Microsoft.Network loadBalancers 2016-06-01
- Latest
- 2024-05-01
- 2024-03-01
- 2024-01-01
- 2023-11-01
- 2023-09-01
- 2023-06-01
- 2023-05-01
- 2023-04-01
- 2023-02-01
- 2022-11-01
- 2022-09-01
- 2022-07-01
- 2022-05-01
- 2022-01-01
- 2021-08-01
- 2021-05-01
- 2021-03-01
- 2021-02-01
- 2020-11-01
- 2020-08-01
- 2020-07-01
- 2020-06-01
- 2020-05-01
- 2020-04-01
- 2020-03-01
- 2019-12-01
- 2019-11-01
- 2019-09-01
- 2019-08-01
- 2019-07-01
- 2019-06-01
- 2019-04-01
- 2019-02-01
- 2018-12-01
- 2018-11-01
- 2018-10-01
- 2018-08-01
- 2018-07-01
- 2018-06-01
- 2018-04-01
- 2018-02-01
- 2018-01-01
- 2017-11-01
- 2017-10-01
- 2017-09-01
- 2017-08-01
- 2017-06-01
- 2017-03-30
- 2017-03-01
- 2016-12-01
- 2016-09-01
- 2016-06-01
- 2016-03-30
- 2015-06-15
- 2015-05-01-preview
Bicep resource definition
The loadBalancers resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/loadBalancers resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/loadBalancers@2016-06-01' = {
etag: 'string'
location: 'string'
name: 'string'
properties: {
backendAddressPools: [
etag: 'string'
id: 'string'
name: 'string'
properties: {
provisioningState: 'string'
frontendIPConfigurations: [
etag: 'string'
id: 'string'
name: 'string'
properties: {
privateIPAddress: 'string'
privateIPAllocationMethod: 'string'
provisioningState: 'string'
publicIPAddress: {
etag: 'string'
id: 'string'
location: 'string'
properties: {
dnsSettings: {
domainNameLabel: 'string'
fqdn: 'string'
reverseFqdn: 'string'
idleTimeoutInMinutes: int
ipAddress: 'string'
provisioningState: 'string'
publicIPAddressVersion: 'string'
publicIPAllocationMethod: 'string'
resourceGuid: 'string'
tags: {
{customized property}: 'string'
subnet: {
etag: 'string'
id: 'string'
name: 'string'
properties: {
addressPrefix: 'string'
networkSecurityGroup: {
etag: 'string'
id: 'string'
location: 'string'
properties: {
defaultSecurityRules: [
etag: 'string'
id: 'string'
name: 'string'
properties: {
access: 'string'
description: 'string'
destinationAddressPrefix: 'string'
destinationPortRange: 'string'
direction: 'string'
priority: int
protocol: 'string'
provisioningState: 'string'
sourceAddressPrefix: 'string'
sourcePortRange: 'string'
provisioningState: 'string'
resourceGuid: 'string'
securityRules: [
etag: 'string'
id: 'string'
name: 'string'
properties: {
access: 'string'
description: 'string'
destinationAddressPrefix: 'string'
destinationPortRange: 'string'
direction: 'string'
priority: int
protocol: 'string'
provisioningState: 'string'
sourceAddressPrefix: 'string'
sourcePortRange: 'string'
tags: {
{customized property}: 'string'
provisioningState: 'string'
resourceNavigationLinks: [
id: 'string'
name: 'string'
properties: {
link: 'string'
linkedResourceType: 'string'
routeTable: {
etag: 'string'
id: 'string'
location: 'string'
properties: {
provisioningState: 'string'
routes: [
etag: 'string'
id: 'string'
name: 'string'
properties: {
addressPrefix: 'string'
nextHopIpAddress: 'string'
nextHopType: 'string'
provisioningState: 'string'
tags: {
{customized property}: 'string'
inboundNatPools: [
etag: 'string'
id: 'string'
name: 'string'
properties: {
backendPort: int
frontendIPConfiguration: {
id: 'string'
frontendPortRangeEnd: int
frontendPortRangeStart: int
protocol: 'string'
provisioningState: 'string'
inboundNatRules: [
etag: 'string'
id: 'string'
name: 'string'
properties: {
backendPort: int
enableFloatingIP: bool
frontendIPConfiguration: {
id: 'string'
frontendPort: int
idleTimeoutInMinutes: int
protocol: 'string'
provisioningState: 'string'
loadBalancingRules: [
etag: 'string'
id: 'string'
name: 'string'
properties: {
backendAddressPool: {
id: 'string'
backendPort: int
enableFloatingIP: bool
frontendIPConfiguration: {
id: 'string'
frontendPort: int
idleTimeoutInMinutes: int
loadDistribution: 'string'
probe: {
id: 'string'
protocol: 'string'
provisioningState: 'string'
outboundNatRules: [
etag: 'string'
id: 'string'
name: 'string'
properties: {
allocatedOutboundPorts: int
backendAddressPool: {
id: 'string'
frontendIPConfigurations: [
id: 'string'
provisioningState: 'string'
probes: [
etag: 'string'
id: 'string'
name: 'string'
properties: {
intervalInSeconds: int
numberOfProbes: int
port: int
protocol: 'string'
provisioningState: 'string'
requestPath: 'string'
provisioningState: 'string'
resourceGuid: 'string'
tags: {
{customized property}: 'string'
Property Values
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | Properties of BackendAddressPool | BackendAddressPoolPropertiesFormat |
Name | Description | Value |
provisioningState | Get provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | Properties of Frontend IP Configuration of the load balancer | FrontendIPConfigurationPropertiesFormat |
Name | Description | Value |
privateIPAddress | Gets or sets the privateIPAddress of the IP Configuration | string |
privateIPAllocationMethod | Gets or sets PrivateIP allocation method | 'Dynamic' 'Static' |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
publicIPAddress | Gets or sets the reference of the PublicIP resource | PublicIPAddress |
subnet | Gets or sets the reference of the subnet resource | Subnet |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | Properties of Inbound NAT pool | InboundNatPoolPropertiesFormat |
Name | Description | Value |
backendPort | Gets or sets a port used for internal connections on the endpoint. The localPort attribute maps the eternal port of the endpoint to an internal port on a role. This is useful in scenarios where a role must communicate to an internal component on a port that is different from the one that is exposed externally. If not specified, the value of localPort is the same as the port attribute. Set the value of localPort to '*' to automatically assign an unallocated port that is discoverable using the runtime API | int (required) |
frontendIPConfiguration | Gets or sets a reference to frontend IP Addresses | SubResource |
frontendPortRangeEnd | Gets or sets the ending port range for the NAT pool. You can specify any port number you choose, but the port numbers specified for each role in the service must be unique. Possible values range between 1 and 65535, inclusive | int (required) |
frontendPortRangeStart | Gets or sets the starting port range for the NAT pool. You can specify any port number you choose, but the port numbers specified for each role in the service must be unique. Possible values range between 1 and 65535, inclusive | int (required) |
protocol | Gets or sets the transport protocol for the endpoint. Possible values are Udp or Tcp | 'Tcp' 'Udp' (required) |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | Properties of Inbound NAT rule | InboundNatRulePropertiesFormat |
Name | Description | Value |
backendPort | Gets or sets a port used for internal connections on the endpoint. The localPort attribute maps the eternal port of the endpoint to an internal port on a role. This is useful in scenarios where a role must communicate to an internal component on a port that is different from the one that is exposed externally. If not specified, the value of localPort is the same as the port attribute. Set the value of localPort to '*' to automatically assign an unallocated port that is discoverable using the runtime API | int |
enableFloatingIP | Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn availability Group. This setting is required when using the SQL Always ON availability Groups in SQL server. This setting can't be changed after you create the endpoint | bool |
frontendIPConfiguration | Gets or sets a reference to frontend IP Addresses | SubResource |
frontendPort | Gets or sets the port for the external endpoint. You can specify any port number you choose, but the port numbers specified for each role in the service must be unique. Possible values range between 1 and 65535, inclusive | int |
idleTimeoutInMinutes | Gets or sets the timeout for the Tcp idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to Tcp | int |
protocol | Gets or sets the transport protocol for the endpoint. Possible values are Udp or Tcp | 'Tcp' 'Udp' |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
Name | Description | Value |
backendAddressPools | Gets or sets Pools of backend IP addresses | BackendAddressPool[] |
frontendIPConfigurations | Gets or sets frontend IP addresses of the load balancer | FrontendIPConfiguration[] |
inboundNatPools | Gets or sets inbound NAT pools | InboundNatPool[] |
inboundNatRules | Gets or sets list of inbound rules | InboundNatRule[] |
loadBalancingRules | Gets or sets load balancing rules | LoadBalancingRule[] |
outboundNatRules | Gets or sets outbound NAT rules | OutboundNatRule[] |
probes | Gets or sets list of Load balancer probes | Probe[] |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
resourceGuid | Gets or sets resource guid property of the Load balancer resource | string |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | Properties of the load balancer | LoadBalancingRulePropertiesFormat |
Name | Description | Value |
backendAddressPool | Gets or sets a reference to a pool of DIPs. Inbound traffic is randomly load balanced across IPs in the backend IPs | SubResource |
backendPort | Gets or sets a port used for internal connections on the endpoint. The localPort attribute maps the eternal port of the endpoint to an internal port on a role. This is useful in scenarios where a role must communicate to an internal component on a port that is different from the one that is exposed externally. If not specified, the value of localPort is the same as the port attribute. Set the value of localPort to '*' to automatically assign an unallocated port that is discoverable using the runtime API | int |
enableFloatingIP | Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn availability Group. This setting is required when using the SQL Always ON availability Groups in SQL server. This setting can't be changed after you create the endpoint | bool |
frontendIPConfiguration | Gets or sets a reference to frontend IP Addresses | SubResource |
frontendPort | Gets or sets the port for the external endpoint. You can specify any port number you choose, but the port numbers specified for each role in the service must be unique. Possible values range between 1 and 65535, inclusive | int (required) |
idleTimeoutInMinutes | Gets or sets the timeout for the Tcp idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to Tcp | int |
loadDistribution | Gets or sets the load distribution policy for this rule | 'Default' 'SourceIP' 'SourceIPProtocol' |
probe | Gets or sets the reference of the load balancer probe used by the Load Balancing rule. | SubResource |
