# Creating a fixed-size instance group with a network load balancer


You can create a fixed-size [instance group](../../concepts/instance-groups/index.md) integrated with [Yandex Network Load Balancer](../../../network-load-balancer/index.md). Along with the [instance](../../concepts/vm.md) group, the system will also create a Network Load Balancer [target group](../../../network-load-balancer/concepts/target-resources.md). You can link it to your [network load balancer](../../../network-load-balancer/concepts/index.md) and distribute the load across the instances in the group at the network level. For more information, see [Integrating an instance group with Network Load Balancer or Application Load Balancer](../../concepts/instance-groups/balancers.md).

{% note alert %}

When creating instance groups, keep the [limits](../../concepts/limits.md) in mind. Not to disrupt the component Instance Groups, do not update or delete manually created resources: [target group](../../../network-load-balancer/concepts/target-resources.md) Network Load Balancer, VMs, and disks. Instead of this, change or delete the entire group.

{% endnote %}

In Instance Groups, all operations are performed under a service account. If you don't have a service account, [create one](../../../iam/operations/sa/create.md).

To create, update, and delete VM instances in the group and integrate the group with Network Load Balancer, [assign](../../../iam/operations/sa/assign-role-for-sa.md) the [compute.editor](../../security/index.md#compute-editor) and [load-balancer.editor](../../../network-load-balancer/security/index.md#load-balancer-editor) roles to your service account.

If you are using a Windows-based image, [reset](../vm-control/vm-reset-password.md) the password once the VM instance is created.

To create an instance group with a network load balancer:

{% list tabs group=instructions %}

- Management console {#console}

  1. In the [management console](https://console.yandex.cloud), select the [folder](../../../resource-manager/concepts/resources-hierarchy.md#folder) where you want to create your instance group.
  1. Navigate to **Compute Cloud**.
  1. In the left-hand panel, select ![image](../../../_assets/console-icons/layers-3-diagonal.svg) **Instance groups**.
  1. Click **Create group of virtual machines**.
  1. Under **Basic parameters**:
     * Enter a name and description for your instance group. The naming requirements are as follows:

       * Length: between 3 and 63 characters.
       * It can only contain lowercase Latin letters, numbers, and hyphens.
       * It must start with a letter and cannot end with a hyphen.

       {% note info %}
       
       The VM name is used to generate an [internal FQDN](../../concepts/network.md#hostname), which is set only once, when you create the VM. If the internal FQDN is important to you, make sure to choose an appropriate name for your VM.
       
       {% endnote %}

     * Select the [service account](../../../iam/concepts/users/service-accounts.md) from the list or create a new one. To create, update, and delete VM instances in your group, as well as integrate the group with Network Load Balancer, you will need to [assign](../../../iam/operations/sa/assign-role-for-sa.md) the [compute.editor](../../security/index.md#compute-editor) and [load-balancer.editor](../../../network-load-balancer/security/index.md#load-balancer-editor) roles to a service account. By default, all operations with an instance group are performed under a service account.

       You cannot delete a service account while it is linked to an instance group.

     * Enable **Deletion protection**, if required. You cannot delete a group while it is enabled.
  1. Under **Allocation**, select the required zones in the **Availability zone** field. Instances from a single group may reside in [different availability zones](../../../overview/concepts/geo-scope.md).
  1. Under **Instance template**, click **Define** to configure a basic instance:
     * Under **General information**, enter a description for the [template](../../concepts/instance-groups/instance-template.md).
     * Under **Boot disk image**, select the system to deploy on the VM instance boot [disk](../../concepts/disk.md).
     * Under **Disks and file storages**:
       * Select the [disk type](../../concepts/disk.md#disks_types).
       * Specify the disk size.
       * To add more disks, click **Add disk**.
     * Under **Computing resources**:
       * Select a [platform](../../concepts/vm-platforms.md).
       * Enter the required number of vCPUs, [guaranteed vCPU share](../../concepts/performance-levels.md), and the amount of RAM.
       * If necessary, make your VM [preemptible](../../concepts/preemptible-vm.md).
         
