Microsoft.Network loadBalancers 2019-09-01
The loadBalancers resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/loadBalancers resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/loadBalancers@2019-09-01' = {
location: 'string'
name: 'string'
properties: {
backendAddressPools: [
{
id: 'string'
name: 'string'
properties: {}
}
]
frontendIPConfigurations: [
{
id: 'string'
name: 'string'
properties: {
privateIPAddress: 'string'
privateIPAddressVersion: 'string'
privateIPAllocationMethod: 'string'
publicIPAddress: {
id: 'string'
location: 'string'
properties: {
ddosSettings: {
ddosCustomPolicy: {
id: 'string'
}
protectionCoverage: 'string'
}
dnsSettings: {
domainNameLabel: 'string'
fqdn: 'string'
reverseFqdn: 'string'
}
idleTimeoutInMinutes: int
ipAddress: 'string'
ipTags: [
{
ipTagType: 'string'
tag: 'string'
}
]
publicIPAddressVersion: 'string'
publicIPAllocationMethod: 'string'
publicIPPrefix: {
id: 'string'
}
}
sku: {
name: 'string'
}
tags: {
{customized property}: 'string'
}
zones: [
'string'
]
}
publicIPPrefix: {
id: 'string'
}
subnet: {
id: 'string'
name: 'string'
properties: {
addressPrefix: 'string'
addressPrefixes: [
'string'
]
delegations: [
{
id: 'string'
name: 'string'
properties: {
serviceName: 'string'
}
}
]
natGateway: {
id: 'string'
}
networkSecurityGroup: {
id: 'string'
location: 'string'
properties: {
securityRules: [
{
id: 'string'
name: 'string'
properties: {
access: 'string'
description: 'string'
destinationAddressPrefix: 'string'
destinationAddressPrefixes: [
'string'
]
destinationApplicationSecurityGroups: [
{
id: 'string'
location: 'string'
properties: {}
tags: {
{customized property}: 'string'
}
}
]
destinationPortRange: 'string'
destinationPortRanges: [
'string'
]
direction: 'string'
priority: int
protocol: 'string'
sourceAddressPrefix: 'string'
sourceAddressPrefixes: [
'string'
]
sourceApplicationSecurityGroups: [
{
id: 'string'
location: 'string'
properties: {}
tags: {
{customized property}: 'string'
}
}
]
sourcePortRange: 'string'
sourcePortRanges: [
'string'
]
}
}
]
}
tags: {
{customized property}: 'string'
}
}
privateEndpointNetworkPolicies: 'string'
privateLinkServiceNetworkPolicies: 'string'
routeTable: {
id: 'string'
location: 'string'
properties: {
disableBgpRoutePropagation: bool
routes: [
{
id: 'string'
name: 'string'
properties: {
addressPrefix: 'string'
nextHopIpAddress: 'string'
nextHopType: 'string'
}
}
]
}
tags: {
{customized property}: 'string'
}
}
serviceEndpointPolicies: [
{
id: 'string'
location: 'string'
properties: {
serviceEndpointPolicyDefinitions: [
{
id: 'string'
name: 'string'
properties: {
description: 'string'
service: 'string'
serviceResources: [
'string'
]
}
}
]
}
tags: {
{customized property}: 'string'
}
}
]
serviceEndpoints: [
{
locations: [
'string'
]
service: 'string'
}
]
}
}
}
zones: [
'string'
]
}
]
inboundNatPools: [
{
id: 'string'
name: 'string'
properties: {
backendPort: int
enableFloatingIP: bool
enableTcpReset: bool
frontendIPConfiguration: {
id: 'string'
}
frontendPortRangeEnd: int
frontendPortRangeStart: int
idleTimeoutInMinutes: int
protocol: 'string'
}
}
]
inboundNatRules: [
{
id: 'string'
name: 'string'
properties: {
backendPort: int
enableFloatingIP: bool
enableTcpReset: bool
frontendIPConfiguration: {
id: 'string'
}
frontendPort: int
idleTimeoutInMinutes: int
protocol: 'string'
}
}
]
loadBalancingRules: [
{
id: 'string'
name: 'string'
properties: {
backendAddressPool: {
id: 'string'
}
backendPort: int
disableOutboundSnat: bool
enableFloatingIP: bool
enableTcpReset: bool
frontendIPConfiguration: {
id: 'string'
}
frontendPort: int
idleTimeoutInMinutes: int
loadDistribution: 'string'
probe: {
id: 'string'
}
protocol: 'string'
}
}
]
outboundRules: [
{
id: 'string'
name: 'string'
properties: {
allocatedOutboundPorts: int
backendAddressPool: {
id: 'string'
}
enableTcpReset: bool
frontendIPConfigurations: [
{
id: 'string'
}
]
idleTimeoutInMinutes: int
protocol: 'string'
}
}
]
probes: [
{
id: 'string'
name: 'string'
properties: {
intervalInSeconds: int
numberOfProbes: int
port: int
protocol: 'string'
requestPath: 'string'
}
}
]
}
sku: {
name: 'string'
}
tags: {
{customized property}: 'string'
}
}
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the application security group. | ApplicationSecurityGroupPropertiesFormat |
tags | Resource tags. | ResourceTags |
Name | Description | Value |
---|
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within the set of backend address pools used by the load balancer. This name can be used to access the resource. | string |
properties | Properties of load balancer backend address pool. | BackendAddressPoolPropertiesFormat |
Name | Description | Value |
---|
Name | Description | Value |
---|---|---|
ddosCustomPolicy | The DDoS custom policy associated with the public IP. | SubResource |
protectionCoverage | The DDoS protection policy customizability of the public IP. Only standard coverage will have the ability to be customized. | 'Basic' 'Standard' |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a subnet. This name can be used to access the resource. | string |
properties | Properties of the subnet. | ServiceDelegationPropertiesFormat |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within the set of frontend IP configurations used by the load balancer. This name can be used to access the resource. | string |
properties | Properties of the load balancer probe. | FrontendIPConfigurationPropertiesFormat |
zones | A list of availability zones denoting the IP allocated for the resource needs to come from. | string[] |
Name | Description | Value |
---|---|---|
privateIPAddress | The private IP address of the IP configuration. | string |
privateIPAddressVersion | Whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. | 'IPv4' 'IPv6' |
privateIPAllocationMethod | The Private IP allocation method. | 'Dynamic' 'Static' |
publicIPAddress | The reference of the Public IP resource. | PublicIPAddress |
publicIPPrefix | The reference of the Public IP Prefix resource. | SubResource |
subnet | The reference of the subnet resource. | Subnet |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within the set of inbound NAT pools used by the load balancer. This name can be used to access the resource. | string |
properties | Properties of load balancer inbound nat pool. | InboundNatPoolPropertiesFormat |
Name | Description | Value |
---|---|---|
backendPort | The port used for internal connections on the endpoint. Acceptable values are between 1 and 65535. | int (required) |
enableFloatingIP | Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. | bool |
enableTcpReset | Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. | bool |
frontendIPConfiguration | A reference to frontend IP addresses. | SubResource |
frontendPortRangeEnd | The last port number in the range of external ports that will be used to provide Inbound Nat to NICs associated with a load balancer. Acceptable values range between 1 and 65535. | int (required) |
frontendPortRangeStart | The first port number in the range of external ports that will be used to provide Inbound Nat to NICs associated with a load balancer. Acceptable values range between 1 and 65534. | int (required) |
idleTimeoutInMinutes | The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. | int |
protocol | The reference to the transport protocol used by the inbound NAT pool. | 'All' 'Tcp' 'Udp' (required) |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within the set of inbound NAT rules used by the load balancer. This name can be used to access the resource. | string |
properties | Properties of load balancer inbound nat rule. | InboundNatRulePropertiesFormat |
Name | Description | Value |
---|---|---|
backendPort | The port used for the internal endpoint. Acceptable values range from 1 to 65535. | int |
enableFloatingIP | Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. | bool |
enableTcpReset | Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. | bool |
frontendIPConfiguration | A reference to frontend IP addresses. | SubResource |
frontendPort | The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values range from 1 to 65534. | int |
idleTimeoutInMinutes | The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. | int |
protocol | The reference to the transport protocol used by the load balancing rule. | 'All' 'Tcp' 'Udp' |
Name | Description | Value |
---|---|---|
ipTagType | The IP tag type. Example: FirstPartyUsage. | string |
tag | The value of the IP tag associated with the public IP. Example: SQL. | string |
Name | Description | Value |
---|---|---|
backendAddressPools | Collection of backend address pools used by a load balancer. | BackendAddressPool[] |
frontendIPConfigurations | Object representing the frontend IPs to be used for the load balancer. | FrontendIPConfiguration[] |
inboundNatPools | Defines an external port range for inbound NAT to a single backend port on NICs associated with a load balancer. Inbound NAT rules are created automatically for each NIC associated with the Load Balancer using an external port from this range. Defining an Inbound NAT pool on your Load Balancer is mutually exclusive with defining inbound Nat rules. Inbound NAT pools are referenced from virtual machine scale sets. NICs that are associated with individual virtual machines cannot reference an inbound NAT pool. They have to reference individual inbound NAT rules. | InboundNatPool[] |
inboundNatRules | Collection of inbound NAT Rules used by a load balancer. Defining inbound NAT rules on your load balancer is mutually exclusive with defining an inbound NAT pool. Inbound NAT pools are referenced from virtual machine scale sets. NICs that are associated with individual virtual machines cannot reference an Inbound NAT pool. They have to reference individual inbound NAT rules. | InboundNatRule[] |
loadBalancingRules | Object collection representing the load balancing rules Gets the provisioning. | LoadBalancingRule[] |
outboundRules | The outbound rules. | OutboundRule[] |
probes | Collection of probe objects used in the load balancer. | Probe[] |
Name | Description | Value |
---|---|---|
name | Name of a load balancer SKU. | 'Basic' 'Standard' |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within the set of load balancing rules used by the load balancer. This name can be used to access the resource. | string |
