Azure Tutorial: Building Virtual Machines and Managing Network Security Groups

This is the continue of https://hashnode.com/post/cm8v7ntxi000209kw2xpm2tp7

To help you further understand Azure networking, let’s walk through a practical example of creating Virtual Machines (VMs), Network Security Groups (NSGs), and configuring necessary resources via Azure CLI.

Step 1: Setting Up Your Azure Environment

Before starting, ensure you're logged into your Azure account:

az login

Set your desired subscription if necessary:

az account set --subscription "your-subscription-name"

Step 2: Create a Resource Group

A Resource Group is needed to organize and manage the Azure resources. Use the following command to create one:

az group create --name MyResourceGroup --location eastus

Step 3: Create a Virtual Network (VNet) and Subnet

Now, we’ll create a Virtual Network (VNet) with a subnet:

az network vnet create --resource-group MyResourceGroup --name MyVNet --address-prefix 10.0.0.0/16 --subnet-name MySubnet --subnet-prefix 10.0.0.0/24

This command creates a VNet with the address space 10.0.0.0/16 and a subnet MySubnet within it.

Step 4: Create a Network Security Group (NSG)

To ensure proper security, we'll create a Network Security Group (NSG):

az network nsg create --resource-group MyResourceGroup --name MyNSG

Step 5: Define Inbound Traffic Rules for NSG

To allow HTTP traffic (port 80) and deny all other inbound traffic, use the following commands:

Allow HTTP traffic:

az network nsg rule create --resource-group MyResourceGroup --nsg-name MyNSG --name Allow-HTTP --protocol tcp --priority 100 --destination-port-range 80 --access Allow --direction Inbound

Deny all other inbound traffic:

az network nsg rule create --resource-group MyResourceGroup --nsg-name MyNSG --name Deny-All-Inbound --protocol '*' --priority 200 --access Deny --direction Inbound

Step 6: Create a Public IP Address

Next, we need a Public IP for the VM:

az network public-ip create --resource-group MyResourceGroup --name MyPublicIP --allocation-method Dynamic

Step 7: Create a Network Interface (NIC)

We will create a Network Interface (NIC) and associate it with the Public IP and NSG:

az network nic create --resource-group MyResourceGroup --name MyNIC --vnet-name MyVNet --subnet MySubnet --network-security-group MyNSG --public-ip-address MyPublicIP

Step 8: Create the Virtual Machine (VM)

Now, let’s create a Virtual Machine and associate it with the NIC created earlier:

az vm create --resource-group MyResourceGroup --name MyVM --nics MyNIC --image UbuntuLTS --admin-username azureuser --admin-password 'YourPasswordHere' --size Standard_B1s --public-ip-address-dns-name myvm-public-ip

This command creates a VM named MyVM running Ubuntu LTS, and associates it with MyNIC. You can connect to it using SSH.

Step 9: Verify VM Setup

You can verify the Public IP assigned to your VM using the following command:

az vm show --resource-group MyResourceGroup --name MyVM --query "publicIps"

Step 10: Connect to Your VM

For Linux VMs, you can SSH into the VM using the Public IP or DNS name:

ssh azureuser@<Public-IP>

Step 11: Clean Up Resources

Once you’re done testing, you can delete all the resources to avoid unnecessary charges:

az group delete --name MyResourceGroup --yes --no-wait

This command deletes the Resource Group and all resources within it. Thank you :)