         When creating a preemptible instance group, keep in mind that the virtual machines will terminate after 24 hours of continuous operation or earlier. It's possible that Instance Groups won't be able to restart them immediately due to insufficient resources. This may occur in the event of a drastic increase of the computing resource utilization in Yandex Cloud.
       * Optionally, enable a [software-accelerated network](../../concepts/software-accelerated-network.md).
     * Under **Network settings**:

       * Specify the subnet ID or select a [cloud network](../../../vpc/concepts/network.md#network) from the list.
         If there are no networks in the list, click **Create a network** to create one:
       
           * In the window that opens, enter a name for your network.
           * Optionally, to automatically create subnets, enable **Create subnets**.
           * Click **Create network**.
       
         Each network must have at least one [subnet](../../../vpc/concepts/network.md#subnet). If your network has no subnets, create one by selecting **Create subnet**.
       
       * In the **Public address** field, select a method for assigning an IP address:
       
           * `Auto`: To assign a random IP address from the Yandex Cloud IP address pool.
           * `No address`: Not to assign a public IP address.
       
       * Select the [relevant security groups](../../../vpc/concepts/security-groups.md).
       
       * Optionally, create records for your VM in the [DNS zone](../../../dns/concepts/dns-zone.md):
       
           * Expand **DNS settings for internal addresses** and click **Add record**.
           * Specify a zone, FQDN, and TTL for the record. When setting the FQDN, you can enable `Detect automatically` for the zone.
             You can add multiple records to [internal DNS zones](../../../dns/concepts/dns-zone.md). For more information, see [Cloud DNS integration with Compute Cloud](../../../dns/concepts/compute-integration.md).

     * Under **Access**, specify the VM access credentials:
       * Select the service account to link to the VM instance.
       * If you selected a Linux [image](../../concepts/image.md), fill out the **Login** and **SSH key** fields. Provide the contents of the [public key](../vm-connect/ssh.md#creating-ssh-keys) file as the key value.
       * Enable `Serial console access`, if required.
     * Click **Save**.
  1. Under **Changes during creation and updates**:
     * In the **Add above target value** field, specify the maximum number of instances the group size can be scaled up by.

         When bringing the number of VMs in the group to the target value, VMs created in excess of the target under the `max_expansion` quota can remain in the group, while those that existed in the group before may be deleted.
     * In the field **Reduce below target value**, specify the maximum number of instances the group size can be scaled down by.
     * In the **Create simultaneously** field, specify how many instances can be created at the same time.
     * In **Startup duration**, specify the period after which the instance will start receiving traffic.
     * In the **Stop simultaneously** field, specify how many instances can be stopped at the same time.
     * In the **Stop VMs by strategy** field, specify one of these [strategies](../../concepts/instance-groups/policies/deploy-policy.md#strategy):
       * `Proactive`: Compute Cloud automatically selects which instances to stop when updating or scaling down the group.
       * `Opportunistic`: Compute Cloud waits for the instances to stop on their own or for the user to stop them.
  1. Under **Scaling**:
     * Select the `Fixed` [scaling type](../../concepts/instance-groups/scale.md).
     * Specify the instance group size.
  1. Under **Integration with Network Load Balancer**, enable **Create target group**.
  1. Specify the target group settings. For more information, see [Settings for integration with Network Load Balancer](../../concepts/instance-groups/balancers.md#settings-nlb).
  1. Optionally, enable **Health checks** to get information about the state of instances and automatically recover them in case of failure.
     * In the **Type** field, select the protocol for health checks: `HTTP` or `TCP`.
     * In the **Path** field (for the HTTP type), specify the URL path the instance group will use to send HTTP check requests.
     * In the **Port** field, specify the port number (between 1 and 32767) for the instance group to send health check requests to.
     * In the **Timeout in sec** field, specify a response timeout of 1 to 60 seconds.
     * In the **Interval in sec** field, specify a health check interval of 1 to 60 seconds. The interval must be at least 1 second longer than the response timeout.
     * In the **Healthy threshold** field, specify the number of successful health checks required to consider the instance healthy.
     * In the **Unhealthy threshold** field, specify the number of failed health checks required to consider the instance unhealthy.
  1. Under **User-defined variables**, enter the `Key`-`Value` pairs, if required.
  1. Click **Create**.

- CLI {#cli}

  If you do not have the Yandex Cloud CLI yet, [install and initialize it](../../../cli/quickstart.md#install).

  The folder used by default is the one specified when [creating](../../../cli/operations/profile/profile-create.md) the CLI profile. To change the default folder, use the `yc config set folder-id <folder_ID>` command. You can also specify a different folder for any command using `--folder-name` or `--folder-id`. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.

  1. See the description of the [CLI](../../../cli/index.md) command for creating an instance group:

     ```bash
     yc compute instance-group create --help
     ```

  1. Check whether the [folder](../../../resource-manager/concepts/resources-hierarchy.md#folder) contains any [networks](../../../vpc/concepts/network.md#network):

     ```bash
     yc vpc network list
     ```

     If there are no networks, [create one](../../../vpc/operations/network-create.md).
  1. Select one of the Yandex Cloud Marketplace public images, e.g., [CentOS 7](https://yandex.cloud/en/marketplace/products/yc/centos-7).

     To get a list of available images using the CLI, run this command:
     
     ```bash
     yc compute image list --folder-id standard-images
     ```
     
     Result:
     
     ```text
     +----------------------+-------------------------------------+--------------------------+----------------------+--------+
     |          ID          |                NAME                 |          FAMILY          |     PRODUCT IDS      | STATUS |
     +----------------------+-------------------------------------+--------------------------+----------------------+--------+
     ...
     | fdvk34al8k5n******** | centos-7-1549279494                 | centos-7                 | dqni65lfhvv2******** | READY  |
     | fdv7ooobjfl3******** | windows-2016-gvlk-1548913814        | windows-2016-gvlk        | dqnnc72gj2is******** | READY  |
     | fdv4f5kv5cvf******** | ubuntu-1604-lts-1549457823          | ubuntu-1604-lts          | dqnnb6dc7640******** | READY  |
     ...
     +----------------------+-------------------------------------+--------------------------+----------------------+--------+
     ```
     
     Where:
     
     * `ID`: Image ID.
     * `NAME`: Image name.
     * `FAMILY`: ID of the [image family](../../concepts/image.md#family) the image belongs to.
     * `PRODUCT IDS`: IDs of Yandex Cloud Marketplace [products](../../../marketplace/concepts/product.md) associated with the image.
     * `STATUS`: Current status of the image. It may take one of the following values:
     
         * `STATUS_UNSPECIFIED`: Image status is not defined.
         * `CREATING`: Image is being created.
         * `READY`: Image is ready to use.
         * `ERROR`: You cannot use the image due to an issue.
         * `DELETING`: Image is being deleted.

  1. Create a YAML file with any name, e.g., `specification.yaml`.
  1. Define the following in the file you created:
     * General information about the instance group:

       ```yaml
       name: first-fixed-group-with-balancer
       service_account_id: <service_account_ID>
       description: "This instance group was created using a YAML configuration file."
       ```

       Where:
       * `name`: Instance group name. The name must be unique within the folder. It can only contain lowercase Latin letters, numbers, and hyphens. The first character must be a letter. The last character cannot be a hyphen. The name may be up to 63 characters long.
       * `service_account_id`: Service account ID.

         You cannot delete a service account while it is linked to an instance group.

       * `description`: Instance group description.
     * [Instance template](../../concepts/instance-groups/instance-template.md), such as the following:

       ```yaml
       instance_template:
         platform_id: standard-v3
         resources_spec:
           memory: 2g
           cores: 2
         boot_disk_spec:
           mode: READ_WRITE
           disk_spec:
             image_id: fdvk34al8k5n********
             type_id: network-hdd
             size: 32g
         network_interface_specs:
           - network_id: c64mknqgnd8a********
             primary_v4_address_spec: {}
             security_group_ids:
               - enps0ar5s3ti********
         scheduling_policy:
           preemptible: false
         placement_policy:
           placement_group_id: rmppvhrgm77g********
       ```

       By default, the disk size is specified in bytes. You can specify a different unit of measurement using the applicable suffix.
       
       | Suffix | Prefix and multiplier | Example |
       | ----- | ----- | ----- |
       | `k` | kilo- (2^10^) | `640k` = 640 × 2^10^ = `655360` |
       | `m` | mega- (2^20^) | `48m` = 48 × 2^20^ = `50331648` |
       | `g` | giga- (2^30^) | `10g` = 10 × 2^30^ = `10737418240` |
       | `t` | tera- (2^40^) | `4t` = 4 × 2^40^ = `4398046511104` |
       | `p` | peta- (2^50^) | `2p` = 2 × 2^50^ = `2251799813685248` |

