2.2.9 Configure Network Access

Configuring network access in Azure.

To see current running VMs: az vm list

Task 1: Access your Web Server

  1. Run az vm list-ip-addresses to get VM IP address, store the result as a BASH variable:

IPADDRESS="$(az vm list-ip-addresses \
		--resource-group "GROUP-NAME" \
		--name my-vm \
		--query "[].virtualMachine.network.publicIpAddresses[*].ipAddress" \
		--output tsv)"

  1. Run the following curl command to download the homepage:

curl --connect-timeout 5 http://$IPADDRESS

After 5 seconds, an error message indicates the VM is not accessible. 3. To see the VM IP address, run: echo $IPADDRESS.

Task 2: List Current Network Security Group Rules

  1. Run the following az network nsg list command to list network security groups associated with VM:

az network nsg list \
--resource-group "GROUP-NAME" \
--query "[].name" \
--output tsv

Every VM on Azure is associated with at least one network security group. Azure creates a group for us called my-vmNSG. 2. Run the following az network nsg rule list command to list rules associated with my-vmNSG:

az network nsg rule list \
--resource-group "GROUP-NAME" \
--nsg-name my-vmNSG

This will output a block of JSON text. 3. To make this easier to read, run the following command again but this time using --query and --output to format a table:

az network nsg rule list \
--resource-group "GROUP-NAME" \
--nsg-name my-vmNSG \
--query '[].{Name:name, Priority:priority, Port:destinationPortRange, Access:access}' \
--output table

The default rule, default-allow-ssh allows inbound connections on port 22. The rule priority is 1000. Rules are processed in order, with lower numbers being processed first. To connect to our web server, we need to allow inbound connections on port 80.

Task 3: Create the Network Security Rule

  1. Run az network nsg rule create to create a rule called allow-http:

az network nsg rule create \
--resource-group "GROUP-NAME" \
--nsg-name my-vmNSG \
--name allow-http \
--protocol tcp \
--priority 100 \
--destination-port-range 80 \
--access Allow

  1. Verify this by running az network nsg rule list:

az network nsg rule list \
--resource-group "GROUP-NAME" \
--nsg-name my-vmNSG \
--query '[].{Name:name, Priority:priority, Port:destinationPortRange, Access:access}' \
--output table

Task 4: Access the Web Server Again

  1. Run the same curl command again:

curl --connect-timeout 5 http://$IPADDRESS

This should now also work in browser.