Sunday 10 July 2022

How to Create and configure Azure DDoS Protection Standard using Azure PowerShell?

 Get started with Azure DDoS Protection Standard by using Azure PowerShell.

A DDoS protection plan defines a set of virtual networks that have DDoS protection standard enabled, across subscriptions. You can configure one DDoS protection plan for your organization and link virtual networks from multiple subscriptions to the same plan.

In this quickstart, you'll create a DDoS protection plan and link it to a virtual network.

Prerequisites

 Note

This article uses the Azure Az PowerShell module, which is the recommended PowerShell module for interacting with Azure. To get started with the Az PowerShell module, see Install Azure PowerShell. To learn how to migrate to the Az PowerShell module, see Migrate Azure PowerShell from AzureRM to Az.

Use Azure Cloud Shell

Azure hosts Azure Cloud Shell, an interactive shell environment that you can use through your browser. You can use either Bash or PowerShell with Cloud Shell to work with Azure services. You can use the Cloud Shell preinstalled commands to run the code in this article, without having to install anything on your local environment.

To start Azure Cloud Shell:

OptionExample/Link
Select Try It in the upper-right corner of a code block. Selecting Try It doesn't automatically copy the code to Cloud Shell.Screenshot that shows an example of Try It for Azure Cloud Shell.
Go to https://shell.azure.com, or select the Launch Cloud Shell button to open Cloud Shell in your browser.Screenshot that shows how to launch Cloud Shell in a new window.
Select the Cloud Shell button on the menu bar at the upper right in the Azure portal.Screenshot that shows the Cloud Shell button in the Azure portal

To run the code in this article in Azure Cloud Shell:

  1. Start Cloud Shell.

  2. Select the Copy button on a code block to copy the code.

  3. Paste the code into the Cloud Shell session by selecting Ctrl+Shift+V on Windows and Linux, or by selecting Cmd+Shift+V on macOS.

  4. Select Enter to run the code.

Create a DDoS Protection plan

In Azure, you allocate related resources to a resource group. You can either use an existing resource group or create a new one.

To create a resource group, use New-AzResourceGroup. In this example, we'll name our resource group MyResourceGroup and use the East US location:

Azure PowerShell
New-AzResourceGroup -Name MyResourceGroup -Location "East US"

Now create a DDoS protection plan named MyDdosProtectionPlan:

Azure PowerShell
New-AzDdosProtectionPlan -ResourceGroupName MyResourceGroup -Name MyDdosProtectionPlan -Location "East US"

Enable DDoS for a virtual network

Enable DDoS for a new virtual network

You can enable DDoS protection when creating a virtual network. In this example, we'll name our virtual network MyVnet:

Azure PowerShell
#Gets the DDoS protection plan ID
$ddosProtectionPlanID = Get-AzDdosProtectionPlan -ResourceGroupName MyResourceGroup -Name MyDdosProtectionPlan

#Creates the virtual network
New-AzVirtualNetwork -Name MyVnet -ResourceGroupName MyResourceGroup -Location "East US" -AddressPrefix 10.0.0.0/16 -DdosProtectionPlan $ddosProtectionPlanID -EnableDdosProtection

Enable DDoS for an existing virtual network

You can associate an existing virtual network when creating a DDoS protection plan:

Azure PowerShell
#Gets the DDoS protection plan ID
$ddosProtectionPlanID = Get-AzDdosProtectionPlan -ResourceGroupName MyResourceGroup -Name MyDdosProtectionPlan

# Gets the most updated version of the virtual network
$vnet = Get-AzVirtualNetwork -Name MyVnet -ResourceGroupName MyResourceGroup
$vnet.DdosProtectionPlan = New-Object Microsoft.Azure.Commands.Network.Models.PSResourceId

# Update the properties and enable DDoS protection
$vnet.DdosProtectionPlan.Id = $ddosProtectionPlanID.Id
$vnet.EnableDdosProtection = $true
$vnet | Set-AzVirtualNetwork

Validate and test

Check the details of your DDoS protection plan and verify that the command returns the correct details of your DDoS protection plan.

Azure PowerShell
Get-AzDdosProtectionPlan -ResourceGroupName MyResourceGroup -Name MyDdosProtectionPlan

Check the details of your vNet and verify the DDoS protection plan is enabled.

Azure PowerShell
Get-AzVirtualNetwork -Name MyVnet -ResourceGroupName MyResourceGroup

Clean up resources

You can keep your resources for the next tutorial. If no longer needed, delete the MyResourceGroup resource group. When you delete the resource group, you also delete the DDoS protection plan and all its related resources.

Azure PowerShell
Remove-AzResourceGroup -Name MyResourceGroup

To disable DDoS protection for a virtual network:

Azure PowerShell
# Gets the most updated version of the virtual network
$vnet = Get-AzVirtualNetwork -Name MyVnet -ResourceGroupName MyResourceGroup
$vnet.DdosProtectionPlan = $null
$vnet.EnableDdosProtection = $false
$vnet | Set-AzVirtualNetwork

If you want to delete a DDoS protection plan, you must first dissociate all virtual networks from it.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)