protocol | Gets or sets the transport protocol for the external endpoint. Possible values are Udp or Tcp | 'Tcp' 'Udp' (required) |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
Name | Description | Value |
etag | Gets a unique read-only string that changes whenever the resource is updated | string |
location | Resource location | string |
name | The resource name | string (required) |
properties | Properties of Load Balancer | LoadBalancerPropertiesFormat |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
Name | Description | Value |
etag | Gets a unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
location | Resource location | string |
properties | Network Security Group resource | NetworkSecurityGroupPropertiesFormat |
tags | Resource tags | ResourceTags |
Name | Description | Value |
defaultSecurityRules | Gets or default security rules of network security group | SecurityRule[] |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
resourceGuid | Gets or sets resource guid property of the network security group resource | string |
securityRules | Gets or sets security rules of network security group | SecurityRule[] |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | Outbound NAT pool of the load balancer | OutboundNatRulePropertiesFormat |
Name | Description | Value |
allocatedOutboundPorts | Gets or sets the number of outbound ports to be used for SNAT | int |
backendAddressPool | Gets or sets a reference to a pool of DIPs. Outbound traffic is randomly load balanced across IPs in the backend IPs | SubResource (required) |
frontendIPConfigurations | Gets or sets Frontend IP addresses of the load balancer | SubResource[] |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | ProbePropertiesFormat |
Name | Description | Value |
intervalInSeconds | Gets or sets the interval, in seconds, for how frequently to probe the endpoint for health status. Typically, the interval is slightly less than half the allocated timeout period (in seconds) which allows two full probes before taking the instance out of rotation. The default value is 15, the minimum value is 5 | int |
numberOfProbes | Gets or sets the number of probes where if no response, will result in stopping further traffic from being delivered to the endpoint. This values allows endpoints to be taken out of rotation faster or slower than the typical times used in Azure. | int |
port | Gets or sets Port for communicating the probe. Possible values range from 1 to 65535, inclusive. | int (required) |
protocol | Gets or sets the protocol of the end point. Possible values are http or Tcp. If Tcp is specified, a received ACK is required for the probe to be successful. If http is specified,a 200 OK response from the specifies URI is required for the probe to be successful | 'Http' 'Tcp' (required) |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
requestPath | Gets or sets the URI used for requesting health status from the VM. Path is required if a protocol is set to http. Otherwise, it is not allowed. There is no default value | string |
Name | Description | Value |
etag | Gets a unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
location | Resource location | string |
properties | PublicIpAddress properties | PublicIPAddressPropertiesFormat |
tags | Resource tags | ResourceTags |
Name | Description | Value |
domainNameLabel | Gets or sets the Domain name label.The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. | string |
fqdn | Gets the FQDN, Fully qualified domain name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. | string |
reverseFqdn | Gets or Sets the Reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the domain to the reverse FQDN. | string |
Name | Description | Value |
dnsSettings | Gets or sets FQDN of the DNS record associated with the public IP address | PublicIPAddressDnsSettings |
idleTimeoutInMinutes | Gets or sets the idle timeout of the public IP address | int |
ipAddress | string | |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
publicIPAddressVersion | Gets or sets PublicIP address version (IPv4/IPv6) | 'IPv4' 'IPv6' |
publicIPAllocationMethod | Gets or sets PublicIP allocation method (Static/Dynamic) | 'Dynamic' 'Static' |
resourceGuid | Gets or sets resource guid property of the PublicIP resource | string |
Name | Description | Value |
id | Resource Id | string |
name | Name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | Properties of ResourceNavigationLink | ResourceNavigationLinkFormat |
Name | Description | Value |
link | Link to the external resource | string |
linkedResourceType | Resource type of the linked resource | string |
Name | Description | Value |
Name | Description | Value |
Name | Description | Value |
Name | Description | Value |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | Route resource | RoutePropertiesFormat |
Name | Description | Value |
addressPrefix | Gets or sets the destination CIDR to which the route applies. | string |
nextHopIpAddress | Gets or sets the IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. | string |
nextHopType | Gets or sets the type of Azure hop the packet should be sent to. | 'Internet' 'None' 'VirtualAppliance' 'VirtualNetworkGateway' 'VnetLocal' (required) |
provisioningState | Gets provisioning state of the resource Updating/Deleting/Failed | string |
Name | Description | Value |
etag | Gets a unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
location | Resource location | string |
properties | Route Table resource | RouteTablePropertiesFormat |
tags | Resource tags | ResourceTags |
Name | Description | Value |
provisioningState | Gets provisioning state of the resource Updating/Deleting/Failed | string |
routes | Gets or sets Routes in a Route Table | Route[] |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | SecurityRulePropertiesFormat |
Name | Description | Value |
access | Gets or sets network traffic is allowed or denied. Possible values are 'Allow' and 'Deny' | 'Allow' 'Deny' (required) |
description | Gets or sets a description for this rule. Restricted to 140 chars. | string |
destinationAddressPrefix | Gets or sets destination address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. | string (required) |
destinationPortRange | Gets or sets Destination Port or Range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
direction | Gets or sets the direction of the rule.InBound or Outbound. The direction specifies if rule will be evaluated on incoming or outgoing traffic. | 'Inbound' 'Outbound' (required) |
priority | Gets or sets the priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | int |
protocol | Gets or sets Network protocol this rule applies to. Can be Tcp, Udp or All(*). | '*' 'Tcp' 'Udp' (required) |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
sourceAddressPrefix | Gets or sets source address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. | string (required) |
sourcePortRange | Gets or sets Source Port or Range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets or sets the name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | SubnetPropertiesFormat |
Name | Description | Value |
addressPrefix | Gets or sets Address prefix for the subnet. | string |
networkSecurityGroup | Gets or sets the reference of the NetworkSecurityGroup resource | NetworkSecurityGroup |
provisioningState | Gets provisioning state of the resource | string |
resourceNavigationLinks | Gets array of references to the external resources using subnet | ResourceNavigationLink[] |
routeTable | Gets or sets the reference of the RouteTable resource | RouteTable |
Name | Description | Value |
id | Resource Id | string |
Usage Examples
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
Module | Description |
Load Balancer | AVM Resource Module for Load Balancer |
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
Bicep File | Description |
2 VMs in VNET - Internal Load Balancer and LB rules | This template allows you to create 2 Virtual Machines in a VNET and under an internal Load balancer and configure a load balancing rule on Port 80. This template also deploys a Storage Account, Virtual Network, Public IP address, Availability Set and Network Interfaces. |
AzureDatabricks Template for VNetInjection and Load Balancer | This template allows you to create a a load balancer, network security group, a virtual network and an Azure Databricks workspace with the virtual network. |
Create a cross-region load balancer | This template creates a cross-region load balancer with a backend pool containing two regional load balancers. Cross-region load balancer is currently available in limited regions. The regional load balancers behind the cross-region load balancer can be in any region. |
Create a standard internal load balancer | This template creates a standard internal Azure Load Balancer with a rule load-balancing port 80 |
Create a standard internal load balancer with HA ports | This template creates a standard internal Azure Load Balancer with a HA ports load-balancing rule |
Create a standard load-balancer | This template creates an Internet-facing load-balancer, load balancing rules, and three VMs for the backend pool with each VM in a redundant zone. |
Create a VM with multiple NICs and RDP accessible | This template allows you to create a Virtual Machines with multiple (2) network interfaces (NICs), and RDP connectable with a configured load balancer and an inbound NAT rule. More NICs can easily be added with this template. This template also deploys a Storage Account, Virtual Network, Public IP address, and 2 Network Interfaces (front-end and back-end). |
Create an Azure VM with a new AD Forest | This template creates a new Azure VM, it configures the VM to be an AD DC for a new Forest |
Create an Ubuntu GNOME desktop | This template creates an ubuntu desktop machine. This works great for use as a jumpbox behind a NAT. |
Deploy a 5 Node Secure Cluster | This template allows you to deploy a secure 5 node Service Fabric Cluster running Windows Server 2019 Datacenter on a Standard_D2_v2 Size VMSS. |
Deploy a trusted launch capable Windows VM Scale Set | This template allows you to deploy a trusted launch capable VM Scale Set of Windows VMs using the latest patched version of Windows Server 2016, Windows Server 2019 or Windows Server 2022 Azure Edition. These VMs are behind a load balancer with NAT rules for RDP connections. If you enable Secureboot and vTPM, the Guest Attestation extension will be installed on your VMSS. This extension will perform remote attestation by the cloud. |
