Contact UsGet started

Creating a group of instances with fixed IP addresses

Written by
Updated at May 5, 2025

You can use tags and variables to create a group of VM instances with predefined internal and public IP addresses.

By default, all operations in Instance Groups are performed on behalf of a service account. If you don't have a service account, create one.

To be able to create, update, and delete VMs in the group, assign the compute.editor role to the service account.

To create a group of instances with fixed IP addresses:

  1. By default, all operations in Instance Groups are performed on behalf of a service account. If you don't have a service account, create one.

  2. Create a cloud network and subnets, e.g., in two availability zones, unless you already have them.

  3. To make VM instances in the group accessible from the internet, reserve the required number of static public IP addresses. For the example below, four IP addresses are enough.

  4. If you do not have the Yandex Cloud CLI yet, install and initialize it.

    The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.

  5. See the description of the CLI command for creating an instance group:

    yc compute instance-group create --help

  6. Select one of the Yandex Cloud Marketplace public images, e.g., Ubuntu 22.04 LTS.

    To get a list of available images using the CLI, run this command:

    yc compute image list --folder-id standard-images

    Result:

    +----------------------+-------------------------------------+--------------------------+----------------------+--------+
|          ID          |                NAME                 |          FAMILY          |     PRODUCT IDS      | STATUS |
+----------------------+-------------------------------------+--------------------------+----------------------+--------+
...
| fdvk34al8k5n******** | centos-7-1549279494                 | centos-7                 | dqni65lfhvv2******** | READY  |
| fdv7ooobjfl3******** | windows-2016-gvlk-1548913814        | windows-2016-gvlk        | dqnnc72gj2is******** | READY  |
| fdv4f5kv5cvf******** | ubuntu-1604-lts-1549457823          | ubuntu-1604-lts          | dqnnb6dc7640******** | READY  |
...
+----------------------+-------------------------------------+--------------------------+----------------------+--------+

    Where:

    • ID: Image ID.

    • NAME: Image name.

    • FAMILY: ID of the image family the image belongs to.

    • PRODUCT IDS: IDs of Yandex Cloud Marketplace products associated with the image.

    • STATUS: Current status of the image. It may take one of the following values:

      • STATUS_UNSPECIFIED: Image status is not defined.
      • CREATING: Image is being created.
      • READY: Image is ready to use.
      • ERROR: You cannot use the image due to an issue.
      • DELETING: Image is being deleted.

  7. Prepare a file with the YAML specification of the instance group and give it a name, e.g., specification.yaml.

    To assign fixed IP addresses to the instances in the group, add the following to the specification:

    • In the allocation_policy field, a nested zones field with paired zone_id and instance_tags_pool parameters for each of the availability zones where you will create VM instances. For example, if the VM instances of the group will be located in the ru-central1-a and ru-central1-b availability zones, the allocation_policy field will look like this:

      allocation_policy:
  zones:
    - zone_id: ru-central1-a
      instance_tags_pool:
      - <ru-central1-a_zone_tag_1>
      - <ru-central1-a_zone_tag_2>
    - zone_id: ru-central1-b
      instance_tags_pool:
      - <ru-central1-b_zone_tag_1>
      - <ru-central1-b_zone_tag_2>

      Where:

      • zone_id: Availability zone ID.
      • instance_tags_pool: List of unique tags for assigning IP addresses to the instances of the group. The tag value is used to generate instance names and variables with instance IP addresses. Make sure the number of tags for each availability zone matches the number of instances created in this zone. Examples of possible tag values: ru1-a1, ru1-b2, etc.

    • The variables field which lists variables used in templates to provide the IP addresses of the new instances to the instance group:

      variables:
  - key: ip_<ru-central1-a_zone_tag_1>
    value: <internal_IP_address_1>
  - key: external_ip_<ru-central1-a_zone_tag_1>
    value: <public_IP_address_1>
  ...
  - key: ip_<ru-central1-b_zone_tag_2>
    value: <internal_IP_address_4>
  - key: external_ip_<ru-central1-b_zone_tag_2>
    value: <public_IP_address_4>

      Where:

      • key: Variable name in <prefix>_<tag> format:

        • <prefix> indicates the IP address type. For example, you can use the ip prefix for internal addresses and external_ip for public ones.

        • <tag> value must fully match the value of the tag specified for this VM instance in the allocation_policy field, e.g., ru1-a1.

