-- Treat Azure resources like containers. Create them, run your tasks and then delete them. pets vs cattle
-- The steps below are written using AZ cli so that commands work in most terminals and in the cloud portal terminal. You can install and use Azure powershell but syntax will be different
-- you can create Windows or Linux VMs but not Macs. You'll just need to change the authentication and the URN in your create command. I'm including Windows below, and will add Linux eventually
-
Windows
winget install -e --id Microsoft.AzureCLI
-
Mac
brew update && brew install azure-cli
-
Linux
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
-
note for Windows users: You'll need to go into WSL/Linux first. AZ cli likes a bash prompt. I use ubuntu, Open up cmd or powershell and type either
wsl
or<your-distro-name>
ex:ubuntu
-
This command will open up your default browser and take you through azure authentication.
az login
You only need to do this part once.
- Set variables for desired location and resource group name.
Use
az account list-locations
to find the full list of available locations.
Main US ones are westus, centralus, eastus
resourcegroup="<rg name>"
location="<location>"
vnet="<virtual network name>"
nsg="<nsg name>"
- Create a resource group
az group create --name $resourcegroup --location $location
-
Create a virtual network
az network vnet create --name $vnet --resource-group $resourcegroup --address-prefix 10.0.0.0/16 --subnet-name default --subnet-prefixes 10.0.0.0/24
-
Create a network security group
az network nsg create --resource-group $resourcegroup --name $nsg
- Create security group rules to control ports ports for network traffic. These are very basic for http,rdp and ssh. Feel free to add more.
az network nsg rule create --resource-group $resourcegroup --nsg-name $nsg --name RuleWeb --protocol tcp --priority 1001 --destination-port-range 80 --access allow
az network nsg rule create --resource-group $resourcegroup --nsg-name $nsg --name RuleRDP --protocol tcp --priority 1002 --destination-port-range 3389 --access allow
az network nsg rule create --resource-group $resourcegroup --nsg-name $nsg --name RuleSSH --protocol tcp --priority 1003 --destination-port-range 22 --access allow
- Included are the official Win10 and Win 11 image URN comment/uncomment to use either. see azure docs on how to get others
- The size must be able to support nested virtualization https://azure.microsoft.com/en-us/blog/nested-virtualization-in-azure/
- Use any username/password you want. This password meets the complexity requirements
Windows 11
resourcegroup="<rg name>"
location="<location>"
vnet="<virtual network name>"
nsg="<nsg name>"
vmname="<vmname>"
username="azureuser"
pwd=""
size="Standard_D4s_v3"
osdisksize=250
urn="MicrosoftWindowsDesktop:windows-11:win11-21h2-pro:22000.2416.230902"
#win10
#urn="Canonical:0001-com-ubuntu-pro-jammy:pro-22_04-lts-gen2:22.04.202305160"
#ubuntu
#urn="Canonical:0001-com-ubuntu-pro-jammy:pro-22_04-lts-gen2:22.04.202305160"
Windows 10
resourcegroup="<rg name>"
location="<location>"
vnet="<virtual network name>"
nsg="<nsg name>"
vmname="<vmname>"
username="azureuser"
pwd="Password1234567"
size="Standard_D4s_v3"
osdisksize=250
winurn="MicrosoftWindowsDesktop:Windows-10:win10-22h2-pro:19045.3448.230831"
Ubuntu 22.04 lts
resourcegroup="<rg name>"
location="<location>"
vnet="<virtual network name>"
nsg="<nsg name>"
vmname="<vmname>"
username="azureuser"
pwd="Password1234567"
size="Standard_D4s_v3"
osdisksize=250
winurn="Canonical:0001-com-ubuntu-pro-jammy:pro-22_04-lts-gen2:22.04.202305160"
winurn="MicrosoftWindowsDesktop:Windows-10:19h1-pron-gensecond:18362.1256.2012032308"
winurn="Canonical:0001-com-ubuntu-pro-jammy:pro-22_04-lts-gen2:22.04.202305160"
winurn="MicrosoftWindowsDesktop:Windows-10:win10-21h2-entn-ltsc:19044.2965.230505"
vmname="win10rc3" winurn="MicrosoftWindowsDesktop:Windows-10:win10-22h2-pro:19045.3448.230831"
az vm create --name $vmname -g $resourcegroup --image $winurn --public-ip-sku Standard --admin-username $username --admin-password $pwd --os-disk-size-gb $osdisksize --public-ip-address-dns-name $vmname --size $size --nsg $nsg --nic-delete-option delete --os-disk-delete-option delete --no-wait
az vm disk attach -g $resourcegroup --vm-name $vmname --name dataroot --new
az vm run-command invoke --command-id RunPowerShellScript --name $vmname -g $resourcegroup --scripts @windowsconfig.ps1
az vm delete --force-deletion y -g $resourcegroup -n $vmname --yes --no-wait
#win10
winurn="MicrosoftWindowsDesktop:Windows-10:win10-21h2-entn-ltsc:19044.2965.230505"
winurn="MicrosoftWindowsDesktop:Windows-10:win10-22h2-pro:19045.3448.230831"
winurn="MicrosoftWindowsDesktop:Windows-10:19h1-pron-gensecond:18362.1256.2012032308"
winurn="MicrosoftWindowsServer:WindowsServer:2022-datacenter-core:20348.1006.220908"
#Ubuntu
resourcegroup="jbivski" location="eastus2" nsg="jbivnsg" vmname="oldwsl" username="azureuser" pwd="Password1234567" size="Standard_D4s_v3" osdisksize=250 winurn="MicrosoftWindowsDesktop:windows-11:win11-21h2-pro:22000.2416.230902"
winurn="MicrosoftWindowsDesktop:Windows-10:19h1-pron-gensecond:18362.1256.2012032308"
winurn="Canonical:0001-com-ubuntu-pro-jammy:pro-22_04-lts-gen2:22.04.202305160"
az group create --name $resourcegroup --location $location
az network nsg create --resource-group $resourcegroup --name $nsg
az vm create --name $vmname -g $resourcegroup --image $winurn --public-ip-sku Standard --admin-username $username --admin-password $pwd --os-disk-size-gb $osdisksize --public-ip-address-dns-name $vmname --size $size --nsg $nsg --no-wait
az vm run-command invoke --command-id RunPowerShellScript --name $vmname -g $resourcegroup --scripts @windowsconfig.ps1
- easiest way is to wipe the resource group completely - you can delete individual resources through the portal
az group delete -n $resourcegroup --yes
az network nsg rule create --resource-group $resourcegroup --nsg-name $nsg --name RuleWeb --protocol tcp --priority 1001 --destination-port-range 80 --access allow
- open up RDP az network nsg rule create --resource-group $resourcegroup --nsg-name $nsg --name RuleRDP --protocol tcp --priority 1002 --destination-port-range 3389 --access allow
az vm image list az vm image list --publisher RedHat --all | jq -r '.[].urn' az vm image list --publisher SUSE --all | jq -r '.[].urn' az vm image list --publisher Canonical --all | jq -r '.[].urn' >ubuntu.txt az vm image list --publisher CoreOS --all | jq -r '.[].urn' az vm image list --publisher MicrosoftWindowsServer --all | jq -r '.[].urn' > server.txt
az vm image list --publisher MicrosoftWindowsDesktop --all | jq -r '.[].urn' > desktop.txt