Quickstart: Create a NAT gateway - ARM template
Get started with Azure NAT Gateway by using an Azure Resource Manager template (ARM template). This template deploys a virtual network, a NAT gateway resource, and Ubuntu virtual machine. The Ubuntu virtual machine is deployed to a subnet that is associated with the NAT gateway resource.
An Azure Resource Manager template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. The template uses declarative syntax. You describe your intended deployment without writing the sequence of programming commands to create the deployment.
If your environment meets the prerequisites and you're familiar with using ARM templates, select the Deploy to Azure button. The template opens in the Azure portal.
Prerequisites
- If you don't have an Azure subscription, create a trial account before you begin.
Review the template
The template used in this quickstart is from Azure Quickstart Templates.
This template is configured to create a:
Virtual network
NAT gateway resource
Ubuntu virtual machine
The Ubuntu VM is deployed to a subnet that's associated with the NAT gateway resource.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.4.1272.37030",
"templateHash": "8775765973444437006"
}
},
"parameters": {
"vmname": {
"type": "string",
"defaultValue": "myVM",
"metadata": {
"description": "Name of the virtual machine"
}
},
"vmsize": {
"type": "string",
"defaultValue": "Standard_D2s_v3",
"metadata": {
"description": "Size of the virtual machine"
}
},
"vnetname": {
"type": "string",
"defaultValue": "myVnet",
"metadata": {
"description": "Name of the virtual network"
}
},
"subnetname": {
"type": "string",
"defaultValue": "mySubnet",
"metadata": {
"description": "Name of the subnet for virtual network"
}
},
"vnetaddressspace": {
"type": "string",
"defaultValue": "192.168.0.0/16",
"metadata": {
"description": "Address space for virtual network"
}
},
"vnetsubnetprefix": {
"type": "string",
"defaultValue": "192.168.0.0/24",
"metadata": {
"description": "Subnet prefix for virtual network"
}
},
"natgatewayname": {
"type": "string",
"defaultValue": "myNATgateway",
"metadata": {
"description": "Name of the NAT gateway"
}
},
"networkinterfacename": {
"type": "string",
"defaultValue": "myvmNIC",
"metadata": {
"description": "Name of the virtual machine nic"
}
},
"publicipname": {
"type": "string",
"defaultValue": "myPublicIP",
"metadata": {
"description": "Name of the NAT gateway public IP"
}
},
"nsgname": {
"type": "string",
"defaultValue": "myVMnsg",
"metadata": {
"description": "Name of the virtual machine NSG"
}
},
"publicipvmname": {
"type": "string",
"defaultValue": "myPublicIPVM",
"metadata": {
"description": "Name of the virtual machine public IP"
}
},
"publicipprefixname": {
"type": "string",
"defaultValue": "myPublicIPPrefix",
"metadata": {
"description": "Name of the NAT gateway public IP"
}
},
"adminusername": {
"type": "string",
"metadata": {
"description": "Administrator username for virtual machine"
}
},
"adminpassword": {
"type": "secureString",
"metadata": {
"description": "Administrator password for virtual machine"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Name of resource group"
}
}
},
"resources": [
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2021-05-01",
"name": "[parameters('nsgname')]",
"location": "[parameters('location')]",
"properties": {
"securityRules": [
{
"name": "SSH",
"properties": {
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "22",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 300,
"direction": "Inbound"
}
}
]
}
},
{
"type": "Microsoft.Network/publicIPAddresses",
"apiVersion": "2021-05-01",
"name": "[parameters('publicipname')]",
"location": "[parameters('location')]",
"sku": {
"name": "Standard"
},
"properties": {
"publicIPAddressVersion": "IPv4",
"publicIPAllocationMethod": "Static",
"idleTimeoutInMinutes": 4
}
},
{
"type": "Microsoft.Network/publicIPAddresses",
"apiVersion": "2021-05-01",
"name": "[parameters('publicipvmname')]",
"location": "[parameters('location')]",
"sku": {
"name": "Standard"
},
"properties": {
"publicIPAddressVersion": "IPv4",
"publicIPAllocationMethod": "Static",
"idleTimeoutInMinutes": 4
}
},
{
"type": "Microsoft.Network/publicIPPrefixes",
"apiVersion": "2021-05-01",
"name": "[parameters('publicipprefixname')]",
"location": "[parameters('location')]",
"sku": {
"name": "Standard"
},
"properties": {
"prefixLength": 31,
"publicIPAddressVersion": "IPv4"
}
},
{
"type": "Microsoft.Compute/virtualMachines",
"apiVersion": "2021-11-01",
"name": "[parameters('vmname')]",
"location": "[parameters('location')]",
"properties": {
"hardwareProfile": {
"vmSize": "[parameters('vmsize')]"
},
"storageProfile": {
"imageReference": {
"publisher": "Canonical",
"offer": "UbuntuServer",
"sku": "18.04-LTS",
"version": "latest"
},
"osDisk": {
"osType": "Linux",
"name": "[format('{0}_disk1', parameters('vmname'))]",
"createOption": "FromImage",
"caching": "ReadWrite",
"managedDisk": {
"storageAccountType": "Premium_LRS"
},
"diskSizeGB": 30
}
},
"osProfile": {
"computerName": "[parameters('vmname')]",
"adminUsername": "[parameters('adminusername')]",
"adminPassword": "[parameters('adminpassword')]",
"linuxConfiguration": {
"disablePasswordAuthentication": false,
"provisionVMAgent": true
},
"allowExtensionOperations": true
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkinterfacename'))]"
}
]
}
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkInterfaces', parameters('networkinterfacename'))]"
]
},
{
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2021-05-01",
"name": "[parameters('vnetname')]",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('vnetaddressspace')]"
]
},
"subnets": [
{
"name": "[parameters('subnetname')]",
"properties": {
"addressPrefix": "[parameters('vnetsubnetprefix')]",
"natGateway": {
"id": "[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]"
},
"privateEndpointNetworkPolicies": "Enabled",