       Where:
       * `platform_id`: [Platform](../../concepts/vm-platforms.md) ID.
       * `memory`: Amount of RAM.
       * `cores`: Number of vCPUs.
       * `mode`: [Disk](../../concepts/disk.md) access mode.
         * `READ_ONLY`: Read-only access.
         * `READ_WRITE`: Read/write access.
       * `image_id`: Public image ID. You can view image IDs in the [management console](https://console.yandex.cloud) when creating an instance or in [Cloud Marketplace](https://yandex.cloud/en/marketplace) on the image page under **Product IDs**.
       * `type_id`: Disk type.
       * `size`: Disk size.
       * `network_id`: `default-net` network ID.
       * `primary_v4_address_spec`: IPv4 specification. You can allow public access to the group instances by specifying the IP version for the [public IP address](../../../vpc/concepts/address.md#public-addresses). For more information, see [Template description in a YAML file](../../concepts/instance-groups/instance-template.md#instance-template).
       * `security_group_ids`: List of [security group](../../../vpc/concepts/security-groups.md) IDs.
       * `scheduling_policy`: Scheduling policy configuration.
       * `preemptible`: Flag for creating [preemptible instances](../../concepts/preemptible-vm.md).
         * `true`: Create a preemptible instance.
         * `false` (default): Create a regular instance.

         When creating a preemptible instance group, keep in mind that the VM instances will terminate after 24 hours of continuous operation or earlier. VM instances may not be able to restart immediately due to insufficient resources. This may occur in the event of a sharp increase in the use of Yandex Cloud computing resources.
       * `placement_policy` (optional): [Instance placement group](../../concepts/placement-groups.md) parameters:
         * `placement_group_id`: Placement group ID.
     * [Policies](../../concepts/instance-groups/policies/index.md):

       ```yaml
       deploy_policy:
         max_unavailable: 1
         max_expansion: 0
       scale_policy:
         fixed_scale:
           size: 3
       allocation_policy:
         zones:
           - zone_id: ru-central1-a
             instance_tags_pool:
             - first
             - second
             - third
       ```

       Where:
       * `deploy_policy`: Instance [deployment policy](../../concepts/instance-groups/policies/deploy-policy.md) for the group.
       * `scale_policy`: Instance [scaling policy](../../concepts/instance-groups/policies/scale-policy.md) for the group.
       * `allocation_policy`: [Policy for allocating](../../concepts/instance-groups/policies/allocation-policy.md) instances across [availability zones](../../../overview/concepts/geo-scope.md).
     * Network Load Balancer [target group](../../../network-load-balancer/concepts/target-resources.md):

       ```yaml
       load_balancer_spec:
         target_group_spec:
           name: first-target-group
       ```

       Where:
       * `target_group_spec`: Specification of the Network Load Balancer target group linked with the instance group.
       * `name`: Name for the Network Load Balancer target group. The name must be unique within the folder. It can only contain lowercase Latin letters, numbers, and hyphens. The first character must be a letter. The last character cannot be a hyphen. The name may be up to 63 characters long.
 
       For more information about target group settings, see [Settings for integration with Network Load Balancer](../../concepts/instance-groups/balancers.md#settings-nlb).

     Full code for the `specification.yaml` file:

     ```yaml
     name: first-fixed-group-with-balancer
     service_account_id: <service_account_ID>
     description: "This instance group was created using a YAML configuration file."
     instance_template:
       platform_id: standard-v3
       resources_spec:
         memory: 2g
         cores: 2
       boot_disk_spec:
         mode: READ_WRITE
         disk_spec:
           image_id: fdvk34al8k5n********
           type_id: network-hdd
           size: 32g
       network_interface_specs:
         - network_id: c64mknqgnd8a********
           primary_v4_address_spec: {}
           security_group_ids:
             - enps0ar5s3ti********
       placement_policy:
         placement_group_id: rmppvhrgm77g********
       deploy_policy:
         max_unavailable: 1
         max_expansion: 0
       scale_policy:
         fixed_scale:
           size: 3
       allocation_policy:
         zones:
           - zone_id: ru-central1-a
             instance_tags_pool:
             - first
             - second
             - third
       load_balancer_spec:
         target_group_spec:
           name: first-target-group
     ```

