marckean/Azure Demo - Network Security Group.ps1

## Azure Demo - Network Security Group.ps1
#Log into both old and new Azure
Login-AzureRmAccount

#Choose subscription 'new' Azure
$subscription = (Get-AzureRmSubscription | Out-GridView -Title "Select the Azure subscription that you want to use ..." -PassThru).SubscriptionName
Select-AzureRmSubscription -SubscriptionName $subscription

##########################################################################
#############################    NSG DMZ     #############################
##########################################################################

$mode = "DMZ"
$RGName = "Show-NSG-$mode"
$location = "australiaeast"

####################### | Create the Resource Group | ####################### | @marckean
cls
Write-Host "`n`tCreating the target resource group $RGName (if it don't exist already)..." -ForegroundColor Cyan
#region
if(!(Get-AzureRmResourceGroup -Name $RGName -Location $location -ErrorAction SilentlyContinue)){
New-AzureRmResourceGroup -Name $RGName -Location $location -Force}

$DemoNSGname = "Demo-NSG-$mode"
#Virtual Network
$vNetRGName = "Show-vNet"

### Create security rule allowing access from the Internet
$DMZrule1 = New-AzureRmNetworkSecurityRuleConfig `
            -Name rdp-int-rule `
            -Description "Allow RDP" `
            -Access Allow `
            -Protocol Tcp `
            -Direction Inbound `
            -Priority 100 `
            -SourceAddressPrefix Internet `
            -SourcePortRange * `
            -DestinationAddressPrefix * `
            -DestinationPortRange 65234

### Create security rule allowing access from the Internet
$DMZrule2 = New-AzureRmNetworkSecurityRuleConfig `
            -Name web-int-rule `
            -Description "Allow HTTP" `
            -Access Allow `
            -Protocol Tcp `
            -Direction Inbound `
            -Priority 101 `
            -SourceAddressPrefix Internet `
            -SourcePortRange * `
            -DestinationAddressPrefix * `
            -DestinationPortRange 80

### Add the rules to a new NSG
$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $RGName -Location $location -Name $DemoNSGname -SecurityRules $DMZrule1,$DMZrule2

### Select VNET
$vnetName = (Get-AzureRmVirtualNetwork -ResourceGroupName $vNetRGName).Name | Out-GridView -Title "Select an Azure VNET …" -PassThru
$vnet = Get-AzureRmVirtualNetwork -ResourceGroupName $vNetRGName -Name $vnetName

### Select Subnet
$subnetName = $vnet.Subnets.Name | Out-GridView -Title "Select an Azure Subnet …" -PassThru
$subnet = $vnet.Subnets | Where-Object Name -eq $subnetName

### Associate NSG to selected Subnet
Set-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name $subnetName -AddressPrefix $subnet.AddressPrefix -NetworkSecurityGroup $nsg |
Set-AzureRmVirtualNetwork

##########################################################################
#############################    NSG Int     #############################
##########################################################################

$mode = "Int"
$RGName = "Show-NSG-$mode"
$location = "australiaeast"

####################### | Create the Resource Group | ####################### | @marckean
cls
Write-Host "`n`tCreating the target resource group $RGName (if it don't exist already)..." -ForegroundColor Cyan
#region
if(!(Get-AzureRmResourceGroup -Name $RGName -Location $location -ErrorAction SilentlyContinue)){
New-AzureRmResourceGroup -Name $RGName -Location $location -Force}

$DemoNSGname = "Demo-NSG-$mode"
#Virtual Network
$vNetRGName = "Show-vNet"

### Create security rule allowing access from the Internet
$INTrule1 = New-AzureRmNetworkSecurityRuleConfig `
            -Name rdp-int-rule `
            -Description "Allow RDP" `
            -Access Allow `
            -Protocol Tcp `
            -Direction Inbound `
            -Priority 100 `
            -SourceAddressPrefix Internet `
            -SourcePortRange * `
            -DestinationAddressPrefix * `
            -DestinationPortRange 3389

### Create security rule allowing access from the Internet
$INTrule2 = New-AzureRmNetworkSecurityRuleConfig `
            -Name web-int-rule `
            -Description "Allow HTTP" `
            -Access Allow `
            -Protocol Tcp `
            -Direction Inbound `
            -Priority 101 `
            -SourceAddressPrefix Internet `
            -SourcePortRange * `
            -DestinationAddressPrefix * `
            -DestinationPortRange 80

### Add the rules to a new NSG
$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $RGName -Location $location -Name $DemoNSGname -SecurityRules $INTrule1,$INTrule2

### Select vNET
$vnetName = (Get-AzureRmVirtualNetwork -ResourceGroupName $vNetRGName).Name | Out-GridView -Title "Select an Azure VNET …" -PassThru
$vnet = Get-AzureRmVirtualNetwork -ResourceGroupName $vNetRGName -Name $vnetName

### Select Subnet
$subnetName = $vnet.Subnets.Name | Out-GridView -Title "Select an Azure Subnet …" -PassThru
$subnet = $vnet.Subnets | Where-Object Name -eq $subnetName

### Associate NSG to selected Subnet
Set-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name $subnetName -AddressPrefix $subnet.AddressPrefix -NetworkSecurityGroup $nsg |
Set-AzureRmVirtualNetwork
	#Log into both old and new Azure
	Login-AzureRmAccount

