你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn

Microsoft.MachineLearningServices workspaces/computes 2024-10-01

Bicep resource definition

The workspaces/computes resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.MachineLearningServices/workspaces/computes resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.MachineLearningServices/workspaces/computes@2024-10-01' = {
  parent: resourceSymbolicName
  identity: {
    type: 'string'
    userAssignedIdentities: {
      {customized property}: {}
    }
  }
  location: 'string'
  name: 'string'
  properties: {
    computeLocation: 'string'
    description: 'string'
    disableLocalAuth: bool
    resourceId: 'string'
    computeType: 'string'
    // For remaining properties, see Compute objects
  }
  sku: {
    capacity: int
    family: 'string'
    name: 'string'
    size: 'string'
    tier: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}

Compute objects

Set the computeType property to specify the type of object.

For AKS, use:

{
  computeType: 'AKS'
  properties: {
    agentCount: int
    agentVmSize: 'string'
    aksNetworkingConfiguration: {
      dnsServiceIP: 'string'
      dockerBridgeCidr: 'string'
      serviceCidr: 'string'
      subnetId: 'string'
    }
    clusterFqdn: 'string'
    clusterPurpose: 'string'
    loadBalancerSubnet: 'string'
    loadBalancerType: 'string'
    sslConfiguration: {
      cert: 'string'
      cname: 'string'
      key: 'string'
      leafDomainLabel: 'string'
      overwriteExistingDomain: bool
      status: 'string'
    }
  }
}

For AmlCompute, use:

{
  computeType: 'AmlCompute'
  properties: {
    enableNodePublicIp: bool
    isolatedNetwork: bool
    osType: 'string'
    propertyBag: any(Azure.Bicep.Types.Concrete.AnyType)
    remoteLoginPortPublicAccess: 'string'
    scaleSettings: {
      maxNodeCount: int
      minNodeCount: int
      nodeIdleTimeBeforeScaleDown: 'string'
    }
    subnet: {
      id: 'string'
    }
    userAccountCredentials: {
      adminUserName: 'string'
      adminUserPassword: 'string'
      adminUserSshPublicKey: 'string'
    }
    virtualMachineImage: {
      id: 'string'
    }
    vmPriority: 'string'
    vmSize: 'string'
  }
}

For ComputeInstance, use:

{
  computeType: 'ComputeInstance'
  properties: {
    applicationSharingPolicy: 'string'
    computeInstanceAuthorizationType: 'string'
    customServices: [
      {
        docker: {
          privileged: bool
        }
        endpoints: [
          {
            hostIp: 'string'
            name: 'string'
            protocol: 'string'
            published: int
            target: int
          }
        ]
        environmentVariables: {
          {customized property}: {
            type: 'string'
            value: 'string'
          }
        }
        image: {
          reference: 'string'
          type: 'string'
        }
        name: 'string'
        volumes: [
          {
            bind: {
              createHostPath: bool
              propagation: 'string'
              selinux: 'string'
            }
            consistency: 'string'
            readOnly: bool
            source: 'string'
            target: 'string'
            tmpfs: {
              size: int
            }
            type: 'string'
            volume: {
              nocopy: bool
            }
          }
        ]
      }
    ]
    enableNodePublicIp: bool
    personalComputeInstanceSettings: {
      assignedUser: {
        objectId: 'string'
        tenantId: 'string'
      }
    }
    schedules: {
      computeStartStop: [
        {
          action: 'string'
          cron: {
            expression: 'string'
            startTime: 'string'
            timeZone: 'string'
          }
          recurrence: {
            frequency: 'string'
            interval: int
            schedule: {
              hours: [
                int
              ]
              minutes: [
                int
              ]
              monthDays: [
                int
              ]
              weekDays: [
                'string'
              ]
            }
            startTime: 'string'
            timeZone: 'string'
          }
          schedule: {
            id: 'string'
            provisioningStatus: 'string'
            status: 'string'
          }
          status: 'string'
          triggerType: 'string'
        }
      ]
    }
    setupScripts: {
      scripts: {
        creationScript: {
          scriptArguments: 'string'
          scriptData: 'string'
          scriptSource: 'string'
          timeout: 'string'
        }
        startupScript: {
          scriptArguments: 'string'
          scriptData: 'string'
          scriptSource: 'string'
          timeout: 'string'
        }
      }
    }
    sshSettings: {
      adminPublicKey: 'string'
      sshPublicAccess: 'string'
    }
    subnet: {
      id: 'string'
    }
    vmSize: 'string'
  }
}

For DataFactory, use:

{
  computeType: 'DataFactory'
}

For DataLakeAnalytics, use:

{
  computeType: 'DataLakeAnalytics'
  properties: {
    dataLakeStoreAccountName: 'string'
  }
}

For Databricks, use:

{
  computeType: 'Databricks'
  properties: {
    databricksAccessToken: 'string'
    workspaceUrl: 'string'
  }
}

For HDInsight, use:

{
  computeType: 'HDInsight'
  properties: {
    address: 'string'
    administratorAccount: {
      password: 'string'
      privateKeyData: 'string'
      publicKeyData: 'string'
      username: 'string'
    }
    sshPort: int
  }
}

For Kubernetes, use:

{
  computeType: 'Kubernetes'
  properties: {
    defaultInstanceType: 'string'
    extensionInstanceReleaseTrain: 'string'
    extensionPrincipalId: 'string'
    instanceTypes: {
      {customized property}: {
        nodeSelector: {
          {customized property}: 'string'
        }
        resources: {
          limits: {
            {customized property}: 'string'
          }
          requests: {
            {customized property}: 'string'
          }
        }
      }
    }
    namespace: 'string'
    relayConnectionString: 'string'
    serviceBusConnectionString: 'string'
    vcName: 'string'
  }
}

For SynapseSpark, use:

{
  computeType: 'SynapseSpark'
  properties: {
    autoPauseProperties: {
      delayInMinutes: int
      enabled: bool
    }
    autoScaleProperties: {
      enabled: bool
      maxNodeCount: int
      minNodeCount: int
    }
    nodeCount: int
    nodeSize: 'string'
    nodeSizeFamily: 'string'
    poolName: 'string'
    resourceGroup: 'string'
    sparkVersion: 'string'
    subscriptionId: 'string'
    workspaceName: 'string'
  }
}

For VirtualMachine, use:

{
  computeType: 'VirtualMachine'
  properties: {
    address: 'string'
    administratorAccount: {
      password: 'string'
      privateKeyData: 'string'
      publicKeyData: 'string'
      username: 'string'
    }
    isNotebookInstanceCompute: bool
    notebookServerPort: int
    sshPort: int
    virtualMachineSize: 'string'
  }
}

Property values

AKS

Name Description Value
computeType The type of compute 'AKS' (required)
properties AKS properties AKSSchemaProperties

AksNetworkingConfiguration

Name Description Value
dnsServiceIP An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. string

Constraints:
Pattern = ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
dockerBridgeCidr A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range. string

Constraints:
Pattern = ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$
serviceCidr A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. string

Constraints:
Pattern = ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$
subnetId Virtual network subnet resource ID the compute nodes belong to string

AKSSchemaProperties

Name Description Value
agentCount Number of agents int

Constraints:
Min value = 0
agentVmSize Agent virtual machine size string
aksNetworkingConfiguration AKS networking configuration for vnet AksNetworkingConfiguration
clusterFqdn Cluster full qualified domain name string
clusterPurpose Intended usage of the cluster 'DenseProd'
'DevTest'
'FastProd'
loadBalancerSubnet Load Balancer Subnet string
loadBalancerType Load Balancer Type 'InternalLoadBalancer'
'PublicIp'
sslConfiguration SSL configuration SslConfiguration

AmlCompute

Name Description Value
computeType The type of compute 'AmlCompute' (required)
properties Properties of AmlCompute AmlComputeProperties

AmlComputeProperties

Name Description Value
enableNodePublicIp Enable or disable node public IP address provisioning. Possible values are: Possible values are: true - Indicates that the compute nodes will have public IPs provisioned. false - Indicates that the compute nodes will have a private endpoint and no public IPs. bool
isolatedNetwork Network is isolated or not bool
osType Compute OS Type 'Linux'
'Windows'
propertyBag A property bag containing additional properties. any
remoteLoginPortPublicAccess State of the public SSH port. Possible values are: Disabled - Indicates that the public ssh port is closed on all nodes of the cluster. Enabled - Indicates that the public ssh port is open on all nodes of the cluster. NotSpecified - Indicates that the public ssh port is closed on all nodes of the cluster if VNet is defined, else is open all public nodes. It can be default only during cluster creation time, after creation it will be either enabled or disabled. 'Disabled'
'Enabled'
'NotSpecified'
scaleSettings Scale settings for AML Compute ScaleSettings
subnet Virtual network subnet resource ID the compute nodes belong to. ResourceId
userAccountCredentials Credentials for an administrator user account that will be created on each compute node. UserAccountCredentials
virtualMachineImage Virtual Machine image for AML Compute - windows only VirtualMachineImage
vmPriority Virtual Machine priority 'Dedicated'
'LowPriority'
vmSize Virtual Machine Size string