properties | Properties of load balancer load balancing rule. | LoadBalancingRulePropertiesFormat |
Name | Description | Value |
---|---|---|
backendAddressPool | A reference to a pool of DIPs. Inbound traffic is randomly load balanced across IPs in the backend IPs. | SubResource |
backendPort | The port used for internal connections on the endpoint. Acceptable values are between 0 and 65535. Note that value 0 enables "Any Port". | int |
disableOutboundSnat | Configures SNAT for the VMs in the backend pool to use the publicIP address specified in the frontend of the load balancing rule. | bool |
enableFloatingIP | Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. | bool |
enableTcpReset | Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. | bool |
frontendIPConfiguration | A reference to frontend IP addresses. | SubResource |
frontendPort | The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values are between 0 and 65534. Note that value 0 enables "Any Port". | int (required) |
idleTimeoutInMinutes | The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. | int |
loadDistribution | The load distribution policy for this rule. | 'Default' 'SourceIP' 'SourceIPProtocol' |
probe | The reference of the load balancer probe used by the load balancing rule. | SubResource |
protocol | The reference to the transport protocol used by the load balancing rule. | 'All' 'Tcp' 'Udp' (required) |
Name | Description | Value |
---|---|---|
location | Resource location. | string |
name | The resource name | string (required) |
properties | Properties of load balancer. | LoadBalancerPropertiesFormat |
sku | The load balancer SKU. | LoadBalancerSku |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the network security group. | NetworkSecurityGroupPropertiesFormat |
tags | Resource tags. | ResourceTags |
Name | Description | Value |
---|---|---|
securityRules | A collection of security rules of the network security group. | SecurityRule[] |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within the set of outbound rules used by the load balancer. This name can be used to access the resource. | string |
properties | Properties of load balancer outbound rule. | OutboundRulePropertiesFormat |
Name | Description | Value |
---|---|---|
allocatedOutboundPorts | The number of outbound ports to be used for NAT. | int |
backendAddressPool | A reference to a pool of DIPs. Outbound traffic is randomly load balanced across IPs in the backend IPs. | SubResource (required) |
enableTcpReset | Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. | bool |
frontendIPConfigurations | The Frontend IP addresses of the load balancer. | SubResource[] (required) |
idleTimeoutInMinutes | The timeout for the TCP idle connection. | int |
protocol | The protocol for the outbound rule in load balancer. | 'All' 'Tcp' 'Udp' (required) |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within the set of probes used by the load balancer. This name can be used to access the resource. | string |
properties | Properties of load balancer probe. | ProbePropertiesFormat |
Name | Description | Value |
---|---|---|
intervalInSeconds | The interval, in seconds, for how frequently to probe the endpoint for health status. Typically, the interval is slightly less than half the allocated timeout period (in seconds) which allows two full probes before taking the instance out of rotation. The default value is 15, the minimum value is 5. | int |
numberOfProbes | The number of probes where if no response, will result in stopping further traffic from being delivered to the endpoint. This values allows endpoints to be taken out of rotation faster or slower than the typical times used in Azure. | int |
port | The port for communicating the probe. Possible values range from 1 to 65535, inclusive. | int (required) |
protocol | The protocol of the end point. If 'Tcp' is specified, a received ACK is required for the probe to be successful. If 'Http' or 'Https' is specified, a 200 OK response from the specifies URI is required for the probe to be successful. | 'Http' 'Https' 'Tcp' (required) |
requestPath | The URI used for requesting health status from the VM. Path is required if a protocol is set to http. Otherwise, it is not allowed. There is no default value. | string |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Public IP address properties. | PublicIPAddressPropertiesFormat |
sku | The public IP address SKU. | PublicIPAddressSku |
tags | Resource tags. | ResourceTags |
zones | A list of availability zones denoting the IP allocated for the resource needs to come from. | string[] |
Name | Description | Value |
---|---|---|
domainNameLabel | The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. | string |
fqdn | The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. | string |
reverseFqdn | The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. | string |
Name | Description | Value |
---|---|---|
ddosSettings | The DDoS protection custom policy associated with the public IP address. | DdosSettings |
dnsSettings | The FQDN of the DNS record associated with the public IP address. | PublicIPAddressDnsSettings |
idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
ipAddress | The IP address associated with the public IP address resource. | string |
ipTags | The list of tags associated with the public IP address. | IpTag[] |
publicIPAddressVersion | The public IP address version. | 'IPv4' 'IPv6' |
publicIPAllocationMethod | The public IP address allocation method. | 'Dynamic' 'Static' |
publicIPPrefix | The Public IP Prefix this Public IP Address should be allocated from. | SubResource |
Name | Description | Value |
---|---|---|
name | Name of a public IP address SKU. | 'Basic' 'Standard' |
Name | Description | Value |
---|
Name | Description | Value |
---|
Name | Description | Value |
---|
Name | Description | Value |
---|
Name | Description | Value |
---|
Name | Description | Value |
---|
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the route. | RoutePropertiesFormat |
Name | Description | Value |
---|---|---|
addressPrefix | The destination CIDR to which the route applies. | string |
nextHopIpAddress | The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. | string |
nextHopType | The type of Azure hop the packet should be sent to. | 'Internet' 'None' 'VirtualAppliance' 'VirtualNetworkGateway' 'VnetLocal' (required) |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the route table. | RouteTablePropertiesFormat |
tags | Resource tags. | ResourceTags |
Name | Description | Value |
---|---|---|
disableBgpRoutePropagation | Whether to disable the routes learned by BGP on that route table. True means disable. | bool |
routes | Collection of routes contained within a route table. | Route[] |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the security rule. | SecurityRulePropertiesFormat |
Name | Description | Value |
---|---|---|
access | The network traffic is allowed or denied. | 'Allow' 'Deny' (required) |
description | A description for this rule. Restricted to 140 chars. | string |
destinationAddressPrefix | The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. | string |
destinationAddressPrefixes | The destination address prefixes. CIDR or destination IP ranges. | string[] |
destinationApplicationSecurityGroups | The application security group specified as destination. | ApplicationSecurityGroup[] |
destinationPortRange | The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
destinationPortRanges | The destination port ranges. | string[] |
direction | The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. | 'Inbound' 'Outbound' (required) |
priority | The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | int |
protocol | Network protocol this rule applies to. | '*' 'Ah' 'Esp' 'Icmp' 'Tcp' 'Udp' (required) |
sourceAddressPrefix | The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. | string |
sourceAddressPrefixes | The CIDR or source IP ranges. | string[] |
sourceApplicationSecurityGroups | The application security group specified as source. | ApplicationSecurityGroup[] |
sourcePortRange | The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
sourcePortRanges | The source port ranges. | string[] |
Name | Description | Value |
---|---|---|
serviceName | The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers). | string |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the service end point policy. | ServiceEndpointPolicyPropertiesFormat |
tags | Resource tags. | ResourceTags |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the service endpoint policy definition. | ServiceEndpointPolicyDefinitionPropertiesFormat |
Name | Description | Value |
---|---|---|
description | A description for this rule. Restricted to 140 chars. | string |
service | Service endpoint name. | string |
serviceResources | A list of service resources. | string[] |
Name | Description | Value |
---|---|---|
serviceEndpointPolicyDefinitions | A collection of service endpoint policy definitions of the service endpoint policy. | ServiceEndpointPolicyDefinition[] |
Name | Description | Value |
---|---|---|
locations | A list of locations. | string[] |
service | The type of the endpoint service. | string |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the subnet. | SubnetPropertiesFormat |
Name | Description | Value |
---|---|---|
addressPrefix | The address prefix for the subnet. | string |
addressPrefixes | List of address prefixes for the subnet. | string[] |
delegations | An array of references to the delegations on the subnet. | Delegation[] |
natGateway | Nat gateway associated with this subnet. | SubResource |
networkSecurityGroup | The reference of the NetworkSecurityGroup resource. | NetworkSecurityGroup |
privateEndpointNetworkPolicies | Enable or Disable apply network policies on private end point in the subnet. | string |
privateLinkServiceNetworkPolicies | Enable or Disable apply network policies on private link service in the subnet. | string |
routeTable | The reference of the RouteTable resource. | RouteTable |
serviceEndpointPolicies | An array of service endpoint policies. | ServiceEndpointPolicy[] |
serviceEndpoints | An array of service endpoints. | ServiceEndpointPropertiesFormat[] |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
The following quickstart samples deploy this resource type.
