Azure CLI
Azure CLI is a cross-platform command-line tool developed by Microsoft that allows users to create, manage, and automate cloud resources in Microsoft Azure directly from a terminal or command prompt.
It enables cloud engineers, developers, and administrators to interact with Azure services using structured commands (az) instead of the graphical web portal. Azure CLI supports automation, scripting, and infrastructure management across services such as virtual machines, storage, networking, and resource groups.
In this project, I will;
- Create a Resource Group
- Build a Virtual Network (VNet) & Subnet
- Provision a Linux Virtual Machine
- Create a Storage Account & Upload Files
- Store Secrets in Azure Key Vault
- Monitor Costs & Set a Budget Alert
Create a Resource Group
A Resource Group is a logical container used to hold and organize related cloud resources in Microsoft Azure.
Resources such as virtual machines, storage accounts, databases, and networks are placed inside a resource group so they can be managed, deployed, and deleted together as a single unit.
1. Set a variable for the resource group
A variable is a named placeholder that stores a value that commands or scripts can reuse during a session.
Instead of repeatedly typing the same value (such as a file path, resource name, or configuration), you assign it to a variable and reference the variable whenever needed.
2. Create the Resource Group
This creates the above-named resource group (mylab-rg) in the location (East US). All resources in this lab will be placed here for easy cleanup.
- verify it was created in the Azure Portal
Build a Virtual Network (VNet) & Subnet
1. Create a VNet
A Virtual Network is a private network in the cloud that enables all cloud resources to communicate securely with one another.
It provides network isolation, IP address management, and secure connectivity for resources such as virtual machines and databases within Azure.
- Create a Virtual Network with a broad 10.0.0.0/16 IP address space.
2. Create a Subnet
A Subnet is a smaller, segmented range of IP addresses within a virtual network.
It is used to organize, secure, and control network traffic between resources, allowing better management and isolation within the larger virtual network.
- Create a Subnet that carves out a smaller 10.0.1.0/24 piece (subnet) of the VNet specifically for your VMs.
3. Create a Network Security Group (NSG)
A Network Security Group (NSG) is a set of security rules in Microsoft Azure that controls inbound and outbound traffic to resources in a virtual network.
It allows you to permit or deny traffic based on source/destination IP, port, and protocol, providing network-level security and isolation.
- Create a Network Security Group, which acts as a virtual firewall.
4. Open port 22 (SSH) & 80 (HTTP)
Port 22 (SSH) is the default port for Secure Shell (SSH) connections, which allows secure, encrypted remote access to a server or virtual machine. Opening this port lets administrators log in and manage resources remotely.
Port 80 (HTTP) is the default port for web traffic using the Hypertext Transfer Protocol (HTTP). Opening this port allows a server to serve web pages and respond to standard, unencrypted web requests from clients or browsers.
Add inbound rules prioritizing SSH (port 22) and HTTP (port 80) access from the internet.
- Allow SSH
- Allow HTTP
5. Attach NSG to Subnet
Applying the NSG to the subnet ensures that any VM created in that subnet automatically inherits those exact firewall rules, protecting the entire subnet.
Confirm resources are created from Azure Portal
Provision a Linux Virtual Machine
A Virtual Machine is a software based computer that runs an operating system and applications just like a physical computer, but operates on virtualized hardware within a host system or cloud platform.
In cloud environments such as Microsoft Azure, virtual machines provide on-demand computing resources including CPU, memory, storage, and networking, allowing users to deploy and manage servers without owning physical hardware.
Create an Ubuntu VM with a public IP inside your VNet
1. Allocate a Public IP
Without a public IP, the VM can only be accessed internally through the VNet or a VPN. You need this to reach your web server from your browser.
2. Create the VM
Create a B1s Ubuntu VM with auto-generated SSH keys and connect it to the existing subnet and firewall.
This is the actual cloud compute instance that will run your web application code.
3. Retrieve the public IP
This filters the Azure API response to return just the IP address string because we need this IP to SSH into the machine and to test the web application.
4. Verify the VM is running
This queries the VM status and displays it in a clean table format. Always verify provisioning success before attempting connections.
5. SSH into your VM & install Nginx
This will log into the VM over the internet via SSH, install the Nginx package using APT, and start the service. Usually A fresh VM is blank. Nginx serves as the web server to test our HTTP port 80 firewall rule.
Conclusion
Building a complete Azure environment using only the Azure CLI demonstrates how core Azure infrastructure components work together to create a secure, scalable, and manageable cloud environment. The Resource Group serves as the logical container that organizes and manages all related resources within a single lifecycle boundary. Inside this container, the Virtual Network (VNet) provides an isolated network environment in Azure where resources can communicate securely.
Within the VNet, Subnets segment the network into smaller logical sections, allowing better traffic control, organization, and security management. To further enforce security, Network Security Groups (NSGs) are applied to subnets or network interfaces to define inbound and outbound traffic rules, ensuring that only authorized network communication is permitted.
Finally, the Virtual Machine (VM) represents the compute resource running within the virtual network subnet, leveraging the network infrastructure and security policies defined by the NSG.
Overall, using the Azure CLI to deploy and manage these components provides a powerful, automated, and reproducible approach to infrastructure provisioning. It enables DevOps and cloud engineers to efficiently build, configure, and control Azure environments through scripting and command-line operations, reinforcing the principles of Infrastructure as Code (IaC), automation, and scalable cloud architecture.
Top comments (1)
Wow! Well done