      • value: Variable value, an internal or public IP address of the new VM instance.

        Internal IP addresses must fall within the IP address range allocated to the specified subnet in the respective availability zone.

        If you are not going to assign public IP addresses to the group instances, do not specify variables with the external_ip prefix.

      For more information about using variables in an instance template, see Variables in an instance template.

    • In the instance_template.name field, the instance name with the tag template, e.g., sample-vm-{instance.tag}. After inserting tag values into this template, the instance names will look like this: sample-vm-ru1-a1, sample-vm-ru1-b2, etc.

    • In the instance_template.network_interface_specs field, subnet IDs and IP address templates:

      instance_template:
  ...
  network_interface_specs:
    - subnet_ids:
        - <ru-central1-a_subnet_ID>
        - <ru-central1-b_subnet_ID>
      primary_v4_address_spec:
        address: "{ip_{instance.tag}}"
        one_to_one_nat_spec:
          ip_version: IPV4
          address: "{<external_ip_{instance.tag}}"

      Where:

      • subnet_ids: List of IDs for the subnets to host the instances. You must specify one subnet in each availability zone where group instances will be created.
      • primary_v4_address_spec.address: Template for internal IP addresses. It will use the variable value specified for this VM instance in the variables field.
      • primary_v4_address_spec.one_to_one_nat_spec.address: Template for public IP addresses. It will use the variable value specified for this VM instance in the variables field.

      If you are not going to assign public IP addresses to the group instances, do not add the primary_v4_address_spec.one_to_one_nat_spec field to the specification.

    Here is a YAML specification example:

    service_account_id: <service_account_ID>
name: my-vm-group-with-fixed-ips
description: Example of using tags for managing ips. Created with CLI
scale_policy:
  fixed_scale:
    size: 4
deploy_policy:
  max_unavailable: 2
allocation_policy:
  zones:
    - zone_id: ru-central1-a
      instance_tags_pool:
      - ru1-a1
      - ru1-a2
    - zone_id: ru-central1-b
      instance_tags_pool:
      - ru1-b1
      - ru1-b2
variables:
  - key: ip_ru1-a1
    value: 192.168.2.5
  - key: external_ip_ru1-a1
    value: 84.201.***.**
  - key: ip_ru1-a2
    value: 192.168.2.15
  - key: external_ip_ru1-a2
    value: 130.193.**.**
  - key: ip_ru1-b1
    value: 192.168.1.5
  - key: external_ip_ru1-b1
    value: 84.201.***.**
  - key: ip_ru1-b2
    value: 192.168.1.15
  - key: external_ip_ru1-b2
    value: 84.201.***.*
instance_template:
  name: sample-vm-{instance.tag}
  platform_id: standard-v2
  resources_spec:
    memory: 2G
    cores: 2
  boot_disk_spec:
    mode: READ_WRITE
    disk_spec:
      image_id: fd8dlvgiatiqd8tt2qke
      type_id: network-hdd
      size: 20g
  network_interface_specs:
    - subnet_ids:
        - e2l3qffk0h6t********
        - e9bijtoprmcu********
      primary_v4_address_spec:
        address: "{ip_{instance.tag}}"
        one_to_one_nat_spec:
          address: "{external_ip_{instance.tag}}"

    This example shows a specification for creating a group of fixed-size instances with fixed internal and public IP addresses.

    For more information about the instance group specification parameters, see Specification of an instance group in YAML format.

  8. Create an instance group in the default folder:

    yc compute instance-group create --file specification.yaml

    This command will create an instance group with the following configuration:

    • Name: my-vm-group-with-fixed-ips.
    • OS: Ubuntu 22.04 LTS.
    • VMs: Four, in the ru-central1-a and ru-central1-b availability zones, two per zone.
    • vCPUs: 2; RAM: 2 GB.
    • Network HDD: 20 GB.
    • Fixed internal and public IP addresses assigned to each VM instance in the group.

If you do not have Terraform yet, install it and configure its Yandex Cloud provider.