Deploy a VM Scale Set with Windows VMs and Auto Scale | This template allows you to deploy a simple VM Scale Set of Windows VMs using the latest patched version of Windows 2008-R2-SP1, 2012-Datacenter, or 2012-R2-Datacenter. These VMs are behind a load balancer with NAT rules for RDP connections. They also have Auto Scale integrated |
Deploy a VMSS that connects each VM to an Azure Files share | This template deploys an Ubuntu Virtual Machine Scale Set and uses a custom script extension to connect each VM to an Azure Files share |
Deploy Shibboleth Identity Provider cluster on Windows | This template deploys Shibboleth Identity Provider on Windows in a clustered configuration. After the deployment is successful, you can go to https://your-domain:8443/idp/profile/status (note port number) to check success. |
Deploy VM Scale Set with Python Bottle server & AutoScale | Deploy a VM Scale Set behind a load balancer/NAT & each VM running a simple Python Bottle app that does work. With Autoscale configured Scale Set will scale out & in as needed |
Deploys SQL Server 2014 AG on existing VNET & AD | This template creates three new Azure VMs on an existing VNET: Two VMs are configured as SQL Server 2014 availability group replica nodes and one VM is configured as a File Share Witness for automated cluster failover. In addition to these VMs, the following additional Azure resources are also configured: Internal load balancer, Storage accounts. To configure clustering, SQL Server, and an availability group within each VM, PowerShell DSC is leveraged. For Active Directory support, existing Active Directory domain controllers should already be deployed on the existing VNET. |
Front Door Premium with VM and Private Link service | This template creates a Front Door Premium and a virtual machine configured as a web server. Front Door uses a private endpoint with Private Link service to send traffic to the VM. |
IIS VMs & SQL Server 2014 VM | Create 1 or 2 IIS Windows 2012 R2 Web Servers and one back end SQL Server 2014 in VNET. |
JBoss EAP on RHEL (clustered, multi-VM) | This template allows you to create multiple RHEL 8.6 VMs running JBoss EAP 7.4 cluster and also deploys a web application called eap-session-replication, you can log into the admin console using the JBoss EAP username and password configured at the time of the deployment. |
Private Link service example | This template shows how to create a private link service |
Public Load Balancer chained to a Gateway Load Balancer | This template allows you to deploy a Public Standard Load Balancer chained to a Gateway Load Balancer. The traffic incoming from internet is routed to the Gateway Load Balancer with linux VMs (NVAs) in the backend pool. |
Virtual machine with an RDP port | Creates a virtual machine and creates a NAT rule for RDP to the VM in load balancer |
VM Scale Set with autoscale running an IIS WebApp | Deploys a Windows VM Scale Set running IIS and a very basic .NET MVC web app. The VMSS PowerShell DSC Extension is leveraged to do the IIS install and WebDeploy package deployment. |
VMs in Availability Zones with a Load Balancer and NAT | This template allows you to create Virtual Machines distributed across Availability Zones with a Load Balancer and configure NAT rules through the load balancer. This template also deploys a Virtual Network, Public IP address and Network Interfaces. In this template, we use the resource loops capability to create the network interfaces and virtual machines |
VMSS Flexible Orchestration Mode Quickstart Linux | This template deploys a simple VM Scale Set with instances behind an Azure Load Balancer. The VM Scale set is in Flexible Orchestration Mode. Use the os parameter to choose Linux (Ubuntu) or Windows (Windows Server Datacenter 2019) deployment. NOTE: This quickstart template enables network access to VM management ports (SSH, RDP) from any internet address, and should not be used for production deployments. |
VMSS with Public IP Prefix | Template for deploying VMSS with Public IP Prefix |
ARM template resource definition
The loadBalancers resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/loadBalancers resource, add the following JSON to your template.
"type": "Microsoft.Network/loadBalancers",
"apiVersion": "2016-06-01",
"name": "string",
"etag": "string",
"location": "string",
"properties": {
"backendAddressPools": [
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"provisioningState": "string"
"frontendIPConfigurations": [
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"privateIPAddress": "string",
"privateIPAllocationMethod": "string",
"provisioningState": "string",
"publicIPAddress": {
"etag": "string",
"id": "string",
"location": "string",
"properties": {
"dnsSettings": {
"domainNameLabel": "string",
"fqdn": "string",
"reverseFqdn": "string"
"idleTimeoutInMinutes": "int",
"ipAddress": "string",
"provisioningState": "string",
"publicIPAddressVersion": "string",
"publicIPAllocationMethod": "string",
"resourceGuid": "string"
"tags": {
"{customized property}": "string"
"subnet": {
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"addressPrefix": "string",
"networkSecurityGroup": {
"etag": "string",
"id": "string",
"location": "string",
"properties": {
"defaultSecurityRules": [
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"access": "string",
"description": "string",
"destinationAddressPrefix": "string",
"destinationPortRange": "string",
"direction": "string",
"priority": "int",
"protocol": "string",
"provisioningState": "string",
"sourceAddressPrefix": "string",
"sourcePortRange": "string"
"provisioningState": "string",
"resourceGuid": "string",
"securityRules": [
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"access": "string",
"description": "string",
"destinationAddressPrefix": "string",
"destinationPortRange": "string",
"direction": "string",
"priority": "int",
"protocol": "string",
"provisioningState": "string",
"sourceAddressPrefix": "string",
"sourcePortRange": "string"
"tags": {
"{customized property}": "string"
"provisioningState": "string",
"resourceNavigationLinks": [
"id": "string",
"name": "string",
"properties": {
"link": "string",
"linkedResourceType": "string"
"routeTable": {
"etag": "string",
"id": "string",
"location": "string",
"properties": {
"provisioningState": "string",
"routes": [
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"addressPrefix": "string",
"nextHopIpAddress": "string",
"nextHopType": "string",
"provisioningState": "string"
"tags": {
"{customized property}": "string"
"inboundNatPools": [
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"backendPort": "int",
"frontendIPConfiguration": {
"id": "string"
"frontendPortRangeEnd": "int",
"frontendPortRangeStart": "int",
"protocol": "string",
"provisioningState": "string"
"inboundNatRules": [
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"backendPort": "int",
"enableFloatingIP": "bool",
"frontendIPConfiguration": {
"id": "string"
"frontendPort": "int",
"idleTimeoutInMinutes": "int",
"protocol": "string",
"provisioningState": "string"
"loadBalancingRules": [
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"backendAddressPool": {
"id": "string"
"backendPort": "int",
"enableFloatingIP": "bool",
"frontendIPConfiguration": {
"id": "string"
"frontendPort": "int",
"idleTimeoutInMinutes": "int",
"loadDistribution": "string",
"probe": {
"id": "string"
"protocol": "string",
"provisioningState": "string"
"outboundNatRules": [
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"allocatedOutboundPorts": "int",
"backendAddressPool": {
"id": "string"
"frontendIPConfigurations": [
"id": "string"
"provisioningState": "string"
"probes": [
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"intervalInSeconds": "int",
"numberOfProbes": "int",
"port": "int",
"protocol": "string",
"provisioningState": "string",
"requestPath": "string"
"provisioningState": "string",
"resourceGuid": "string"
"tags": {
"{customized property}": "string"
Property Values
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | Properties of BackendAddressPool | BackendAddressPoolPropertiesFormat |
Name | Description | Value |
provisioningState | Get provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | Properties of Frontend IP Configuration of the load balancer | FrontendIPConfigurationPropertiesFormat |
Name | Description | Value |
privateIPAddress | Gets or sets the privateIPAddress of the IP Configuration | string |
privateIPAllocationMethod | Gets or sets PrivateIP allocation method | 'Dynamic' 'Static' |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
publicIPAddress | Gets or sets the reference of the PublicIP resource | PublicIPAddress |
subnet | Gets or sets the reference of the subnet resource | Subnet |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | Properties of Inbound NAT pool | InboundNatPoolPropertiesFormat |
Name | Description | Value |
backendPort | Gets or sets a port used for internal connections on the endpoint. The localPort attribute maps the eternal port of the endpoint to an internal port on a role. This is useful in scenarios where a role must communicate to an internal component on a port that is different from the one that is exposed externally. If not specified, the value of localPort is the same as the port attribute. Set the value of localPort to '*' to automatically assign an unallocated port that is discoverable using the runtime API | int (required) |
frontendIPConfiguration | Gets or sets a reference to frontend IP Addresses | SubResource |
frontendPortRangeEnd | Gets or sets the ending port range for the NAT pool. You can specify any port number you choose, but the port numbers specified for each role in the service must be unique. Possible values range between 1 and 65535, inclusive | int (required) |
frontendPortRangeStart | Gets or sets the starting port range for the NAT pool. You can specify any port number you choose, but the port numbers specified for each role in the service must be unique. Possible values range between 1 and 65535, inclusive | int (required) |
protocol | Gets or sets the transport protocol for the endpoint. Possible values are Udp or Tcp | 'Tcp' 'Udp' (required) |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | Properties of Inbound NAT rule | InboundNatRulePropertiesFormat |
Name | Description | Value |
backendPort | Gets or sets a port used for internal connections on the endpoint. The localPort attribute maps the eternal port of the endpoint to an internal port on a role. This is useful in scenarios where a role must communicate to an internal component on a port that is different from the one that is exposed externally. If not specified, the value of localPort is the same as the port attribute. Set the value of localPort to '*' to automatically assign an unallocated port that is discoverable using the runtime API | int |
