Microsoft.MachineLearningServices workspaces/computes 2022-01-01-preview

Bicep resource definition

The workspaces/computes resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.MachineLearningServices/workspaces/computes resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.MachineLearningServices/workspaces/computes@2022-01-01-preview' = {
  name: 'string'
  location: 'string'
  tags: {
    tagName1: 'tagValue1'
    tagName2: 'tagValue2'
  sku: {
    name: 'string'
    tier: 'string'
  parent: resourceSymbolicName
  identity: {
    type: 'string'
    userAssignedIdentities: {
      {customized property}: {}
  properties: {
    computeLocation: 'string'
    description: 'string'
    disableLocalAuth: bool
    resourceId: 'string'
    computeType: 'string'
    // For remaining properties, see Compute objects

Compute objects

Set the computeType property to specify the type of object.

For AKS, use:

  computeType: 'AKS'
  properties: {
    agentCount: int
    agentVmSize: 'string'
    aksNetworkingConfiguration: {
      dnsServiceIP: 'string'
      dockerBridgeCidr: 'string'
      serviceCidr: 'string'
      subnetId: 'string'
    clusterFqdn: 'string'
    clusterPurpose: 'string'
    loadBalancerSubnet: 'string'
    loadBalancerType: 'string'
    sslConfiguration: {
      cert: 'string'
      cname: 'string'
      key: 'string'
      leafDomainLabel: 'string'
      overwriteExistingDomain: bool
      status: 'string'

For AmlCompute, use:

  computeType: 'AmlCompute'
  properties: {
    enableNodePublicIp: bool
    isolatedNetwork: bool
    osType: 'string'
    remoteLoginPortPublicAccess: 'string'
    scaleSettings: {
      maxNodeCount: int
      minNodeCount: int
      nodeIdleTimeBeforeScaleDown: 'string'
    subnet: {
      id: 'string'
    userAccountCredentials: {
      adminUserName: 'string'
      adminUserPassword: 'string'
      adminUserSshPublicKey: 'string'
    virtualMachineImage: {
      id: 'string'
    vmPriority: 'string'
    vmSize: 'string'

For ComputeInstance, use:

  computeType: 'ComputeInstance'
  properties: {
    applicationSharingPolicy: 'string'
    computeInstanceAuthorizationType: 'personal'
    personalComputeInstanceSettings: {
      assignedUser: {
        objectId: 'string'
        tenantId: 'string'
    setupScripts: {
      scripts: {
        creationScript: {
          scriptArguments: 'string'
          scriptData: 'string'
          scriptSource: 'string'
          timeout: 'string'
        startupScript: {
          scriptArguments: 'string'
          scriptData: 'string'
          scriptSource: 'string'
          timeout: 'string'
    sshSettings: {
      adminPublicKey: 'string'
      sshPublicAccess: 'string'
    subnet: {
      id: 'string'
    vmSize: 'string'

For Databricks, use:

  computeType: 'Databricks'
  properties: {
    databricksAccessToken: 'string'
    workspaceUrl: 'string'

For DataFactory, use:

  computeType: 'DataFactory'

For DataLakeAnalytics, use:

  computeType: 'DataLakeAnalytics'
  properties: {
    dataLakeStoreAccountName: 'string'

For HDInsight, use:

  computeType: 'HDInsight'
  properties: {
    address: 'string'
    administratorAccount: {
      password: 'string'
      privateKeyData: 'string'
      publicKeyData: 'string'
      username: 'string'
    sshPort: int

For Kubernetes, use:

  computeType: 'Kubernetes'
  properties: {
    defaultInstanceType: 'string'
    extensionInstanceReleaseTrain: 'string'
    extensionPrincipalId: 'string'
    instanceTypes: {
      {customized property}: {
        nodeSelector: {
          {customized property}: 'string'
        resources: {
          limits: {
            {customized property}: 'string'
          requests: {
            {customized property}: 'string'
    namespace: 'string'
    relayConnectionString: 'string'
    serviceBusConnectionString: 'string'
    vcName: 'string'

For SynapseSpark, use:

  computeType: 'SynapseSpark'
  properties: {
    autoPauseProperties: {
      delayInMinutes: int
      enabled: bool
    autoScaleProperties: {
      enabled: bool
      maxNodeCount: int
      minNodeCount: int
    nodeCount: int
    nodeSize: 'string'
    nodeSizeFamily: 'string'
    poolName: 'string'
    resourceGroup: 'string'
    sparkVersion: 'string'
    subscriptionId: 'string'
    workspaceName: 'string'

For VirtualMachine, use:

  computeType: 'VirtualMachine'
  properties: {
    address: 'string'
    administratorAccount: {
      password: 'string'
      privateKeyData: 'string'
      publicKeyData: 'string'
      username: 'string'
    isNotebookInstanceCompute: bool
    sshPort: int
    virtualMachineSize: 'string'

Property values


Name Description Value
name The resource name

See how to set names and types for child resources in Bicep.
string (required)

Character limit: 3-24 for compute instance
3-32 for AML compute
2-16 for other compute types

Valid characters:
Alphanumerics and hyphens.
location Specifies the location of the resource. string
tags Contains resource tags defined as key/value pairs. Dictionary of tag names and values. See Tags in templates
sku The sku of the workspace. Sku
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: workspaces
identity The identity of the resource. Identity
properties Compute properties Compute


Name Description Value
type The identity type. 'None'
userAssignedIdentities The user assigned identities associated with the resource. UserAssignedIdentities


Name Description Value
{customized property} UserAssignedIdentity


This object doesn't contain any properties to set during deployment. All properties are ReadOnly.


