Azure Classroom Series – 28/Feb/2020

Azure Powershell for Networking contd

  • Exercise: Create Azure Virtual Network with 4 subnets
    • 2 subnets at the time of creation of network
    • 4 subnets post creation of network

# Create a resource group
$rg = New-AzResourceGroup -Name 'fromps2' -Location 'centralus'

$management_subnet = New-AzVirtualNetworkSubnetConfig -Name 'manage' -AddressPrefix '10.10.4.0/24' 

$test_subnet = New-AzVirtualNetworkSubnetConfig -Name 'test' -AddressPrefix '10.10.5.0/24' 
# Create a virtual Network
$vnet = New-AzVirtualNetwork -Name 'vnetfromps' -ResourceGroupName $rg.ResourceGroupName -Location $rg.Location -AddressPrefix '10.10.0.0/16' -Subnet $management_subnet,$test_subnet

# add subnets
Add-AzVirtualNetworkSubnetConfig -Name 'web' -VirtualNetwork $vnet -AddressPrefix '10.10.0.0/24'

Add-AzVirtualNetworkSubnetConfig -Name 'app' -VirtualNetwork $vnet -AddressPrefix '10.10.1.0/24'

Add-AzVirtualNetworkSubnetConfig -Name 'db' -VirtualNetwork $vnet -AddressPrefix '10.10.2.0/24'

Add-AzVirtualNetworkSubnetConfig -Name 'cache' -VirtualNetwork $vnet -AddressPrefix '10.10.3.0/24'

$vnet | Set-AzVirtualNetwork

# Remove Resource Group
# Remove-AzResourceGroup -Name $rg.ResourceGroupName -Force
  • Exercise: Create a network security group and attach this to existing subnets.
# Create a Network Security Group Rules

$inbound_rule_ssh = New-AzNetworkSecurityRuleConfig -Name 'Allowssh' -Protocol 'TCP' -SourcePortRange '*' -SourceAddressPrefix '*' -DestinationPortRange '22' -DestinationAddressPrefix '*' -Access 'Allow' -Priority 300 -Direction 'Inbound'

$outbound_allow_all = New-AzNetworkSecurityRuleConfig -Name 'AllowAllOutbound' -Protocol '*' -SourcePortRange '*' -DestinationPortRange '*' -SourceAddressPrefix '*' -DestinationAddressPrefix '*' -Direction 'Outbound' -Access 'Allow' -Priority '200'

$inbound_rule_http = New-AzNetworkSecurityRuleConfig -Name 'Allowhttp' -Protocol 'TCP' -SourcePortRange '*' -SourceAddressPrefix '*' -DestinationPortRange '80' -DestinationAddressPrefix '*' -Access 'Allow' -Priority 310 -Direction 'Inbound'

$nsg1 = New-AzNetworkSecurityGroup -Name 'Allowhttpssh' -ResourceGroupName $rg.ResourceGroupName -Location $rg.Location -SecurityRules $inbound_rule_ssh,$inbound_rule_http,$outbound_allow_all

# Associate nsg1 to test subnet
Set-AzVirtualNetworkSubnetConfig -Name $test_subnet.Name -VirtualNetwork $vnet -NetworkSecurityGroup $nsg1 -AddressPrefix $test_subnet.AddressPrefix

$vnet | Set-AzVirtualNetwork

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Animated Social Media Icons by Acurax Responsive Web Designing Company

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube