1 minute reading time
(275 words)
Create Public IP address using Azure CLI
How to create a Public IP address using Azure CLI and attach it to a virtual machine Nic
Create public IP address using az network public-ip create
# define public ip address variables rgName=prod-ukw-core-rg ipName=prod-ukw-winx01-pip allocationMethod=static sku=basic ipVersion=IPv4 az network public-ip create \ -g $rgName -n $ipName \ --allocation-method $allocationMethod \ --sku $sku \ --version $ipVersion
Associate the public IP address to a virtual machine Nic
# define vm nic variables configName=ipconfigprod-ukw-winx01 nicName=prod-ukw-winx01VMNic rgName=prod-ukw-core-rg pip=prod-ukw-winx01-pip az network nic ip-config update \ --name $configName \ --nic-name $nicName \ --resource-group $rgName \ --public-ip-address $pip
Public IP address has been created and attached to the VM Nic
We won't be able to connect the VM using the new public IP because our existing subnet nsg doesn't have any inbound rules allowing Remote desktop port 3389.
Directly exposing port 3389 for Remote Desktop access to the Internet is a security risk that will allow brute force password attacks against your VM.
In the next guide, we will create inbound rules for the nsg allowing port 3389 for RDP but restricting the source IP address to give some protection from password spray attacks.
Create NSG rule to allow Remote Desktop port 3389 using Azure CLI - TechLabs
How to create an NSG rule to only allow RDP port 3389 from a trusted source IP address using Azure CLI
A Virtual machine with a public IP address and port 3389 open is not ideal.... A better solution would be to use a Remote access gateway or VPN with MFA or Azure Just in Time virtual machine access (JIT)
Comments