  1. Create an instance group in the default folder:

     ```bash
     yc compute instance-group create --file specification.yaml
     ```

     This command will create a group of three same-type instances with the following configuration:
     * Name: `first-fixed-group-with-balancer`.
     * OS: CentOS 7.
     * Network: `default-net`.
     * Availability zone: `ru-central1-a`.
     * vCPUs: 2; RAM: 2 GB.
     * Network HDD: 32 GB.
     * Target group: `first-target-group`.
  1. [Create a network load balancer](../../../network-load-balancer/operations/load-balancer-create.md) and add `first-target-group` to it.

- Terraform {#tf}

  If you do not have Terraform yet, [install it and configure the Yandex Cloud provider](../../../tutorials/infrastructure-management/terraform-quickstart.md#install-terraform).
  
  
  To manage infrastructure using Terraform under a service account or user accounts (a Yandex account, a federated account, or a local user), [authenticate](../../../terraform/authentication.md) using the appropriate method.

  1. In the configuration file, describe the resources you want to create:

     ```hcl
     resource "yandex_iam_service_account" "ig-sa" {
       name        = "ig-sa"
       description = "Service account for managing the instance group."
     }

     resource "yandex_resourcemanager_folder_iam_member" "compute-editor" {
       folder_id = "<folder_ID>"
       role      = "compute.editor"
       member    = "serviceAccount:${yandex_iam_service_account.ig-sa.id}"
     }

     resource "yandex_resourcemanager_folder_iam_member" "load-balancer-editor" {
       folder_id = "<folder_ID>"
       role      = "load-balancer.editor"
       member    = "serviceAccount:${yandex_iam_service_account.ig-sa.id}"
     }

     resource "yandex_compute_instance_group" "ig-1" {
       name                = "fixed-ig-with-balancer"
       folder_id           = "<folder_ID>"
       service_account_id  = "${yandex_iam_service_account.ig-sa.id}"
       deletion_protection = "<deletion_protection>"
       instance_template {
         platform_id = "standard-v3"
         resources {
           memory = <RAM_in_GB>
           cores  = <number_of_vCPUs>
         }

         boot_disk {
           mode = "READ_WRITE"
           initialize_params {
             image_id = "<image_ID>"
           }
         }

         network_interface {
           network_id         = "${yandex_vpc_network.network-1.id}"
           subnet_ids         = ["${yandex_vpc_subnet.subnet-1.id}"]
           security_group_ids = ["<list_of_security_group_IDs>"]
         }

         metadata = {
           ssh-keys = "<username>:<SSH_key_contents>"
         }
       }

       scale_policy {
         fixed_scale {
           size = <number_of_instances_in_group>
         }
       }

       allocation_policy {
         zones = ["ru-central1-a"]
       }

       deploy_policy {
         max_unavailable = 1
         max_expansion   = 0
       }

       load_balancer {
         target_group_name        = "target-group"
         target_group_description = "Network Load Balancer target group"
       }
     }

     resource "yandex_lb_network_load_balancer" "lb-1" {
       name = "network-load-balancer-1"

       listener {
         name = "network-load-balancer-1-listener"
         port = 80
         external_address_spec {
           ip_version = "ipv4"
         }
       }

       attached_target_group {
         target_group_id = yandex_compute_instance_group.ig-1.load_balancer.0.target_group_id

         healthcheck {
           name = "http"
           http_options {
             port = 80
             path = "/index.html"
           }
         }
       }
     }

     resource "yandex_vpc_network" "network-1" {
       name = "network1"
     }

     resource "yandex_vpc_subnet" "subnet-1" {
       name           = "subnet1"
       zone           = "ru-central1-a"
       network_id     = "${yandex_vpc_network.network-1.id}"
       v4_cidr_blocks = ["192.168.10.0/24"]
     }
     ```

     Where:
     * `yandex_iam_service_account`: [Service account](../../../iam/concepts/users/service-accounts.md) description. All operations with an instance group are performed under a service account.

       You cannot delete a service account while it is linked to an instance group.