	#Choose subscription 'new' Azure
	$subscription = (Get-AzureRmSubscription \| Out-GridView -Title "Select the Azure subscription that you want to use ..." -PassThru).SubscriptionName
	Select-AzureRmSubscription -SubscriptionName $subscription

	##########################################################################
	############################# NSG DMZ #############################
	##########################################################################

	$mode = "DMZ"
	$RGName = "Show-NSG-$mode"
	$location = "australiaeast"

	####################### \| Create the Resource Group \| ####################### \| @marckean
	cls
	Write-Host "`n`tCreating the target resource group $RGName (if it don't exist already)..." -ForegroundColor Cyan
	#region
	if(!(Get-AzureRmResourceGroup -Name $RGName -Location $location -ErrorAction SilentlyContinue)){
	New-AzureRmResourceGroup -Name $RGName -Location $location -Force}

	$DemoNSGname = "Demo-NSG-$mode"
	#Virtual Network
	$vNetRGName = "Show-vNet"

	### Create security rule allowing access from the Internet
	$DMZrule1 = New-AzureRmNetworkSecurityRuleConfig `
	-Name rdp-int-rule `
	-Description "Allow RDP" `
	-Access Allow `
	-Protocol Tcp `
	-Direction Inbound `
	-Priority 100 `
	-SourceAddressPrefix Internet `
	-SourcePortRange * `
	-DestinationAddressPrefix * `
	-DestinationPortRange 65234

	### Create security rule allowing access from the Internet
	$DMZrule2 = New-AzureRmNetworkSecurityRuleConfig `
	-Name web-int-rule `
	-Description "Allow HTTP" `
	-Access Allow `
	-Protocol Tcp `
	-Direction Inbound `
	-Priority 101 `
	-SourceAddressPrefix Internet `
	-SourcePortRange * `
	-DestinationAddressPrefix * `
	-DestinationPortRange 80

	### Add the rules to a new NSG
	$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $RGName -Location $location -Name $DemoNSGname -SecurityRules $DMZrule1,$DMZrule2

	### Select VNET
	$vnetName = (Get-AzureRmVirtualNetwork -ResourceGroupName $vNetRGName).Name \| Out-GridView -Title "Select an Azure VNET …" -PassThru
	$vnet = Get-AzureRmVirtualNetwork -ResourceGroupName $vNetRGName -Name $vnetName

	### Select Subnet
	$subnetName = $vnet.Subnets.Name \| Out-GridView -Title "Select an Azure Subnet …" -PassThru
	$subnet = $vnet.Subnets \| Where-Object Name -eq $subnetName

	### Associate NSG to selected Subnet
	Set-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name $subnetName -AddressPrefix $subnet.AddressPrefix -NetworkSecurityGroup $nsg \|
	Set-AzureRmVirtualNetwork

	##########################################################################
	############################# NSG Int #############################
	##########################################################################

	$mode = "Int"
	$RGName = "Show-NSG-$mode"
	$location = "australiaeast"

	####################### \| Create the Resource Group \| ####################### \| @marckean
	cls
	Write-Host "`n`tCreating the target resource group $RGName (if it don't exist already)..." -ForegroundColor Cyan
	#region
	if(!(Get-AzureRmResourceGroup -Name $RGName -Location $location -ErrorAction SilentlyContinue)){
	New-AzureRmResourceGroup -Name $RGName -Location $location -Force}

	$DemoNSGname = "Demo-NSG-$mode"
	#Virtual Network
	$vNetRGName = "Show-vNet"

	### Create security rule allowing access from the Internet
	$INTrule1 = New-AzureRmNetworkSecurityRuleConfig `
	-Name rdp-int-rule `
	-Description "Allow RDP" `
	-Access Allow `
	-Protocol Tcp `
	-Direction Inbound `
	-Priority 100 `
	-SourceAddressPrefix Internet `
	-SourcePortRange * `
	-DestinationAddressPrefix * `
	-DestinationPortRange 3389

	### Create security rule allowing access from the Internet
	$INTrule2 = New-AzureRmNetworkSecurityRuleConfig `
	-Name web-int-rule `
	-Description "Allow HTTP" `
	-Access Allow `
	-Protocol Tcp `
	-Direction Inbound `
	-Priority 101 `
	-SourceAddressPrefix Internet `
	-SourcePortRange * `
	-DestinationAddressPrefix * `
	-DestinationPortRange 80

	### Add the rules to a new NSG
	$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $RGName -Location $location -Name $DemoNSGname -SecurityRules $INTrule1,$INTrule2

	### Select vNET
	$vnetName = (Get-AzureRmVirtualNetwork -ResourceGroupName $vNetRGName).Name \| Out-GridView -Title "Select an Azure VNET …" -PassThru
	$vnet = Get-AzureRmVirtualNetwork -ResourceGroupName $vNetRGName -Name $vnetName

	### Select Subnet
	$subnetName = $vnet.Subnets.Name \| Out-GridView -Title "Select an Azure Subnet …" -PassThru
	$subnet = $vnet.Subnets \| Where-Object Name -eq $subnetName

	### Associate NSG to selected Subnet
	Set-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name $subnetName -AddressPrefix $subnet.AddressPrefix -NetworkSecurityGroup $nsg \|
	Set-AzureRmVirtualNetwork