Lab 007: Deploying Virtual Machines in a Private Virtual Network
Requirements
The Nautilus DevOps team is expanding their Azure infrastructure and requires the setup of a private Virtual Network (VNet) along with a subnet. This VNet and subnet configuration will ensure that resources deployed within them remain isolated from external networks and can only communicate within the VNet. Additionally, the team needs to provision a Virtual Machine (VM) under the newly created private VNet. This VM should be accessible from within the VNet only, allowing for secure communication and resource management within the Azure environment.
The name of the VNet must be nautilus-priv-vnet, create a subnet named nautilus-priv-subnet under the same. Further, create a Virtual Machine named nautilus-priv-vm under this VNet. Additionally, create a Network Security Group (NSG) named nautilus-priv-nsg, and ensure that the NSG rules for the VM allow access only from within the VNet's CIDR block. Ensure all resources are created in the East US region. use azurecli.
The solution can be implemented using both the Azure Cloud Console and the Azure CLI. This document outlines the CLI-based approach to accomplish these tasks. It is recommended to first explore the Azure Cloud Console for hands-on experience and a practical understanding of the process before utilizing the CLI approach, unless specifically instructed otherwise.
Prerequisites
- Azure CLI is authenticated.
- A resource group containing
kmlexists. - SSH key
~/.ssh/id_rsa.pubexists or can be generated.
Steps
RESOURCE_GROUP=$(az group list --query "[?contains(name, 'kml')].name | [0]" --output tsv)
LOCATION="eastus"
VNET_NAME="nautilus-priv-vnet"
SUBNET_NAME="nautilus-priv-subnet"
VM_NAME="nautilus-priv-vm"
NSG_NAME="nautilus-priv-nsg"
ADDRESS_SPACE="10.0.0.0/16"
SUBNET_PREFIX="10.0.1.0/24"
if [ ! -f "$HOME/.ssh/id_rsa.pub" ]; then
ssh-keygen -t rsa -b 2048 -f $HOME/.ssh/id_rsa -q -N ""
fi
az network vnet create \
--resource-group "$RESOURCE_GROUP" \
--name "$VNET_NAME" \
--address-prefix "$ADDRESS_SPACE" \
--subnet-name "$SUBNET_NAME" \
--subnet-prefix "$SUBNET_PREFIX" \
--location "$LOCATION"
az network nsg create \
--resource-group "$RESOURCE_GROUP" \
--name "$NSG_NAME" \
--location "$LOCATION"
az network nsg rule create \
--resource-group "$RESOURCE_GROUP" \
--nsg-name "$NSG_NAME" \
--name AllowVNetInbound \
--priority 100 \
--access Allow \
--direction Inbound \
--protocol '*' \
--source-address-prefixes "$ADDRESS_SPACE" \
--destination-address-prefixes "$ADDRESS_SPACE" \
--source-port-ranges '*' \
--destination-port-ranges '*'
az network vnet subnet update \
--resource-group "$RESOURCE_GROUP" \
--vnet-name "$VNET_NAME" \
--name "$SUBNET_NAME" \
--network-security-group "$NSG_NAME"
az vm create \
--resource-group "$RESOURCE_GROUP" \
--name "$VM_NAME" \
--vnet-name "$VNET_NAME" \
--subnet "$SUBNET_NAME" \
--image Ubuntu2404 \
--admin-username azureuser \
--generate-ssh-keys \
--os-disk-size-gb 128 \
--location "$LOCATION" \
--storage-sku Standard_LRS \
--public-ip-address ""
Verification
- Confirm VM
autilus-priv-vm
exists ineastus`. - Confirm no public IP is attached to the VM.
- Confirm NSG allows only internal VNet traffic per configured CIDR block.