Bicep File | Description |
---|---|
2 VMs in VNET - Internal Load Balancer and LB rules | This template allows you to create 2 Virtual Machines in a VNET and under an internal Load balancer and configure a load balancing rule on Port 80. This template also deploys a Storage Account, Virtual Network, Public IP address, Availability Set and Network Interfaces. |
AzureDatabricks Template for VNetInjection and Load Balancer | This template allows you to create a a load balancer, network security group, a virtual network and an Azure Databricks workspace with the virtual network. |
Create a cross-region load balancer | This template creates a cross-region load balancer with a backend pool containing two regional load balancers. Cross-region load balancer is currently available in limited regions. The regional load balancers behind the cross-region load balancer can be in any region. |
Create a standard internal load balancer | This template creates a standard internal Azure Load Balancer with a rule load-balancing port 80 |
Create a standard load-balancer | This template creates an Internet-facing load-balancer, load balancing rules, and three VMs for the backend pool with each VM in a redundant zone. |
Create a VM with multiple NICs and RDP accessible | This template allows you to create a Virtual Machines with multiple (2) network interfaces (NICs), and RDP connectable with a configured load balancer and an inbound NAT rule. More NICs can easily be added with this template. This template also deploys a Storage Account, Virtual Network, Public IP address, and 2 Network Interfaces (front-end and back-end). |
Create an Azure VM with a new AD Forest | This template creates a new Azure VM, it configures the VM to be an AD DC for a new Forest |
Create an Ubuntu GNOME desktop | This template creates an ubuntu desktop machine. This works great for use as a jumpbox behind a NAT. |
Deploy a 5 Node Secure Cluster | This template allows you to deploy a secure 5 node Service Fabric Cluster running Windows Server 2019 Datacenter on a Standard_D2_v2 Size VMSS. |
Deploy a trusted launch capable Windows VM Scale Set | This template allows you to deploy a trusted launch capable VM Scale Set of Windows VMs using the latest patched version of Windows Server 2016, Windows Server 2019 or Windows Server 2022 Azure Edition. These VMs are behind a load balancer with NAT rules for RDP connections. If you enable Secureboot and vTPM, the Guest Attestation extension will be installed on your VMSS. This extension will perform remote attestation by the cloud. |
Deploy a VM Scale Set with Windows VMs and Auto Scale | This template allows you to deploy a simple VM Scale Set of Windows VMs using the latest patched version of Windows 2008-R2-SP1, 2012-Datacenter, or 2012-R2-Datacenter. These VMs are behind a load balancer with NAT rules for RDP connections. They also have Auto Scale integrated |
Deploy a VMSS that connects each VM to an Azure Files share | This template deploys an Ubuntu Virtual Machine Scale Set and uses a custom script extension to connect each VM to an Azure Files share |
Deploy Shibboleth Identity Provider cluster on Windows | This template deploys Shibboleth Identity Provider on Windows in a clustered configuration. After the deployment is successful, you can go to https://your-domain:8443/idp/profile/status (note port number) to check success. |
Deploy VM Scale Set with Python Bottle server & AutoScale | Deploy a VM Scale Set behind a load balancer/NAT & each VM running a simple Python Bottle app that does work. With Autoscale configured Scale Set will scale out & in as needed |
Deploys SQL Server 2014 AG on existing VNET & AD | This template creates three new Azure VMs on an existing VNET: Two VMs are configured as SQL Server 2014 availability group replica nodes and one VM is configured as a File Share Witness for automated cluster failover. In addition to these VMs, the following additional Azure resources are also configured: Internal load balancer, Storage accounts. To configure clustering, SQL Server, and an availability group within each VM, PowerShell DSC is leveraged. For Active Directory support, existing Active Directory domain controllers should already be deployed on the existing VNET. |
Front Door Premium with VM and Private Link service | This template creates a Front Door Premium and a virtual machine configured as a web server. Front Door uses a private endpoint with Private Link service to send traffic to the VM. |
IIS VMs & SQL Server 2014 VM | Create 1 or 2 IIS Windows 2012 R2 Web Servers and one back end SQL Server 2014 in VNET. |
JBoss EAP on RHEL (clustered, multi-VM) | This template allows you to create multiple RHEL 8.6 VMs running JBoss EAP 7.4 cluster and also deploys a web application called eap-session-replication, you can log into the admin console using the JBoss EAP username and password configured at the time of the deployment. |
Private Link service example | This template shows how to create a private link service |
Public Load Balancer chained to a Gateway Load Balancer | This template allows you to deploy a Public Standard Load Balancer chained to a Gateway Load Balancer. The traffic incoming from internet is routed to the Gateway Load Balancer with linux VMs (NVAs) in the backend pool. |
Virtual machine with an RDP port | Creates a virtual machine and creates a NAT rule for RDP to the VM in load balancer |
VM Scale Set with autoscale running an IIS WebApp | Deploys a Windows VM Scale Set running IIS and a very basic .NET MVC web app. The VMSS PowerShell DSC Extension is leveraged to do the IIS install and WebDeploy package deployment. |
VMs in Availability Zones with a Load Balancer and NAT | This template allows you to create Virtual Machines distributed across Availability Zones with a Load Balancer and configure NAT rules through the load balancer. This template also deploys a Virtual Network, Public IP address and Network Interfaces. In this template, we use the resource loops capability to create the network interfaces and virtual machines |
VMSS Flexible Orchestration Mode Quickstart Linux | This template deploys a simple VM Scale Set with instances behind an Azure Load Balancer. The VM Scale set is in Flexible Orchestration Mode. Use the os parameter to choose Linux (Ubuntu) or Windows (Windows Server Datacenter 2019) deployment. NOTE: This quickstart template enables network access to VM management ports (SSH, RDP) from any internet address, and should not be used for production deployments. |
VMSS with Public IP Prefix | Template for deploying VMSS with Public IP Prefix |
The loadBalancers resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/loadBalancers resource, add the following JSON to your template.
{
"type": "Microsoft.Network/loadBalancers",
"apiVersion": "2019-09-01",
"name": "string",
"location": "string",
"properties": {
"backendAddressPools": [
{
"id": "string",
"name": "string",
"properties": {
}
}
],
"frontendIPConfigurations": [
{
"id": "string",
"name": "string",
"properties": {
"privateIPAddress": "string",
"privateIPAddressVersion": "string",
"privateIPAllocationMethod": "string",
"publicIPAddress": {
"id": "string",
"location": "string",
"properties": {
"ddosSettings": {
"ddosCustomPolicy": {
"id": "string"
},
"protectionCoverage": "string"
},
"dnsSettings": {
"domainNameLabel": "string",
"fqdn": "string",
"reverseFqdn": "string"
},
"idleTimeoutInMinutes": "int",
"ipAddress": "string",
"ipTags": [
{
"ipTagType": "string",
"tag": "string"
}
],
"publicIPAddressVersion": "string",
"publicIPAllocationMethod": "string",
"publicIPPrefix": {
"id": "string"
}
},
"sku": {
"name": "string"
},
"tags": {
"{customized property}": "string"
},
"zones": [ "string" ]
},
"publicIPPrefix": {
"id": "string"
},
"subnet": {
"id": "string",
"name": "string",
"properties": {
"addressPrefix": "string",
"addressPrefixes": [ "string" ],
"delegations": [
{
"id": "string",
"name": "string",
"properties": {
"serviceName": "string"
}
}
],
"natGateway": {
"id": "string"
},
"networkSecurityGroup": {
"id": "string",
"location": "string",
"properties": {
"securityRules": [
{
"id": "string",
"name": "string",
"properties": {
"access": "string",
"description": "string",
"destinationAddressPrefix": "string",
"destinationAddressPrefixes": [ "string" ],
"destinationApplicationSecurityGroups": [
{
"id": "string",
"location": "string",
"properties": {
},
"tags": {
"{customized property}": "string"
}
}
],
"destinationPortRange": "string",
"destinationPortRanges": [ "string" ],
"direction": "string",
"priority": "int",
"protocol": "string",
"sourceAddressPrefix": "string",
"sourceAddressPrefixes": [ "string" ],
"sourceApplicationSecurityGroups": [
{
"id": "string",
"location": "string",
"properties": {
},
"tags": {
"{customized property}": "string"
}
}
],
"sourcePortRange": "string",
"sourcePortRanges": [ "string" ]
}
}
]
},
"tags": {
"{customized property}": "string"
}
},
"privateEndpointNetworkPolicies": "string",
"privateLinkServiceNetworkPolicies": "string",
"routeTable": {
"id": "string",
"location": "string",
"properties": {
"disableBgpRoutePropagation": "bool",
"routes": [
{
"id": "string",
"name": "string",
"properties": {
"addressPrefix": "string",
"nextHopIpAddress": "string",
"nextHopType": "string"
}
}
]
},
"tags": {
"{customized property}": "string"
}
},
"serviceEndpointPolicies": [
{
"id": "string",
"location": "string",
"properties": {
"serviceEndpointPolicyDefinitions": [
{
"id": "string",
"name": "string",
"properties": {
"description": "string",
"service": "string",
"serviceResources": [ "string" ]
}
}
]
},
"tags": {
"{customized property}": "string"
}
}
],
"serviceEndpoints": [
{
"locations": [ "string" ],
"service": "string"
}
]
}
}
},
"zones": [ "string" ]
}
],
"inboundNatPools": [
{
"id": "string",
"name": "string",
"properties": {
"backendPort": "int",
"enableFloatingIP": "bool",
"enableTcpReset": "bool",
"frontendIPConfiguration": {
"id": "string"
},
"frontendPortRangeEnd": "int",
"frontendPortRangeStart": "int",
"idleTimeoutInMinutes": "int",
"protocol": "string"
}
}
],
"inboundNatRules": [
{
"id": "string",
"name": "string",
"properties": {
"backendPort": "int",
"enableFloatingIP": "bool",
"enableTcpReset": "bool",
"frontendIPConfiguration": {
"id": "string"
},
"frontendPort": "int",
"idleTimeoutInMinutes": "int",
"protocol": "string"
}
}
],
"loadBalancingRules": [
{
"id": "string",
"name": "string",
"properties": {
"backendAddressPool": {
"id": "string"
},
"backendPort": "int",
"disableOutboundSnat": "bool",
"enableFloatingIP": "bool",
"enableTcpReset": "bool",
"frontendIPConfiguration": {
"id": "string"
},
"frontendPort": "int",
"idleTimeoutInMinutes": "int",
"loadDistribution": "string",
"probe": {
"id": "string"
},
"protocol": "string"
}
}
],
"outboundRules": [
{
"id": "string",
"name": "string",
"properties": {
"allocatedOutboundPorts": "int",
"backendAddressPool": {
"id": "string"
},
"enableTcpReset": "bool",
"frontendIPConfigurations": [
{
"id": "string"
}
],
"idleTimeoutInMinutes": "int",
"protocol": "string"
}
}
],
"probes": [
{
"id": "string",
"name": "string",
"properties": {
"intervalInSeconds": "int",
"numberOfProbes": "int",
"port": "int",
"protocol": "string",
"requestPath": "string"
}
}
]
},
"sku": {
"name": "string"
},
"tags": {
"{customized property}": "string"
}
}
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the application security group. | ApplicationSecurityGroupPropertiesFormat |
tags | Resource tags. | ResourceTags |
Name | Description | Value |
---|
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within the set of backend address pools used by the load balancer. This name can be used to access the resource. | string |
properties | Properties of load balancer backend address pool. | BackendAddressPoolPropertiesFormat |
Name | Description | Value |
---|
Name | Description | Value |
---|---|---|
ddosCustomPolicy | The DDoS custom policy associated with the public IP. | SubResource |