enableFloatingIP | Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn availability Group. This setting is required when using the SQL Always ON availability Groups in SQL server. This setting can't be changed after you create the endpoint | bool |
frontendIPConfiguration | Gets or sets a reference to frontend IP Addresses | SubResource |
frontendPort | Gets or sets the port for the external endpoint. You can specify any port number you choose, but the port numbers specified for each role in the service must be unique. Possible values range between 1 and 65535, inclusive | int |
idleTimeoutInMinutes | Gets or sets the timeout for the Tcp idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to Tcp | int |
protocol | Gets or sets the transport protocol for the endpoint. Possible values are Udp or Tcp | 'Tcp' 'Udp' |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
Name | Description | Value |
backendAddressPools | Gets or sets Pools of backend IP addresses | BackendAddressPool[] |
frontendIPConfigurations | Gets or sets frontend IP addresses of the load balancer | FrontendIPConfiguration[] |
inboundNatPools | Gets or sets inbound NAT pools | InboundNatPool[] |
inboundNatRules | Gets or sets list of inbound rules | InboundNatRule[] |
loadBalancingRules | Gets or sets load balancing rules | LoadBalancingRule[] |
outboundNatRules | Gets or sets outbound NAT rules | OutboundNatRule[] |
probes | Gets or sets list of Load balancer probes | Probe[] |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
resourceGuid | Gets or sets resource guid property of the Load balancer resource | string |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | Properties of the load balancer | LoadBalancingRulePropertiesFormat |
Name | Description | Value |
backendAddressPool | Gets or sets a reference to a pool of DIPs. Inbound traffic is randomly load balanced across IPs in the backend IPs | SubResource |
backendPort | Gets or sets a port used for internal connections on the endpoint. The localPort attribute maps the eternal port of the endpoint to an internal port on a role. This is useful in scenarios where a role must communicate to an internal component on a port that is different from the one that is exposed externally. If not specified, the value of localPort is the same as the port attribute. Set the value of localPort to '*' to automatically assign an unallocated port that is discoverable using the runtime API | int |
enableFloatingIP | Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn availability Group. This setting is required when using the SQL Always ON availability Groups in SQL server. This setting can't be changed after you create the endpoint | bool |
frontendIPConfiguration | Gets or sets a reference to frontend IP Addresses | SubResource |
frontendPort | Gets or sets the port for the external endpoint. You can specify any port number you choose, but the port numbers specified for each role in the service must be unique. Possible values range between 1 and 65535, inclusive | int (required) |
idleTimeoutInMinutes | Gets or sets the timeout for the Tcp idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to Tcp | int |
loadDistribution | Gets or sets the load distribution policy for this rule | 'Default' 'SourceIP' 'SourceIPProtocol' |
probe | Gets or sets the reference of the load balancer probe used by the Load Balancing rule. | SubResource |
protocol | Gets or sets the transport protocol for the external endpoint. Possible values are Udp or Tcp | 'Tcp' 'Udp' (required) |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
Name | Description | Value |
apiVersion | The api version | '2016-06-01' |
etag | Gets a unique read-only string that changes whenever the resource is updated | string |
location | Resource location | string |
name | The resource name | string (required) |
properties | Properties of Load Balancer | LoadBalancerPropertiesFormat |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
type | The resource type | 'Microsoft.Network/loadBalancers' |
Name | Description | Value |
etag | Gets a unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
location | Resource location | string |
properties | Network Security Group resource | NetworkSecurityGroupPropertiesFormat |
tags | Resource tags | ResourceTags |
Name | Description | Value |
defaultSecurityRules | Gets or default security rules of network security group | SecurityRule[] |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
resourceGuid | Gets or sets resource guid property of the network security group resource | string |
securityRules | Gets or sets security rules of network security group | SecurityRule[] |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | Outbound NAT pool of the load balancer | OutboundNatRulePropertiesFormat |
Name | Description | Value |
allocatedOutboundPorts | Gets or sets the number of outbound ports to be used for SNAT | int |
backendAddressPool | Gets or sets a reference to a pool of DIPs. Outbound traffic is randomly load balanced across IPs in the backend IPs | SubResource (required) |
frontendIPConfigurations | Gets or sets Frontend IP addresses of the load balancer | SubResource[] |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | ProbePropertiesFormat |
Name | Description | Value |
intervalInSeconds | Gets or sets the interval, in seconds, for how frequently to probe the endpoint for health status. Typically, the interval is slightly less than half the allocated timeout period (in seconds) which allows two full probes before taking the instance out of rotation. The default value is 15, the minimum value is 5 | int |
numberOfProbes | Gets or sets the number of probes where if no response, will result in stopping further traffic from being delivered to the endpoint. This values allows endpoints to be taken out of rotation faster or slower than the typical times used in Azure. | int |
port | Gets or sets Port for communicating the probe. Possible values range from 1 to 65535, inclusive. | int (required) |
protocol | Gets or sets the protocol of the end point. Possible values are http or Tcp. If Tcp is specified, a received ACK is required for the probe to be successful. If http is specified,a 200 OK response from the specifies URI is required for the probe to be successful | 'Http' 'Tcp' (required) |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
requestPath | Gets or sets the URI used for requesting health status from the VM. Path is required if a protocol is set to http. Otherwise, it is not allowed. There is no default value | string |
Name | Description | Value |
etag | Gets a unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
location | Resource location | string |
properties | PublicIpAddress properties | PublicIPAddressPropertiesFormat |
tags | Resource tags | ResourceTags |
Name | Description | Value |
domainNameLabel | Gets or sets the Domain name label.The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. | string |
fqdn | Gets the FQDN, Fully qualified domain name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. | string |
reverseFqdn | Gets or Sets the Reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the domain to the reverse FQDN. | string |
Name | Description | Value |
dnsSettings | Gets or sets FQDN of the DNS record associated with the public IP address | PublicIPAddressDnsSettings |
idleTimeoutInMinutes | Gets or sets the idle timeout of the public IP address | int |
ipAddress | string | |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
publicIPAddressVersion | Gets or sets PublicIP address version (IPv4/IPv6) | 'IPv4' 'IPv6' |
publicIPAllocationMethod | Gets or sets PublicIP allocation method (Static/Dynamic) | 'Dynamic' 'Static' |
resourceGuid | Gets or sets resource guid property of the PublicIP resource | string |
Name | Description | Value |
id | Resource Id | string |
name | Name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | Properties of ResourceNavigationLink | ResourceNavigationLinkFormat |
Name | Description | Value |
link | Link to the external resource | string |
linkedResourceType | Resource type of the linked resource | string |
Name | Description | Value |
Name | Description | Value |
Name | Description | Value |
Name | Description | Value |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | Route resource | RoutePropertiesFormat |
Name | Description | Value |
addressPrefix | Gets or sets the destination CIDR to which the route applies. | string |
nextHopIpAddress | Gets or sets the IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. | string |
nextHopType | Gets or sets the type of Azure hop the packet should be sent to. | 'Internet' 'None' 'VirtualAppliance' 'VirtualNetworkGateway' 'VnetLocal' (required) |
provisioningState | Gets provisioning state of the resource Updating/Deleting/Failed | string |
Name | Description | Value |
etag | Gets a unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
location | Resource location | string |
properties | Route Table resource | RouteTablePropertiesFormat |
tags | Resource tags | ResourceTags |
Name | Description | Value |
provisioningState | Gets provisioning state of the resource Updating/Deleting/Failed | string |
routes | Gets or sets Routes in a Route Table | Route[] |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | SecurityRulePropertiesFormat |
Name | Description | Value |
access | Gets or sets network traffic is allowed or denied. Possible values are 'Allow' and 'Deny' | 'Allow' 'Deny' (required) |
description | Gets or sets a description for this rule. Restricted to 140 chars. | string |
destinationAddressPrefix | Gets or sets destination address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. | string (required) |
destinationPortRange | Gets or sets Destination Port or Range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
direction | Gets or sets the direction of the rule.InBound or Outbound. The direction specifies if rule will be evaluated on incoming or outgoing traffic. | 'Inbound' 'Outbound' (required) |
priority | Gets or sets the priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | int |
protocol | Gets or sets Network protocol this rule applies to. Can be Tcp, Udp or All(*). | '*' 'Tcp' 'Udp' (required) |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
sourceAddressPrefix | Gets or sets source address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. | string (required) |
