Microsoft.Compute virtualMachines/runCommands 2023-09-01

Bicep resource definition

The virtualMachines/runCommands resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Compute/virtualMachines/runCommands resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Compute/virtualMachines/runCommands@2023-09-01' = {
  parent: resourceSymbolicName
  location: 'string'
  name: 'string'
  properties: {
    asyncExecution: bool
    errorBlobManagedIdentity: {
      clientId: 'string'
      objectId: 'string'
    }
    errorBlobUri: 'string'
    outputBlobManagedIdentity: {
      clientId: 'string'
      objectId: 'string'
    }
    outputBlobUri: 'string'
    parameters: [
      {
        name: 'string'
        value: 'string'
      }
    ]
    protectedParameters: [
      {
        name: 'string'
        value: 'string'
      }
    ]
    runAsPassword: 'string'
    runAsUser: 'string'
    source: {
      commandId: 'string'
      script: 'string'
      scriptUri: 'string'
      scriptUriManagedIdentity: {
        clientId: 'string'
        objectId: 'string'
      }
    }
    timeoutInSeconds: int
    treatFailureAsDeploymentFailure: bool
  }
  tags: {
    {customized property}: 'string'
  }
}

Property values

Microsoft.Compute/virtualMachines/runCommands

Name Description Value
location Resource location string (required)
name The resource name string (required)
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: virtualMachines
properties Describes the properties of a Virtual Machine run command. VirtualMachineRunCommandProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates

ResourceTags

Name Description Value

RunCommandInputParameter

Name Description Value
name The run command parameter name. string (required)
value The run command parameter value. string (required)

RunCommandManagedIdentity

Name Description Value
clientId Client Id (GUID value) of the user-assigned managed identity. ObjectId should not be used if this is provided. string
objectId Object Id (GUID value) of the user-assigned managed identity. ClientId should not be used if this is provided. string

VirtualMachineRunCommandProperties

Name Description Value
asyncExecution Optional. If set to true, provisioning will complete as soon as the script starts and will not wait for script to complete. bool
errorBlobManagedIdentity User-assigned managed identity that has access to errorBlobUri storage blob. Use an empty object in case of system-assigned identity. Make sure managed identity has been given access to blob's container with 'Storage Blob Data Contributor' role assignment. In case of user-assigned identity, make sure you add it under VM's identity. For more info on managed identity and Run Command, refer https://aka.ms/ManagedIdentity and https://aka.ms/RunCommandManaged RunCommandManagedIdentity
errorBlobUri Specifies the Azure storage blob where script error stream will be uploaded. Use a SAS URI with read, append, create, write access OR use managed identity to provide the VM access to the blob. Refer errorBlobManagedIdentity parameter. string
outputBlobManagedIdentity User-assigned managed identity that has access to outputBlobUri storage blob. Use an empty object in case of system-assigned identity. Make sure managed identity has been given access to blob's container with 'Storage Blob Data Contributor' role assignment. In case of user-assigned identity, make sure you add it under VM's identity. For more info on managed identity and Run Command, refer https://aka.ms/ManagedIdentity and https://aka.ms/RunCommandManaged RunCommandManagedIdentity
outputBlobUri Specifies the Azure storage blob where script output stream will be uploaded. Use a SAS URI with read, append, create, write access OR use managed identity to provide the VM access to the blob. Refer outputBlobManagedIdentity parameter. string
parameters The parameters used by the script. RunCommandInputParameter[]
protectedParameters The parameters used by the script. RunCommandInputParameter[]
runAsPassword Specifies the user account password on the VM when executing the run command. string
runAsUser Specifies the user account on the VM when executing the run command. string
source The source of the run command script. VirtualMachineRunCommandScriptSource
timeoutInSeconds The timeout in seconds to execute the run command. int
treatFailureAsDeploymentFailure Optional. If set to true, any failure in the script will fail the deployment and ProvisioningState will be marked as Failed. If set to false, ProvisioningState would only reflect whether the run command was run or not by the extensions platform, it would not indicate whether script failed in case of script failures. See instance view of run command in case of script failures to see executionMessage, output, error: https://aka.ms/runcommandmanaged#get-execution-status-and-results bool