protectionCoverage | The DDoS protection policy customizability of the public IP. Only standard coverage will have the ability to be customized. | 'Basic' 'Standard' |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a subnet. This name can be used to access the resource. | string |
properties | Properties of the subnet. | ServiceDelegationPropertiesFormat |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within the set of frontend IP configurations used by the load balancer. This name can be used to access the resource. | string |
properties | Properties of the load balancer probe. | FrontendIPConfigurationPropertiesFormat |
zones | A list of availability zones denoting the IP allocated for the resource needs to come from. | string[] |
Name | Description | Value |
---|---|---|
privateIPAddress | The private IP address of the IP configuration. | string |
privateIPAddressVersion | Whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. | 'IPv4' 'IPv6' |
privateIPAllocationMethod | The Private IP allocation method. | 'Dynamic' 'Static' |
publicIPAddress | The reference of the Public IP resource. | PublicIPAddress |
publicIPPrefix | The reference of the Public IP Prefix resource. | SubResource |
subnet | The reference of the subnet resource. | Subnet |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within the set of inbound NAT pools used by the load balancer. This name can be used to access the resource. | string |
properties | Properties of load balancer inbound nat pool. | InboundNatPoolPropertiesFormat |
Name | Description | Value |
---|---|---|
backendPort | The port used for internal connections on the endpoint. Acceptable values are between 1 and 65535. | int (required) |
enableFloatingIP | Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. | bool |
enableTcpReset | Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. | bool |
frontendIPConfiguration | A reference to frontend IP addresses. | SubResource |
frontendPortRangeEnd | The last port number in the range of external ports that will be used to provide Inbound Nat to NICs associated with a load balancer. Acceptable values range between 1 and 65535. | int (required) |
frontendPortRangeStart | The first port number in the range of external ports that will be used to provide Inbound Nat to NICs associated with a load balancer. Acceptable values range between 1 and 65534. | int (required) |
idleTimeoutInMinutes | The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. | int |
protocol | The reference to the transport protocol used by the inbound NAT pool. | 'All' 'Tcp' 'Udp' (required) |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within the set of inbound NAT rules used by the load balancer. This name can be used to access the resource. | string |
properties | Properties of load balancer inbound nat rule. | InboundNatRulePropertiesFormat |
Name | Description | Value |
---|---|---|
backendPort | The port used for the internal endpoint. Acceptable values range from 1 to 65535. | int |
enableFloatingIP | Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. | bool |
enableTcpReset | Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. | bool |
frontendIPConfiguration | A reference to frontend IP addresses. | SubResource |
frontendPort | The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values range from 1 to 65534. | int |
idleTimeoutInMinutes | The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. | int |
protocol | The reference to the transport protocol used by the load balancing rule. | 'All' 'Tcp' 'Udp' |
Name | Description | Value |
---|---|---|
ipTagType | The IP tag type. Example: FirstPartyUsage. | string |
tag | The value of the IP tag associated with the public IP. Example: SQL. | string |
Name | Description | Value |
---|---|---|
backendAddressPools | Collection of backend address pools used by a load balancer. | BackendAddressPool[] |
frontendIPConfigurations | Object representing the frontend IPs to be used for the load balancer. | FrontendIPConfiguration[] |
inboundNatPools | Defines an external port range for inbound NAT to a single backend port on NICs associated with a load balancer. Inbound NAT rules are created automatically for each NIC associated with the Load Balancer using an external port from this range. Defining an Inbound NAT pool on your Load Balancer is mutually exclusive with defining inbound Nat rules. Inbound NAT pools are referenced from virtual machine scale sets. NICs that are associated with individual virtual machines cannot reference an inbound NAT pool. They have to reference individual inbound NAT rules. | InboundNatPool[] |
inboundNatRules | Collection of inbound NAT Rules used by a load balancer. Defining inbound NAT rules on your load balancer is mutually exclusive with defining an inbound NAT pool. Inbound NAT pools are referenced from virtual machine scale sets. NICs that are associated with individual virtual machines cannot reference an Inbound NAT pool. They have to reference individual inbound NAT rules. | InboundNatRule[] |
loadBalancingRules | Object collection representing the load balancing rules Gets the provisioning. | LoadBalancingRule[] |
outboundRules | The outbound rules. | OutboundRule[] |
probes | Collection of probe objects used in the load balancer. | Probe[] |
Name | Description | Value |
---|---|---|
name | Name of a load balancer SKU. | 'Basic' 'Standard' |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within the set of load balancing rules used by the load balancer. This name can be used to access the resource. | string |
properties | Properties of load balancer load balancing rule. | LoadBalancingRulePropertiesFormat |
Name | Description | Value |
---|---|---|
backendAddressPool | A reference to a pool of DIPs. Inbound traffic is randomly load balanced across IPs in the backend IPs. | SubResource |
backendPort | The port used for internal connections on the endpoint. Acceptable values are between 0 and 65535. Note that value 0 enables "Any Port". | int |
disableOutboundSnat | Configures SNAT for the VMs in the backend pool to use the publicIP address specified in the frontend of the load balancing rule. | bool |
enableFloatingIP | Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. | bool |
enableTcpReset | Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. | bool |
frontendIPConfiguration | A reference to frontend IP addresses. | SubResource |
frontendPort | The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values are between 0 and 65534. Note that value 0 enables "Any Port". | int (required) |
idleTimeoutInMinutes | The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. | int |
loadDistribution | The load distribution policy for this rule. | 'Default' 'SourceIP' 'SourceIPProtocol' |
probe | The reference of the load balancer probe used by the load balancing rule. | SubResource |
protocol | The reference to the transport protocol used by the load balancing rule. | 'All' 'Tcp' 'Udp' (required) |
Name | Description | Value |
---|---|---|
apiVersion | The api version | '2019-09-01' |
location | Resource location. | string |
name | The resource name | string (required) |
properties | Properties of load balancer. | LoadBalancerPropertiesFormat |
sku | The load balancer SKU. | LoadBalancerSku |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
type | The resource type | 'Microsoft.Network/loadBalancers' |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the network security group. | NetworkSecurityGroupPropertiesFormat |
tags | Resource tags. | ResourceTags |
Name | Description | Value |
---|---|---|
securityRules | A collection of security rules of the network security group. | SecurityRule[] |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within the set of outbound rules used by the load balancer. This name can be used to access the resource. | string |
properties | Properties of load balancer outbound rule. | OutboundRulePropertiesFormat |
Name | Description | Value |
---|---|---|
allocatedOutboundPorts | The number of outbound ports to be used for NAT. | int |
backendAddressPool | A reference to a pool of DIPs. Outbound traffic is randomly load balanced across IPs in the backend IPs. | SubResource (required) |
enableTcpReset | Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. | bool |
frontendIPConfigurations | The Frontend IP addresses of the load balancer. | SubResource[] (required) |
idleTimeoutInMinutes | The timeout for the TCP idle connection. | int |
protocol | The protocol for the outbound rule in load balancer. | 'All' 'Tcp' 'Udp' (required) |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within the set of probes used by the load balancer. This name can be used to access the resource. | string |
properties | Properties of load balancer probe. | ProbePropertiesFormat |
Name | Description | Value |
---|---|---|
intervalInSeconds | The interval, in seconds, for how frequently to probe the endpoint for health status. Typically, the interval is slightly less than half the allocated timeout period (in seconds) which allows two full probes before taking the instance out of rotation. The default value is 15, the minimum value is 5. | int |
numberOfProbes | The number of probes where if no response, will result in stopping further traffic from being delivered to the endpoint. This values allows endpoints to be taken out of rotation faster or slower than the typical times used in Azure. | int |
port | The port for communicating the probe. Possible values range from 1 to 65535, inclusive. | int (required) |
protocol | The protocol of the end point. If 'Tcp' is specified, a received ACK is required for the probe to be successful. If 'Http' or 'Https' is specified, a 200 OK response from the specifies URI is required for the probe to be successful. | 'Http' 'Https' 'Tcp' (required) |
requestPath | The URI used for requesting health status from the VM. Path is required if a protocol is set to http. Otherwise, it is not allowed. There is no default value. | string |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Public IP address properties. | PublicIPAddressPropertiesFormat |
sku | The public IP address SKU. | PublicIPAddressSku |
tags | Resource tags. | ResourceTags |
zones | A list of availability zones denoting the IP allocated for the resource needs to come from. | string[] |
Name | Description | Value |
---|---|---|
domainNameLabel | The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. | string |
fqdn | The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. | string |
reverseFqdn | The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. | string |
Name | Description | Value |
---|---|---|
ddosSettings | The DDoS protection custom policy associated with the public IP address. | DdosSettings |
dnsSettings | The FQDN of the DNS record associated with the public IP address. | PublicIPAddressDnsSettings |
idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
ipAddress | The IP address associated with the public IP address resource. | string |
ipTags | The list of tags associated with the public IP address. | IpTag[] |
publicIPAddressVersion | The public IP address version. | 'IPv4' 'IPv6' |
publicIPAllocationMethod | The public IP address allocation method. | 'Dynamic' 'Static' |
publicIPPrefix | The Public IP Prefix this Public IP Address should be allocated from. | SubResource |
Name | Description | Value |
---|---|---|
name | Name of a public IP address SKU. | 'Basic' 'Standard' |
Name | Description | Value |
---|
Name | Description | Value |
---|
Name | Description | Value |
---|
Name | Description | Value |
---|
Name | Description | Value |
---|
Name | Description | Value |
---|
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the route. | RoutePropertiesFormat |
Name | Description | Value |
---|---|---|
addressPrefix | The destination CIDR to which the route applies. | string |
nextHopIpAddress | The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. | string |
nextHopType | The type of Azure hop the packet should be sent to. | 'Internet' 'None' 'VirtualAppliance' 'VirtualNetworkGateway' 'VnetLocal' (required) |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the route table. | RouteTablePropertiesFormat |