sourcePortRange | Gets or sets Source Port or Range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets or sets the name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | SubnetPropertiesFormat |
Name | Description | Value |
addressPrefix | Gets or sets Address prefix for the subnet. | string |
networkSecurityGroup | Gets or sets the reference of the NetworkSecurityGroup resource | NetworkSecurityGroup |
provisioningState | Gets provisioning state of the resource | string |
resourceNavigationLinks | Gets array of references to the external resources using subnet | ResourceNavigationLink[] |
routeTable | Gets or sets the reference of the RouteTable resource | RouteTable |
Name | Description | Value |
id | Resource Id | string |
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
Template | Description |
2 VMs in a Load Balancer and configure NAT rules on the LB |
This template allows you to create 2 Virtual Machines in an Availability Set and configure NAT rules through the load balancer. This template also deploys a Storage Account, Virtual Network, Public IP address and Network Interfaces. In this template, we use the resource loops capability to create the network interfaces and virtual machines |
2 VMs in a Load Balancer and load balancing rules |
This template allows you to create 2 Virtual Machines under a Load balancer and configure a load balancing rule on Port 80. This template also deploys a Storage Account, Virtual Network, Public IP address, Availability Set and Network Interfaces. In this template, we use the resource loops capability to create the network interfaces and virtual machines |
2 VMs in VNET - Internal Load Balancer and LB rules |
This template allows you to create 2 Virtual Machines in a VNET and under an internal Load balancer and configure a load balancing rule on Port 80. This template also deploys a Storage Account, Virtual Network, Public IP address, Availability Set and Network Interfaces. |
Autoscale LANSA Windows VM ScaleSet with Azure SQL Database |
The template deploys a Windows VMSS with a desired count of VMs in the scale set and a LANSA MSI to install into each VM. Once the VM Scale Set is deployed a custom script extension is used to install the LANSA MSI) |
Azure Container Service Engine (acs-engine) - Swarm Mode |
The Azure Container Service Engine (acs-engine) generates ARM (Azure Resource Manager) templates for Docker enabled clusters on Microsoft Azure with your choice of DC/OS, Kubernetes, Swarm Mode, or Swarm orchestrators. The input to the tool is a cluster definition. The cluster definition is very similar to (in many cases the same as) the ARM template syntax used to deploy a Microsoft Azure Container Service cluster. |
Azure VM Scale Set as clients of Intel Lustre |
This template creates a set of Intel Lustre 2.7 clients using Azure VM Scale Sets and Azure gallery OpenLogic CentOS 6.6 or 7.0 images and mounts an existing Intel Lustre filesystem |
AzureDatabricks Template for VNetInjection and Load Balancer |
This template allows you to create a a load balancer, network security group, a virtual network and an Azure Databricks workspace with the virtual network. |
Barracuda Web Application Firewall with Backend IIS Servers |
This Azure quickstart template deploys a Barracuda Web Application Firewall Solution on Azure with required number of backend Windows 2012 based IIS Web Servers.Templates includes latest Barracuda WAF with Pay as you go license and latest Windows 2012 R2 Azure Image for IIS.The Barracuda Web Application Firewall inspects inbound web traffic and blocks SQL injections, Cross-Site Scripting, malware uploads & application DDoS and other attacks targeted at your web applications. One External LB is deployed with NAT rules to enable Remote desktop access to backend web servers. Please follow post deployment configuration guide available in GitHub template directory to learn more about post deployment steps related to Barracuda web application firewall and web applications publishing. |
Basic RDS farm deployment |
This template creates a basic RDS farm deployment |
Chef Backend High-Availability Cluster |
This template creates a chef-backend cluster with front-end nodes attached |
Create 2 VMs in LB and a SQL Server VM with NSG |
This template creates 2 Windows VMs (that can be used as web FE) with in an Availability Set and a Load Balancer with port 80 open. The two VMs can be reached using RDP on port 6001 and 6002. This template also create a SQL Server 2014 VM that can be reached via RDP connection defined in a Network Security Group. |
Create 2 VMs Linux with LB and SQL Server VM with SSD |
This template creates 2 Linux VMs (that can be used as web FE) with in an Availability Set and a Load Balancer with port 80 open. The two VMs can be reached using SSH on port 6001 and 6002. This template also create a SQL Server 2014 VM that can be reached via RDP connection defined in a Network Security Group. All VMs storage can use Premium Storage (SSD) and you can choose to creare VMs with all DS sizes |
Create a cross-region load balancer |
This template creates a cross-region load balancer with a backend pool containing two regional load balancers. Cross-region load balancer is currently available in limited regions. The regional load balancers behind the cross-region load balancer can be in any region. |
Create a load-balancer with a Public IPv6 address |
This template creates an Internet-facing load-balancer with a Public IPv6 address, load balancing rules, and two VMs for the backend pool. |
Create a standard internal load balancer |
This template creates a standard internal Azure Load Balancer with a rule load-balancing port 80 |
Create a standard internal load balancer with HA ports |
This template creates a standard internal Azure Load Balancer with a HA ports load-balancing rule |
Create a standard load-balancer |
This template creates an Internet-facing load-balancer, load balancing rules, and three VMs for the backend pool with each VM in a redundant zone. |
Create a VM with multiple NICs and RDP accessible |
This template allows you to create a Virtual Machines with multiple (2) network interfaces (NICs), and RDP connectable with a configured load balancer and an inbound NAT rule. More NICs can easily be added with this template. This template also deploys a Storage Account, Virtual Network, Public IP address, and 2 Network Interfaces (front-end and back-end). |
Create an Azure VM with a new Active Directory Forest |
This template creates a new Azure VM, it configures the VM to be an Active Directory Domain Controller for a new forest |
Create an Azure VM with a new AD Forest |
This template creates a new Azure VM, it configures the VM to be an AD DC for a new Forest |
Create an new AD Domain with 2 Domain Controllers |
This template creates 2 new VMs to be AD DCs (primary and backup) for a new Forest and Domain |
Create an Ubuntu GNOME desktop |
This template creates an ubuntu desktop machine. This works great for use as a jumpbox behind a NAT. |
Deploy a 3 Nodetype Secure Cluster with NSGs enabled |
This template allows you to deploy a secure 3 nodetype Service fabric Cluster running Windows server 2016 Data center on a Standard_D2 Size VMs. Use this template allows you ro control the inbound and outbound network traffic using Network Security Groups. |
Deploy a 5 Node Secure Cluster |
This template allows you to deploy a secure 5 node Service Fabric Cluster running Windows Server 2019 Datacenter on a Standard_D2_v2 Size VMSS. |
Deploy a 5 Node Ubuntu Service Fabric Cluster |
This template allows you to deploy a secure 5 node Service Fabric Cluster running Ubuntu on a Standard_D2_V2 Size VMSS. |
Deploy a Linux VMSS wth primary/secondary architecture |
This template allows you to deploy a Linux VMSS with a Custom Script Extension in primary secondary architecture |
Deploy a Scale Set into an existing vnet |
This template deploys a VM Scale Set into an exsisting vnet. |
Deploy a simple VM Scale Set with Linux VMs |
This template allows you to deploy a simple VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 14.04.4-LTS or 16.04-LTS. These VMs are behind a load balancer with NAT rules for ssh connections. |
Deploy a simple VM Scale Set with Windows VMs |
This template allows you to deploy a simple VM Scale Set of Windows VMs using the lastest patched version of various Windows Versions. These VMs are behind a load balancer with NAT rules for rdp connections. |
Deploy a trusted launch capable Windows VM Scale Set |
This template allows you to deploy a trusted launch capable VM Scale Set of Windows VMs using the latest patched version of Windows Server 2016, Windows Server 2019 or Windows Server 2022 Azure Edition. These VMs are behind a load balancer with NAT rules for RDP connections. If you enable Secureboot and vTPM, the Guest Attestation extension will be installed on your VMSS. This extension will perform remote attestation by the cloud. |
Deploy a VM Scale Set from the Azure Data Science VM |
These templates deploy VM scale sets, using the Azure Data Science VMs as a source image. |
Deploy a VM Scale Set with a Linux custom image |
This template allows you to deploy a custom VM Linux image inside an Scale Set. These VMs are behind a load balancer with HTTP load balancing (by default on port 80). The example uses a custom script to do the application deployment and update, you may have to provide your custom script for your own update procedure. You will have to provide a generalized image of your VM in the same subscription and region where you create the VMSS. |
Deploy a VM Scale Set with a Windows custom image |
This template allows you to deploy a simple VM Scale Set usng a custom Windows image. These VMs are behind a load balancer with HTTP load balancing (by default on port 80) |
Deploy a VM Scale Set with Linux VMs and Auto Scale |
This template allows you to deploy a simple VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 15.04 or 14.04.4-LTS. These VMs are behind a load balancer with NAT rules for ssh connections.They also have Auto Scale integrated |
Deploy a VM Scale Set with Linux VMs behind ILB |
This template allows you to deploy a VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 15.10 or 14.04.4-LTS. These VMs are behind an internal load balancer with NAT rules for ssh connections. |
Deploy a VM Scale Set with Linux VMs in Availabilty Zones |
This template allows you to deploy a simple VM Scale Set of Linux VMs using the latest patched version of Ubuntu Linux 14.04.4-LTS or 16.04-LTS. These VMs are behind a load balancer with NAT rules for ssh connections. |