AssignedUser

Name Description Value
objectId User’s AAD Object Id. string (required)
tenantId User’s AAD Tenant Id. string (required)

AutoPauseProperties

Name Description Value
delayInMinutes int
enabled bool

AutoScaleProperties

Name Description Value
enabled bool
maxNodeCount int
minNodeCount int

BindOptions

Name Description Value
createHostPath Indicate whether to create host path. bool
propagation Type of Bind Option string
selinux Mention the selinux options. string

Compute

Name Description Value
computeLocation Location for the underlying compute string
computeType Set to 'AKS' for type AKS. Set to 'AmlCompute' for type AmlCompute. Set to 'ComputeInstance' for type ComputeInstance. Set to 'DataFactory' for type DataFactory. Set to 'DataLakeAnalytics' for type DataLakeAnalytics. Set to 'Databricks' for type Databricks. Set to 'HDInsight' for type HDInsight. Set to 'Kubernetes' for type Kubernetes. Set to 'SynapseSpark' for type SynapseSpark. Set to 'VirtualMachine' for type VirtualMachine. 'AKS'
'AmlCompute'
'ComputeInstance'
'Databricks'
'DataFactory'
'DataLakeAnalytics'
'HDInsight'
'Kubernetes'
'SynapseSpark'
'VirtualMachine' (required)
description The description of the Machine Learning compute. string
disableLocalAuth Opt-out of local authentication and ensure customers can use only MSI and AAD exclusively for authentication. bool
resourceId ARM resource id of the underlying compute string

ComputeInstance

Name Description Value
computeType The type of compute 'ComputeInstance' (required)
properties Properties of ComputeInstance ComputeInstanceProperties

ComputeInstanceProperties

Name Description Value
applicationSharingPolicy Policy for sharing applications on this compute instance among users of parent workspace. If Personal, only the creator can access applications on this compute instance. When Shared, any workspace user can access applications on this instance depending on his/her assigned role. 'Personal'
'Shared'
computeInstanceAuthorizationType The Compute Instance Authorization type. Available values are personal (default). 'personal'
customServices List of Custom Services added to the compute. CustomService[]
enableNodePublicIp Enable or disable node public IP address provisioning. Possible values are: Possible values are: true - Indicates that the compute nodes will have public IPs provisioned. false - Indicates that the compute nodes will have a private endpoint and no public IPs. bool
personalComputeInstanceSettings Settings for a personal compute instance. PersonalComputeInstanceSettings
schedules The list of schedules to be applied on the computes. ComputeSchedules
setupScripts Details of customized scripts to execute for setting up the cluster. SetupScripts
sshSettings Specifies policy and settings for SSH access. ComputeInstanceSshSettings
subnet Virtual network subnet resource ID the compute nodes belong to. ResourceId
vmSize Virtual Machine Size string

ComputeInstanceSshSettings

Name Description Value
adminPublicKey Specifies the SSH rsa public key file as a string. Use "ssh-keygen -t rsa -b 2048" to generate your SSH key pairs. string
sshPublicAccess State of the public SSH port. Possible values are: Disabled - Indicates that the public ssh port is closed on this instance. Enabled - Indicates that the public ssh port is open and accessible according to the VNet/subnet policy if applicable. 'Disabled'
'Enabled'

ComputeRecurrenceSchedule

Name Description Value
hours [Required] List of hours for the schedule. int[] (required)
minutes [Required] List of minutes for the schedule. int[] (required)
monthDays List of month days for the schedule int[]
weekDays List of days for the schedule. String array containing any of:
'Friday'
'Monday'
'Saturday'
'Sunday'
'Thursday'
'Tuesday'
'Wednesday'

ComputeResourceTags

Name Description Value

ComputeSchedules

Name Description Value
computeStartStop The list of compute start stop schedules to be applied. ComputeStartStopSchedule[]

ComputeStartStopSchedule

Name Description Value
action [Required] The compute power action. 'Start'
'Stop'
cron Required if triggerType is Cron. Cron
recurrence Required if triggerType is Recurrence. Recurrence
schedule [Deprecated] Not used any more. ScheduleBase
status Is the schedule enabled or disabled? 'Disabled'
'Enabled'
triggerType [Required] The schedule trigger type. 'Cron'
'Recurrence'

Cron

Name Description Value
expression [Required] Specifies cron expression of schedule.
The expression should follow NCronTab format.
string
startTime The start time in yyyy-MM-ddTHH:mm:ss format. string
timeZone Specifies time zone in which the schedule runs.
TimeZone should follow Windows time zone format. Refer: /windows-hardware/manufacture/desktop/default-time-zones?view=windows-11
string

CustomService

Name Description Value
docker Describes the docker settings for the image Docker
endpoints Configuring the endpoints for the container Endpoint[]
environmentVariables Environment Variable for the container CustomServiceEnvironmentVariables
image Describes the Image Specifications Image
name Name of the Custom Service string
volumes Configuring the volumes for the container VolumeDefinition[]

CustomServiceEnvironmentVariables

Name Description Value

Databricks

Name Description Value
computeType The type of compute 'Databricks' (required)
properties Properties of Databricks DatabricksProperties

DatabricksProperties

Name Description Value
databricksAccessToken Databricks access token string
workspaceUrl Workspace Url string

DataFactory

Name Description Value
computeType The type of compute 'DataFactory' (required)

DataLakeAnalytics

Name Description Value
computeType The type of compute 'DataLakeAnalytics' (required)
properties DataLakeAnalyticsSchemaProperties

DataLakeAnalyticsSchemaProperties

Name Description Value
dataLakeStoreAccountName DataLake Store Account Name string

Docker

Name Description Value
privileged Indicate whether container shall run in privileged or non-privileged mode. bool

Endpoint

Name Description Value
hostIp Host IP over which the application is exposed from the container string
name Name of the Endpoint string
protocol Protocol over which communication will happen over this endpoint 'http'
'tcp'
'udp'
published Port over which the application is exposed from container. int
target Application port inside the container. int

EnvironmentVariable

Name Description Value
type Type of the Environment Variable. Possible values are: local - For local variable 'local'
value Value of the Environment variable string

HDInsight

Name Description Value
computeType The type of compute 'HDInsight' (required)
properties HDInsight compute properties HDInsightProperties

HDInsightProperties

Name Description Value
address Public IP address of the master node of the cluster. string
administratorAccount Admin credentials for master node of the cluster VirtualMachineSshCredentials
sshPort Port open for ssh connections on the master node of the cluster. int

Image

Name Description Value
reference Image reference string
type Type of the image. Possible values are: docker - For docker images. azureml - For AzureML images 'azureml'
'docker'

InstanceResourceSchema

Name Description Value

InstanceResourceSchema

Name Description Value

InstanceTypeSchema

Name Description Value
nodeSelector Node Selector InstanceTypeSchemaNodeSelector
resources Resource requests/limits for this instance type InstanceTypeSchemaResources

InstanceTypeSchemaNodeSelector

Name Description Value

InstanceTypeSchemaResources

Name Description Value
limits Resource limits for this instance type InstanceResourceSchema
requests Resource requests for this instance type InstanceResourceSchema

Kubernetes

Name Description Value
computeType The type of compute 'Kubernetes' (required)
properties Properties of Kubernetes KubernetesProperties

KubernetesProperties

Name Description Value
defaultInstanceType Default instance type string
extensionInstanceReleaseTrain Extension instance release train. string
extensionPrincipalId Extension principal-id. string
instanceTypes Instance Type Schema KubernetesPropertiesInstanceTypes
namespace Compute namespace string
relayConnectionString Relay connection string. string

Constraints:
Sensitive value. Pass in as a secure parameter.
serviceBusConnectionString ServiceBus connection string. string

Constraints:
Sensitive value. Pass in as a secure parameter.
vcName VC name. string

KubernetesPropertiesInstanceTypes

Name Description Value

ManagedServiceIdentity

Name Description Value
type Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). 'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' (required)
userAssignedIdentities The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. UserAssignedIdentities

Microsoft.MachineLearningServices/workspaces/computes

Name Description Value
identity The identity of the resource. ManagedServiceIdentity
location Specifies the location of the resource. string
name The resource name string (required)
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: workspaces
properties Compute properties Compute
sku The sku of the workspace. Sku
tags Resource tags Dictionary of tag names and values. See Tags in templates

PersonalComputeInstanceSettings

Name Description Value
assignedUser A user explicitly assigned to a personal compute instance. AssignedUser