tags | Resource tags. | ResourceTags |
Name | Description | Value |
---|---|---|
disableBgpRoutePropagation | Whether to disable the routes learned by BGP on that route table. True means disable. | bool |
routes | Collection of routes contained within a route table. | Route[] |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the security rule. | SecurityRulePropertiesFormat |
Name | Description | Value |
---|---|---|
access | The network traffic is allowed or denied. | 'Allow' 'Deny' (required) |
description | A description for this rule. Restricted to 140 chars. | string |
destinationAddressPrefix | The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. | string |
destinationAddressPrefixes | The destination address prefixes. CIDR or destination IP ranges. | string[] |
destinationApplicationSecurityGroups | The application security group specified as destination. | ApplicationSecurityGroup[] |
destinationPortRange | The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
destinationPortRanges | The destination port ranges. | string[] |
direction | The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. | 'Inbound' 'Outbound' (required) |
priority | The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | int |
protocol | Network protocol this rule applies to. | '*' 'Ah' 'Esp' 'Icmp' 'Tcp' 'Udp' (required) |
sourceAddressPrefix | The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. | string |
sourceAddressPrefixes | The CIDR or source IP ranges. | string[] |
sourceApplicationSecurityGroups | The application security group specified as source. | ApplicationSecurityGroup[] |
sourcePortRange | The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
sourcePortRanges | The source port ranges. | string[] |
Name | Description | Value |
---|---|---|
serviceName | The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers). | string |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the service end point policy. | ServiceEndpointPolicyPropertiesFormat |
tags | Resource tags. | ResourceTags |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the service endpoint policy definition. | ServiceEndpointPolicyDefinitionPropertiesFormat |
Name | Description | Value |
---|---|---|
description | A description for this rule. Restricted to 140 chars. | string |
service | Service endpoint name. | string |
serviceResources | A list of service resources. | string[] |
Name | Description | Value |
---|---|---|
serviceEndpointPolicyDefinitions | A collection of service endpoint policy definitions of the service endpoint policy. | ServiceEndpointPolicyDefinition[] |
Name | Description | Value |
---|---|---|
locations | A list of locations. | string[] |
service | The type of the endpoint service. | string |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the subnet. | SubnetPropertiesFormat |
Name | Description | Value |
---|---|---|
addressPrefix | The address prefix for the subnet. | string |
addressPrefixes | List of address prefixes for the subnet. | string[] |
delegations | An array of references to the delegations on the subnet. | Delegation[] |
natGateway | Nat gateway associated with this subnet. | SubResource |
networkSecurityGroup | The reference of the NetworkSecurityGroup resource. | NetworkSecurityGroup |
privateEndpointNetworkPolicies | Enable or Disable apply network policies on private end point in the subnet. | string |
privateLinkServiceNetworkPolicies | Enable or Disable apply network policies on private link service in the subnet. | string |
routeTable | The reference of the RouteTable resource. | RouteTable |
serviceEndpointPolicies | An array of service endpoint policies. | ServiceEndpointPolicy[] |
serviceEndpoints | An array of service endpoints. | ServiceEndpointPropertiesFormat[] |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
2 VMs in a Load Balancer and configure NAT rules on the LB |
This template allows you to create 2 Virtual Machines in an Availability Set and configure NAT rules through the load balancer. This template also deploys a Storage Account, Virtual Network, Public IP address and Network Interfaces. In this template, we use the resource loops capability to create the network interfaces and virtual machines |
2 VMs in a Load Balancer and load balancing rules |
This template allows you to create 2 Virtual Machines under a Load balancer and configure a load balancing rule on Port 80. This template also deploys a Storage Account, Virtual Network, Public IP address, Availability Set and Network Interfaces. In this template, we use the resource loops capability to create the network interfaces and virtual machines |
2 VMs in VNET - Internal Load Balancer and LB rules |
This template allows you to create 2 Virtual Machines in a VNET and under an internal Load balancer and configure a load balancing rule on Port 80. This template also deploys a Storage Account, Virtual Network, Public IP address, Availability Set and Network Interfaces. |
Autoscale LANSA Windows VM ScaleSet with Azure SQL Database |
The template deploys a Windows VMSS with a desired count of VMs in the scale set and a LANSA MSI to install into each VM. Once the VM Scale Set is deployed a custom script extension is used to install the LANSA MSI) |
Azure Container Service Engine (acs-engine) - Swarm Mode |
The Azure Container Service Engine (acs-engine) generates ARM (Azure Resource Manager) templates for Docker enabled clusters on Microsoft Azure with your choice of DC/OS, Kubernetes, Swarm Mode, or Swarm orchestrators. The input to the tool is a cluster definition. The cluster definition is very similar to (in many cases the same as) the ARM template syntax used to deploy a Microsoft Azure Container Service cluster. |
Azure VM Scale Set as clients of Intel Lustre |
This template creates a set of Intel Lustre 2.7 clients using Azure VM Scale Sets and Azure gallery OpenLogic CentOS 6.6 or 7.0 images and mounts an existing Intel Lustre filesystem |
AzureDatabricks Template for VNetInjection and Load Balancer |
This template allows you to create a a load balancer, network security group, a virtual network and an Azure Databricks workspace with the virtual network. |
Barracuda Web Application Firewall with Backend IIS Servers |
This Azure quickstart template deploys a Barracuda Web Application Firewall Solution on Azure with required number of backend Windows 2012 based IIS Web Servers.Templates includes latest Barracuda WAF with Pay as you go license and latest Windows 2012 R2 Azure Image for IIS.The Barracuda Web Application Firewall inspects inbound web traffic and blocks SQL injections, Cross-Site Scripting, malware uploads & application DDoS and other attacks targeted at your web applications. One External LB is deployed with NAT rules to enable Remote desktop access to backend web servers. Please follow post deployment configuration guide available in GitHub template directory to learn more about post deployment steps related to Barracuda web application firewall and web applications publishing. |
Basic RDS farm deployment |
This template creates a basic RDS farm deployment |
Chef Backend High-Availability Cluster |
This template creates a chef-backend cluster with front-end nodes attached |
Create 2 VMs in LB and a SQL Server VM with NSG |
This template creates 2 Windows VMs (that can be used as web FE) with in an Availability Set and a Load Balancer with port 80 open. The two VMs can be reached using RDP on port 6001 and 6002. This template also create a SQL Server 2014 VM that can be reached via RDP connection defined in a Network Security Group. |
Create 2 VMs Linux with LB and SQL Server VM with SSD |
This template creates 2 Linux VMs (that can be used as web FE) with in an Availability Set and a Load Balancer with port 80 open. The two VMs can be reached using SSH on port 6001 and 6002. This template also create a SQL Server 2014 VM that can be reached via RDP connection defined in a Network Security Group. All VMs storage can use Premium Storage (SSD) and you can choose to creare VMs with all DS sizes |
Create a cross-region load balancer |
This template creates a cross-region load balancer with a backend pool containing two regional load balancers. Cross-region load balancer is currently available in limited regions. The regional load balancers behind the cross-region load balancer can be in any region. |
Create a load-balancer with a Public IPv6 address |
This template creates an Internet-facing load-balancer with a Public IPv6 address, load balancing rules, and two VMs for the backend pool. |
Create a standard internal load balancer |
This template creates a standard internal Azure Load Balancer with a rule load-balancing port 80 |
Create a standard internal load balancer with HA ports |
This template creates a standard internal Azure Load Balancer with a HA ports load-balancing rule |
Create a standard load-balancer |
This template creates an Internet-facing load-balancer, load balancing rules, and three VMs for the backend pool with each VM in a redundant zone. |
Create a VM with multiple NICs and RDP accessible |
This template allows you to create a Virtual Machines with multiple (2) network interfaces (NICs), and RDP connectable with a configured load balancer and an inbound NAT rule. More NICs can easily be added with this template. This template also deploys a Storage Account, Virtual Network, Public IP address, and 2 Network Interfaces (front-end and back-end). |
Create an Azure VM with a new Active Directory Forest |
This template creates a new Azure VM, it configures the VM to be an Active Directory Domain Controller for a new forest |
Create an Azure VM with a new AD Forest |
This template creates a new Azure VM, it configures the VM to be an AD DC for a new Forest |
Create an new AD Domain with 2 Domain Controllers |
This template creates 2 new VMs to be AD DCs (primary and backup) for a new Forest and Domain |
Create an Ubuntu GNOME desktop |
This template creates an ubuntu desktop machine. This works great for use as a jumpbox behind a NAT. |
Deploy a 3 Nodetype Secure Cluster with NSGs enabled |
This template allows you to deploy a secure 3 nodetype Service fabric Cluster running Windows server 2016 Data center on a Standard_D2 Size VMs. Use this template allows you ro control the inbound and outbound network traffic using Network Security Groups. |
Deploy a 5 Node Secure Cluster |
This template allows you to deploy a secure 5 node Service Fabric Cluster running Windows Server 2019 Datacenter on a Standard_D2_v2 Size VMSS. |
Deploy a 5 Node Ubuntu Service Fabric Cluster |
This template allows you to deploy a secure 5 node Service Fabric Cluster running Ubuntu on a Standard_D2_V2 Size VMSS. |
Deploy a Linux VMSS wth primary/secondary architecture |
This template allows you to deploy a Linux VMSS with a Custom Script Extension in primary secondary architecture |
Deploy a Scale Set into an existing vnet |
This template deploys a VM Scale Set into an exsisting vnet. |
Deploy a simple VM Scale Set with Linux VMs |
This template allows you to deploy a simple VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 14.04.4-LTS or 16.04-LTS. These VMs are behind a load balancer with NAT rules for ssh connections. |
Deploy a simple VM Scale Set with Windows VMs |
This template allows you to deploy a simple VM Scale Set of Windows VMs using the lastest patched version of various Windows Versions. These VMs are behind a load balancer with NAT rules for rdp connections. |
Deploy a trusted launch capable Windows VM Scale Set |
This template allows you to deploy a trusted launch capable VM Scale Set of Windows VMs using the latest patched version of Windows Server 2016, Windows Server 2019 or Windows Server 2022 Azure Edition. These VMs are behind a load balancer with NAT rules for RDP connections. If you enable Secureboot and vTPM, the Guest Attestation extension will be installed on your VMSS. This extension will perform remote attestation by the cloud. |
Deploy a VM Scale Set from the Azure Data Science VM |