  1. In the configuration file, define the parameters of the resources you want to create:

    resource "yandex_compute_instance_group" "ig-1" {
  name                = "fixed-ig"
  folder_id           = "<folder_ID>"
  service_account_id  = "${yandex_iam_service_account.ig-sa.id}"
  deletion_protection = false
  depends_on          = [yandex_resourcemanager_folder_iam_member.compute_editor]
  instance_template {
    name = "sample-vm-{instance.tag}"
    platform_id = "standard-v3"
    resources {
      memory = 2
      cores  = 2
    }

    boot_disk {
      mode = "READ_WRITE"
      initialize_params {
        image_id = "fd8dlvgiatiqd8tt2qke"
      }
    }

    network_interface {
      network_id         = "${yandex_vpc_network.ig-network.id}"
      subnet_ids         = ["${yandex_vpc_subnet.ig-subnet-a.id}", "${yandex_vpc_subnet.ig-subnet-b.id}"]
      nat                = true
      ip_address         = "{ip_{instance.tag}}"
      nat_ip_address     = "{external_ip_{instance.tag}}"
    }

    metadata = {
      user-data = "#cloud-config\n      datasource:\n       Ec2:\n        strict_id: false\n      ssh_pwauth: no\n      users:\n      - name: <instance_username>\n        sudo: ALL=(ALL) NOPASSWD:ALL\n        shell: /bin/bash\n        ssh_authorized_keys:\n        - <public_SSH_key>\n      runcmd: []"
    }
  }

  variables = {
    ip_ru1-a1 = "192.168.2.5"
    external_ip_ru1-a1 = "${yandex_vpc_address.external-address-a1.external_ipv4_address[0].address}"
    ip_ru1-a2 = "192.168.2.15"
    external_ip_ru1-a2 = "${yandex_vpc_address.external-address-a2.external_ipv4_address[0].address}"
    ip_ru1-b1 = "192.168.1.5"
    external_ip_ru1-b1 = "${yandex_vpc_address.external-address-b1.external_ipv4_address[0].address}"
    ip_ru1-b2 = "192.168.1.15"
    external_ip_ru1-b2 = "${yandex_vpc_address.external-address-b2.external_ipv4_address[0].address}"
  }

  scale_policy {
    fixed_scale {
      size = 4
    }
  }

  allocation_policy {
    zones = ["ru-central1-a","ru-central1-b"]
    instance_tags_pool {
      zone = "ru-central1-a"
      tags = ["ru1-a1","ru1-a2"]
    }
    instance_tags_pool {
      zone = "ru-central1-b"
      tags = ["ru1-b1","ru1-b2"]
    }
  }

  deploy_policy {
    max_unavailable = 1
    max_expansion   = 0
  }
}

resource "yandex_iam_service_account" "ig-sa" {
  name        = "instance-group-sa"
  description = "Service account for managing the instance group."
}

resource "yandex_resourcemanager_folder_iam_member" "compute_editor" {
  folder_id  = "<folder_ID>"
  role       = "compute.editor"
  member     = "serviceAccount:${yandex_iam_service_account.ig-sa.id}"
  depends_on = [
    yandex_iam_service_account.ig-sa,
  ]
}

resource "yandex_vpc_network" "ig-network" {
  name = "ig-network"
}

resource "yandex_vpc_subnet" "ig-subnet-a" {
  name           = "ig-subnet-a"
  zone           = "ru-central1-a"
  network_id     = "${yandex_vpc_network.ig-network.id}"
  v4_cidr_blocks = ["192.168.2.0/24"]
}

resource "yandex_vpc_subnet" "ig-subnet-b" {
  name           = "ig-subnet-b"
  zone           = "ru-central1-b"
  network_id     = "${yandex_vpc_network.ig-network.id}"
  v4_cidr_blocks = ["192.168.1.0/24"]
}

resource "yandex_vpc_address" "external-address-a1" {
  name = "external-address-a1"

  external_ipv4_address {
    zone_id = "ru-central1-a"
  }
}

resource "yandex_vpc_address" "external-address-a2" {
  name = "external-address-a2"

  external_ipv4_address {
    zone_id = "ru-central1-a"
  }
}

resource "yandex_vpc_address" "external-address-b1" {
  name = "external-address-b1"

  external_ipv4_address {
    zone_id = "ru-central1-b"
  }
}

resource "yandex_vpc_address" "external-address-b2" {
  name = "external-address-b2"

  external_ipv4_address {
    zone_id = "ru-central1-b"
  }
}

    Where:

    • yandex_compute_instance_group: Instance group description:

      • General information about the instance group:

        • name: Instance group name.