Recurrence

Name Description Value
frequency [Required] The frequency to trigger schedule. 'Day'
'Hour'
'Minute'
'Month'
'Week'
interval [Required] Specifies schedule interval in conjunction with frequency int
schedule [Required] The recurrence schedule. ComputeRecurrenceSchedule
startTime The start time in yyyy-MM-ddTHH:mm:ss format. string
timeZone Specifies time zone in which the schedule runs.
TimeZone should follow Windows time zone format. Refer: /windows-hardware/manufacture/desktop/default-time-zones?view=windows-11
string

ResourceId

Name Description Value
id The ID of the resource string (required)

ScaleSettings

Name Description Value
maxNodeCount Max number of nodes to use int (required)
minNodeCount Min number of nodes to use int
nodeIdleTimeBeforeScaleDown Node Idle Time before scaling down amlCompute. This string needs to be in the RFC Format. string

ScheduleBase

Name Description Value
id A system assigned id for the schedule. string
provisioningStatus The current deployment state of schedule. 'Completed'
'Failed'
'Provisioning'
status Is the schedule enabled or disabled? 'Disabled'
'Enabled'

ScriptReference

Name Description Value
scriptArguments Optional command line arguments passed to the script to run. string
scriptData The location of scripts in the mounted volume. string
scriptSource The storage source of the script: workspace. string
timeout Optional time period passed to timeout command. string

ScriptsToExecute

Name Description Value
creationScript Script that's run only once during provision of the compute. ScriptReference
startupScript Script that's run every time the machine starts. ScriptReference

SetupScripts

Name Description Value
scripts Customized setup scripts ScriptsToExecute

Sku

Name Description Value
capacity If the SKU supports scale out/in then the capacity integer should be included. If scale out/in is not possible for the resource this may be omitted. int
family If the service has different generations of hardware, for the same SKU, then that can be captured here. string
name The name of the SKU. Ex - P3. It is typically a letter+number code string (required)
size The SKU size. When the name field is the combination of tier and some other value, this would be the standalone code. string
tier This field is required to be implemented by the Resource Provider if the service has more than one tier, but is not required on a PUT. 'Basic'
'Free'
'Premium'
'Standard'

SslConfiguration

Name Description Value
cert Cert data string

Constraints:
Sensitive value. Pass in as a secure parameter.
cname CNAME of the cert string
key Key data string

Constraints:
Sensitive value. Pass in as a secure parameter.
leafDomainLabel Leaf domain label of public endpoint string
overwriteExistingDomain Indicates whether to overwrite existing domain label. bool
status Enable or disable ssl for scoring 'Auto'
'Disabled'
'Enabled'

SynapseSpark

Name Description Value
computeType The type of compute 'SynapseSpark' (required)
properties SynapseSparkProperties

SynapseSparkProperties

Name Description Value
autoPauseProperties Auto pause properties. AutoPauseProperties
autoScaleProperties Auto scale properties. AutoScaleProperties
nodeCount The number of compute nodes currently assigned to the compute. int
nodeSize Node size. string
nodeSizeFamily Node size family. string
poolName Pool name. string
resourceGroup Name of the resource group in which workspace is located. string
sparkVersion Spark version. string
subscriptionId Azure subscription identifier. string
workspaceName Name of Azure Machine Learning workspace. string

TmpfsOptions

Name Description Value
size Mention the Tmpfs size int

UserAccountCredentials

Name Description Value
adminUserName Name of the administrator user account which can be used to SSH to nodes. string (required)
adminUserPassword Password of the administrator user account. string

Constraints:
Sensitive value. Pass in as a secure parameter.
adminUserSshPublicKey SSH public key of the administrator user account. string

Constraints:
Sensitive value. Pass in as a secure parameter.

UserAssignedIdentities

Name Description Value

UserAssignedIdentity

Name Description Value

VirtualMachine

Name Description Value
computeType The type of compute 'VirtualMachine' (required)
properties VirtualMachineSchemaProperties

VirtualMachineImage

Name Description Value
id Virtual Machine image path string (required)

VirtualMachineSchemaProperties

Name Description Value
address Public IP address of the virtual machine. string
administratorAccount Admin credentials for virtual machine VirtualMachineSshCredentials
isNotebookInstanceCompute Indicates whether this compute will be used for running notebooks. bool
notebookServerPort Notebook server port open for ssh connections. int
sshPort Port open for ssh connections. int
virtualMachineSize Virtual Machine size string

VirtualMachineSshCredentials

Name Description Value
password Password of admin account string
privateKeyData Private key data string

Constraints:
Sensitive value. Pass in as a secure parameter.
publicKeyData Public key data string

Constraints:
Sensitive value. Pass in as a secure parameter.
username Username of admin account string

VolumeDefinition

Name Description Value
bind Bind Options of the mount BindOptions
consistency Consistency of the volume string
readOnly Indicate whether to mount volume as readOnly. Default value for this is false. bool
source Source of the mount. For bind mounts this is the host path. string
target Target of the mount. For bind mounts this is the path in the container. string
tmpfs tmpfs option of the mount TmpfsOptions
type Type of Volume Definition. Possible Values: bind,volume,tmpfs,npipe 'bind'
'npipe'
'tmpfs'
'volume'
volume Volume Options of the mount VolumeOptions

VolumeOptions

Name Description Value
nocopy Indicate whether volume is nocopy bool

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File Description
Azure Machine Learning end-to-end secure setup This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Azure Machine Learning end-to-end secure setup (legacy) This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Create an AKS compute target with a Private IP address This template creates an AKS compute target in given Azure Machine Learning service workspace with a private IP address.

ARM template resource definition

The workspaces/computes resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.MachineLearningServices/workspaces/computes resource, add the following JSON to your template.

{
  "type": "Microsoft.MachineLearningServices/workspaces/computes",
  "apiVersion": "2024-10-01",
  "name": "string",
  "identity": {
    "type": "string",
    "userAssignedIdentities": {
      "{customized property}": {
      }
    }
  },
  "location": "string",
  "properties": {
    "computeLocation": "string",
    "description": "string",
    "disableLocalAuth": "bool",
    "resourceId": "string",
    "computeType": "string"
    // For remaining properties, see Compute objects
  },
  "sku": {
    "capacity": "int",
    "family": "string",
    "name": "string",
    "size": "string",
    "tier": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Compute objects

Set the computeType property to specify the type of object.

For AKS, use:

{
  "computeType": "AKS",
  "properties": {
    "agentCount": "int",
    "agentVmSize": "string",
    "aksNetworkingConfiguration": {
      "dnsServiceIP": "string",
      "dockerBridgeCidr": "string",
      "serviceCidr": "string",
      "subnetId": "string"
    },
    "clusterFqdn": "string",
    "clusterPurpose": "string",
    "loadBalancerSubnet": "string",
    "loadBalancerType": "string",
    "sslConfiguration": {
      "cert": "string",
      "cname": "string",
      "key": "string",
      "leafDomainLabel": "string",
      "overwriteExistingDomain": "bool",
      "status": "string"
    }
  }
}

For AmlCompute, use:

{
  "computeType": "AmlCompute",
  "properties": {
    "enableNodePublicIp": "bool",
    "isolatedNetwork": "bool",
    "osType": "string",
    "propertyBag": {},
    "remoteLoginPortPublicAccess": "string",
    "scaleSettings": {
      "maxNodeCount": "int",
      "minNodeCount": "int",
      "nodeIdleTimeBeforeScaleDown": "string"
    },
    "subnet": {
      "id": "string"
    },
    "userAccountCredentials": {
      "adminUserName": "string",
      "adminUserPassword": "string",
      "adminUserSshPublicKey": "string"
    },
    "virtualMachineImage": {
      "id": "string"
    },
    "vmPriority": "string",
    "vmSize": "string"
  }
}

For ComputeInstance, use:

