft.com/azure/virtual-machines/virtual-machines-linux-using-cloud-init

az vmss create -g MyResourceGroup -n MyVmss --image debian --custom_data MyCloudInitScript.yml

Create a Debian VM scaleset using Key Vault secrets.

az keyvault certificate create --vault-name vaultname -n cert1   -p "$(az keyvault certificate get-default-policy)"
                        
                        secrets=$(az keyvault secret list-versions --vault-name vaultname   -n cert1 --query "[?attributes.enabled].id" -o tsv)
                        
                        vm_secrets=$(az vm secret format -s "$secrets") 
                        
                        az vmss create -g group-name -n vm-name --admin-username deploy    --image debian --secrets "$vm_secrets"

Create a VM scaleset with system assigned identity. The VM will have a 'Contributor' Role with access to a storage account.

az vm create -n MyVmss -g MyResourceGroup --image centos --assign-identity --scope /subscriptions/99999999-1bf0-4dda-aec3-cb9272f09590/MyResourceGroup/myRG/providers/Microsoft.Storage/storageAccounts/storage1

Create a debian VM scaleset with a user assigned identity.

az vmss create -n MyVmss -g rg1 --image debian --assign-identity  /subscriptions/99999999-1bf0-4dda-aec3-cb9272f09590/resourcegroups/myRG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myID

Create a debian VM scaleset with both system and user assigned identity.

az vmss create -n MyVmss -g rg1 --image debian --assign-identity  [system] /subscriptions/99999999-1bf0-4dda-aec3-cb9272f09590/resourcegroups/myRG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myID

Create a single zone VM scaleset in the current resource group's region

az vmss create -n MyVmss -g MyResourceGroup --image Centos --zones 1

Required Parameters

--image

The name of the operating system image as a URN alias, URN, or URI.

--name -n

Name of the virtual machine scale set.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--accelerated-networking

Enable accelerated networking.

--admin-password

Password for the VM if authentication type is 'Password'.

--admin-username

Username for the VM.

default value: appveyor
--app-gateway

Name to use when creating a new application gateway (default) or referencing an existing one. Can also reference an existing application gateway by ID or specify "" for none.

--app-gateway-capacity

The number of instances to use when creating a new application gateway.

default value: 10
--app-gateway-sku

SKU when creating a new application gateway.

default value: Standard_Large
--app-gateway-subnet-address-prefix

The subnet IP address prefix to use when creating a new application gateway in CIDR format.

--assign-identity

Accept system or user assigned identities with space separated. Use '[system]' to refer system assigned identity, or a resource id to refer user assigned identity. Check out help for more examples.

--authentication-type

Type of authentication to use with the VM. Defaults to password for Windows and SSH public key for Linux.

accepted values: password, ssh
--backend-pool-name

Name to use for the backend pool when creating a new load balancer or application gateway.

--backend-port

When creating a new load balancer, backend port to open with NAT rules (Defaults to 22 on Linux and 3389 on Windows). When creating an application gateway, the backend port to use for the backend HTTP settings.

--custom-data

Custom init script file or text (cloud-init, cloud-config, etc..).

--data-disk-caching

Storage caching type for the VM data disk(s).

accepted values: None, ReadOnly, ReadWrite
--data-disk-sizes-gb

Space separated empty managed data disk sizes in GB to create.

--disable-overprovision
--dns-servers

Space separated IP addresses of DNS servers, e.g. 10.0.0.5 10.0.0.6.

--generate-ssh-keys

Generate SSH public and private key files if missing. The keys will be stored in the ~/.ssh directory.

--health-probe

(Preview) probe name from the existing load balancer, mainly used for rolling upgrade.

--instance-count

Number of VMs in the scale set.

default value: 2
--lb --load-balancer

Name to use when creating a new load balancer (default) or referencing an existing one. Can also reference an existing load balancer by ID or specify "" for none.

--lb-nat-pool-name --nat-pool-name

Name to use for the NAT pool when creating a new load balancer.

--lb-sku

SKU when creating a new Load Balancer.

default value: Basic
--license-type

License type if the Windows image or disk used was licensed on-premises.

accepted values: Windows_Client, Windows_Server
--location -l

Location in which to create VM and related resources. If default location is not configured, will default to the resource group's location.

--no-wait

Do not wait for the long-running operation to finish.

--nsg

Reference to an existing Network Security Group by ID, or name if in the same resource group.

--os-disk-caching --storage-caching

Storage caching type for the VM OS disk.

accepted values: ReadOnly, ReadWrite
default value: ReadWrite
--os-disk-name

The name of the new VM OS disk.