These templates deploy VM scale sets, using the Azure Data Science VMs as a source image. |
Deploy a VM Scale Set with a Linux custom image |
This template allows you to deploy a custom VM Linux image inside an Scale Set. These VMs are behind a load balancer with HTTP load balancing (by default on port 80). The example uses a custom script to do the application deployment and update, you may have to provide your custom script for your own update procedure. You will have to provide a generalized image of your VM in the same subscription and region where you create the VMSS. |
Deploy a VM Scale Set with a Windows custom image |
This template allows you to deploy a simple VM Scale Set usng a custom Windows image. These VMs are behind a load balancer with HTTP load balancing (by default on port 80) |
Deploy a VM Scale Set with Linux VMs and Auto Scale |
This template allows you to deploy a simple VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 15.04 or 14.04.4-LTS. These VMs are behind a load balancer with NAT rules for ssh connections.They also have Auto Scale integrated |
Deploy a VM Scale Set with Linux VMs behind ILB |
This template allows you to deploy a VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 15.10 or 14.04.4-LTS. These VMs are behind an internal load balancer with NAT rules for ssh connections. |
Deploy a VM Scale Set with Linux VMs in Availabilty Zones |
This template allows you to deploy a simple VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 14.04.4-LTS or 16.04-LTS. These VMs are behind a load balancer with NAT rules for ssh connections. |
Deploy a VM Scale Set with Windows VMs and Auto Scale |
This template allows you to deploy a simple VM Scale Set of Windows VMs using the latest patched version of Windows 2008-R2-SP1, 2012-Datacenter, or 2012-R2-Datacenter. These VMs are behind a load balancer with NAT rules for RDP connections. They also have Auto Scale integrated |
Deploy a VM Scale Set with Windows VMs in Availability Zones |
This template allows you to deploy a VM Scale Set of Windows VMs using the lastest patched version of various Windows Versions. These VMs are behind a load balancer with NAT rules for rdp connections. |
Deploy a VMSS that connects each VM to an Azure Files share |
This template deploys an Ubuntu Virtual Machine Scale Set and uses a custom script extension to connect each VM to an Azure Files share |
Deploy a Windows VM Scale Set with a Custom Script Extension |
This template allows you to deploy a VM Scale Set of Windows VMs using the lastest patched version of various Windows Versions. These VMs have a custom script extension for customization and are behind a load balancer with NAT rules for rdp connections. |
Deploy an Autoscale Setting for Virtual Machine ScaleSet |
This template allows you to deploy an autoscale policy for Virtual Machine ScaleSet resource. |
Deploy Darktrace Autoscaling vSensors |
This template allows you to deploy an automatically autoscaling deployment of Darktrace vSensors |
Deploy Drupal with VM Scale Set, Azure Files and Mysql |
Deploy a VM Scale Set behind a load balancer/NAT & each VM running Drupal (Apache / PHP). All nodes share the created Azure file share storage and MySQL database |
Deploy IOMAD cluster on Ubuntu |
This template deploys IOMAD as a LAMP application on Ubuntu. It creates a one or more Ubuntu VM for the front end and a single VM for the backend. It does a silent install of Apache and PHP on the front end VM's and MySQL on the backend VM. Then it deploys IOMAD on the cluster. It configures a load balancer for directing requests to the front end VM's. It also configures NAT rules to allow admin access to each of the VM's. It also sets up a moodledata data directory using file storage shared among the VM's. After the deployment is successful, you can go to /iomad on each frontend VM (using web admin access) to start configuring IOMAD. |
Deploy Open edX Dogwood (Multi-VM) |
This template creates a network of Ubuntu VMs, and deploys Open edX Dogwood on them. Deployment supports 1-9 application VMs and backend Mongo and MySQL VMs. |
Deploy OpenLDAP cluster on Ubuntu |
This template deploys an OpenLDAP cluster on Ubuntu. It creates multiple Ubuntu VMs (up to 5, but can be easily increased) and does a silent install of OpenLDAP on them. Then it sets up N-way multi-master replication on them. After the deployment is successful, you can go to /phpldapadmin to start congfiguring OpenLDAP. |
Deploy OpenSIS Community Edition cluster on Ubuntu |
This template deploys OpenSIS Community Edition as a LAMP application on Ubuntu. It creates a one or more Ubuntu VM for the front end and a single VM for the backend. It does a silent install of Apache and PHP on the front end VM's and MySQL on the backend VM. Then it deploys OpenSIS Community Edition on the cluster. After the deployment is successful, you can go to /opensis-ce on each of the front end VM's (using web admin access) to start congfiguring OpenSIS. |
Deploy Shibboleth Identity Provider cluster on Ubuntu |
This template deploys Shibboleth Identity Provider on Ubuntu in a clustered configuration. After the deployment is successful, you can go to https://your-domain:8443/idp/profile/Status (note port number) to check success. |
Deploy Shibboleth Identity Provider cluster on Windows |
This template deploys Shibboleth Identity Provider on Windows in a clustered configuration. After the deployment is successful, you can go to https://your-domain:8443/idp/profile/status (note port number) to check success. |
Deploy VM Scale Set with LB probe and automatic repairs |
This template allows you to deploy a VM scale set of Linux VMs behind a load balancer with health probe configured. The scale set also has automatic instance repairs policy enabled with a grace period of 30 minutes. |
Deploy VM Scale Set with Python Bottle server & AutoScale |
Deploy a VM Scale Set behind a load balancer/NAT & each VM running a simple Python Bottle app that does work. With Autoscale configured Scale Set will scale out & in as needed |
Deploy Windows VMSS configure windows featurtes SSL DSC |
This template allows you to deploy two Windows VMSS, configure windows features like IIS/Web Role, .Net Framework 4.5, windows auth, application initialization, download application deployment packages, URL Rewrite & SSL configuration using DSC and Azure Key Vault |
Deploys a 2 node master/slave MySQL replication cluster |
This template deploys a 2 node master/slave MySQL replication cluster on CentOS 6.5 or 6.6 |
Deploys a 3 node Consul Cluster |
This template deploys a 3 node Consul cluster and auto-joins the nodes via Atlas. Consul is a tool for service discovery, distributed key/value store and a bunch of other cool things. Atlas is provided by Hashicorp (makers of Consul) as a way to quickly create Consul clusters without having to manually join each node |
Deploys a 3 node Percona XtraDB Cluster |
This template deploys a 3 node MySQL high availability cluster on CentOS 6.5 or Ubuntu 12.04 |
Deploys a N-node CentOS Cluster |
This template deploys a 2-10 node CentOS cluster with 2 networks. |
Deploys SQL Server 2014 AG on existing VNET & AD |
This template creates three new Azure VMs on an existing VNET: Two VMs are configured as SQL Server 2014 availability group replica nodes and one VM is configured as a File Share Witness for automated cluster failover. In addition to these VMs, the following additional Azure resources are also configured: Internal load balancer, Storage accounts. To configure clustering, SQL Server, and an availability group within each VM, PowerShell DSC is leveraged. For Active Directory support, existing Active Directory domain controllers should already be deployed on the existing VNET. |
Deploys Windows VMs under LB,configures WinRM Https |
This template allows you to deploys Windows VMs using few different options for the Windows version. This template also configures a WinRM https listener on VMs |
Docker Swarm Cluster |
This template creates a high-availability Docker Swarm cluster |
Front Door Premium with VM and Private Link service |
This template creates a Front Door Premium and a virtual machine configured as a web server. Front Door uses a private endpoint with Private Link service to send traffic to the VM. |
GlassFish on SUSE |
This template deploys a load balanced GlassFish (v3 or v4) cluster, consisting of a user defined number of SUSE (OpenSUSE or SLES) VMs. |
IIS VMs & SQL Server 2014 VM |
Create 1 or 2 IIS Windows 2012 R2 Web Servers and one back end SQL Server 2014 in VNET. |
Install Elasticsearch cluster on a Virtual Machine Scale Set |
This template deploys an Elasticsearch cluster on a Virtual Machine scale set. The template provisions 3 dedicated master nodes, with an optional number of data nodes, which run on managed disks. |
IPv6 in Azure Virtual Network (VNET) |
Create a dual stack IPv4/IPv6 VNET with 2 VMs. |
IPv6 in Azure Virtual Network (VNET) with Std LB |
Create a dual stack IPv4/IPv6 VNET with 2 VMs and an Internet-facing Standard Load Balancer. |
JBoss EAP on RHEL (clustered, multi-VM) |
This template allows you to create multiple RHEL 8.6 VMs running JBoss EAP 7.4 cluster and also deploys a web application called eap-session-replication, you can log into the admin console using the JBoss EAP username and password configured at the time of the deployment. |
JBoss EAP on RHEL (clustered, VMSS) |
This template allows you to create RHEL 8.6 VMSS instances running JBoss EAP 7.4 cluster and also deploys a web application called eap-session-replication, you can log into the admin console using the JBoss EAP username and password configured at the time of the deployment. |
KEMP LoadMaster HA Pair |
This template deploys a KEMP LoadMaster HA Pair |
Load Balancer with 2 VIPs, each with one LB rule |
This template allows you to create a Load Balancer, 2 Public IP addresses for the Load balancer (multivip), Virtual Network, Network Interface in the Virtual Network & a LB Rule in the Load Balancer that is used by the Network Interface. |
Load Balancer with Inbound NAT Rule |
This template allows you to create a Load Balancer, Public IP address for the Load balancer, Virtual Network, Network Interface in the Virtual Network & a NAT Rule in the Load Balancer that is used by the Network Interface. |
Multi tier App with NSG, ILB, AppGateway |
This template deploys a Virtual Network, segregates the network through subnets, deploys VMs and configures load balancing |
Multi tier traffic manager, L4 ILB, L7 AppGateway |
This template deploys a Virtual Network, segregates the network through subnets, deploys VMs and configures load balancing |
Private Link service example |
This template shows how to create a private link service |
Public Load Balancer chained to a Gateway Load Balancer |
This template allows you to deploy a Public Standard Load Balancer chained to a Gateway Load Balancer. The traffic incoming from internet is routed to the Gateway Load Balancer with linux VMs (NVAs) in the backend pool. |
RDS farm deployment using existing active directory |
This template creates a RDS farm deployment using existing active directory in same resource group |
RDS Gateway High Availability deployment |
This template provides high availability to RD Gateway and RD Web Access servers in an existing RDS deployment |
Red Hat Linux 3-Tier Solution on Azure |
This template allows you to deploy a 3 Tier architecture using 'Red Hat Enterprise Linux 7.3' virtual machines. Architecture includes Virtual Network, external and internal load balancers, Jump VM, NSGs etc along with multiple RHEL Virtual machines in each tier |
Redundant haproxy with Azure load-balancer and floating IP |
This template creates a redundant haproxy setup with 2 Ubuntu VMs configured behind Azure load balancer with floating IP enabled. Each of the Ubuntu VMs run haproxy to load balance requests to other application VMs (running Apache in this case). Keepalived enables redundancy for the haproxy VMs by assigning the floating IP to the MASTER and blocking the load-balancer probe on the BACKUP. This template also deploys a Storage Account, Virtual Network, Public IP address, Network Interfaces. |