{
  "computeType": "ComputeInstance",
  "properties": {
    "applicationSharingPolicy": "string",
    "computeInstanceAuthorizationType": "string",
    "customServices": [
      {
        "docker": {
          "privileged": "bool"
        },
        "endpoints": [
          {
            "hostIp": "string",
            "name": "string",
            "protocol": "string",
            "published": "int",
            "target": "int"
          }
        ],
        "environmentVariables": {
          "{customized property}": {
            "type": "string",
            "value": "string"
          }
        },
        "image": {
          "reference": "string",
          "type": "string"
        },
        "name": "string",
        "volumes": [
          {
            "bind": {
              "createHostPath": "bool",
              "propagation": "string",
              "selinux": "string"
            },
            "consistency": "string",
            "readOnly": "bool",
            "source": "string",
            "target": "string",
            "tmpfs": {
              "size": "int"
            },
            "type": "string",
            "volume": {
              "nocopy": "bool"
            }
          }
        ]
      }
    ],
    "enableNodePublicIp": "bool",
    "personalComputeInstanceSettings": {
      "assignedUser": {
        "objectId": "string",
        "tenantId": "string"
      }
    },
    "schedules": {
      "computeStartStop": [
        {
          "action": "string",
          "cron": {
            "expression": "string",
            "startTime": "string",
            "timeZone": "string"
          },
          "recurrence": {
            "frequency": "string",
            "interval": "int",
            "schedule": {
              "hours": [ "int" ],
              "minutes": [ "int" ],
              "monthDays": [ "int" ],
              "weekDays": [ "string" ]
            },
            "startTime": "string",
            "timeZone": "string"
          },
          "schedule": {
            "id": "string",
            "provisioningStatus": "string",
            "status": "string"
          },
          "status": "string",
          "triggerType": "string"
        }
      ]
    },
    "setupScripts": {
      "scripts": {
        "creationScript": {
          "scriptArguments": "string",
          "scriptData": "string",
          "scriptSource": "string",
          "timeout": "string"
        },
        "startupScript": {
          "scriptArguments": "string",
          "scriptData": "string",
          "scriptSource": "string",
          "timeout": "string"
        }
      }
    },
    "sshSettings": {
      "adminPublicKey": "string",
      "sshPublicAccess": "string"
    },
    "subnet": {
      "id": "string"
    },
    "vmSize": "string"
  }
}

For DataFactory, use:

{
  "computeType": "DataFactory"
}

For DataLakeAnalytics, use:

{
  "computeType": "DataLakeAnalytics",
  "properties": {
    "dataLakeStoreAccountName": "string"
  }
}

For Databricks, use:

{
  "computeType": "Databricks",
  "properties": {
    "databricksAccessToken": "string",
    "workspaceUrl": "string"
  }
}

For HDInsight, use:

{
  "computeType": "HDInsight",
  "properties": {
    "address": "string",
    "administratorAccount": {
      "password": "string",
      "privateKeyData": "string",
      "publicKeyData": "string",
      "username": "string"
    },
    "sshPort": "int"
  }
}

For Kubernetes, use:

{
  "computeType": "Kubernetes",
  "properties": {
    "defaultInstanceType": "string",
    "extensionInstanceReleaseTrain": "string",
    "extensionPrincipalId": "string",
    "instanceTypes": {
      "{customized property}": {
        "nodeSelector": {
          "{customized property}": "string"
        },
        "resources": {
          "limits": {
            "{customized property}": "string"
          },
          "requests": {
            "{customized property}": "string"
          }
        }
      }
    },
    "namespace": "string",
    "relayConnectionString": "string",
    "serviceBusConnectionString": "string",
    "vcName": "string"
  }
}

For SynapseSpark, use:

{
  "computeType": "SynapseSpark",
  "properties": {
    "autoPauseProperties": {
      "delayInMinutes": "int",
      "enabled": "bool"
    },
    "autoScaleProperties": {
      "enabled": "bool",
      "maxNodeCount": "int",
      "minNodeCount": "int"
    },
    "nodeCount": "int",
    "nodeSize": "string",
    "nodeSizeFamily": "string",
    "poolName": "string",
    "resourceGroup": "string",
    "sparkVersion": "string",
    "subscriptionId": "string",
    "workspaceName": "string"
  }
}

For VirtualMachine, use:

{
  "computeType": "VirtualMachine",
  "properties": {
    "address": "string",
    "administratorAccount": {
      "password": "string",
      "privateKeyData": "string",
      "publicKeyData": "string",
      "username": "string"
    },
    "isNotebookInstanceCompute": "bool",
    "notebookServerPort": "int",
    "sshPort": "int",
    "virtualMachineSize": "string"
  }
}

Property values

AKS

Name Description Value
computeType The type of compute 'AKS' (required)
properties AKS properties AKSSchemaProperties

AksNetworkingConfiguration

Name Description Value
dnsServiceIP An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. string

Constraints:
Pattern = ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
dockerBridgeCidr A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range. string

Constraints:
Pattern = ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$
serviceCidr A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. string

Constraints:
Pattern = ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$
subnetId Virtual network subnet resource ID the compute nodes belong to string

AKSSchemaProperties

Name Description Value
agentCount Number of agents int

Constraints:
Min value = 0
agentVmSize Agent virtual machine size string
aksNetworkingConfiguration AKS networking configuration for vnet AksNetworkingConfiguration
clusterFqdn Cluster full qualified domain name string
clusterPurpose Intended usage of the cluster 'DenseProd'
'DevTest'
'FastProd'
loadBalancerSubnet Load Balancer Subnet string
loadBalancerType Load Balancer Type 'InternalLoadBalancer'
'PublicIp'
sslConfiguration SSL configuration SslConfiguration

AmlCompute

Name Description Value
computeType The type of compute 'AmlCompute' (required)
properties Properties of AmlCompute AmlComputeProperties

AmlComputeProperties

Name Description Value
enableNodePublicIp Enable or disable node public IP address provisioning. Possible values are: Possible values are: true - Indicates that the compute nodes will have public IPs provisioned. false - Indicates that the compute nodes will have a private endpoint and no public IPs. bool
isolatedNetwork Network is isolated or not bool
osType Compute OS Type 'Linux'
'Windows'
propertyBag A property bag containing additional properties. any
remoteLoginPortPublicAccess State of the public SSH port. Possible values are: Disabled - Indicates that the public ssh port is closed on all nodes of the cluster. Enabled - Indicates that the public ssh port is open on all nodes of the cluster. NotSpecified - Indicates that the public ssh port is closed on all nodes of the cluster if VNet is defined, else is open all public nodes. It can be default only during cluster creation time, after creation it will be either enabled or disabled. 'Disabled'
'Enabled'
'NotSpecified'
scaleSettings Scale settings for AML Compute ScaleSettings
subnet Virtual network subnet resource ID the compute nodes belong to. ResourceId
userAccountCredentials Credentials for an administrator user account that will be created on each compute node. UserAccountCredentials
virtualMachineImage Virtual Machine image for AML Compute - windows only VirtualMachineImage
vmPriority Virtual Machine priority 'Dedicated'
'LowPriority'
vmSize Virtual Machine Size string

AssignedUser

Name Description Value
objectId User’s AAD Object Id. string (required)
tenantId User’s AAD Tenant Id. string (required)

AutoPauseProperties

Name Description Value
delayInMinutes int
enabled bool

AutoScaleProperties

Name Description Value
enabled bool
maxNodeCount int
minNodeCount int

BindOptions

Name Description Value
createHostPath Indicate whether to create host path. bool
propagation Type of Bind Option string
selinux Mention the selinux options. string

Compute

Name Description Value
computeLocation Location for the underlying compute string
computeType Set to 'AKS' for type AKS. Set to 'AmlCompute' for type AmlCompute. Set to 'ComputeInstance' for type ComputeInstance. Set to 'DataFactory' for type DataFactory. Set to 'DataLakeAnalytics' for type DataLakeAnalytics. Set to 'Databricks' for type Databricks. Set to 'HDInsight' for type HDInsight. Set to 'Kubernetes' for type Kubernetes. Set to 'SynapseSpark' for type SynapseSpark. Set to 'VirtualMachine' for type VirtualMachine. 'AKS'
'AmlCompute'
'ComputeInstance'
'Databricks'
'DataFactory'
'DataLakeAnalytics'
'HDInsight'
'Kubernetes'
'SynapseSpark'
'VirtualMachine' (required)
description The description of the Machine Learning compute. string
disableLocalAuth Opt-out of local authentication and ensure customers can use only MSI and AAD exclusively for authentication. bool
resourceId ARM resource id of the underlying compute string

ComputeInstance

Name Description Value
computeType The type of compute 'ComputeInstance' (required)
properties Properties of ComputeInstance ComputeInstanceProperties

ComputeInstanceProperties

Name Description Value
applicationSharingPolicy Policy for sharing applications on this compute instance among users of parent workspace. If Personal, only the creator can access applications on this compute instance. When Shared, any workspace user can access applications on this instance depending on his/her assigned role. 'Personal'
'Shared'
computeInstanceAuthorizationType The Compute Instance Authorization type. Available values are personal (default). 'personal'
customServices List of Custom Services added to the compute. CustomService[]
enableNodePublicIp Enable or disable node public IP address provisioning. Possible values are: Possible values are: true - Indicates that the compute nodes will have public IPs provisioned. false - Indicates that the compute nodes will have a private endpoint and no public IPs. bool
personalComputeInstanceSettings Settings for a personal compute instance. PersonalComputeInstanceSettings
schedules The list of schedules to be applied on the computes. ComputeSchedules
setupScripts Details of customized scripts to execute for setting up the cluster. SetupScripts
sshSettings Specifies policy and settings for SSH access. ComputeInstanceSshSettings
subnet Virtual network subnet resource ID the compute nodes belong to. ResourceId
vmSize Virtual Machine Size string