--os-type

Type of OS installed on a custom VHD. Do not use when specifying an URN or URN alias.

accepted values: linux, windows
--plan-name

Plan name.

--plan-product

Plan product.

--plan-promotion-code

Plan promotion code.

--plan-publisher

Plan publisher.

--public-ip-address

Name of the public IP address when creating one (default) or referencing an existing one. Can also reference an existing public IP by ID or specify "" for None.

--public-ip-address-allocation
accepted values: dynamic, static
--public-ip-address-dns-name

Globally unique DNS name for a newly created Public IP.

--public-ip-per-vm

Each VM instance will have a public ip. For security, you can use '--nsg' to apply appropriate rules.

--role

Role name or id the system assigned identity will have.

default value: Contributor
--scope

Scope that the system assigned identity can access.

--secrets

One or many Key Vault secrets as JSON strings or files via @<file path> containing [{ "sourceVault": { "id": "value" }, "vaultCertificates": [{ "certificateUrl": "value", "certificateStore": "cert store name (only on windows)"}] }].

--single-placement-group

Enable single placement group. This flag will default to True if instance count <=100, and default to False for instance count >100.

accepted values: false, true
--ssh-dest-key-path

Destination file path on the VM for the SSH key.

--ssh-key-value

SSH public key or public key file path.

--storage-container-name

Only applicable when use with '--use-unmanaged-disk'. Name of the storage container for the VM OS disk. Default: vhds.

default value: vhds
--storage-sku

The sku of storage account to persist VM. By default, only Standard_LRS and Premium_LRS are allowed. Using with --use-unmanaged-disk, all are available.

accepted values: Premium_LRS, Standard_GRS, Standard_LRS, Standard_RAGRS, Standard_ZRS
--subnet

The name of the subnet when creating a new VNet or referencing an existing one. Can also reference an existing subnet by ID. If omitted, an appropriate VNet and subnet will be selected automatically, or a new one will be created.

--subnet-address-prefix

The subnet IP address prefix to use when creating a new VNet in CIDR format.

--tags

Space separated tags in 'key[=value]' format. Use "" to clear existing tags.

--upgrade-policy-mode
accepted values: Automatic, Manual, Rolling
default value: manual
--use-unmanaged-disk

Do not use managed disk to persist VM.

--validate

Generate and validate the ARM template without creating any resources.

--vm-domain-name

Domain name of VM instances, once configured, the FQDN is 'vm..<..rest..>'.

--vm-sku

Size of VMs in the scale set. See https://azure.microsoft.com/en-us/pricing/details/virtual-machines/ for size info.

default value: Standard_D1_v2
--vnet-address-prefix

The IP address prefix to use when creating a new VNet in CIDR format.

default value: 10.0.0.0/16
--vnet-name

Name of the virtual network when creating a new one or referencing an existing one.

--zones -z

Space separated list of availability zones into which to provision the resource.

accepted values: 1, 2, 3

az vmss deallocate

Deallocate virtual machines in a scale set.

az vmss deallocate --name
--resource-group
[--instance-ids]
[--no-wait]

Required Parameters

--name -n

Scale set name. You can configure the default using az configure --defaults vmss=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--instance-ids

Space separated list of IDs (ex: 1 2 3 ...) or * for all instances. If not provided, the action will be applied on the scaleset itself.

--no-wait

Do not wait for the long-running operation to finish.

az vmss delete

Deletes a VM scale set.

az vmss delete --name
--resource-group
[--no-wait]

Required Parameters

--name -n

Scale set name. You can configure the default using az configure --defaults vmss=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

az vmss delete-instances

Delete virtual machines in a scale set.

az vmss delete-instances --instance-ids
--name
--resource-group
[--no-wait]

Required Parameters

--instance-ids

Space separated list of IDs (ex: 1 2 3 ...) or * for all instances.

--name -n

Scale set name. You can configure the default using az configure --defaults vmss=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

az vmss get-instance-view

View an instance of a VMSS.

az vmss get-instance-view --name
--resource-group
[--instance-id]

Required Parameters

--name -n

Scale set name. You can configure the default using az configure --defaults vmss=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--instance-id

An VM instance id, or use "*" to list instance view for all VMs in a scale set.

az vmss list

List scale sets.

az vmss list [--resource-group]

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az vmss list-instance-connection-info

Get the IP address and port number used to connect to individual VM instances within a set.

az vmss list-instance-connection-info --name
--resource-group

Required Parameters

--name -n

Scale set name. You can configure the default using az configure --defaults vmss=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az vmss list-instance-public-ips

List public IP addresses of VM instances within a set.

az vmss list-instance-public-ips --name
--resource-group

Required Parameters

--name -n

Scale set name. You can configure the default using az configure --defaults vmss=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az vmss list-instances

Gets a list of all virtual machines in a VM scale sets.

az vmss list-instances --name
--resource-group
[--expand]
[--filter]
[--select]

Required Parameters

--name -n

Scale set name. You can configure the default using az configure --defaults vmss=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--expand

The expand expression to apply to the operation.

