@vmanalyst

Azure

Azure Server CLI Cheat Sheet

By Ash Thomas #

Loading

Connect to Azure Account

Connect-AzAccount

List all Azure Subscription

Get-AZSubscription

Azure CLI

az vm create -g $rg  -n VM1 --image UbuntuTLS --nics nicname --nsg-rule rule --admin-username thomasa --generate-ssh-keys

Creating Resources on Azure via Powercli

$resourceGroup  = (Get-azresourcegroup).ResourceGroupName
$location = 'Central US'
$LocationName = 'Central US'
$vmName = "BastionHost"
$storageType = 'Standard_SSD'
$dataDiskName = 'bastion-lun01'
$dataDiskSize = 20
$defvnet = 'LabPortal'


$Username = "azureadmin"
$Password = 'Password125!' | ConvertTo-SecureString -Force -AsPlainText
$cred = New-Object -TypeName PSCredential -ArgumentList ($Username, $Password)


$subnetConfig = New-AzVirtualNetworkSubnetConfig `
                  -Name Default `
                  -AddressPrefix 10.0.1.0/24

$vnet = New-AzVirtualNetwork -ResourceGroupName $resourceGroup `
           -Location $location `
           -Name LabPortal  `
           -AddressPrefix 10.0.0.0/16 `
           -Subnet $subnetConfig


# Create new subnet -web 

$vnet = Get-AzVirtualNetwork -Name LabPortal -ResourceGroupName $resourceGroup
$subnetConfig = New-AzVirtualNetworkSubnetConfig -Name WebTier -AddressPrefix 10.0.20.0/24
$vnet.Subnets.Add($subnetConfig)
Set-AzVirtualNetwork -VirtualNetwork $vnet


# Create new subnet -app 

$vnet = Get-AzVirtualNetwork -Name LabPortal -ResourceGroupName $resourceGroup
$subnetConfig = New-AzVirtualNetworkSubnetConfig -Name AppTier -AddressPrefix 10.0.30.0/24
$vnet.Subnets.Add($subnetConfig)
Set-AzVirtualNetwork -VirtualNetwork $vnet


# Create new subnet -db 

$vnet = Get-AzVirtualNetwork -Name LabPortal -ResourceGroupName $resourceGroup
$subnetConfig = New-AzVirtualNetworkSubnetConfig -Name DBTier -AddressPrefix 10.0.40.0/24
$vnet.Subnets.Add($subnetConfig)
Set-AzVirtualNetwork -VirtualNetwork $vnet

# Create a public IP address and specify a DNS name
$pip = New-AzPublicIpAddress -ResourceGroupName $resourceGroup `
                             -Location $location `
                             -Name "mypublicdns$(Get-Random)" `
                             -AllocationMethod Static `
                             -IdleTimeoutInMinutes 4




### Create Application security Groups if they dont already exist
try {
    $asgLinux = get-AzApplicationSecurityGroup -Name "Management-Linux" -ResourceGroupName $ResourceGroup -ErrorAction Stop
}
catch {
    $asgLinux = New-AzApplicationSecurityGroup -Name "Management-Linux" -Location $LocationName -ResourceGroupName $ResourceGroup
}
try {
    $asgWindows = get-AzApplicationSecurityGroup -Name "Management-Windows" -ResourceGroupName $ResourceGroup -ErrorAction Stop
}
catch {
    $asgWindows = New-AzApplicationSecurityGroup -Name "Management-Windows" -Location $LocationName -ResourceGroupName $ResourceGroup  
}
try {
    $asgWeb = get-AzApplicationSecurityGroup -Name "Web" -Location $LocationName -ResourceGroupName $ResourceGroup -ErrorAction Stop
}
catch {
    $asgWeb = New-AzApplicationSecurityGroup -Name "Web" -Location $LocationName -ResourceGroupName $ResourceGroup
}
try {
    $asgDB = get-AzApplicationSecurityGroup -Name "DB" -Location $LocationName -ResourceGroupName $ResourceGroup -ErrorAction Stop
}
catch {
    $asgDB = New-AzApplicationSecurityGroup -Name "DB" -Location $LocationName -ResourceGroupName $ResourceGroup
}
try {
    $asgApp = get-AzApplicationSecurityGroup -Name "App" -ResourceGroupName $ResourceGroup -ErrorAction Stop
}
catch {
    $asgApp = New-AzApplicationSecurityGroup -Name "App" -Location $LocationName -ResourceGroupName $ResourceGroup
}




    ### Security Group rules
    $RDP_Rule = New-AzNetworkSecurityRuleConfig -Name rdp-rule -Description "Allow RDP" `
    -Access Allow -Protocol Tcp -Direction Inbound -Priority 100 `
    -SourceAddressPrefix Internet -SourcePortRange * `
    -DestinationApplicationSecurityGroup $asgWindows -DestinationPortRange 3389

    $HTTP_Rule = New-AzNetworkSecurityRuleConfig -Name http-rule -Description "Allow HTTP" `
    -Access Allow -Protocol Tcp -Direction Inbound -Priority 110 `
    -SourceAddressPrefix Internet -SourcePortRange * `
    -DestinationApplicationSecurityGroup $asgWeb -DestinationPortRange 80

    $HTTPS_Rule = New-AzNetworkSecurityRuleConfig -Name https-rule -Description "Allow HTTPS" `
    -Access Allow -Protocol Tcp -Direction Inbound -Priority 120 `
    -SourceAddressPrefix Internet -SourcePortRange * `
    -DestinationApplicationSecurityGroup $asgWeb -DestinationPortRange 443

    $SSH_Rule = New-AzNetworkSecurityRuleConfig -Name ssh-rule -Description "Allow SSH" `
    -Access Allow -Protocol Tcp -Direction Inbound -Priority 130 `
    -SourceAddressPrefix Internet -SourcePortRange * `
    -DestinationApplicationSecurityGroup $asgLinux -DestinationPortRange 22 


### Check to see if the Default NSG already exists and creates if not

try {
    $nsg = get-AzNetworkSecurityGroup -ResourceGroupName $ResourceGroup -Location $Location -Name myNetworkSecurityGroup $SSH_Rule,$RDP_Rule -ErrorAction Stop
}
catch {
    $nsg = new-AzNetworkSecurityGroup -ResourceGroupName $ResourceGroup -Location $Location -Name myNetworkSecurityGroup -SecurityRules $SSH_Rule,$RDP_Rule -ErrorAction Stop
}


### Check to see if the Web NSG already exists and creates if not

try {
    $nsg2 = new-AzNetworkSecurityGroup -ResourceGroupName $ResourceGroup -Location $Location -Name nsgweb -SecurityRules $HTTP_Rule,$HTTP_Rule  -ErrorAction Stop
}
catch {
    $nsg2 = new-AzNetworkSecurityGroup -ResourceGroupName $ResourceGroup -Location $Location -Name nsgweb -SecurityRules $HTTP_Rule,$HTTP_Rule  -ErrorAction Stop
}



# Create a virtual network card 
# and associate with public IP address and NSG
$nic = New-AzNetworkInterface `
              -Name myNic-01 `
              -ResourceGroupName $resourceGroup `
              -Location $location `
              -SubnetId $vnet.Subnets[0].Id `
              -PublicIpAddressId $pip.Id `
              -NetworkSecurityGroupId $nsg.Id


# Create a virtual machine configuration
$vmConfig = New-AzVMConfig -VMName $vmName `
                     -VMSize Standard_D2s_v3| `
            Set-AzVMOperatingSystem `
                     -Windows -ComputerName `
                     $vmName -Credential $cred | `
            Set-AzVMSourceImage `
                     -PublisherName MicrosoftWindowsServer `
                     -Offer WindowsServer `
                     -Skus 2016-Datacenter `
                     -Version latest | `
            Add-AzVMNetworkInterface -Id $nic.Id


# Create a virtual machine
New-AzVM -ResourceGroupName $resourceGroup `
         -Location $location `
         -VM $vmConfig

        

# Adding new lun 


$datadiskConfig = New-AzDiskConfig -SkuName $storageType -Location $location -CreateOption Empty -DiskSizeGB $dataDiskSize
$dataDisk01 = New-AzDisk -DiskName $dataDiskName -Disk $datadiskConfig -ResourceGroupName $rg
$vm = Get-AzVM -Name $vmname -ResourceGroupName $rg
$vm = Add-AzVMDataDisk -VM $vm -Name $dataDiskName -CreateOption Attach -ManagedDiskId $dataDisk01.Id -Lun 1
Update-AzVM -VM $vm -ResourceGroupName $rg

(Visited 124 times, 1 visits today)

By Ash Thomas

Ash Thomas is a seasoned IT professional with extensive experience as a technical expert, complemented by a keen interest in blockchain technology.

Leave a Reply