ComputeInstanceSshSettings

Name Description Value
adminPublicKey Specifies the SSH rsa public key file as a string. Use "ssh-keygen -t rsa -b 2048" to generate your SSH key pairs. string
sshPublicAccess State of the public SSH port. Possible values are: Disabled - Indicates that the public ssh port is closed on this instance. Enabled - Indicates that the public ssh port is open and accessible according to the VNet/subnet policy if applicable. 'Disabled'
'Enabled'

ComputeRecurrenceSchedule

Name Description Value
hours [Required] List of hours for the schedule. int[] (required)
minutes [Required] List of minutes for the schedule. int[] (required)
monthDays List of month days for the schedule int[]
weekDays List of days for the schedule. String array containing any of:
'Friday'
'Monday'
'Saturday'
'Sunday'
'Thursday'
'Tuesday'
'Wednesday'

ComputeResourceTags

Name Description Value

ComputeSchedules

Name Description Value
computeStartStop The list of compute start stop schedules to be applied. ComputeStartStopSchedule[]

ComputeStartStopSchedule

Name Description Value
action [Required] The compute power action. 'Start'
'Stop'
cron Required if triggerType is Cron. Cron
recurrence Required if triggerType is Recurrence. Recurrence
schedule [Deprecated] Not used any more. ScheduleBase
status Is the schedule enabled or disabled? 'Disabled'
'Enabled'
triggerType [Required] The schedule trigger type. 'Cron'
'Recurrence'

Cron

Name Description Value
expression [Required] Specifies cron expression of schedule.
The expression should follow NCronTab format.
string
startTime The start time in yyyy-MM-ddTHH:mm:ss format. string
timeZone Specifies time zone in which the schedule runs.
TimeZone should follow Windows time zone format. Refer: /windows-hardware/manufacture/desktop/default-time-zones?view=windows-11
string

CustomService

Name Description Value
docker Describes the docker settings for the image Docker
endpoints Configuring the endpoints for the container Endpoint[]
environmentVariables Environment Variable for the container CustomServiceEnvironmentVariables
image Describes the Image Specifications Image
name Name of the Custom Service string
volumes Configuring the volumes for the container VolumeDefinition[]

CustomServiceEnvironmentVariables

Name Description Value

Databricks

Name Description Value
computeType The type of compute 'Databricks' (required)
properties Properties of Databricks DatabricksProperties

DatabricksProperties

Name Description Value
databricksAccessToken Databricks access token string
workspaceUrl Workspace Url string

DataFactory

Name Description Value
computeType The type of compute 'DataFactory' (required)

DataLakeAnalytics

Name Description Value
computeType The type of compute 'DataLakeAnalytics' (required)
properties DataLakeAnalyticsSchemaProperties

DataLakeAnalyticsSchemaProperties

Name Description Value
dataLakeStoreAccountName DataLake Store Account Name string

Docker

Name Description Value
privileged Indicate whether container shall run in privileged or non-privileged mode. bool

Endpoint

Name Description Value
hostIp Host IP over which the application is exposed from the container string
name Name of the Endpoint string
protocol Protocol over which communication will happen over this endpoint 'http'
'tcp'
'udp'
published Port over which the application is exposed from container. int
target Application port inside the container. int

EnvironmentVariable

Name Description Value
type Type of the Environment Variable. Possible values are: local - For local variable 'local'
value Value of the Environment variable string

HDInsight

Name Description Value
computeType The type of compute 'HDInsight' (required)
properties HDInsight compute properties HDInsightProperties

HDInsightProperties

Name Description Value
address Public IP address of the master node of the cluster. string
administratorAccount Admin credentials for master node of the cluster VirtualMachineSshCredentials
sshPort Port open for ssh connections on the master node of the cluster. int

Image

Name Description Value
reference Image reference string
type Type of the image. Possible values are: docker - For docker images. azureml - For AzureML images 'azureml'
'docker'

InstanceResourceSchema

Name Description Value

InstanceResourceSchema

Name Description Value

InstanceTypeSchema

Name Description Value
nodeSelector Node Selector InstanceTypeSchemaNodeSelector
resources Resource requests/limits for this instance type InstanceTypeSchemaResources

InstanceTypeSchemaNodeSelector

Name Description Value

InstanceTypeSchemaResources

Name Description Value
limits Resource limits for this instance type InstanceResourceSchema
requests Resource requests for this instance type InstanceResourceSchema

Kubernetes

Name Description Value
computeType The type of compute 'Kubernetes' (required)
properties Properties of Kubernetes KubernetesProperties

KubernetesProperties

Name Description Value
defaultInstanceType Default instance type string
extensionInstanceReleaseTrain Extension instance release train. string
extensionPrincipalId Extension principal-id. string
instanceTypes Instance Type Schema KubernetesPropertiesInstanceTypes
namespace Compute namespace string
relayConnectionString Relay connection string. string

Constraints:
Sensitive value. Pass in as a secure parameter.
serviceBusConnectionString ServiceBus connection string. string

Constraints:
Sensitive value. Pass in as a secure parameter.
vcName VC name. string

KubernetesPropertiesInstanceTypes

Name Description Value

ManagedServiceIdentity

Name Description Value
type Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). 'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' (required)
userAssignedIdentities The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. UserAssignedIdentities

Microsoft.MachineLearningServices/workspaces/computes

Name Description Value
apiVersion The api version '2024-10-01'
identity The identity of the resource. ManagedServiceIdentity
location Specifies the location of the resource. string
name The resource name string (required)
properties Compute properties Compute
sku The sku of the workspace. Sku
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.MachineLearningServices/workspaces/computes'

PersonalComputeInstanceSettings

Name Description Value
assignedUser A user explicitly assigned to a personal compute instance. AssignedUser

Recurrence

Name Description Value
frequency [Required] The frequency to trigger schedule. 'Day'
'Hour'
'Minute'
'Month'
'Week'
interval [Required] Specifies schedule interval in conjunction with frequency int
schedule [Required] The recurrence schedule. ComputeRecurrenceSchedule
startTime The start time in yyyy-MM-ddTHH:mm:ss format. string
timeZone Specifies time zone in which the schedule runs.
TimeZone should follow Windows time zone format. Refer: /windows-hardware/manufacture/desktop/default-time-zones?view=windows-11
string

ResourceId

Name Description Value
id The ID of the resource string (required)

ScaleSettings

Name Description Value
maxNodeCount Max number of nodes to use int (required)
minNodeCount Min number of nodes to use int
nodeIdleTimeBeforeScaleDown Node Idle Time before scaling down amlCompute. This string needs to be in the RFC Format. string

ScheduleBase

Name Description Value
id A system assigned id for the schedule. string
provisioningStatus The current deployment state of schedule. 'Completed'
'Failed'
'Provisioning'
status Is the schedule enabled or disabled? 'Disabled'
'Enabled'

ScriptReference

Name Description Value
scriptArguments Optional command line arguments passed to the script to run. string
scriptData The location of scripts in the mounted volume. string
scriptSource The storage source of the script: workspace. string
timeout Optional time period passed to timeout command. string

ScriptsToExecute

Name Description Value
creationScript Script that's run only once during provision of the compute. ScriptReference
startupScript Script that's run every time the machine starts. ScriptReference

SetupScripts

Name Description Value
scripts Customized setup scripts ScriptsToExecute

Sku

Name Description Value
capacity If the SKU supports scale out/in then the capacity integer should be included. If scale out/in is not possible for the resource this may be omitted. int
family If the service has different generations of hardware, for the same SKU, then that can be captured here. string
name The name of the SKU. Ex - P3. It is typically a letter+number code string (required)
size The SKU size. When the name field is the combination of tier and some other value, this would be the standalone code. string
tier This field is required to be implemented by the Resource Provider if the service has more than one tier, but is not required on a PUT. 'Basic'
'Free'
'Premium'
'Standard'

SslConfiguration

Name Description Value
cert Cert data string

Constraints:
Sensitive value. Pass in as a secure parameter.
cname CNAME of the cert string
key Key data string

Constraints:
Sensitive value. Pass in as a secure parameter.
leafDomainLabel Leaf domain label of public endpoint string
overwriteExistingDomain Indicates whether to overwrite existing domain label. bool
status Enable or disable ssl for scoring 'Auto'
'Disabled'
'Enabled'

SynapseSpark

Name Description Value
computeType The type of compute 'SynapseSpark' (required)
properties SynapseSparkProperties

SynapseSparkProperties

Name Description Value
autoPauseProperties Auto pause properties. AutoPauseProperties
autoScaleProperties Auto scale properties. AutoScaleProperties
nodeCount The number of compute nodes currently assigned to the compute. int
nodeSize Node size. string
nodeSizeFamily Node size family. string
poolName Pool name. string
resourceGroup Name of the resource group in which workspace is located. string
sparkVersion Spark version. string
subscriptionId Azure subscription identifier. string
workspaceName Name of Azure Machine Learning workspace. string

TmpfsOptions

Name Description Value
size Mention the Tmpfs size int

UserAccountCredentials

Name Description Value
adminUserName Name of the administrator user account which can be used to SSH to nodes. string (required)
adminUserPassword Password of the administrator user account. string

Constraints:
Sensitive value. Pass in as a secure parameter.
adminUserSshPublicKey SSH public key of the administrator user account. string

Constraints:
Sensitive value. Pass in as a secure parameter.