"privateLinkServiceNetworkPolicies": "Enabled"
}
}
],
"enableDdosProtection": false,
"enableVmProtection": false
},
"dependsOn": [
"[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]"
]
},
{
"type": "Microsoft.Network/natGateways",
"apiVersion": "2021-05-01",
"name": "[parameters('natgatewayname')]",
"location": "[parameters('location')]",
"sku": {
"name": "Standard"
},
"properties": {
"idleTimeoutInMinutes": 4,
"publicIpAddresses": [
{
"id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicipname'))]"
}
],
"publicIpPrefixes": [
{
"id": "[resourceId('Microsoft.Network/publicIPPrefixes', parameters('publicipprefixname'))]"
}
]
},
"dependsOn": [
"[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicipname'))]",
"[resourceId('Microsoft.Network/publicIPPrefixes', parameters('publicipprefixname'))]"
]
},
{
"type": "Microsoft.Network/virtualNetworks/subnets",
"apiVersion": "2021-05-01",
"name": "[format('{0}/{1}', parameters('vnetname'), 'mySubnet')]",
"properties": {
"addressPrefix": "[parameters('vnetsubnetprefix')]",
"natGateway": {
"id": "[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]"
},
"privateEndpointNetworkPolicies": "Enabled",
"privateLinkServiceNetworkPolicies": "Enabled"
},
"dependsOn": [
"[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]",
"[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetname'))]"
]
},
{
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "2021-05-01",
"name": "[parameters('networkinterfacename')]",
"location": "[parameters('location')]",
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAddress": "192.168.0.4",
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicipvmname'))]"
},
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetname'), 'mySubnet')]"
},
"primary": true,
"privateIPAddressVersion": "IPv4"
}
}
],
"enableAcceleratedNetworking": false,
"enableIPForwarding": false,
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgname'))]"
}
},
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetname'), 'mySubnet')]",
"[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgname'))]",
"[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicipvmname'))]"
]
}
]
}
S Nine Azure resources are defined in the template:
Microsoft.Network/networkSecurityGroups: Creates a network security group.
Microsoft.Network/networkSecurityGroups/securityRules: Creates a security rule.
Microsoft.Network/publicIPAddresses: Creates a public IP address.
Microsoft.Network/publicIPPrefixes: Creates a public IP prefix.
Microsoft.Compute/virtualMachines: Creates a virtual machine.
Microsoft.Network/virtualNetworks: Creates a virtual network.
Microsoft.Network/natGateways: Creates a NAT gateway resource.
Microsoft.Network/virtualNetworks/subnets: Creates a virtual network subnet.
Microsoft.Network/networkinterfaces: Creates a network interface.
Deploy the template
Note
When we deploy resource with specified template file URI that starts with https://raw.githubusercontent.com/, the console will run in error like Unable to download deployment content sometime.
We can follow the actions below to resolve the corresponding issue.
Copy the template URI, convert the URI by changing the prefix, infix, and tempalte file name. For exsample: the origin URI is
https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/101-cosmosdb-sql-autoscale/azuredeploy.jsonCategory Original value Converted value Action Prefix https://raw.githubusercontent.comhttps://github.comUpdate Infix blobAdd before masterormainbranch nameTemplate file name azuredeploy.json your download tempalte file name update After modified, the converted URI will show like
https://github.com/Azure/azure-quickstart-templates/blob/master/101-cosmosdb-sql-autoscale/azuredeploy.json.Please be kindly noticed that some templates URI have been updated as https://github.com/Azure/azure-quickstart-template/quickstarts/{Microsoft_Resource_Provider_Name}/, you can follow the corresponding path regulation to update the original URI.
Copy the converted URI and download the specific template content in Internet browsers manully.
Modify the templates you downloaded or referenced from the GitHub Repo in order to fit in the Azure China 21Vianet Environment. For example, replace some endpoints -- "blob.core.windows.net" by "blob.core.chinacloudapi.cn", "cloudapp.azure.com" by "chinacloudapp.cn"; change some unsupported Location,VM images, VM sizes, SKU, and resource-provider's API Version when necessary.
Replace the parameter of
-TemplateUriwith-TemplateFilefor powershell or--template-uriwith--template-filefor CLI , then update the specified URI with the downloaded actual file name and run the script again.Language category Reference link Action PowerShell New-AzResourceGroupDeploymentReplace -TemplateUriwith-TemplateFile
Follow the previous steps to download the-TemplateParameterUricontent and repalce with-TemplateParameterFilein cmdlet when necessary.Azure CLI az deployment group createReplace --template-uriwith--template-file
Review deployed resources
Sign in to the Azure portal.
Select Resource groups from the left pane.
Select the resource group that you created in the previous section. The default resource group name is myResourceGroupNAT
Verify the following resources were created in the resource group:
Clean up resources
When no longer needed, delete the resource group, NAT gateway, and all related resources. Select the resource group myResourceGroupNAT that contains the NAT gateway, and then select Delete.
Next steps
In this quickstart, you created a:
NAT gateway resource
Virtual network
Ubuntu virtual machine
The virtual machine is deployed to a virtual network subnet associated with the NAT gateway.
To learn more about Azure NAT Gateway and Azure Resource Manager, continue to the following articles.
Read an Overview of Azure NAT Gateway
Read about the NAT Gateway resource
Learn more about Azure Resource Manager