CLI Development Environment

• Install Visual Studio Code
• Install azure cli tools extension to visual studio code
• Create a folder, open with visual studio code and create a file with extension .azcli

Exercise: Create a VNET with 4 subnets and a network security group to allow all traffic

# create a resource group
$group_name = 'learning'
$location = 'centralus'
$network_name = 'myvnet'

az group create --name $group_name --location $location

# create a virtual network
az network vnet create --name $network_name --resource-group $group_name --address-prefixes '192.168.0.0/16'

# create a subnet1
az network vnet subnet create --name 'web' --address-prefixes '192.168.0.0/24' --resource-group $group_name --vnet-name $network_name

# create a subnet2
az network vnet subnet create --name 'app' --address-prefixes '192.168.1.0/24' --resource-group $group_name --vnet-name $network_name

# create a network security group
az network nsg create --name 'openall' --resource-group $group_name --location $location 

# add an inbound rule for opening all traffic
az network nsg rule create --name 'openallinbound' --nsg-name 'openall' --resource-group $group_name --priority '300' --access-key Allow --destination-address-prefixes '*' --destination-port-ranges '*' --direction 'Inbound' --protocol '*' --source-address-prefixes '*' --source-port-ranges '*' 

# add an outbound rule for opening all traffic
az network nsg rule create --name 'openalloutbound' --nsg-name 'openall' --resource-group $group_name --priority '300' --access-key Allow --destination-address-prefixes '*' --destination-port-ranges '*' --direction 'Outbound' --protocol '*' --source-address-prefixes '*' --source-port-ranges '*' 

Exercise: Create the nsg with following rules

• Allow all http, https and ssh from anywhere
• Deny other traffic from internet
• Allow all outbound
• Make a note of default nsg rules.