VirtualMachineRunCommandScriptSource

Name Description Value
commandId Specifies a commandId of predefined built-in script. string
script Specifies the script content to be executed on the VM. string
scriptUri Specifies the script download location. It can be either SAS URI of an Azure storage blob with read access or public URI. string
scriptUriManagedIdentity User-assigned managed identity that has access to scriptUri in case of Azure storage blob. Use an empty object in case of system-assigned identity. Make sure the Azure storage blob exists, and managed identity has been given access to blob's container with 'Storage Blob Data Reader' role assignment. In case of user-assigned identity, make sure you add it under VM's identity. For more info on managed identity and Run Command, refer https://aka.ms/ManagedIdentity and https://aka.ms/RunCommandManaged. RunCommandManagedIdentity

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File Description
GitLab Omnibus This template simplifies the deployment of GitLab Omnibus on a Virtual Machine with a public DNS, leveraging the public IP's DNS. It utilizes the Standard_F8s_v2 instance size, which aligns with reference architecture and supports up to 1000 users (20 RPS). The instance is pre-configured to use HTTPS with a Let's Encrypt certificate for secure connections.
SharePoint Subscription / 2019 / 2016 fully configured Create a DC, a SQL Server 2022, and from 1 to 5 server(s) hosting a SharePoint Subscription / 2019 / 2016 farm with an extensive configuration, including trusted authentication, user profiles with personal sites, an OAuth trust (using a certificate), a dedicated IIS site for hosting high-trust add-ins, etc... The latest version of key softwares (including Fiddler, vscode, np++, 7zip, ULS Viewer) is installed. SharePoint machines have additional fine-tuning to make them immediately usable (remote administration tools, custom policies for Edge and Chrome, shortcuts, etc...).

ARM template resource definition

The virtualMachines/runCommands resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Compute/virtualMachines/runCommands resource, add the following JSON to your template.

{
  "type": "Microsoft.Compute/virtualMachines/runCommands",
  "apiVersion": "2023-09-01",
  "name": "string",
  "location": "string",
  "properties": {
    "asyncExecution": "bool",
    "errorBlobManagedIdentity": {
      "clientId": "string",
      "objectId": "string"
    },
    "errorBlobUri": "string",
    "outputBlobManagedIdentity": {
      "clientId": "string",
      "objectId": "string"
    },
    "outputBlobUri": "string",
    "parameters": [
      {
        "name": "string",
        "value": "string"
      }
    ],
    "protectedParameters": [
      {
        "name": "string",
        "value": "string"
      }
    ],
    "runAsPassword": "string",
    "runAsUser": "string",
    "source": {
      "commandId": "string",
      "script": "string",
      "scriptUri": "string",
      "scriptUriManagedIdentity": {
        "clientId": "string",
        "objectId": "string"
      }
    },
    "timeoutInSeconds": "int",
    "treatFailureAsDeploymentFailure": "bool"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property values

Microsoft.Compute/virtualMachines/runCommands

Name Description Value
apiVersion The api version '2023-09-01'
location Resource location string (required)
name The resource name string (required)
properties Describes the properties of a Virtual Machine run command. VirtualMachineRunCommandProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.Compute/virtualMachines/runCommands'

ResourceTags

Name Description Value

RunCommandInputParameter

Name Description Value
name The run command parameter name. string (required)
value The run command parameter value. string (required)

RunCommandManagedIdentity

Name Description Value
clientId Client Id (GUID value) of the user-assigned managed identity. ObjectId should not be used if this is provided. string
objectId Object Id (GUID value) of the user-assigned managed identity. ClientId should not be used if this is provided. string

