QuickStart: Create and configure Azure DDoS IP Protection using Azure PowerShell
Get started with Azure DDoS IP Protection by using Azure PowerShell. In this QuickStart, you'll enable DDoS IP protection and link it to a public IP address utilizing PowerShell.
Prerequisites
- An Azure account with an active subscription. Create a trial subscription.
- Azure PowerShell installed locally or Azure local Shell
- If you choose to install and use PowerShell locally, this article requires the Azure PowerShell module version 9.0.0 or later. Run
Get-Module -ListAvailable Azto find the installed version. If you need to upgrade, see Install Azure PowerShell module. If you're running PowerShell locally, you also need to runConnect-AzAccount -Environment AzureChinaCloudto create a connection with Azure.
Note
We recommend that you use the Azure Az PowerShell module to interact with Azure. To get started, see Install Azure PowerShell. To learn how to migrate to the Az PowerShell module, see Migrate Azure PowerShell from AzureRM to Az.
Enable DDoS IP Protection for a public IP address
You can enable DDoS IP Protection when creating a public IP address. In this example, we'll name our public IP address myStandardPublicIP:
#Creates the resource group
New-AzResourceGroup -Name MyResourceGroup -Location chinaeast
#Creates the IP address and enables DDoS IP Protection
New-AzPublicIpAddress -Name myStandardPublicIP -ResourceGroupName MyResourceGroup -Sku Standard -Location "China East" -AllocationMethod Static -DdosProtectionMode Enabled
Note
DDoS IP Protection is enabled only on Public IP Standard SKU.
Enable DDoS IP Protection for an existing public IP address
You can associate an existing public IP address:
#Gets the public IP address
$publicIp = Get-AzPublicIpAddress -Name myStandardPublicIP -ResourceGroupName MyResourceGroup
#Enables DDoS IP Protection for the public IP address
$publicIp.DdosSettings.ProtectionMode = 'Enabled'
#Updates public IP address
Set-AzPublicIpAddress -PublicIpAddress $publicIp
Validate and test
Check the details of your public IP address and verify that DDoS IP Protection is enabled.
#Gets the public IP address
$publicIp = Get-AzPublicIpAddress -Name myStandardPublicIP -ResourceGroupName MyResourceGroup
#Checks the status of the public IP address
$protectionMode = $publicIp.DdosSettings.ProtectionMode
#Returns the status of the public IP address
$protectionMode
Disable DDoS IP Protection for an existing public IP address
$publicIp = Get-AzPublicIpAddress -Name myStandardPublicIP -ResourceGroupName MyResourceGroup
$publicIp.DdosSettings.ProtectionMode = 'Disabled'
Set-AzPublicIpAddress -PublicIpAddress $publicIp
Note
When changing DDoS IP protection from Enabled to Disabled, telemetry for the public IP resource will no longer be active.
Clean up resources
You can keep your resources for the next tutorial. If no longer needed, delete the MyResourceGroup resource group. When you delete the resource group, you also delete the DDoS protection plan and all its related resources.
Remove-AzResourceGroup -Name MyResourceGroup
Next steps
In this quickstart, you created:
- A resource group
- A public IP address
You enabled DDoS IP Protection using Azure PowerShell. To learn how to view and configure telemetry for your DDoS protection plan, continue to the tutorials.