Remote Desktop Services with High Availability |
This ARM Template sample code will deploy a Remote Desktop Services 2019 Session Collection lab with high availability. The goal is to deploy a fully redundant, highly available solution for Remote Desktop Services, using Windows Server 2019. |
Reserved IP Use Case Snippet |
This template demonstrates the currently supported use case for Reserved IP. A Reserved IP is simply a statically allocated Public IP. |
SAP NetWeaver 3-tier (managed disk) |
This template allows you to deploy a VM using a operating system that is supported by SAP and Managed Disks. |
SAP NetWeaver 3-tier multi SID DB (managed disks) |
This template allows you to deploy a VM using a operating system that is supported by SAP. |
SAP NetWeaver file server (managed disk) |
This template allows you to deploy a file server that can be used as shared storage for SAP NetWeaver. |
Simple VM Scale Set with Linux VMs and public IPv4 per VM |
This template demonstrates deploying a simple scale set with load balancer, inbound NAT rules, and public IP per VM. |
SSL enabled VM Scale Set |
Deploys web servers configures with SSL certificates deployed securely form Azure Key Vault |
Standard Load Balancer with Backend Pool by IP Addresses |
This template is used to demonstrate how ARM Templates can be used to configure the Backend Pool of a Load Balancer by IP Address as outlined in the Backend Pool management document. |
Virtual Machine Scaleset example using Availability Zones |
This template creates a VMSS placed in separate Availability Zones with a load balancer. |
Virtual machine with an RDP port |
Creates a virtual machine and creates a NAT rule for RDP to the VM in load balancer |
VM Scale Set with autoscale running an IIS WebApp |
Deploys a Windows VM Scale Set running IIS and a very basic .NET MVC web app. The VMSS PowerShell DSC Extension is leveraged to do the IIS install and WebDeploy package deployment. |
VMs in Availability Zones with a Load Balancer and NAT |
This template allows you to create Virtual Machines distributed across Availability Zones with a Load Balancer and configure NAT rules through the load balancer. This template also deploys a Virtual Network, Public IP address and Network Interfaces. In this template, we use the resource loops capability to create the network interfaces and virtual machines |
VMSS deploy of IPv6 in Azure Virtual Network (VNET) |
Create VM Scale Set with dual stack IPv4/IPv6 VNET and Std Load Balancer. |
VMSS Flexible Orchestration Mode Quickstart Linux |
This template deploys a simple VM Scale Set with instances behind an Azure Load Balancer. The VM Scale set is in Flexible Orchestration Mode. Use the os parameter to choose Linux (Ubuntu) or Windows (Windows Server Datacenter 2019) deployment. NOTE: This quickstart template enables network access to VM management ports (SSH, RDP) from any internet address, and should not be used for production deployments. |
VMSS with Public IP Prefix |
Template for deploying VMSS with Public IP Prefix |
The loadBalancers resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/loadBalancers resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Network/loadBalancers@2019-09-01"
name = "string"
location = "string"
body = jsonencode({
properties = {
backendAddressPools = [
{
id = "string"
name = "string"
properties = {
}
}
]
frontendIPConfigurations = [
{
id = "string"
name = "string"
properties = {
privateIPAddress = "string"
privateIPAddressVersion = "string"
privateIPAllocationMethod = "string"
publicIPAddress = {
id = "string"
location = "string"
properties = {
ddosSettings = {
ddosCustomPolicy = {
id = "string"
}
protectionCoverage = "string"
}
dnsSettings = {
domainNameLabel = "string"
fqdn = "string"
reverseFqdn = "string"
}
idleTimeoutInMinutes = int
ipAddress = "string"
ipTags = [
{
ipTagType = "string"
tag = "string"
}
]
publicIPAddressVersion = "string"
publicIPAllocationMethod = "string"
publicIPPrefix = {
id = "string"
}
}
sku = {
name = "string"
}
tags = {
{customized property} = "string"
}
zones = [
"string"
]
}
publicIPPrefix = {
id = "string"
}
subnet = {
id = "string"
name = "string"
properties = {
addressPrefix = "string"
addressPrefixes = [
"string"
]
delegations = [
{
id = "string"
name = "string"
properties = {
serviceName = "string"
}
}
]
natGateway = {
id = "string"
}
networkSecurityGroup = {
id = "string"
location = "string"
properties = {
securityRules = [
{
id = "string"
name = "string"
properties = {
access = "string"
description = "string"
destinationAddressPrefix = "string"
destinationAddressPrefixes = [
"string"
]
destinationApplicationSecurityGroups = [
{
id = "string"
location = "string"
properties = {
}
tags = {
{customized property} = "string"
}
}
]
destinationPortRange = "string"
destinationPortRanges = [
"string"
]
direction = "string"
priority = int
protocol = "string"
sourceAddressPrefix = "string"
sourceAddressPrefixes = [
"string"
]
sourceApplicationSecurityGroups = [
{
id = "string"
location = "string"
properties = {
}
tags = {
{customized property} = "string"
}
}
]
sourcePortRange = "string"
sourcePortRanges = [
"string"
]
}
}
]
}
tags = {
{customized property} = "string"
}
}
privateEndpointNetworkPolicies = "string"
privateLinkServiceNetworkPolicies = "string"
routeTable = {
id = "string"
location = "string"
properties = {
disableBgpRoutePropagation = bool
routes = [
{
id = "string"
name = "string"
properties = {
addressPrefix = "string"
nextHopIpAddress = "string"
nextHopType = "string"
}
}
]
}
tags = {
{customized property} = "string"
}
}
serviceEndpointPolicies = [
{
id = "string"
location = "string"
properties = {
serviceEndpointPolicyDefinitions = [
{
id = "string"
name = "string"
properties = {
description = "string"
service = "string"
serviceResources = [
"string"
]
}
}
]
}
tags = {
{customized property} = "string"
}
}
]
serviceEndpoints = [
{
locations = [
"string"
]
service = "string"
}
]
}
}
}
zones = [
"string"
]
}
]
inboundNatPools = [
{
id = "string"
name = "string"
properties = {
backendPort = int
enableFloatingIP = bool
enableTcpReset = bool
frontendIPConfiguration = {
id = "string"
}
frontendPortRangeEnd = int
frontendPortRangeStart = int
idleTimeoutInMinutes = int
protocol = "string"
}
}
]
inboundNatRules = [
{
id = "string"
name = "string"
properties = {
backendPort = int
enableFloatingIP = bool
enableTcpReset = bool
frontendIPConfiguration = {
id = "string"
}
frontendPort = int
idleTimeoutInMinutes = int
protocol = "string"
}
}
]
loadBalancingRules = [
{
id = "string"
name = "string"
properties = {
backendAddressPool = {
id = "string"
}
backendPort = int
disableOutboundSnat = bool
enableFloatingIP = bool
enableTcpReset = bool
frontendIPConfiguration = {
id = "string"
}
frontendPort = int
idleTimeoutInMinutes = int
loadDistribution = "string"
probe = {
id = "string"
}
protocol = "string"
}
}
]
outboundRules = [
{
id = "string"
name = "string"
properties = {
allocatedOutboundPorts = int
backendAddressPool = {
id = "string"
}
enableTcpReset = bool
frontendIPConfigurations = [
{
id = "string"
}
]
idleTimeoutInMinutes = int
protocol = "string"
}
}
]
probes = [
{
id = "string"
name = "string"
properties = {
intervalInSeconds = int
numberOfProbes = int
port = int
protocol = "string"
requestPath = "string"
}
}
]
}
})
sku = {
name = "string"
}
tags = {
{customized property} = "string"
}
}
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the application security group. | ApplicationSecurityGroupPropertiesFormat |
tags | Resource tags. | ResourceTags |
Name | Description | Value |
---|
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within the set of backend address pools used by the load balancer. This name can be used to access the resource. | string |
properties | Properties of load balancer backend address pool. | BackendAddressPoolPropertiesFormat |
Name | Description | Value |
---|
Name | Description | Value |
---|---|---|
ddosCustomPolicy | The DDoS custom policy associated with the public IP. | SubResource |
protectionCoverage | The DDoS protection policy customizability of the public IP. Only standard coverage will have the ability to be customized. | 'Basic' 'Standard' |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a subnet. This name can be used to access the resource. | string |
properties | Properties of the subnet. | ServiceDelegationPropertiesFormat |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within the set of frontend IP configurations used by the load balancer. This name can be used to access the resource. | string |
properties | Properties of the load balancer probe. | FrontendIPConfigurationPropertiesFormat |
zones | A list of availability zones denoting the IP allocated for the resource needs to come from. | string[] |
Name | Description | Value |
---|---|---|
privateIPAddress | The private IP address of the IP configuration. | string |
privateIPAddressVersion | Whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. | 'IPv4' 'IPv6' |
privateIPAllocationMethod | The Private IP allocation method. | 'Dynamic' 'Static' |
publicIPAddress | The reference of the Public IP resource. | PublicIPAddress |
publicIPPrefix | The reference of the Public IP Prefix resource. | SubResource |
subnet | The reference of the subnet resource. | Subnet |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within the set of inbound NAT pools used by the load balancer. This name can be used to access the resource. | string |
properties | Properties of load balancer inbound nat pool. | InboundNatPoolPropertiesFormat |
Name | Description | Value |
---|---|---|
backendPort | The port used for internal connections on the endpoint. Acceptable values are between 1 and 65535. | int (required) |
enableFloatingIP | Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. | bool |
enableTcpReset | Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. | bool |
frontendIPConfiguration | A reference to frontend IP addresses. | SubResource |
frontendPortRangeEnd | The last port number in the range of external ports that will be used to provide Inbound Nat to NICs associated with a load balancer. Acceptable values range between 1 and 65535. | int (required) |
frontendPortRangeStart | The first port number in the range of external ports that will be used to provide Inbound Nat to NICs associated with a load balancer. Acceptable values range between 1 and 65534. | int (required) |
idleTimeoutInMinutes | The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. | int |
protocol | The reference to the transport protocol used by the inbound NAT pool. | 'All' 'Tcp' 'Udp' (required) |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within the set of inbound NAT rules used by the load balancer. This name can be used to access the resource. | string |
properties | Properties of load balancer inbound nat rule. | InboundNatRulePropertiesFormat |
Name | Description | Value |
---|---|---|
backendPort | The port used for the internal endpoint. Acceptable values range from 1 to 65535. | int |
enableFloatingIP | Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. | bool |
enableTcpReset | Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. | bool |
frontendIPConfiguration | A reference to frontend IP addresses. | SubResource |
frontendPort | The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values range from 1 to 65534. | int |
idleTimeoutInMinutes | The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. | int |
protocol | The reference to the transport protocol used by the load balancing rule. | 'All' 'Tcp' 'Udp' |
Name | Description | Value |
---|---|---|
ipTagType | The IP tag type. Example: FirstPartyUsage. | string |
tag | The value of the IP tag associated with the public IP. Example: SQL. | string |
Name | Description | Value |
---|---|---|
backendAddressPools | Collection of backend address pools used by a load balancer. | BackendAddressPool[] |