        • folder_id: Folder ID.

        • service_account_id: Service account ID.

          To be able to create, update, and delete VMs in the group, assign the compute.editor role to the service account.

        • deletion_protection: Instance group protection against deletion, true or false. You cannot delete an instance group with this option enabled. The default value is false.

      • instance_template: Instance template:

        • name: Instance name with the tag template, e.g., sample-vm-{instance.tag}. After inserting tag values into this template, the instance names will look like this: sample-vm-ru1-a1, sample-vm-ru1-b2, etc.

        • platform_id: Platform.

        • resources: Number of vCPUs and amount of RAM available to the VM instance. The values must match the selected platform.

        • boot_disk: Boot disk settings.

          • mode: Disk access mode, READ_ONLY or READ_WRITE.
          • image_id: ID of the selected image. You can get the image ID from the list of public images.

        • network_interface: Network settings:

          • subnet_ids: List of IDs for the subnets to host the instances. You must specify one subnet in each availability zone where group instances will be created.
          • nat: Specifies if an instance will have an assigned public IP address. The possible values are true and false.
          • ip_address: Instance internal IP address. This is a template that will use the value from a variable specified for this VM instance in the variables section.
          • nat_ip_address: Instance public IP address. This is a template that will use the value from a variable specified for this VM instance in the variables field.

        • metadata: In metadata, provide the instance username and public key to enable this user to access the instance via SSH.

          For more information, see VM metadata.

      • variables: Variables assigned to the instance group. This section contains a list of variables in <name> = <value> format to use in templates to provide IP addresses of the new instances to the instance group:

        • Variable name: Specify the name in <prefix>_<tag> format:

          • <prefix> indicates the IP address type. For example, you can use the ip prefix for internal IP addresses and external_ip for public ones.

          • <tag> value must fully match the value of the tag specified for this VM instance in the allocation_policy field, e.g., ru1-a1.

        • Variable value: This is either an internal or public IP address of the new instance.

          Internal IP addresses must fall within the IP address range allocated to the specified subnet in the respective availability zone.

          If you are not going to assign public IP addresses to the group instances, do not specify variables with the external_ip prefix.

        For more information about using variables in an instance template, see Variables in an instance template.

      • Policies:

        • deploy_policy: Instance deployment policy for the group.
        • scale_policy: Instance scaling policy for the group.
        • allocation_policy: Policy for allocating VM instances across availability zones and regions:

          • zones: Array containing the IDs of availability zones in which the group instances will be created.

          • instance_tags_pool: List of unique tags required for assigning IP addresses to the group instances. You need to specify a list of tags separately for each availability zone which will host your group instances.

            The values of tags from the tags array are used to generate instance names and variables with instance IP addresses. Make sure the number of tags specified in the tags array for each availability zone matches the number of instances created in this zone. Examples of possible tag values: ru1-a1, ru1-b2, etc.

    • yandex_iam_service_account: Service account description. All operations in Instance Groups are performed on behalf of the service account.

      You cannot delete a service account while it is linked to an instance group.

    • yandex_resourcemanager_folder_iam_member: Description of access permissions for the folder the service account belongs to. To be able to create, update, and delete VM instances in the instance group, assign the compute.editor role to the service account.

    • yandex_vpc_network: Cloud network description.

    • yandex_vpc_subnet: Description of the subnets to connect the group instances to.

    • yandex_vpc_address: Description of the reserved static public IP address.

      Note

      If you already have suitable resources, such as a service account, cloud network, subnets, and reserved static IP addresses, you do not need to redefine them. Specify their names and IDs in the appropriate parameters.

    For more information about the resources you can create with Terraform, see the relevant provider documentation.

  2. Create the resources:

    1. In the terminal, change to the folder where you edited the configuration file.

    2. Make sure the configuration file is correct using the command:

      terraform validate

      If the configuration is correct, the following message is returned:

      Success! The configuration is valid.

    3. Run the command:

      terraform plan

      The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.

    4. Apply the configuration changes:

      terraform apply

    5. Confirm the changes: type yes in the terminal and press Enter.

    All the resources you need will then be created in the specified folder. You can check the new resources and their settings using the management console.

Use the create REST API method for the InstanceGroup resource or the InstanceGroupService/Create gRPC API call.

Previous
Creating an instance group in a placement group
Next
Creating an instance group connected to a file storage