VirtualMachineRunCommandProperties

Name Description Value
asyncExecution Optional. If set to true, provisioning will complete as soon as the script starts and will not wait for script to complete. bool
errorBlobManagedIdentity User-assigned managed identity that has access to errorBlobUri storage blob. Use an empty object in case of system-assigned identity. Make sure managed identity has been given access to blob's container with 'Storage Blob Data Contributor' role assignment. In case of user-assigned identity, make sure you add it under VM's identity. For more info on managed identity and Run Command, refer https://aka.ms/ManagedIdentity and https://aka.ms/RunCommandManaged RunCommandManagedIdentity
errorBlobUri Specifies the Azure storage blob where script error stream will be uploaded. Use a SAS URI with read, append, create, write access OR use managed identity to provide the VM access to the blob. Refer errorBlobManagedIdentity parameter. string
outputBlobManagedIdentity User-assigned managed identity that has access to outputBlobUri storage blob. Use an empty object in case of system-assigned identity. Make sure managed identity has been given access to blob's container with 'Storage Blob Data Contributor' role assignment. In case of user-assigned identity, make sure you add it under VM's identity. For more info on managed identity and Run Command, refer https://aka.ms/ManagedIdentity and https://aka.ms/RunCommandManaged RunCommandManagedIdentity
outputBlobUri Specifies the Azure storage blob where script output stream will be uploaded. Use a SAS URI with read, append, create, write access OR use managed identity to provide the VM access to the blob. Refer outputBlobManagedIdentity parameter. string
parameters The parameters used by the script. RunCommandInputParameter[]
protectedParameters The parameters used by the script. RunCommandInputParameter[]
runAsPassword Specifies the user account password on the VM when executing the run command. string
runAsUser Specifies the user account on the VM when executing the run command. string
source The source of the run command script. VirtualMachineRunCommandScriptSource
timeoutInSeconds The timeout in seconds to execute the run command. int
treatFailureAsDeploymentFailure Optional. If set to true, any failure in the script will fail the deployment and ProvisioningState will be marked as Failed. If set to false, ProvisioningState would only reflect whether the run command was run or not by the extensions platform, it would not indicate whether script failed in case of script failures. See instance view of run command in case of script failures to see executionMessage, output, error: https://aka.ms/runcommandmanaged#get-execution-status-and-results bool

VirtualMachineRunCommandScriptSource

Name Description Value
commandId Specifies a commandId of predefined built-in script. string
script Specifies the script content to be executed on the VM. string
scriptUri Specifies the script download location. It can be either SAS URI of an Azure storage blob with read access or public URI. string
scriptUriManagedIdentity User-assigned managed identity that has access to scriptUri in case of Azure storage blob. Use an empty object in case of system-assigned identity. Make sure the Azure storage blob exists, and managed identity has been given access to blob's container with 'Storage Blob Data Reader' role assignment. In case of user-assigned identity, make sure you add it under VM's identity. For more info on managed identity and Run Command, refer https://aka.ms/ManagedIdentity and https://aka.ms/RunCommandManaged. RunCommandManagedIdentity

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
GitLab Omnibus

Deploy to Azure
This template simplifies the deployment of GitLab Omnibus on a Virtual Machine with a public DNS, leveraging the public IP's DNS. It utilizes the Standard_F8s_v2 instance size, which aligns with reference architecture and supports up to 1000 users (20 RPS). The instance is pre-configured to use HTTPS with a Let's Encrypt certificate for secure connections.
SharePoint Subscription / 2019 / 2016 fully configured

Deploy to Azure
Create a DC, a SQL Server 2022, and from 1 to 5 server(s) hosting a SharePoint Subscription / 2019 / 2016 farm with an extensive configuration, including trusted authentication, user profiles with personal sites, an OAuth trust (using a certificate), a dedicated IIS site for hosting high-trust add-ins, etc... The latest version of key softwares (including Fiddler, vscode, np++, 7zip, ULS Viewer) is installed. SharePoint machines have additional fine-tuning to make them immediately usable (remote administration tools, custom policies for Edge and Chrome, shortcuts, etc...).

Terraform (AzAPI provider) resource definition

The virtualMachines/runCommands resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Compute/virtualMachines/runCommands resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Compute/virtualMachines/runCommands@2023-09-01"
  name = "string"
  location = "string"
  tags = {
    {customized property} = "string"
  }
  body = jsonencode({
    properties = {
      asyncExecution = bool
      errorBlobManagedIdentity = {
        clientId = "string"
        objectId = "string"
      }
      errorBlobUri = "string"
      outputBlobManagedIdentity = {
        clientId = "string"
        objectId = "string"
      }
      outputBlobUri = "string"
      parameters = [
        {
          name = "string"
          value = "string"
        }
      ]
      protectedParameters = [
        {
          name = "string"
          value = "string"
        }
      ]
      runAsPassword = "string"
      runAsUser = "string"
      source = {
        commandId = "string"
        script = "string"
        scriptUri = "string"
        scriptUriManagedIdentity = {
          clientId = "string"
          objectId = "string"
        }
      }
      timeoutInSeconds = int
      treatFailureAsDeploymentFailure = bool
    }
  })
}