--filter

The filter to apply to the operation.

--select

The list parameters.

az vmss list-skus

Gets a list of SKUs available for your VM scale set, including the minimum and maximum VM instances allowed for each SKU.

az vmss list-skus --name
--resource-group

Required Parameters

--name -n

Scale set name. You can configure the default using az configure --defaults vmss=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az vmss reimage

Reimage VMs within a VMSS.

az vmss reimage --name
--resource-group
[--instance-id]
[--no-wait]

Required Parameters

--name -n

Scale set name. You can configure the default using az configure --defaults vmss=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--instance-id

VM instance id. If missing, reimage all instances.

--no-wait

Do not wait for the long-running operation to finish.

az vmss remove-identity

(PREVIEW) Remove user assigned identities from a VM scaleset.

az vmss remove-identity --identities
--name
--resource-group

Examples

Remove 2 identities which are in the same resource group with the VM scaleset

az vmss remove-identity -g MyResourceGroup -n MyVm --identities readerId writerId

Required Parameters

--identities

Space separated user assigned identities to remove.

--name -n

Scale set name. You can configure the default using az configure --defaults vmss=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az vmss restart

Restart virtual machines in a scale set.

az vmss restart --name
--resource-group
[--instance-ids]
[--no-wait]

Required Parameters

--name -n

Scale set name. You can configure the default using az configure --defaults vmss=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--instance-ids

Space separated list of IDs (ex: 1 2 3 ...) or * for all instances. If not provided, the action will be applied on the scaleset itself.

--no-wait

Do not wait for the long-running operation to finish.

az vmss scale

Change the number of VMs in an virtual machine scale set.

az vmss scale --name
--new-capacity
--resource-group
[--no-wait]

Required Parameters

--name -n

Scale set name. You can configure the default using az configure --defaults vmss=<name>.

--new-capacity

Number of virtual machines in a scale set.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

az vmss show

Get details on VMs within a VMSS.

az vmss show --name
--resource-group
[--instance-id]

Required Parameters

--name -n

Scale set name. You can configure the default using az configure --defaults vmss=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--instance-id

VM instance id. If missing, show scale set.

az vmss start

Start virtual machines in a virtual machine scale set.

az vmss start --name
--resource-group
[--instance-ids]
[--no-wait]

Required Parameters

--name -n

Scale set name. You can configure the default using az configure --defaults vmss=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--instance-ids

Space separated list of IDs (ex: 1 2 3 ...) or * for all instances. If not provided, the action will be applied on the scaleset itself.

--no-wait

Do not wait for the long-running operation to finish.

az vmss stop

Power off (stop) virtual machines in a virtual machine scale set.

az vmss stop --name
--resource-group
[--instance-ids]
[--no-wait]

Required Parameters

--name -n

Scale set name. You can configure the default using az configure --defaults vmss=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--instance-ids

Space separated list of IDs (ex: 1 2 3 ...) or * for all instances. If not provided, the action will be applied on the scaleset itself.

--no-wait

Do not wait for the long-running operation to finish.

az vmss update

Update a virtual machine scale set.

az vmss update --name
--resource-group
[--add]
[--no-wait]
[--remove]
[--set]

Required Parameters

--name -n

Scale set name. You can configure the default using az configure --defaults vmss=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--no-wait

Do not wait for the long-running operation to finish.

--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

az vmss update-instances

Upgrade virtual machines in a virtual machine scale set.

az vmss update-instances --instance-ids
--name
--resource-group
[--no-wait]

Required Parameters

--instance-ids

Space separated list of IDs (ex: 1 2 3 ...) or * for all instances.

--name -n

Scale set name. You can configure the default using az configure --defaults vmss=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

az vmss wait

Place the CLI in a waiting state until a condition of a scale set is met.

az vmss wait --name
--resource-group
[--created]
[--custom]
[--deleted]
[--exists]
[--interval]
[--timeout]
[--updated]

Required Parameters

--name -n

Scale set name. You can configure the default using az configure --defaults vmss=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

--exists

Wait until the resource exists.

--interval

Polling interval in seconds.

default value: 30
--timeout

Maximum wait in seconds.

default value: 3600
--updated

Wait until updated with provisioningState at 'Succeeded'.