Deploy a VM Scale Set with Windows VMs and Auto Scale |
This template allows you to deploy a simple VM Scale Set of Windows VMs using the latest patched version of Windows 2008-R2-SP1, 2012-Datacenter, or 2012-R2-Datacenter. These VMs are behind a load balancer with NAT rules for RDP connections. They also have Auto Scale integrated |
Deploy a VM Scale Set with Windows VMs in Availability Zones |
This template allows you to deploy a VM Scale Set of Windows VMs using the lastest patched version of various Windows Versions. These VMs are behind a load balancer with NAT rules for rdp connections. |
Deploy a VMSS that connects each VM to an Azure Files share |
This template deploys an Ubuntu Virtual Machine Scale Set and uses a custom script extension to connect each VM to an Azure Files share |
Deploy a Windows VM Scale Set with a Custom Script Extension |
This template allows you to deploy a VM Scale Set of Windows VMs using the lastest patched version of various Windows Versions. These VMs have a custom script extension for customization and are behind a load balancer with NAT rules for rdp connections. |
Deploy an Autoscale Setting for Virtual Machine ScaleSet |
This template allows you to deploy an autoscale policy for Virtual Machine ScaleSet resource. |
Deploy Darktrace Autoscaling vSensors |
This template allows you to deploy an automatically autoscaling deployment of Darktrace vSensors |
Deploy Drupal with VM Scale Set, Azure Files and Mysql |
Deploy a VM Scale Set behind a load balancer/NAT & each VM running Drupal (Apache / PHP). All nodes share the created Azure file share storage and MySQL database |
Deploy IOMAD cluster on Ubuntu |
This template deploys IOMAD as a LAMP application on Ubuntu. It creates a one or more Ubuntu VM for the front end and a single VM for the backend. It does a silent install of Apache and PHP on the front end VM's and MySQL on the backend VM. Then it deploys IOMAD on the cluster. It configures a load balancer for directing requests to the front end VM's. It also configures NAT rules to allow admin access to each of the VM's. It also sets up a moodledata data directory using file storage shared among the VM's. After the deployment is successful, you can go to /iomad on each frontend VM (using web admin access) to start configuring IOMAD. |
Deploy Open edX Dogwood (Multi-VM) |
This template creates a network of Ubuntu VMs, and deploys Open edX Dogwood on them. Deployment supports 1-9 application VMs and backend Mongo and MySQL VMs. |
Deploy OpenLDAP cluster on Ubuntu |
This template deploys an OpenLDAP cluster on Ubuntu. It creates multiple Ubuntu VMs (up to 5, but can be easily increased) and does a silent install of OpenLDAP on them. Then it sets up N-way multi-master replication on them. After the deployment is successful, you can go to /phpldapadmin to start congfiguring OpenLDAP. |
Deploy OpenSIS Community Edition cluster on Ubuntu |
This template deploys OpenSIS Community Edition as a LAMP application on Ubuntu. It creates a one or more Ubuntu VM for the front end and a single VM for the backend. It does a silent install of Apache and PHP on the front end VM's and MySQL on the backend VM. Then it deploys OpenSIS Community Edition on the cluster. After the deployment is successful, you can go to /opensis-ce on each of the front end VM's (using web admin access) to start congfiguring OpenSIS. |
Deploy Shibboleth Identity Provider cluster on Ubuntu |
This template deploys Shibboleth Identity Provider on Ubuntu in a clustered configuration. After the deployment is successful, you can go to https://your-domain:8443/idp/profile/Status (note port number) to check success. |
Deploy Shibboleth Identity Provider cluster on Windows |
This template deploys Shibboleth Identity Provider on Windows in a clustered configuration. After the deployment is successful, you can go to https://your-domain:8443/idp/profile/status (note port number) to check success. |
Deploy VM Scale Set with LB probe and automatic repairs |
This template allows you to deploy a VM scale set of Linux VMs behind a load balancer with health probe configured. The scale set also has automatic instance repairs policy enabled with a grace period of 30 minutes. |
Deploy VM Scale Set with Python Bottle server & AutoScale |
Deploy a VM Scale Set behind a load balancer/NAT & each VM running a simple Python Bottle app that does work. With Autoscale configured Scale Set will scale out & in as needed |
Deploy Windows VMSS configure windows featurtes SSL DSC |
This template allows you to deploy two Windows VMSS, configure windows features like IIS/Web Role, .Net Framework 4.5, windows auth, application initialization, download application deployment packages, URL Rewrite & SSL configuration using DSC and Azure Key Vault |
Deploys a 2 node master/slave MySQL replication cluster |
This template deploys a 2 node master/slave MySQL replication cluster on CentOS 6.5 or 6.6 |
Deploys a 3 node Consul Cluster |
This template deploys a 3 node Consul cluster and auto-joins the nodes via Atlas. Consul is a tool for service discovery, distributed key/value store and a bunch of other cool things. Atlas is provided by Hashicorp (makers of Consul) as a way to quickly create Consul clusters without having to manually join each node |
Deploys a 3 node Percona XtraDB Cluster |
This template deploys a 3 node MySQL high availability cluster on CentOS 6.5 or Ubuntu 12.04 |
Deploys a N-node CentOS Cluster |
This template deploys a 2-10 node CentOS cluster with 2 networks. |
Deploys SQL Server 2014 AG on existing VNET & AD |
This template creates three new Azure VMs on an existing VNET: Two VMs are configured as SQL Server 2014 availability group replica nodes and one VM is configured as a File Share Witness for automated cluster failover. In addition to these VMs, the following additional Azure resources are also configured: Internal load balancer, Storage accounts. To configure clustering, SQL Server, and an availability group within each VM, PowerShell DSC is leveraged. For Active Directory support, existing Active Directory domain controllers should already be deployed on the existing VNET. |
Deploys Windows VMs under LB,configures WinRM Https |
This template allows you to deploys Windows VMs using few different options for the Windows version. This template also configures a WinRM https listener on VMs |
Docker Swarm Cluster |
This template creates a high-availability Docker Swarm cluster |
Front Door Premium with VM and Private Link service |
This template creates a Front Door Premium and a virtual machine configured as a web server. Front Door uses a private endpoint with Private Link service to send traffic to the VM. |
GlassFish on SUSE |
This template deploys a load balanced GlassFish (v3 or v4) cluster, consisting of a user defined number of SUSE (OpenSUSE or SLES) VMs. |
IIS VMs & SQL Server 2014 VM |
Create 1 or 2 IIS Windows 2012 R2 Web Servers and one back end SQL Server 2014 in VNET. |
Install Elasticsearch cluster on a Virtual Machine Scale Set |
This template deploys an Elasticsearch cluster on a Virtual Machine scale set. The template provisions 3 dedicated master nodes, with an optional number of data nodes, which run on managed disks. |
IPv6 in Azure Virtual Network (VNET) |
Create a dual stack IPv4/IPv6 VNET with 2 VMs. |
IPv6 in Azure Virtual Network (VNET) with Std LB |
Create a dual stack IPv4/IPv6 VNET with 2 VMs and an Internet-facing Standard Load Balancer. |
JBoss EAP on RHEL (clustered, multi-VM) |
This template allows you to create multiple RHEL 8.6 VMs running JBoss EAP 7.4 cluster and also deploys a web application called eap-session-replication, you can log into the admin console using the JBoss EAP username and password configured at the time of the deployment. |
JBoss EAP on RHEL (clustered, VMSS) |
This template allows you to create RHEL 8.6 VMSS instances running JBoss EAP 7.4 cluster and also deploys a web application called eap-session-replication, you can log into the admin console using the JBoss EAP username and password configured at the time of the deployment. |
KEMP LoadMaster HA Pair |
This template deploys a KEMP LoadMaster HA Pair |
Load Balancer with 2 VIPs, each with one LB rule |
This template allows you to create a Load Balancer, 2 Public IP addresses for the Load balancer (multivip), Virtual Network, Network Interface in the Virtual Network & a LB Rule in the Load Balancer that is used by the Network Interface. |
Load Balancer with Inbound NAT Rule |
This template allows you to create a Load Balancer, Public IP address for the Load balancer, Virtual Network, Network Interface in the Virtual Network & a NAT Rule in the Load Balancer that is used by the Network Interface. |
Multi tier App with NSG, ILB, AppGateway |
This template deploys a Virtual Network, segregates the network through subnets, deploys VMs and configures load balancing |
Multi tier traffic manager, L4 ILB, L7 AppGateway |
This template deploys a Virtual Network, segregates the network through subnets, deploys VMs and configures load balancing |
Private Link service example |
This template shows how to create a private link service |
Public Load Balancer chained to a Gateway Load Balancer |
This template allows you to deploy a Public Standard Load Balancer chained to a Gateway Load Balancer. The traffic incoming from internet is routed to the Gateway Load Balancer with linux VMs (NVAs) in the backend pool. |
RDS farm deployment using existing active directory |
This template creates a RDS farm deployment using existing active directory in same resource group |
RDS Gateway High Availability deployment |
This template provides high availability to RD Gateway and RD Web Access servers in an existing RDS deployment |
Red Hat Linux 3-Tier Solution on Azure |
This template allows you to deploy a 3 Tier architecture using 'Red Hat Enterprise Linux 7.3' virtual machines. Architecture includes Virtual Network, external and internal load balancers, Jump VM, NSGs etc along with multiple RHEL Virtual machines in each tier |
Redundant haproxy with Azure load-balancer and floating IP |
This template creates a redundant haproxy setup with 2 Ubuntu VMs configured behind Azure load balancer with floating IP enabled. Each of the Ubuntu VMs run haproxy to load balance requests to other application VMs (running Apache in this case). Keepalived enables redundancy for the haproxy VMs by assigning the floating IP to the MASTER and blocking the load-balancer probe on the BACKUP. This template also deploys a Storage Account, Virtual Network, Public IP address, Network Interfaces. |