Property values

Microsoft.Compute/virtualMachines/runCommands

Name Description Value
location Resource location string (required)
name The resource name string (required)
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: virtualMachines
properties Describes the properties of a Virtual Machine run command. VirtualMachineRunCommandProperties
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.Compute/virtualMachines/runCommands@2023-09-01"

ResourceTags

Name Description Value

RunCommandInputParameter

Name Description Value
name The run command parameter name. string (required)
value The run command parameter value. string (required)

RunCommandManagedIdentity

Name Description Value
clientId Client Id (GUID value) of the user-assigned managed identity. ObjectId should not be used if this is provided. string
objectId Object Id (GUID value) of the user-assigned managed identity. ClientId should not be used if this is provided. string

VirtualMachineRunCommandProperties

Name Description Value
asyncExecution Optional. If set to true, provisioning will complete as soon as the script starts and will not wait for script to complete. bool
errorBlobManagedIdentity User-assigned managed identity that has access to errorBlobUri storage blob. Use an empty object in case of system-assigned identity. Make sure managed identity has been given access to blob's container with 'Storage Blob Data Contributor' role assignment. In case of user-assigned identity, make sure you add it under VM's identity. For more info on managed identity and Run Command, refer https://aka.ms/ManagedIdentity and https://aka.ms/RunCommandManaged RunCommandManagedIdentity
errorBlobUri Specifies the Azure storage blob where script error stream will be uploaded. Use a SAS URI with read, append, create, write access OR use managed identity to provide the VM access to the blob. Refer errorBlobManagedIdentity parameter. string
outputBlobManagedIdentity User-assigned managed identity that has access to outputBlobUri storage blob. Use an empty object in case of system-assigned identity. Make sure managed identity has been given access to blob's container with 'Storage Blob Data Contributor' role assignment. In case of user-assigned identity, make sure you add it under VM's identity. For more info on managed identity and Run Command, refer https://aka.ms/ManagedIdentity and https://aka.ms/RunCommandManaged RunCommandManagedIdentity
outputBlobUri Specifies the Azure storage blob where script output stream will be uploaded. Use a SAS URI with read, append, create, write access OR use managed identity to provide the VM access to the blob. Refer outputBlobManagedIdentity parameter. string
parameters The parameters used by the script. RunCommandInputParameter[]
protectedParameters The parameters used by the script. RunCommandInputParameter[]
runAsPassword Specifies the user account password on the VM when executing the run command. string
runAsUser Specifies the user account on the VM when executing the run command. string
source The source of the run command script. VirtualMachineRunCommandScriptSource
timeoutInSeconds The timeout in seconds to execute the run command. int
treatFailureAsDeploymentFailure Optional. If set to true, any failure in the script will fail the deployment and ProvisioningState will be marked as Failed. If set to false, ProvisioningState would only reflect whether the run command was run or not by the extensions platform, it would not indicate whether script failed in case of script failures. See instance view of run command in case of script failures to see executionMessage, output, error: https://aka.ms/runcommandmanaged#get-execution-status-and-results bool

VirtualMachineRunCommandScriptSource

Name Description Value
commandId Specifies a commandId of predefined built-in script. string
script Specifies the script content to be executed on the VM. string
scriptUri Specifies the script download location. It can be either SAS URI of an Azure storage blob with read access or public URI. string
scriptUriManagedIdentity User-assigned managed identity that has access to scriptUri in case of Azure storage blob. Use an empty object in case of system-assigned identity. Make sure the Azure storage blob exists, and managed identity has been given access to blob's container with 'Storage Blob Data Reader' role assignment. In case of user-assigned identity, make sure you add it under VM's identity. For more info on managed identity and Run Command, refer https://aka.ms/ManagedIdentity and https://aka.ms/RunCommandManaged. RunCommandManagedIdentity