UserAssignedIdentities

Name Description Value

UserAssignedIdentity

Name Description Value

VirtualMachine

Name Description Value
computeType The type of compute 'VirtualMachine' (required)
properties VirtualMachineSchemaProperties

VirtualMachineImage

Name Description Value
id Virtual Machine image path string (required)

VirtualMachineSchemaProperties

Name Description Value
address Public IP address of the virtual machine. string
administratorAccount Admin credentials for virtual machine VirtualMachineSshCredentials
isNotebookInstanceCompute Indicates whether this compute will be used for running notebooks. bool
notebookServerPort Notebook server port open for ssh connections. int
sshPort Port open for ssh connections. int
virtualMachineSize Virtual Machine size string

VirtualMachineSshCredentials

Name Description Value
password Password of admin account string
privateKeyData Private key data string

Constraints:
Sensitive value. Pass in as a secure parameter.
publicKeyData Public key data string

Constraints:
Sensitive value. Pass in as a secure parameter.
username Username of admin account string

VolumeDefinition

Name Description Value
bind Bind Options of the mount BindOptions
consistency Consistency of the volume string
readOnly Indicate whether to mount volume as readOnly. Default value for this is false. bool
source Source of the mount. For bind mounts this is the host path. string
target Target of the mount. For bind mounts this is the path in the container. string
tmpfs tmpfs option of the mount TmpfsOptions
type Type of Volume Definition. Possible Values: bind,volume,tmpfs,npipe 'bind'
'npipe'
'tmpfs'
'volume'
volume Volume Options of the mount VolumeOptions

VolumeOptions

Name Description Value
nocopy Indicate whether volume is nocopy bool

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Azure Machine Learning end-to-end secure setup

Deploy to Azure
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Azure Machine Learning end-to-end secure setup (legacy)

Deploy to Azure
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Create a LinkedService in Azure Machine Learning workspace

Deploy to Azure
This template creates a LinkedService in an existing Azure Machine Learning workspace.
Create a Machine Learning Service ADLA Compute

Deploy to Azure
This template creates a Machine Learning Service ADLA Compute.
Create a Machine Learning Service Aks Compute

Deploy to Azure
This template creates a Machine Learning Service Aks Compute.
Create a Machine Learning Service DSVM Compute

Deploy to Azure
This template creates a Machine Learning Service DSVM Compute.
Create a Machine Learning Service HDInsight cluster

Deploy to Azure
This template creates a Machine Learning Service HDInsight cluster
Create an AKS compute target with a Private IP address

Deploy to Azure
This template creates an AKS compute target in given Azure Machine Learning service workspace with a private IP address.
Create an Azure Machine Learning aks compute

Deploy to Azure
This template creates an Azure Machine Learning aks compute.
Create an Azure Machine Learning compute cluster

Deploy to Azure
This template creates an Azure Machine Learning compute cluster.
Create an Azure Machine Learning compute instance

Deploy to Azure
This template creates an Azure Machine Learning compute instance on behalf of another user with a sample inline setup script

Terraform (AzAPI provider) resource definition

The workspaces/computes resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.MachineLearningServices/workspaces/computes resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.MachineLearningServices/workspaces/computes@2024-10-01"
  name = "string"
  identity = {
    type = "string"
    userAssignedIdentities = {
      {customized property} = {
      }
    }
  }
  location = "string"
  sku = {
    capacity = int
    family = "string"
    name = "string"
    size = "string"
    tier = "string"
  }
  tags = {
    {customized property} = "string"
  }
  body = jsonencode({
    properties = {
      computeLocation = "string"
      description = "string"
      disableLocalAuth = bool
      resourceId = "string"
      computeType = "string"
      // For remaining properties, see Compute objects
    }
  })
}

Compute objects

Set the computeType property to specify the type of object.

For AKS, use:

{
  computeType = "AKS"
  properties = {
    agentCount = int
    agentVmSize = "string"
    aksNetworkingConfiguration = {
      dnsServiceIP = "string"
      dockerBridgeCidr = "string"
      serviceCidr = "string"
      subnetId = "string"
    }
    clusterFqdn = "string"
    clusterPurpose = "string"
    loadBalancerSubnet = "string"
    loadBalancerType = "string"
    sslConfiguration = {
      cert = "string"
      cname = "string"
      key = "string"
      leafDomainLabel = "string"
      overwriteExistingDomain = bool
      status = "string"
    }
  }
}

For AmlCompute, use:

{
  computeType = "AmlCompute"
  properties = {
    enableNodePublicIp = bool
    isolatedNetwork = bool
    osType = "string"
    propertyBag = ?
    remoteLoginPortPublicAccess = "string"
    scaleSettings = {
      maxNodeCount = int
      minNodeCount = int
      nodeIdleTimeBeforeScaleDown = "string"
    }
    subnet = {
      id = "string"
    }
    userAccountCredentials = {
      adminUserName = "string"
      adminUserPassword = "string"
      adminUserSshPublicKey = "string"
    }
    virtualMachineImage = {
      id = "string"
    }
    vmPriority = "string"
    vmSize = "string"
  }
}

For ComputeInstance, use:

{
  computeType = "ComputeInstance"
  properties = {
    applicationSharingPolicy = "string"
    computeInstanceAuthorizationType = "string"
    customServices = [
      {
        docker = {
          privileged = bool
        }
        endpoints = [
          {
            hostIp = "string"
            name = "string"
            protocol = "string"
            published = int
            target = int
          }
        ]
        environmentVariables = {
          {customized property} = {
            type = "string"
            value = "string"
          }
        }
        image = {
          reference = "string"
          type = "string"
        }
        name = "string"
        volumes = [
          {
            bind = {
              createHostPath = bool
              propagation = "string"
              selinux = "string"
            }
            consistency = "string"
            readOnly = bool
            source = "string"
            target = "string"
            tmpfs = {
              size = int
            }
            type = "string"
            volume = {
              nocopy = bool
            }
          }
        ]
      }
    ]
    enableNodePublicIp = bool
    personalComputeInstanceSettings = {
      assignedUser = {
        objectId = "string"
        tenantId = "string"
      }
    }
    schedules = {
      computeStartStop = [
        {
          action = "string"
          cron = {
            expression = "string"
            startTime = "string"
            timeZone = "string"
          }
          recurrence = {
            frequency = "string"
            interval = int
            schedule = {
              hours = [
                int
              ]
              minutes = [
                int
              ]
              monthDays = [
                int
              ]
              weekDays = [
                "string"
              ]
            }
            startTime = "string"
            timeZone = "string"
          }
          schedule = {
            id = "string"
            provisioningStatus = "string"
            status = "string"
          }
          status = "string"
          triggerType = "string"
        }
      ]
    }
    setupScripts = {
      scripts = {
        creationScript = {
          scriptArguments = "string"
          scriptData = "string"
          scriptSource = "string"
          timeout = "string"
        }
        startupScript = {
          scriptArguments = "string"
          scriptData = "string"
          scriptSource = "string"
          timeout = "string"
        }
      }
    }
    sshSettings = {
      adminPublicKey = "string"
      sshPublicAccess = "string"
    }
    subnet = {
      id = "string"
    }
    vmSize = "string"
  }
}

For DataFactory, use:

{
  computeType = "DataFactory"
}

For DataLakeAnalytics, use:

{
  computeType = "DataLakeAnalytics"
  properties = {
    dataLakeStoreAccountName = "string"
  }
}

For Databricks, use:

{
  computeType = "Databricks"
  properties = {
    databricksAccessToken = "string"
    workspaceUrl = "string"
  }
}

For HDInsight, use:

{
  computeType = "HDInsight"
  properties = {
    address = "string"
    administratorAccount = {
      password = "string"
      privateKeyData = "string"
      publicKeyData = "string"
      username = "string"
    }
    sshPort = int
  }
}

For Kubernetes, use:

{
  computeType = "Kubernetes"
  properties = {
    defaultInstanceType = "string"
    extensionInstanceReleaseTrain = "string"
    extensionPrincipalId = "string"
    instanceTypes = {
      {customized property} = {
        nodeSelector = {
          {customized property} = "string"
        }
        resources = {
          limits = {
            {customized property} = "string"
          }
          requests = {
            {customized property} = "string"
          }
        }
      }
    }
    namespace = "string"
    relayConnectionString = "string"
    serviceBusConnectionString = "string"
    vcName = "string"
  }
}

For SynapseSpark, use:

{
  computeType = "SynapseSpark"
  properties = {
    autoPauseProperties = {
      delayInMinutes = int
      enabled = bool
    }
    autoScaleProperties = {
      enabled = bool
      maxNodeCount = int
      minNodeCount = int
    }
    nodeCount = int
    nodeSize = "string"
    nodeSizeFamily = "string"
    poolName = "string"
    resourceGroup = "string"
    sparkVersion = "string"
    subscriptionId = "string"
    workspaceName = "string"
  }
}

For VirtualMachine, use:

{
  computeType = "VirtualMachine"
  properties = {
    address = "string"
    administratorAccount = {
      password = "string"
      privateKeyData = "string"
      publicKeyData = "string"
      username = "string"
    }
    isNotebookInstanceCompute = bool
    notebookServerPort = int
    sshPort = int
    virtualMachineSize = "string"
  }
}

Property values

AKS

Name Description Value
computeType The type of compute 'AKS' (required)
properties AKS properties AKSSchemaProperties

AksNetworkingConfiguration

Name Description Value
dnsServiceIP An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. string

Constraints:
Pattern = ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
dockerBridgeCidr A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range. string

Constraints:
Pattern = ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$
serviceCidr A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. string

Constraints:
Pattern = ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$
subnetId Virtual network subnet resource ID the compute nodes belong to string

AKSSchemaProperties

Name Description Value
agentCount Number of agents int

Constraints:
Min value = 0
agentVmSize Agent virtual machine size string
aksNetworkingConfiguration AKS networking configuration for vnet AksNetworkingConfiguration
clusterFqdn Cluster full qualified domain name string
clusterPurpose Intended usage of the cluster 'DenseProd'
'DevTest'
'FastProd'
loadBalancerSubnet Load Balancer Subnet string
loadBalancerType Load Balancer Type 'InternalLoadBalancer'
'PublicIp'
sslConfiguration SSL configuration SslConfiguration

AmlCompute

Name Description Value
computeType The type of compute 'AmlCompute' (required)
properties Properties of AmlCompute AmlComputeProperties

AmlComputeProperties

Name Description Value
enableNodePublicIp Enable or disable node public IP address provisioning. Possible values are: Possible values are: true - Indicates that the compute nodes will have public IPs provisioned. false - Indicates that the compute nodes will have a private endpoint and no public IPs. bool
isolatedNetwork Network is isolated or not bool
osType Compute OS Type 'Linux'
'Windows'
propertyBag A property bag containing additional properties. any
remoteLoginPortPublicAccess State of the public SSH port. Possible values are: Disabled - Indicates that the public ssh port is closed on all nodes of the cluster. Enabled - Indicates that the public ssh port is open on all nodes of the cluster. NotSpecified - Indicates that the public ssh port is closed on all nodes of the cluster if VNet is defined, else is open all public nodes. It can be default only during cluster creation time, after creation it will be either enabled or disabled. 'Disabled'
'Enabled'
'NotSpecified'
scaleSettings Scale settings for AML Compute ScaleSettings
subnet Virtual network subnet resource ID the compute nodes belong to. ResourceId
userAccountCredentials Credentials for an administrator user account that will be created on each compute node. UserAccountCredentials
virtualMachineImage Virtual Machine image for AML Compute - windows only VirtualMachineImage
vmPriority Virtual Machine priority 'Dedicated'
'LowPriority'
vmSize Virtual Machine Size string

AssignedUser

Name Description Value
objectId User’s AAD Object Id. string (required)
tenantId User’s AAD Tenant Id. string (required)

AutoPauseProperties

Name Description Value
delayInMinutes int
enabled bool

AutoScaleProperties

Name Description Value
enabled bool
maxNodeCount int
minNodeCount int

BindOptions

Name Description Value
createHostPath Indicate whether to create host path. bool
propagation Type of Bind Option string
selinux Mention the selinux options. string

Compute

Name Description Value
computeLocation Location for the underlying compute string
computeType Set to 'AKS' for type AKS. Set to 'AmlCompute' for type AmlCompute. Set to 'ComputeInstance' for type ComputeInstance. Set to 'DataFactory' for type DataFactory. Set to 'DataLakeAnalytics' for type DataLakeAnalytics. Set to 'Databricks' for type Databricks. Set to 'HDInsight' for type HDInsight. Set to 'Kubernetes' for type Kubernetes. Set to 'SynapseSpark' for type SynapseSpark. Set to 'VirtualMachine' for type VirtualMachine. 'AKS'
'AmlCompute'
'ComputeInstance'
'Databricks'
'DataFactory'
'DataLakeAnalytics'
'HDInsight'
'Kubernetes'
'SynapseSpark'
'VirtualMachine' (required)
description The description of the Machine Learning compute. string
disableLocalAuth Opt-out of local authentication and ensure customers can use only MSI and AAD exclusively for authentication. bool
resourceId ARM resource id of the underlying compute string

ComputeInstance

Name Description Value
computeType The type of compute 'ComputeInstance' (required)
properties Properties of ComputeInstance ComputeInstanceProperties

ComputeInstanceProperties

Name Description Value
applicationSharingPolicy Policy for sharing applications on this compute instance among users of parent workspace. If Personal, only the creator can access applications on this compute instance. When Shared, any workspace user can access applications on this instance depending on his/her assigned role. 'Personal'
'Shared'
computeInstanceAuthorizationType The Compute Instance Authorization type. Available values are personal (default). 'personal'
customServices List of Custom Services added to the compute. CustomService[]
enableNodePublicIp Enable or disable node public IP address provisioning. Possible values are: Possible values are: true - Indicates that the compute nodes will have public IPs provisioned. false - Indicates that the compute nodes will have a private endpoint and no public IPs. bool
personalComputeInstanceSettings Settings for a personal compute instance. PersonalComputeInstanceSettings
schedules The list of schedules to be applied on the computes. ComputeSchedules
setupScripts Details of customized scripts to execute for setting up the cluster. SetupScripts
sshSettings Specifies policy and settings for SSH access. ComputeInstanceSshSettings
subnet Virtual network subnet resource ID the compute nodes belong to. ResourceId
vmSize Virtual Machine Size string

ComputeInstanceSshSettings

Name Description Value
adminPublicKey Specifies the SSH rsa public key file as a string. Use "ssh-keygen -t rsa -b 2048" to generate your SSH key pairs. string
sshPublicAccess State of the public SSH port. Possible values are: Disabled - Indicates that the public ssh port is closed on this instance. Enabled - Indicates that the public ssh port is open and accessible according to the VNet/subnet policy if applicable. 'Disabled'
'Enabled'

ComputeRecurrenceSchedule

Name Description Value
hours [Required] List of hours for the schedule. int[] (required)
minutes [Required] List of minutes for the schedule. int[] (required)
monthDays List of month days for the schedule int[]
weekDays List of days for the schedule. String array containing any of:
'Friday'
'Monday'
'Saturday'
'Sunday'
'Thursday'
'Tuesday'
'Wednesday'

ComputeResourceTags

Name Description Value

ComputeSchedules

Name Description Value
computeStartStop The list of compute start stop schedules to be applied. ComputeStartStopSchedule[]

ComputeStartStopSchedule

Name Description Value
action [Required] The compute power action. 'Start'
'Stop'
cron Required if triggerType is Cron. Cron
recurrence Required if triggerType is Recurrence. Recurrence
schedule [Deprecated] Not used any more. ScheduleBase
status Is the schedule enabled or disabled? 'Disabled'
'Enabled'
triggerType [Required] The schedule trigger type. 'Cron'
'Recurrence'

Cron

Name Description Value
expression [Required] Specifies cron expression of schedule.
The expression should follow NCronTab format.
string
startTime The start time in yyyy-MM-ddTHH:mm:ss format. string
timeZone Specifies time zone in which the schedule runs.
TimeZone should follow Windows time zone format. Refer: /windows-hardware/manufacture/desktop/default-time-zones?view=windows-11
string

CustomService

Name Description Value
docker Describes the docker settings for the image Docker
endpoints Configuring the endpoints for the container Endpoint[]
environmentVariables Environment Variable for the container CustomServiceEnvironmentVariables
image Describes the Image Specifications Image
name Name of the Custom Service string
volumes Configuring the volumes for the container VolumeDefinition[]

