Deploying Azure Virtual Networks with PowerShell - Marcin Gastol
15773
post-template-default,single,single-post,postid-15773,single-format-standard,bridge-core-3.0.7,bridge,qode-page-transition-enabled,ajax_fade,page_not_loaded,,qode-title-hidden,qode-child-theme-ver-1.0.0,qode-theme-ver-29.4,qode-theme-bridge,qode_header_in_grid,wpb-js-composer js-comp-ver-6.10.0,vc_responsive

18 Jan Deploying Azure Virtual Networks with PowerShell

Posted at 23:03h in Azure, Uncategorized by
0 Likes

Intro

There’s nothing quite like the satisfaction of spinning up a robust cloud environment, knowing that all the pieces are working together easly and securely. At the heart of any solid Azure deployment is networking and if you’ve worked in Azure, you already know the importance of Virtual Networks (VNets). They’re the foundation of any architecture, connecting resources while keeping them isolated and secure.

But let’s be real, manually creating VNets, subnets, Network Security Groups (NSGs) and route tables can be tedious, time-consuming, and error-prone. That’s why automation with PowerShell is a game changer. It allows you to define your networking setup as Infrastructure as Code (IaC), ensuring consistent and repeatable deployments.

In this post, I’ll walk you through how to automate the deployment and configuration of Azure VNets with PowerShell. Whether you’re a DevOps enthusiast or just trying to keep your Azure infrastructure clean and secure, this is for you.

Why automate Virtual Network creation?

Consistency

Speed

Scalability

Error Reduction

    1. Create a Virtual Network

    Start with the basics: creating a VNet. A VNet acts as the foundation for your Azure resources, providing isolation and secure communication. This script creates a VNet with an address space of 10.0.0.0/16 in a resource group. You can now build on top of this foundation.

    PowerShell
    # Connect to Azure
Connect-AzAccount

# Define parameters
$resourceGroupName = "GarsonResourceGroup"
$vnetName = "GarsonVNet"
$location = "East US"
$addressSpace = "10.0.0.0/16"

# Create a resource group if it doesn't exist
if (-not (Get-AzResourceGroup -Name $resourceGroupName -ErrorAction SilentlyContinue)) {
    New-AzResourceGroup -Name $resourceGroupName -Location $location
}

# Create the Virtual Network
New-AzVirtualNetwork -Name $vnetName -ResourceGroupName $resourceGroupName -Location $location -AddressPrefix $addressSpace

Write-Host "Virtual Network '$vnetName' created successfully."

    2. Add Subnets to the VNet

    Subnets divide your VNet into smaller logical sections, isolating resources and enabling finer control over traffic. Here, we’ve added two subnets to the VNet: one for applications and another for databases. These subnets are defined with non-overlapping address ranges.

    PowerShell
    # Define subnet parameters
$subnet1Name = "AppSubnet"
$subnet1Address = "10.0.1.0/24"

$subnet2Name = "DbSubnet"
$subnet2Address = "10.0.2.0/24"

# Add subnets to the VNet
$vnet = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $resourceGroupName
Add-AzVirtualNetworkSubnetConfig -Name $subnet1Name -AddressPrefix $subnet1Address -VirtualNetwork $vnet
Add-AzVirtualNetworkSubnetConfig -Name $subnet2Name -AddressPrefix $subnet2Address -VirtualNetwork $vnet

# Update the VNet
$vnet | Set-AzVirtualNetwork

Write-Host "Subnets '$subnet1Name' and '$subnet2Name' added to VNet '$vnetName'."

    3. Create and Associate a Network Security Group (NSG)

    NSGs act as firewalls, allowing or denying traffic to your subnets or individual resources. Let’s automate their creation and configuration.

    PowerShell
    # Define NSG parameters
$nsgName = "GarsonNSG"

# Create the NSG
$nsg = New-AzNetworkSecurityGroup -ResourceGroupName $resourceGroupName -Location $location -Name $nsgName

# Add an inbound rule to allow RDP (port 3389)
$nsgRule = New-AzNetworkSecurityRuleConfig -Name "AllowRDP" -Protocol "Tcp" -Direction "Inbound" -Priority 100 -SourceAddressPrefix "0.0.0.0/0" -SourcePortRange "*" -DestinationAddressPrefix "*" -DestinationPortRange "3389" -Access "Allow"
$nsg | Add-AzNetworkSecurityRuleConfig -NetworkSecurityRule $nsgRule | Set-AzNetworkSecurityGroup

Write-Host "NSG '$nsgName' created and RDP rule added."





# Associate NSG with a subnet
Set-AzVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name $subnet1Name -NetworkSecurityGroup $nsg
$vnet | Set-AzVirtualNetwork

Write-Host "NSG '$nsgName' associated with subnet '$subnet1Name'."

    4. Configure Route Tables

    Route tables define how traffic flows within and outside your VNet. Let’s create one and associate it with a subnet.

    PowerShell
    # Define route table parameters
$routeTableName = "GarsonRouteTable"

# Create the route table
$routeTable = New-AzRouteTable -Name $routeTableName -ResourceGroupName $resourceGroupName -Location $location

# Add a route to send all traffic to a virtual appliance
Add-AzRouteConfig -Name "RouteToFirewall" -AddressPrefix "0.0.0.0/0" -NextHopType "VirtualAppliance" -NextHopIpAddress "10.0.3.4" -RouteTable $routeTable | Set-AzRouteTable

Write-Host "Route Table '$routeTableName' created and route added."


# Associate route table with a subnet
Set-AzVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name $subnet2Name -RouteTable $routeTable
$vnet | Set-AzVirtualNetwork

Write-Host "Route Table '$routeTableName' associated with subnet '$subnet2Name'."

    Wrapping it all up

    By automating Azure Virtual Network creation with PowerShell, you’re not just saving time but you’re ensuring that your networking is consistent, scalable and secure across every environment. From VNets and subnets to NSGs and route tables, this approach turns a manual, error-prone process into a repeatable and reliable workflow.

    Azure 101. Exploring the Azure Portal and Key Services

    Tags:
    No Comments

    Post A Comment

    Verified by MonsterInsights