frontendIPConfigurations | Object representing the frontend IPs to be used for the load balancer. | FrontendIPConfiguration[] |
inboundNatPools | Defines an external port range for inbound NAT to a single backend port on NICs associated with a load balancer. Inbound NAT rules are created automatically for each NIC associated with the Load Balancer using an external port from this range. Defining an Inbound NAT pool on your Load Balancer is mutually exclusive with defining inbound Nat rules. Inbound NAT pools are referenced from virtual machine scale sets. NICs that are associated with individual virtual machines cannot reference an inbound NAT pool. They have to reference individual inbound NAT rules. | InboundNatPool[] |
inboundNatRules | Collection of inbound NAT Rules used by a load balancer. Defining inbound NAT rules on your load balancer is mutually exclusive with defining an inbound NAT pool. Inbound NAT pools are referenced from virtual machine scale sets. NICs that are associated with individual virtual machines cannot reference an Inbound NAT pool. They have to reference individual inbound NAT rules. | InboundNatRule[] |
loadBalancingRules | Object collection representing the load balancing rules Gets the provisioning. | LoadBalancingRule[] |
outboundRules | The outbound rules. | OutboundRule[] |
probes | Collection of probe objects used in the load balancer. | Probe[] |
Name | Description | Value |
---|---|---|
name | Name of a load balancer SKU. | 'Basic' 'Standard' |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within the set of load balancing rules used by the load balancer. This name can be used to access the resource. | string |
properties | Properties of load balancer load balancing rule. | LoadBalancingRulePropertiesFormat |
Name | Description | Value |
---|---|---|
backendAddressPool | A reference to a pool of DIPs. Inbound traffic is randomly load balanced across IPs in the backend IPs. | SubResource |
backendPort | The port used for internal connections on the endpoint. Acceptable values are between 0 and 65535. Note that value 0 enables "Any Port". | int |
disableOutboundSnat | Configures SNAT for the VMs in the backend pool to use the publicIP address specified in the frontend of the load balancing rule. | bool |
enableFloatingIP | Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. | bool |
enableTcpReset | Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. | bool |
frontendIPConfiguration | A reference to frontend IP addresses. | SubResource |
frontendPort | The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values are between 0 and 65534. Note that value 0 enables "Any Port". | int (required) |
idleTimeoutInMinutes | The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. | int |
loadDistribution | The load distribution policy for this rule. | 'Default' 'SourceIP' 'SourceIPProtocol' |
probe | The reference of the load balancer probe used by the load balancing rule. | SubResource |
protocol | The reference to the transport protocol used by the load balancing rule. | 'All' 'Tcp' 'Udp' (required) |
Name | Description | Value |
---|---|---|
location | Resource location. | string |
name | The resource name | string (required) |
properties | Properties of load balancer. | LoadBalancerPropertiesFormat |
sku | The load balancer SKU. | LoadBalancerSku |
tags | Resource tags | Dictionary of tag names and values. |
type | The resource type | "Microsoft.Network/loadBalancers@2019-09-01" |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the network security group. | NetworkSecurityGroupPropertiesFormat |
tags | Resource tags. | ResourceTags |
Name | Description | Value |
---|---|---|
securityRules | A collection of security rules of the network security group. | SecurityRule[] |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within the set of outbound rules used by the load balancer. This name can be used to access the resource. | string |
properties | Properties of load balancer outbound rule. | OutboundRulePropertiesFormat |
Name | Description | Value |
---|---|---|
allocatedOutboundPorts | The number of outbound ports to be used for NAT. | int |
backendAddressPool | A reference to a pool of DIPs. Outbound traffic is randomly load balanced across IPs in the backend IPs. | SubResource (required) |
enableTcpReset | Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. | bool |
frontendIPConfigurations | The Frontend IP addresses of the load balancer. | SubResource[] (required) |
idleTimeoutInMinutes | The timeout for the TCP idle connection. | int |
protocol | The protocol for the outbound rule in load balancer. | 'All' 'Tcp' 'Udp' (required) |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within the set of probes used by the load balancer. This name can be used to access the resource. | string |
properties | Properties of load balancer probe. | ProbePropertiesFormat |
Name | Description | Value |
---|---|---|
intervalInSeconds | The interval, in seconds, for how frequently to probe the endpoint for health status. Typically, the interval is slightly less than half the allocated timeout period (in seconds) which allows two full probes before taking the instance out of rotation. The default value is 15, the minimum value is 5. | int |
numberOfProbes | The number of probes where if no response, will result in stopping further traffic from being delivered to the endpoint. This values allows endpoints to be taken out of rotation faster or slower than the typical times used in Azure. | int |
port | The port for communicating the probe. Possible values range from 1 to 65535, inclusive. | int (required) |
protocol | The protocol of the end point. If 'Tcp' is specified, a received ACK is required for the probe to be successful. If 'Http' or 'Https' is specified, a 200 OK response from the specifies URI is required for the probe to be successful. | 'Http' 'Https' 'Tcp' (required) |
requestPath | The URI used for requesting health status from the VM. Path is required if a protocol is set to http. Otherwise, it is not allowed. There is no default value. | string |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Public IP address properties. | PublicIPAddressPropertiesFormat |
sku | The public IP address SKU. | PublicIPAddressSku |
tags | Resource tags. | ResourceTags |
zones | A list of availability zones denoting the IP allocated for the resource needs to come from. | string[] |
Name | Description | Value |
---|---|---|
domainNameLabel | The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. | string |
fqdn | The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. | string |
reverseFqdn | The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. | string |
Name | Description | Value |
---|---|---|
ddosSettings | The DDoS protection custom policy associated with the public IP address. | DdosSettings |
dnsSettings | The FQDN of the DNS record associated with the public IP address. | PublicIPAddressDnsSettings |
idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
ipAddress | The IP address associated with the public IP address resource. | string |
ipTags | The list of tags associated with the public IP address. | IpTag[] |
publicIPAddressVersion | The public IP address version. | 'IPv4' 'IPv6' |
publicIPAllocationMethod | The public IP address allocation method. | 'Dynamic' 'Static' |
publicIPPrefix | The Public IP Prefix this Public IP Address should be allocated from. | SubResource |
Name | Description | Value |
---|---|---|
name | Name of a public IP address SKU. | 'Basic' 'Standard' |
Name | Description | Value |
---|
Name | Description | Value |
---|
Name | Description | Value |
---|
Name | Description | Value |
---|
Name | Description | Value |
---|
Name | Description | Value |
---|
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the route. | RoutePropertiesFormat |
Name | Description | Value |
---|---|---|
addressPrefix | The destination CIDR to which the route applies. | string |
nextHopIpAddress | The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. | string |
nextHopType | The type of Azure hop the packet should be sent to. | 'Internet' 'None' 'VirtualAppliance' 'VirtualNetworkGateway' 'VnetLocal' (required) |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the route table. | RouteTablePropertiesFormat |
tags | Resource tags. | ResourceTags |
Name | Description | Value |
---|---|---|
disableBgpRoutePropagation | Whether to disable the routes learned by BGP on that route table. True means disable. | bool |
routes | Collection of routes contained within a route table. | Route[] |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the security rule. | SecurityRulePropertiesFormat |
Name | Description | Value |
---|---|---|
access | The network traffic is allowed or denied. | 'Allow' 'Deny' (required) |
description | A description for this rule. Restricted to 140 chars. | string |
destinationAddressPrefix | The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. | string |
destinationAddressPrefixes | The destination address prefixes. CIDR or destination IP ranges. | string[] |
destinationApplicationSecurityGroups | The application security group specified as destination. | ApplicationSecurityGroup[] |
destinationPortRange | The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
destinationPortRanges | The destination port ranges. | string[] |
direction | The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. | 'Inbound' 'Outbound' (required) |
priority | The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | int |
protocol | Network protocol this rule applies to. | '*' 'Ah' 'Esp' 'Icmp' 'Tcp' 'Udp' (required) |
sourceAddressPrefix | The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. | string |
sourceAddressPrefixes | The CIDR or source IP ranges. | string[] |
sourceApplicationSecurityGroups | The application security group specified as source. | ApplicationSecurityGroup[] |
sourcePortRange | The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
sourcePortRanges | The source port ranges. | string[] |
Name | Description | Value |
---|---|---|
serviceName | The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers). | string |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the service end point policy. | ServiceEndpointPolicyPropertiesFormat |
tags | Resource tags. | ResourceTags |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the service endpoint policy definition. | ServiceEndpointPolicyDefinitionPropertiesFormat |
Name | Description | Value |
---|---|---|
description | A description for this rule. Restricted to 140 chars. | string |
service | Service endpoint name. | string |
serviceResources | A list of service resources. | string[] |
Name | Description | Value |
---|---|---|
serviceEndpointPolicyDefinitions | A collection of service endpoint policy definitions of the service endpoint policy. | ServiceEndpointPolicyDefinition[] |
Name | Description | Value |
---|---|---|
locations | A list of locations. | string[] |
service | The type of the endpoint service. | string |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the subnet. | SubnetPropertiesFormat |
Name | Description | Value |
---|---|---|
addressPrefix | The address prefix for the subnet. | string |
addressPrefixes | List of address prefixes for the subnet. | string[] |
delegations | An array of references to the delegations on the subnet. | Delegation[] |
natGateway | Nat gateway associated with this subnet. | SubResource |
networkSecurityGroup | The reference of the NetworkSecurityGroup resource. | NetworkSecurityGroup |
privateEndpointNetworkPolicies | Enable or Disable apply network policies on private end point in the subnet. | string |
privateLinkServiceNetworkPolicies | Enable or Disable apply network policies on private link service in the subnet. | string |
routeTable | The reference of the RouteTable resource. | RouteTable |
serviceEndpointPolicies | An array of service endpoint policies. | ServiceEndpointPolicy[] |
serviceEndpoints | An array of service endpoints. | ServiceEndpointPropertiesFormat[] |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |