Connect to Azure Account
|
1 2 3 |
Connect-AzAccount |
List all Azure Subscription
|
1 2 |
Get-AZSubscription |
Azure CLI
|
1 |
az vm create -g $rg -n VM1 --image UbuntuTLS --nics nicname --nsg-rule rule --admin-username thomasa --generate-ssh-keys |
Creating Resources on Azure via Powercli
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 |
$resourceGroup = (Get-azresourcegroup).ResourceGroupName $location = 'Central US' $LocationName = 'Central US' $vmName = "BastionHost" $storageType = 'Standard_SSD' $dataDiskName = 'bastion-lun01' $dataDiskSize = 20 $defvnet = 'LabPortal' $Username = "azureadmin" $Password = 'Password125!' | ConvertTo-SecureString -Force -AsPlainText $cred = New-Object -TypeName PSCredential -ArgumentList ($Username, $Password) $subnetConfig = New-AzVirtualNetworkSubnetConfig ` -Name Default ` -AddressPrefix 10.0.1.0/24 $vnet = New-AzVirtualNetwork -ResourceGroupName $resourceGroup ` -Location $location ` -Name LabPortal ` -AddressPrefix 10.0.0.0/16 ` -Subnet $subnetConfig # Create new subnet -web $vnet = Get-AzVirtualNetwork -Name LabPortal -ResourceGroupName $resourceGroup $subnetConfig = New-AzVirtualNetworkSubnetConfig -Name WebTier -AddressPrefix 10.0.20.0/24 $vnet.Subnets.Add($subnetConfig) Set-AzVirtualNetwork -VirtualNetwork $vnet # Create new subnet -app $vnet = Get-AzVirtualNetwork -Name LabPortal -ResourceGroupName $resourceGroup $subnetConfig = New-AzVirtualNetworkSubnetConfig -Name AppTier -AddressPrefix 10.0.30.0/24 $vnet.Subnets.Add($subnetConfig) Set-AzVirtualNetwork -VirtualNetwork $vnet # Create new subnet -db $vnet = Get-AzVirtualNetwork -Name LabPortal -ResourceGroupName $resourceGroup $subnetConfig = New-AzVirtualNetworkSubnetConfig -Name DBTier -AddressPrefix 10.0.40.0/24 $vnet.Subnets.Add($subnetConfig) Set-AzVirtualNetwork -VirtualNetwork $vnet # Create a public IP address and specify a DNS name $pip = New-AzPublicIpAddress -ResourceGroupName $resourceGroup ` -Location $location ` -Name "mypublicdns$(Get-Random)" ` -AllocationMethod Static ` -IdleTimeoutInMinutes 4 ### Create Application security Groups if they dont already exist try { $asgLinux = get-AzApplicationSecurityGroup -Name "Management-Linux" -ResourceGroupName $ResourceGroup -ErrorAction Stop } catch { $asgLinux = New-AzApplicationSecurityGroup -Name "Management-Linux" -Location $LocationName -ResourceGroupName $ResourceGroup } try { $asgWindows = get-AzApplicationSecurityGroup -Name "Management-Windows" -ResourceGroupName $ResourceGroup -ErrorAction Stop } catch { $asgWindows = New-AzApplicationSecurityGroup -Name "Management-Windows" -Location $LocationName -ResourceGroupName $ResourceGroup } try { $asgWeb = get-AzApplicationSecurityGroup -Name "Web" -Location $LocationName -ResourceGroupName $ResourceGroup -ErrorAction Stop } catch { $asgWeb = New-AzApplicationSecurityGroup -Name "Web" -Location $LocationName -ResourceGroupName $ResourceGroup } try { $asgDB = get-AzApplicationSecurityGroup -Name "DB" -Location $LocationName -ResourceGroupName $ResourceGroup -ErrorAction Stop } catch { $asgDB = New-AzApplicationSecurityGroup -Name "DB" -Location $LocationName -ResourceGroupName $ResourceGroup } try { $asgApp = get-AzApplicationSecurityGroup -Name "App" -ResourceGroupName $ResourceGroup -ErrorAction Stop } catch { $asgApp = New-AzApplicationSecurityGroup -Name "App" -Location $LocationName -ResourceGroupName $ResourceGroup } ### Security Group rules $RDP_Rule = New-AzNetworkSecurityRuleConfig -Name rdp-rule -Description "Allow RDP" ` -Access Allow -Protocol Tcp -Direction Inbound -Priority 100 ` -SourceAddressPrefix Internet -SourcePortRange * ` -DestinationApplicationSecurityGroup $asgWindows -DestinationPortRange 3389 $HTTP_Rule = New-AzNetworkSecurityRuleConfig -Name http-rule -Description "Allow HTTP" ` -Access Allow -Protocol Tcp -Direction Inbound -Priority 110 ` -SourceAddressPrefix Internet -SourcePortRange * ` -DestinationApplicationSecurityGroup $asgWeb -DestinationPortRange 80 $HTTPS_Rule = New-AzNetworkSecurityRuleConfig -Name https-rule -Description "Allow HTTPS" ` -Access Allow -Protocol Tcp -Direction Inbound -Priority 120 ` -SourceAddressPrefix Internet -SourcePortRange * ` -DestinationApplicationSecurityGroup $asgWeb -DestinationPortRange 443 $SSH_Rule = New-AzNetworkSecurityRuleConfig -Name ssh-rule -Description "Allow SSH" ` -Access Allow -Protocol Tcp -Direction Inbound -Priority 130 ` -SourceAddressPrefix Internet -SourcePortRange * ` -DestinationApplicationSecurityGroup $asgLinux -DestinationPortRange 22 ### Check to see if the Default NSG already exists and creates if not try { $nsg = get-AzNetworkSecurityGroup -ResourceGroupName $ResourceGroup -Location $Location -Name myNetworkSecurityGroup $SSH_Rule,$RDP_Rule -ErrorAction Stop } catch { $nsg = new-AzNetworkSecurityGroup -ResourceGroupName $ResourceGroup -Location $Location -Name myNetworkSecurityGroup -SecurityRules $SSH_Rule,$RDP_Rule -ErrorAction Stop } ### Check to see if the Web NSG already exists and creates if not try { $nsg2 = new-AzNetworkSecurityGroup -ResourceGroupName $ResourceGroup -Location $Location -Name nsgweb -SecurityRules $HTTP_Rule,$HTTP_Rule -ErrorAction Stop } catch { $nsg2 = new-AzNetworkSecurityGroup -ResourceGroupName $ResourceGroup -Location $Location -Name nsgweb -SecurityRules $HTTP_Rule,$HTTP_Rule -ErrorAction Stop } # Create a virtual network card # and associate with public IP address and NSG $nic = New-AzNetworkInterface ` -Name myNic-01 ` -ResourceGroupName $resourceGroup ` -Location $location ` -SubnetId $vnet.Subnets[0].Id ` -PublicIpAddressId $pip.Id ` -NetworkSecurityGroupId $nsg.Id # Create a virtual machine configuration $vmConfig = New-AzVMConfig -VMName $vmName ` -VMSize Standard_D2s_v3| ` Set-AzVMOperatingSystem ` -Windows -ComputerName ` $vmName -Credential $cred | ` Set-AzVMSourceImage ` -PublisherName MicrosoftWindowsServer ` -Offer WindowsServer ` -Skus 2016-Datacenter ` -Version latest | ` Add-AzVMNetworkInterface -Id $nic.Id # Create a virtual machine New-AzVM -ResourceGroupName $resourceGroup ` -Location $location ` -VM $vmConfig # Adding new lun $datadiskConfig = New-AzDiskConfig -SkuName $storageType -Location $location -CreateOption Empty -DiskSizeGB $dataDiskSize $dataDisk01 = New-AzDisk -DiskName $dataDiskName -Disk $datadiskConfig -ResourceGroupName $rg $vm = Get-AzVM -Name $vmname -ResourceGroupName $rg $vm = Add-AzVMDataDisk -VM $vm -Name $dataDiskName -CreateOption Attach -ManagedDiskId $dataDisk01.Id -Lun 1 Update-AzVM -VM $vm -ResourceGroupName $rg |
(Visited 124 times, 1 visits today)