CustomServiceEnvironmentVariables

Name Description Value

Databricks

Name Description Value
computeType The type of compute 'Databricks' (required)
properties Properties of Databricks DatabricksProperties

DatabricksProperties

Name Description Value
databricksAccessToken Databricks access token string
workspaceUrl Workspace Url string

DataFactory

Name Description Value
computeType The type of compute 'DataFactory' (required)

DataLakeAnalytics

Name Description Value
computeType The type of compute 'DataLakeAnalytics' (required)
properties DataLakeAnalyticsSchemaProperties

DataLakeAnalyticsSchemaProperties

Name Description Value
dataLakeStoreAccountName DataLake Store Account Name string

Docker

Name Description Value
privileged Indicate whether container shall run in privileged or non-privileged mode. bool

Endpoint

Name Description Value
hostIp Host IP over which the application is exposed from the container string
name Name of the Endpoint string
protocol Protocol over which communication will happen over this endpoint 'http'
'tcp'
'udp'
published Port over which the application is exposed from container. int
target Application port inside the container. int

EnvironmentVariable

Name Description Value
type Type of the Environment Variable. Possible values are: local - For local variable 'local'
value Value of the Environment variable string

HDInsight

Name Description Value
computeType The type of compute 'HDInsight' (required)
properties HDInsight compute properties HDInsightProperties

HDInsightProperties

Name Description Value
address Public IP address of the master node of the cluster. string
administratorAccount Admin credentials for master node of the cluster VirtualMachineSshCredentials
sshPort Port open for ssh connections on the master node of the cluster. int

Image

Name Description Value
reference Image reference string
type Type of the image. Possible values are: docker - For docker images. azureml - For AzureML images 'azureml'
'docker'

InstanceResourceSchema

Name Description Value

InstanceResourceSchema

Name Description Value

InstanceTypeSchema

Name Description Value
nodeSelector Node Selector InstanceTypeSchemaNodeSelector
resources Resource requests/limits for this instance type InstanceTypeSchemaResources

InstanceTypeSchemaNodeSelector

Name Description Value

InstanceTypeSchemaResources

Name Description Value
limits Resource limits for this instance type InstanceResourceSchema
requests Resource requests for this instance type InstanceResourceSchema

Kubernetes

Name Description Value
computeType The type of compute 'Kubernetes' (required)
properties Properties of Kubernetes KubernetesProperties

KubernetesProperties

Name Description Value
defaultInstanceType Default instance type string
extensionInstanceReleaseTrain Extension instance release train. string
extensionPrincipalId Extension principal-id. string
instanceTypes Instance Type Schema KubernetesPropertiesInstanceTypes
namespace Compute namespace string
relayConnectionString Relay connection string. string

Constraints:
Sensitive value. Pass in as a secure parameter.
serviceBusConnectionString ServiceBus connection string. string

Constraints:
Sensitive value. Pass in as a secure parameter.
vcName VC name. string

KubernetesPropertiesInstanceTypes

Name Description Value

ManagedServiceIdentity

Name Description Value
type Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). 'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' (required)
userAssignedIdentities The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. UserAssignedIdentities

Microsoft.MachineLearningServices/workspaces/computes

Name Description Value
identity The identity of the resource. ManagedServiceIdentity
location Specifies the location of the resource. string
name The resource name string (required)
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: workspaces
properties Compute properties Compute
sku The sku of the workspace. Sku
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.MachineLearningServices/workspaces/computes@2024-10-01"

PersonalComputeInstanceSettings

Name Description Value
assignedUser A user explicitly assigned to a personal compute instance. AssignedUser

Recurrence

Name Description Value
frequency [Required] The frequency to trigger schedule. 'Day'
'Hour'
'Minute'
'Month'
'Week'
interval [Required] Specifies schedule interval in conjunction with frequency int
schedule [Required] The recurrence schedule. ComputeRecurrenceSchedule
startTime The start time in yyyy-MM-ddTHH:mm:ss format. string
timeZone Specifies time zone in which the schedule runs.
TimeZone should follow Windows time zone format. Refer: /windows-hardware/manufacture/desktop/default-time-zones?view=windows-11
string

ResourceId

Name Description Value
id The ID of the resource string (required)

ScaleSettings

Name Description Value
maxNodeCount Max number of nodes to use int (required)
minNodeCount Min number of nodes to use int
nodeIdleTimeBeforeScaleDown Node Idle Time before scaling down amlCompute. This string needs to be in the RFC Format. string

ScheduleBase

Name Description Value
id A system assigned id for the schedule. string
provisioningStatus The current deployment state of schedule. 'Completed'
'Failed'
'Provisioning'
status Is the schedule enabled or disabled? 'Disabled'
'Enabled'

ScriptReference

Name Description Value
scriptArguments Optional command line arguments passed to the script to run. string
scriptData The location of scripts in the mounted volume. string
scriptSource The storage source of the script: workspace. string
timeout Optional time period passed to timeout command. string

ScriptsToExecute

Name Description Value
creationScript Script that's run only once during provision of the compute. ScriptReference
startupScript Script that's run every time the machine starts. ScriptReference

SetupScripts

Name Description Value
scripts Customized setup scripts ScriptsToExecute

Sku

Name Description Value
capacity If the SKU supports scale out/in then the capacity integer should be included. If scale out/in is not possible for the resource this may be omitted. int
family If the service has different generations of hardware, for the same SKU, then that can be captured here. string
name The name of the SKU. Ex - P3. It is typically a letter+number code string (required)
size The SKU size. When the name field is the combination of tier and some other value, this would be the standalone code. string
tier This field is required to be implemented by the Resource Provider if the service has more than one tier, but is not required on a PUT. 'Basic'
'Free'
'Premium'
'Standard'

SslConfiguration

Name Description Value
cert Cert data string

Constraints:
Sensitive value. Pass in as a secure parameter.
cname CNAME of the cert string
key Key data string

Constraints:
Sensitive value. Pass in as a secure parameter.
leafDomainLabel Leaf domain label of public endpoint string
overwriteExistingDomain Indicates whether to overwrite existing domain label. bool
status Enable or disable ssl for scoring 'Auto'
'Disabled'
'Enabled'

SynapseSpark

Name Description Value
computeType The type of compute 'SynapseSpark' (required)
properties SynapseSparkProperties

SynapseSparkProperties

Name Description Value
autoPauseProperties Auto pause properties. AutoPauseProperties
autoScaleProperties Auto scale properties. AutoScaleProperties
nodeCount The number of compute nodes currently assigned to the compute. int
nodeSize Node size. string
nodeSizeFamily Node size family. string
poolName Pool name. string
resourceGroup Name of the resource group in which workspace is located. string
sparkVersion Spark version. string
subscriptionId Azure subscription identifier. string
workspaceName Name of Azure Machine Learning workspace. string

TmpfsOptions

Name Description Value
size Mention the Tmpfs size int

UserAccountCredentials

Name Description Value
adminUserName Name of the administrator user account which can be used to SSH to nodes. string (required)
adminUserPassword Password of the administrator user account. string

Constraints:
Sensitive value. Pass in as a secure parameter.
adminUserSshPublicKey SSH public key of the administrator user account. string

Constraints:
Sensitive value. Pass in as a secure parameter.

UserAssignedIdentities

Name Description Value

UserAssignedIdentity

Name Description Value

VirtualMachine

Name Description Value
computeType The type of compute 'VirtualMachine' (required)
properties VirtualMachineSchemaProperties

VirtualMachineImage

Name Description Value
id Virtual Machine image path string (required)

VirtualMachineSchemaProperties

Name Description Value
address Public IP address of the virtual machine. string
administratorAccount Admin credentials for virtual machine VirtualMachineSshCredentials
isNotebookInstanceCompute Indicates whether this compute will be used for running notebooks. bool
notebookServerPort Notebook server port open for ssh connections. int
sshPort Port open for ssh connections. int
virtualMachineSize Virtual Machine size string

VirtualMachineSshCredentials

Name Description Value
password Password of admin account string
privateKeyData Private key data string

Constraints:
Sensitive value. Pass in as a secure parameter.
publicKeyData Public key data string

Constraints:
Sensitive value. Pass in as a secure parameter.
username Username of admin account string

VolumeDefinition

Name Description Value
bind Bind Options of the mount BindOptions
consistency Consistency of the volume string
readOnly Indicate whether to mount volume as readOnly. Default value for this is false. bool
source Source of the mount. For bind mounts this is the host path. string
target Target of the mount. For bind mounts this is the path in the container. string
tmpfs tmpfs option of the mount TmpfsOptions
type Type of Volume Definition. Possible Values: bind,volume,tmpfs,npipe 'bind'
'npipe'
'tmpfs'
'volume'
volume Volume Options of the mount VolumeOptions

VolumeOptions

Name Description Value
nocopy Indicate whether volume is nocopy bool