Remote Desktop Services with High Availability |
This ARM Template sample code will deploy a Remote Desktop Services 2019 Session Collection lab with high availability. The goal is to deploy a fully redundant, highly available solution for Remote Desktop Services, using Windows Server 2019. |
Reserved IP Use Case Snippet |
This template demonstrates the currently supported use case for Reserved IP. A Reserved IP is simply a statically allocated Public IP. |
SAP NetWeaver 3-tier (managed disk) |
This template allows you to deploy a VM using a operating system that is supported by SAP and Managed Disks. |
SAP NetWeaver 3-tier multi SID DB (managed disks) |
This template allows you to deploy a VM using a operating system that is supported by SAP. |
SAP NetWeaver file server (managed disk) |
This template allows you to deploy a file server that can be used as shared storage for SAP NetWeaver. |
Simple VM Scale Set with Linux VMs and public IPv4 per VM |
This template demonstrates deploying a simple scale set with load balancer, inbound NAT rules, and public IP per VM. |
SSL enabled VM Scale Set |
Deploys web servers configures with SSL certificates deployed securely form Azure Key Vault |
Standard Load Balancer with Backend Pool by IP Addresses |
This template is used to demonstrate how ARM Templates can be used to configure the Backend Pool of a Load Balancer by IP Address as outlined in the Backend Pool management document. |
Virtual Machine Scaleset example using Availability Zones |
This template creates a VMSS placed in separate Availability Zones with a load balancer. |
Virtual machine with an RDP port |
Creates a virtual machine and creates a NAT rule for RDP to the VM in load balancer |
VM Scale Set with autoscale running an IIS WebApp |
Deploys a Windows VM Scale Set running IIS and a very basic .NET MVC web app. The VMSS PowerShell DSC Extension is leveraged to do the IIS install and WebDeploy package deployment. |
VMs in Availability Zones with a Load Balancer and NAT |
This template allows you to create Virtual Machines distributed across Availability Zones with a Load Balancer and configure NAT rules through the load balancer. This template also deploys a Virtual Network, Public IP address and Network Interfaces. In this template, we use the resource loops capability to create the network interfaces and virtual machines |
VMSS deploy of IPv6 in Azure Virtual Network (VNET) |
Create VM Scale Set with dual stack IPv4/IPv6 VNET and Std Load Balancer. |
VMSS Flexible Orchestration Mode Quickstart Linux |
This template deploys a simple VM Scale Set with instances behind an Azure Load Balancer. The VM Scale set is in Flexible Orchestration Mode. Use the os parameter to choose Linux (Ubuntu) or Windows (Windows Server Datacenter 2019) deployment. NOTE: This quickstart template enables network access to VM management ports (SSH, RDP) from any internet address, and should not be used for production deployments. |
VMSS with Public IP Prefix |
Template for deploying VMSS with Public IP Prefix |
Terraform (AzAPI provider) resource definition
The loadBalancers resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/loadBalancers resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Network/loadBalancers@2016-06-01"
name = "string"
etag = "string"
location = "string"
tags = {
{customized property} = "string"
body = jsonencode({
properties = {
backendAddressPools = [
etag = "string"
id = "string"
name = "string"
properties = {
provisioningState = "string"
frontendIPConfigurations = [
etag = "string"
id = "string"
name = "string"
properties = {
privateIPAddress = "string"
privateIPAllocationMethod = "string"
provisioningState = "string"
publicIPAddress = {
etag = "string"
id = "string"
location = "string"
properties = {
dnsSettings = {
domainNameLabel = "string"
fqdn = "string"
reverseFqdn = "string"
idleTimeoutInMinutes = int
ipAddress = "string"
provisioningState = "string"
publicIPAddressVersion = "string"
publicIPAllocationMethod = "string"
resourceGuid = "string"
tags = {
{customized property} = "string"
subnet = {
etag = "string"
id = "string"
name = "string"
properties = {
addressPrefix = "string"
networkSecurityGroup = {
etag = "string"
id = "string"
location = "string"
properties = {
defaultSecurityRules = [
etag = "string"
id = "string"
name = "string"
properties = {
access = "string"
description = "string"
destinationAddressPrefix = "string"
destinationPortRange = "string"
direction = "string"
priority = int
protocol = "string"
provisioningState = "string"
sourceAddressPrefix = "string"
sourcePortRange = "string"
provisioningState = "string"
resourceGuid = "string"
securityRules = [
etag = "string"
id = "string"
name = "string"
properties = {
access = "string"
description = "string"
destinationAddressPrefix = "string"
destinationPortRange = "string"
direction = "string"
priority = int
protocol = "string"
provisioningState = "string"
sourceAddressPrefix = "string"
sourcePortRange = "string"
tags = {
{customized property} = "string"
provisioningState = "string"
resourceNavigationLinks = [
id = "string"
name = "string"
properties = {
link = "string"
linkedResourceType = "string"
routeTable = {
etag = "string"
id = "string"
location = "string"
properties = {
provisioningState = "string"
routes = [
etag = "string"
id = "string"
name = "string"
properties = {
addressPrefix = "string"
nextHopIpAddress = "string"
nextHopType = "string"
provisioningState = "string"
tags = {
{customized property} = "string"
inboundNatPools = [
etag = "string"
id = "string"
name = "string"
properties = {
backendPort = int
frontendIPConfiguration = {
id = "string"
frontendPortRangeEnd = int
frontendPortRangeStart = int
protocol = "string"
provisioningState = "string"
inboundNatRules = [
etag = "string"
id = "string"
name = "string"
properties = {
backendPort = int
enableFloatingIP = bool
frontendIPConfiguration = {
id = "string"
frontendPort = int
idleTimeoutInMinutes = int
protocol = "string"
provisioningState = "string"
loadBalancingRules = [
etag = "string"
id = "string"
name = "string"
properties = {
backendAddressPool = {
id = "string"
backendPort = int
enableFloatingIP = bool
frontendIPConfiguration = {
id = "string"
frontendPort = int
idleTimeoutInMinutes = int
loadDistribution = "string"
probe = {
id = "string"
protocol = "string"
provisioningState = "string"
outboundNatRules = [
etag = "string"
id = "string"
name = "string"
properties = {
allocatedOutboundPorts = int
backendAddressPool = {
id = "string"
frontendIPConfigurations = [
id = "string"
provisioningState = "string"
probes = [
etag = "string"
id = "string"
name = "string"
properties = {
intervalInSeconds = int
numberOfProbes = int
port = int
protocol = "string"
provisioningState = "string"
requestPath = "string"
provisioningState = "string"
resourceGuid = "string"
Property Values
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | Properties of BackendAddressPool | BackendAddressPoolPropertiesFormat |
Name | Description | Value |
provisioningState | Get provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | Properties of Frontend IP Configuration of the load balancer | FrontendIPConfigurationPropertiesFormat |
Name | Description | Value |
privateIPAddress | Gets or sets the privateIPAddress of the IP Configuration | string |
privateIPAllocationMethod | Gets or sets PrivateIP allocation method | 'Dynamic' 'Static' |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
publicIPAddress | Gets or sets the reference of the PublicIP resource | PublicIPAddress |
subnet | Gets or sets the reference of the subnet resource | Subnet |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | Properties of Inbound NAT pool | InboundNatPoolPropertiesFormat |
Name | Description | Value |
backendPort | Gets or sets a port used for internal connections on the endpoint. The localPort attribute maps the eternal port of the endpoint to an internal port on a role. This is useful in scenarios where a role must communicate to an internal component on a port that is different from the one that is exposed externally. If not specified, the value of localPort is the same as the port attribute. Set the value of localPort to '*' to automatically assign an unallocated port that is discoverable using the runtime API | int (required) |
frontendIPConfiguration | Gets or sets a reference to frontend IP Addresses | SubResource |
frontendPortRangeEnd | Gets or sets the ending port range for the NAT pool. You can specify any port number you choose, but the port numbers specified for each role in the service must be unique. Possible values range between 1 and 65535, inclusive | int (required) |
frontendPortRangeStart | Gets or sets the starting port range for the NAT pool. You can specify any port number you choose, but the port numbers specified for each role in the service must be unique. Possible values range between 1 and 65535, inclusive | int (required) |
protocol | Gets or sets the transport protocol for the endpoint. Possible values are Udp or Tcp | 'Tcp' 'Udp' (required) |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | Properties of Inbound NAT rule | InboundNatRulePropertiesFormat |
Name | Description | Value |
backendPort | Gets or sets a port used for internal connections on the endpoint. The localPort attribute maps the eternal port of the endpoint to an internal port on a role. This is useful in scenarios where a role must communicate to an internal component on a port that is different from the one that is exposed externally. If not specified, the value of localPort is the same as the port attribute. Set the value of localPort to '*' to automatically assign an unallocated port that is discoverable using the runtime API | int |
enableFloatingIP | Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn availability Group. This setting is required when using the SQL Always ON availability Groups in SQL server. This setting can't be changed after you create the endpoint | bool |
frontendIPConfiguration | Gets or sets a reference to frontend IP Addresses | SubResource |
frontendPort | Gets or sets the port for the external endpoint. You can specify any port number you choose, but the port numbers specified for each role in the service must be unique. Possible values range between 1 and 65535, inclusive | int |
idleTimeoutInMinutes | Gets or sets the timeout for the Tcp idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to Tcp | int |
protocol | Gets or sets the transport protocol for the endpoint. Possible values are Udp or Tcp | 'Tcp' 'Udp' |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
Name | Description | Value |
