QuickStart: Create and configure Azure DDoS IP Protection using Azure CLI

Get started with Azure DDoS IP Protection by using Azure CLI. In this QuickStart, you'll enable DDoS IP protection and link it to a public IP address.

Diagram of DDoS IP Protection protecting the Public IP address.

Prerequisites

If you choose to install and use the CLI locally, this quickstart requires Azure CLI version 2.0.56 or later. To find the version, run az --version. If you need to install or upgrade, see Install the Azure CLI.

Create a resource group

In Azure, you allocate related resources to a resource group. You can either use an existing resource group or create a new one.

To create a resource group, use az group create. In this example, we'll name our resource group MyResourceGroup and use the China East location:

    az group create \
        --name MyResourceGroup \
        --location chinaeast

Enable DDoS IP Protection on a public IP address

New public IP address

You can enable DDoS IP Protection when creating a public IP address. In this example, we'll name our public IP address myStandardPublicIP:

    az network public-ip create \
        --resource-group MyResourceGroup \
        --name myStandardPublicIP \
        --location chinaeast \
        --allocation-method Static \
        --sku Standard \
        --ddos-protection-mode Enabled

Existing public IP address

You can enable DDoS IP Protection on an existing public IP address.

    az network public-ip update \
        --resource-group MyResourceGroup \
        --name myStandardPublicIP \
        --ddos-protection-mode Enabled

Disable DDoS IP Protection:

You can disable DDoS IP Protection on an existing public IP address.

    az network public-ip update \
        --resource-group MyResourceGroup \
        --name myStandardPublicIP \
        --ddos-protection-mode Disabled 

Note

When changing DDoS IP protection from Enabled to Disabled, telemetry for the public IP resource will no longer be active.

Validate and test

Check the details of your DDoS IP Protection:

    az network public-ip show \
        --resource-group MyResourceGroup \
        --name myStandardPublicIP

Under ddosSettings, Verify protectionMode as Enabled.

Clean up resources

You can keep your resources for the next guide. If no longer needed, delete the MyResourceGroup resource group. When you delete the resource group, you also delete all its related resources.

When deleting the resource group, use az group delete:

    az group delete \
        --name MyResourceGroup 

Next steps

In this quickstart, you created:

  • A resource group
  • A public IP address
  • Enabled DDoS IP Protection using Azure CLI.

To learn how to configure telemetry for DDoS Protection, continue to the how-to guides.