Name Description Value
computeLocation Location for the underlying compute string
description The description of the Machine Learning compute. string
disableLocalAuth Opt-out of local authentication and ensure customers can use only MSI and AAD exclusively for authentication. bool
resourceId ARM resource id of the underlying compute string
computeType Set the object type AKS
VirtualMachine (required)


Name Description Value
computeType The type of compute 'AKS' (required)
properties AKS properties AKSProperties


Name Description Value
agentCount Number of agents int

Min value = 0
agentVmSize Agent virtual machine size string
aksNetworkingConfiguration AKS networking configuration for vnet AksNetworkingConfiguration
clusterFqdn Cluster full qualified domain name string
clusterPurpose Intended usage of the cluster 'DenseProd'
loadBalancerSubnet Load Balancer Subnet string
loadBalancerType Load Balancer Type 'InternalLoadBalancer'
sslConfiguration SSL configuration SslConfiguration


Name Description Value
dnsServiceIP An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. string

Pattern = ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
dockerBridgeCidr A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range. string

Pattern = ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$
serviceCidr A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. string

Pattern = ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$
subnetId Virtual network subnet resource ID the compute nodes belong to string


Name Description Value
cert Cert data string
cname CNAME of the cert string
key Key data string
leafDomainLabel Leaf domain label of public endpoint string
overwriteExistingDomain Indicates whether to overwrite existing domain label. bool
status Enable or disable ssl for scoring 'Auto'


Name Description Value
computeType The type of compute 'AmlCompute' (required)
properties Properties of AmlCompute AmlComputeProperties


Name Description Value
enableNodePublicIp Enable or disable node public IP address provisioning. Possible values are: Possible values are: true - Indicates that the compute nodes will have public IPs provisioned. false - Indicates that the compute nodes will have a private endpoint and no public IPs. bool
isolatedNetwork Network is isolated or not bool
osType Compute OS Type 'Linux'
remoteLoginPortPublicAccess State of the public SSH port. Possible values are: Disabled - Indicates that the public ssh port is closed on all nodes of the cluster. Enabled - Indicates that the public ssh port is open on all nodes of the cluster. NotSpecified - Indicates that the public ssh port is closed on all nodes of the cluster if VNet is defined, else is open all public nodes. It can be default only during cluster creation time, after creation it will be either enabled or disabled. 'Disabled'
scaleSettings Scale settings for AML Compute ScaleSettings
subnet Virtual network subnet resource ID the compute nodes belong to. ResourceId
userAccountCredentials Credentials for an administrator user account that will be created on each compute node. UserAccountCredentials
virtualMachineImage Virtual Machine image for AML Compute - windows only VirtualMachineImage
vmPriority Virtual Machine priority 'Dedicated'
vmSize Virtual Machine Size string


Name Description Value
maxNodeCount Max number of nodes to use int (required)
minNodeCount Min number of nodes to use int
nodeIdleTimeBeforeScaleDown Node Idle Time before scaling down amlCompute. This string needs to be in the RFC Format. string


Name Description Value
id The ID of the resource string (required)


Name Description Value
adminUserName Name of the administrator user account which can be used to SSH to nodes. string (required)
adminUserPassword Password of the administrator user account. string
adminUserSshPublicKey SSH public key of the administrator user account. string


Name Description Value
id Virtual Machine image path string (required)


Name Description Value
computeType The type of compute 'ComputeInstance' (required)
properties Properties of ComputeInstance ComputeInstanceProperties


Name Description Value
applicationSharingPolicy Policy for sharing applications on this compute instance among users of parent workspace. If Personal, only the creator can access applications on this compute instance. When Shared, any workspace user can access applications on this instance depending on his/her assigned role. 'Personal'
computeInstanceAuthorizationType The Compute Instance Authorization type. Available values are personal (default). 'personal'
personalComputeInstanceSettings Settings for a personal compute instance. PersonalComputeInstanceSettings
setupScripts Details of customized scripts to execute for setting up the cluster. SetupScripts
sshSettings Specifies policy and settings for SSH access. ComputeInstanceSshSettings
subnet Virtual network subnet resource ID the compute nodes belong to. ResourceId
vmSize Virtual Machine Size string


Name Description Value
assignedUser A user explicitly assigned to a personal compute instance. AssignedUser


Name Description Value
objectId User’s AAD Object Id. string (required)
tenantId User’s AAD Tenant Id. string (required)


Name Description Value
scripts Customized setup scripts ScriptsToExecute


Name Description Value
creationScript Script that's run only once during provision of the compute. ScriptReference
startupScript Script that's run every time the machine starts. ScriptReference


