CLI Development Environment
- Install Visual Studio Code
- Install azure cli tools extension to visual studio code
- Create a folder, open with visual studio code and create a file with extension .azcli
Exercise: Create a VNET with 4 subnets and a network security group to allow all traffic
# create a resource group
$group_name = 'learning'
$location = 'centralus'
$network_name = 'myvnet'
az group create --name $group_name --location $location
# create a virtual network
az network vnet create --name $network_name --resource-group $group_name --address-prefixes '192.168.0.0/16'
# create a subnet1
az network vnet subnet create --name 'web' --address-prefixes '192.168.0.0/24' --resource-group $group_name --vnet-name $network_name
# create a subnet2
az network vnet subnet create --name 'app' --address-prefixes '192.168.1.0/24' --resource-group $group_name --vnet-name $network_name
# create a network security group
az network nsg create --name 'openall' --resource-group $group_name --location $location
# add an inbound rule for opening all traffic
az network nsg rule create --name 'openallinbound' --nsg-name 'openall' --resource-group $group_name --priority '300' --access-key Allow --destination-address-prefixes '*' --destination-port-ranges '*' --direction 'Inbound' --protocol '*' --source-address-prefixes '*' --source-port-ranges '*'
# add an outbound rule for opening all traffic
az network nsg rule create --name 'openalloutbound' --nsg-name 'openall' --resource-group $group_name --priority '300' --access-key Allow --destination-address-prefixes '*' --destination-port-ranges '*' --direction 'Outbound' --protocol '*' --source-address-prefixes '*' --source-port-ranges '*'
Exercise: Create the nsg with following rules
- Allow all http, https and ssh from anywhere
- Deny other traffic from internet
- Allow all outbound
- Make a note of default nsg rules.