backendAddressPools | Gets or sets Pools of backend IP addresses | BackendAddressPool[] |
frontendIPConfigurations | Gets or sets frontend IP addresses of the load balancer | FrontendIPConfiguration[] |
inboundNatPools | Gets or sets inbound NAT pools | InboundNatPool[] |
inboundNatRules | Gets or sets list of inbound rules | InboundNatRule[] |
loadBalancingRules | Gets or sets load balancing rules | LoadBalancingRule[] |
outboundNatRules | Gets or sets outbound NAT rules | OutboundNatRule[] |
probes | Gets or sets list of Load balancer probes | Probe[] |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
resourceGuid | Gets or sets resource guid property of the Load balancer resource | string |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | Properties of the load balancer | LoadBalancingRulePropertiesFormat |
Name | Description | Value |
backendAddressPool | Gets or sets a reference to a pool of DIPs. Inbound traffic is randomly load balanced across IPs in the backend IPs | SubResource |
backendPort | Gets or sets a port used for internal connections on the endpoint. The localPort attribute maps the eternal port of the endpoint to an internal port on a role. This is useful in scenarios where a role must communicate to an internal component on a port that is different from the one that is exposed externally. If not specified, the value of localPort is the same as the port attribute. Set the value of localPort to '*' to automatically assign an unallocated port that is discoverable using the runtime API | int |
enableFloatingIP | Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn availability Group. This setting is required when using the SQL Always ON availability Groups in SQL server. This setting can't be changed after you create the endpoint | bool |
frontendIPConfiguration | Gets or sets a reference to frontend IP Addresses | SubResource |
frontendPort | Gets or sets the port for the external endpoint. You can specify any port number you choose, but the port numbers specified for each role in the service must be unique. Possible values range between 1 and 65535, inclusive | int (required) |
idleTimeoutInMinutes | Gets or sets the timeout for the Tcp idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to Tcp | int |
loadDistribution | Gets or sets the load distribution policy for this rule | 'Default' 'SourceIP' 'SourceIPProtocol' |
probe | Gets or sets the reference of the load balancer probe used by the Load Balancing rule. | SubResource |
protocol | Gets or sets the transport protocol for the external endpoint. Possible values are Udp or Tcp | 'Tcp' 'Udp' (required) |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
Name | Description | Value |
etag | Gets a unique read-only string that changes whenever the resource is updated | string |
location | Resource location | string |
name | The resource name | string (required) |
properties | Properties of Load Balancer | LoadBalancerPropertiesFormat |
tags | Resource tags | Dictionary of tag names and values. |
type | The resource type | "Microsoft.Network/loadBalancers@2016-06-01" |
Name | Description | Value |
etag | Gets a unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
location | Resource location | string |
properties | Network Security Group resource | NetworkSecurityGroupPropertiesFormat |
tags | Resource tags | ResourceTags |
Name | Description | Value |
defaultSecurityRules | Gets or default security rules of network security group | SecurityRule[] |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
resourceGuid | Gets or sets resource guid property of the network security group resource | string |
securityRules | Gets or sets security rules of network security group | SecurityRule[] |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | Outbound NAT pool of the load balancer | OutboundNatRulePropertiesFormat |
Name | Description | Value |
allocatedOutboundPorts | Gets or sets the number of outbound ports to be used for SNAT | int |
backendAddressPool | Gets or sets a reference to a pool of DIPs. Outbound traffic is randomly load balanced across IPs in the backend IPs | SubResource (required) |
frontendIPConfigurations | Gets or sets Frontend IP addresses of the load balancer | SubResource[] |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | ProbePropertiesFormat |
Name | Description | Value |
intervalInSeconds | Gets or sets the interval, in seconds, for how frequently to probe the endpoint for health status. Typically, the interval is slightly less than half the allocated timeout period (in seconds) which allows two full probes before taking the instance out of rotation. The default value is 15, the minimum value is 5 | int |
numberOfProbes | Gets or sets the number of probes where if no response, will result in stopping further traffic from being delivered to the endpoint. This values allows endpoints to be taken out of rotation faster or slower than the typical times used in Azure. | int |
port | Gets or sets Port for communicating the probe. Possible values range from 1 to 65535, inclusive. | int (required) |
protocol | Gets or sets the protocol of the end point. Possible values are http or Tcp. If Tcp is specified, a received ACK is required for the probe to be successful. If http is specified,a 200 OK response from the specifies URI is required for the probe to be successful | 'Http' 'Tcp' (required) |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
requestPath | Gets or sets the URI used for requesting health status from the VM. Path is required if a protocol is set to http. Otherwise, it is not allowed. There is no default value | string |
Name | Description | Value |
etag | Gets a unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
location | Resource location | string |
properties | PublicIpAddress properties | PublicIPAddressPropertiesFormat |
tags | Resource tags | ResourceTags |
Name | Description | Value |
domainNameLabel | Gets or sets the Domain name label.The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. | string |
fqdn | Gets the FQDN, Fully qualified domain name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. | string |
reverseFqdn | Gets or Sets the Reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the domain to the reverse FQDN. | string |
Name | Description | Value |
dnsSettings | Gets or sets FQDN of the DNS record associated with the public IP address | PublicIPAddressDnsSettings |
idleTimeoutInMinutes | Gets or sets the idle timeout of the public IP address | int |
ipAddress | string | |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
publicIPAddressVersion | Gets or sets PublicIP address version (IPv4/IPv6) | 'IPv4' 'IPv6' |
publicIPAllocationMethod | Gets or sets PublicIP allocation method (Static/Dynamic) | 'Dynamic' 'Static' |
resourceGuid | Gets or sets resource guid property of the PublicIP resource | string |
Name | Description | Value |
id | Resource Id | string |
name | Name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | Properties of ResourceNavigationLink | ResourceNavigationLinkFormat |
Name | Description | Value |
link | Link to the external resource | string |
linkedResourceType | Resource type of the linked resource | string |
Name | Description | Value |
Name | Description | Value |
Name | Description | Value |
Name | Description | Value |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | Route resource | RoutePropertiesFormat |
Name | Description | Value |
addressPrefix | Gets or sets the destination CIDR to which the route applies. | string |
nextHopIpAddress | Gets or sets the IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. | string |
nextHopType | Gets or sets the type of Azure hop the packet should be sent to. | 'Internet' 'None' 'VirtualAppliance' 'VirtualNetworkGateway' 'VnetLocal' (required) |
provisioningState | Gets provisioning state of the resource Updating/Deleting/Failed | string |
Name | Description | Value |
etag | Gets a unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
location | Resource location | string |
properties | Route Table resource | RouteTablePropertiesFormat |
tags | Resource tags | ResourceTags |
Name | Description | Value |
provisioningState | Gets provisioning state of the resource Updating/Deleting/Failed | string |
routes | Gets or sets Routes in a Route Table | Route[] |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | SecurityRulePropertiesFormat |
Name | Description | Value |
access | Gets or sets network traffic is allowed or denied. Possible values are 'Allow' and 'Deny' | 'Allow' 'Deny' (required) |
description | Gets or sets a description for this rule. Restricted to 140 chars. | string |
destinationAddressPrefix | Gets or sets destination address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. | string (required) |
destinationPortRange | Gets or sets Destination Port or Range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
direction | Gets or sets the direction of the rule.InBound or Outbound. The direction specifies if rule will be evaluated on incoming or outgoing traffic. | 'Inbound' 'Outbound' (required) |
priority | Gets or sets the priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | int |
protocol | Gets or sets Network protocol this rule applies to. Can be Tcp, Udp or All(*). | '*' 'Tcp' 'Udp' (required) |
provisioningState | Gets provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
sourceAddressPrefix | Gets or sets source address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. | string (required) |
sourcePortRange | Gets or sets Source Port or Range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
Name | Description | Value |
etag | A unique read-only string that changes whenever the resource is updated | string |
id | Resource Id | string |
name | Gets or sets the name of the resource that is unique within a resource group. This name can be used to access the resource | string |
properties | SubnetPropertiesFormat |
Name | Description | Value |
addressPrefix | Gets or sets Address prefix for the subnet. | string |
networkSecurityGroup | Gets or sets the reference of the NetworkSecurityGroup resource | NetworkSecurityGroup |
provisioningState | Gets provisioning state of the resource | string |
resourceNavigationLinks | Gets array of references to the external resources using subnet | ResourceNavigationLink[] |
routeTable | Gets or sets the reference of the RouteTable resource | RouteTable |
Name | Description | Value |
id | Resource Id | string |
Usage Examples
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
Module | Description |
Loadbalancer | AVM Resource Module for Loadbalancer |