Name Description Value
scriptArguments Optional command line arguments passed to the script to run. string
scriptData The location of scripts in the mounted volume. string
scriptSource The storage source of the script: inline, workspace. string
timeout Optional time period passed to timeout command. string


Name Description Value
adminPublicKey Specifies the SSH rsa public key file as a string. Use "ssh-keygen -t rsa -b 2048" to generate your SSH key pairs. string
sshPublicAccess State of the public SSH port. Possible values are: Disabled - Indicates that the public ssh port is closed on this instance. Enabled - Indicates that the public ssh port is open and accessible according to the VNet/subnet policy if applicable. 'Disabled'


Name Description Value
computeType The type of compute 'Databricks' (required)
properties Properties of Databricks DatabricksProperties


Name Description Value
databricksAccessToken Databricks access token string
workspaceUrl Workspace Url string


Name Description Value
computeType The type of compute 'DataFactory' (required)


Name Description Value
computeType The type of compute 'DataLakeAnalytics' (required)
properties DataLakeAnalyticsProperties


Name Description Value
dataLakeStoreAccountName DataLake Store Account Name string


Name Description Value
computeType The type of compute 'HDInsight' (required)
properties HDInsight compute properties HDInsightProperties


Name Description Value
address Public IP address of the master node of the cluster. string
administratorAccount Admin credentials for master node of the cluster VirtualMachineSshCredentials
sshPort Port open for ssh connections on the master node of the cluster. int


Name Description Value
password Password of admin account string
privateKeyData Private key data string
publicKeyData Public key data string
username Username of admin account string


Name Description Value
computeType The type of compute 'Kubernetes' (required)
properties Properties of Kubernetes KubernetesProperties


Name Description Value
defaultInstanceType Default instance type string
extensionInstanceReleaseTrain Extension instance release train. string
extensionPrincipalId Extension principal-id. string
instanceTypes Instance Type Schema KubernetesPropertiesInstanceTypes
namespace Compute namespace string
relayConnectionString Relay connection string. string

Sensitive value. Pass in as a secure parameter.
serviceBusConnectionString ServiceBus connection string. string

Sensitive value. Pass in as a secure parameter.
vcName VC name. string


Name Description Value
{customized property} InstanceTypeSchema


Name Description Value
nodeSelector Node Selector InstanceTypeSchemaNodeSelector
resources Resource requests/limits for this instance type InstanceTypeSchemaResources


Name Description Value
{customized property} string


Name Description Value
limits Resource limits for this instance type InstanceResourceSchema
requests Resource requests for this instance type InstanceResourceSchema


Name Description Value
{customized property} string


Name Description Value
computeType The type of compute 'SynapseSpark' (required)
properties SynapseSparkProperties


Name Description Value
autoPauseProperties Auto pause properties. AutoPauseProperties
autoScaleProperties Auto scale properties. AutoScaleProperties
nodeCount The number of compute nodes currently assigned to the compute. int
nodeSize Node size. string
nodeSizeFamily Node size family. string
poolName Pool name. string
resourceGroup Name of the resource group in which workspace is located. string
sparkVersion Spark version. string
subscriptionId Azure subscription identifier. string
workspaceName Name of Azure Machine Learning workspace. string


Name Description Value
delayInMinutes int
enabled bool


Name Description Value
enabled bool
maxNodeCount int
minNodeCount int


Name Description Value
computeType The type of compute 'VirtualMachine' (required)
properties VirtualMachineProperties


Name Description Value
address Public IP address of the virtual machine. string
administratorAccount Admin credentials for virtual machine VirtualMachineSshCredentials
isNotebookInstanceCompute Indicates whether this compute will be used for running notebooks. bool
sshPort Port open for ssh connections. int
virtualMachineSize Virtual Machine size string


Name Description Value
name Name of the sku string
tier Tier of the sku like Basic or Enterprise string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create a Machine Learning Service ADLA Compute

Deploy to Azure
This template creates a Machine Learning Service ADLA Compute.
Create a Machine Learning Service Aks Compute

Deploy to Azure
This template creates a Machine Learning Service Aks Compute.
Create a Machine Learning Service DSVM Compute

Deploy to Azure
This template creates a Machine Learning Service DSVM Compute.
Create a Machine Learning Service HDInsight cluster

Deploy to Azure
This template creates a Machine Learning Service HDInsight cluster
Create an Azure Machine Learning aks compute

Deploy to Azure
This template creates an Azure Machine Learning aks compute.
Create an Azure Machine Learning compute cluster

Deploy to Azure
This template creates an Azure Machine Learning compute cluster.
Create an Azure Machine Learning compute instance

Deploy to Azure
This template creates an Azure Machine Learning compute instance on behalf of another user with a sample inline setup script
Create a LinkedService in Azure Machine Learning workspace

Deploy to Azure
This template creates a LinkedService in an existing Azure Machine Learning workspace.
Create an AKS compute target with a Private IP address

Deploy to Azure
This template creates an AKS compute target in given Azure Machine Learning service workspace with a private IP address.