     * `yandex_resourcemanager_folder_iam_member`: Service account access permissions for the [folder](../../../resource-manager/concepts/resources-hierarchy.md#folder), where:
       * `role = "compute.editor"`: Service account gets the [compute.editor](../../security/index.md#compute-editor) role to create, update, and delete VMs in the group.
       * `role = "load-balancer.editor"`: Service account gets the [load-balancer.editor](../../../network-load-balancer/security/index.md#load-balancer-editor) role to integrate the VM group with a [Network Load Balancer](../../../network-load-balancer/concepts/index.md).
     * `yandex_compute_instance_group`: Instance group description:
       * General information about the instance group:
         * `name`: Instance group name.
         * `folder_id`: Folder ID.
         * `service_account_id`: Service account ID.
         * `deletion_protection`: Instance group protection against deletion, `true` or `false`. You cannot delete a group while the value is `true`. The default value is `false`.
       * [Instance template](../../concepts/instance-groups/instance-template.md):
         * `platform_id`: [Platform](../../concepts/vm-platforms.md).
         * `resources`: Number of vCPUs and amount of RAM available to the VM instance. The values must match the selected [platform](../../concepts/vm-platforms.md).
         * `boot_disk`: Boot [disk](../../concepts/disk.md) settings.
           * ID of the selected image. You can get the image ID from the [list of public images](../images-with-pre-installed-software/get-list.md).
           * Disk access mode: `READ_ONLY` or `READ_WRITE`.
         * `network_interface`: [Network](../../../vpc/concepts/network.md#network) settings. Specify the IDs of your network, [subnet](../../../vpc/concepts/network.md#subnet), and [security groups](../../../vpc/concepts/security-groups.md).
         * `metadata`: In [metadata](../../concepts/vm-metadata.md), provide the public key for SSH access to the instance. For more information, see [VM metadata](../../concepts/vm-metadata.md).
       * [Policies](../../concepts/instance-groups/policies/index.md):
         * `deploy_policy`: Instance [deployment policy](../../concepts/instance-groups/policies/deploy-policy.md) for the group.
         * `scale_policy`: Instance [scaling policy](../../concepts/instance-groups/policies/scale-policy.md) for the group.
         * `allocation_policy`: Instance [allocation policy](../../concepts/instance-groups/policies/allocation-policy.md) between [availability zones](../../../overview/concepts/geo-scope.md).
       * Network Load Balancer [target group](../../../network-load-balancer/concepts/target-resources.md):
         * `target_group_name`: Name of the Network Load Balancer target group.
         * `target_group_description`: Description of the Network Load Balancer target group.
       For more information about target group settings, see [Settings for integration with Network Load Balancer](../../concepts/instance-groups/balancers.md#settings-nlb).
     * `yandex_vpc_network`: Cloud network description.
     * `yandex_vpc_subnet`: Description of the subnet the instance group will be connected to.
     * `yandex_lb_network_load_balancer`: Description of the [Network Load Balancer](../../../network-load-balancer/concepts/index.md) instance to which you connect the target group.

     {% note info %}

     If you already have suitable resources, such as a service account, cloud network, subnet, and network load balancer, you do not need to redefine them. Specify their names and IDs in the appropriate parameters.

     {% endnote %}

     For more information about the resources you can create with Terraform, see [this provider guide](../../../terraform/index.md).
  1. Create the resources:

     1. In the terminal, navigate to the configuration file directory.
     1. Make sure the configuration is correct using this command:
     
        ```bash
        terraform validate
        ```
     
        If the configuration is valid, you will get this message:
     
        ```bash
        Success! The configuration is valid.
        ```
     
     1. Run this command:
     
        ```bash
        terraform plan
        ```
     
        You will see a list of resources and their properties. No changes will be made at this step. Terraform will show any errors in the configuration.
     1. Apply the configuration changes:
     
        ```bash
        terraform apply
        ```
     
     1. Type `yes` and press **Enter** to confirm the changes.

     This will create all the resources you need in the specified folder. You can check the new resources and their settings using the [management console](https://console.yandex.cloud).

- API {#api}

  Use the [create](../../instancegroup/api-ref/InstanceGroup/create.md) REST API method for the [InstanceGroup](../../instancegroup/api-ref/InstanceGroup/index.md) resource or the [InstanceGroupService/Create](../../instancegroup/api-ref/grpc/InstanceGroup/create.md) gRPC API call.

{% endlist %}