Create a virtual machine with a static public IP address using the Azure CLI

In this article, you'll create a VM with a static public IP address. A public IP address enables communication to a virtual machine from the internet. Assign a static public IP address, instead of a dynamic address, to ensure the address never changes.

Public IP addresses have a nominal charge. There's a limit to the number of public IP addresses that you can use per subscription.

Prerequisites

  • If you prefer to run CLI reference commands locally, install the Azure CLI. If you're running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see How to run the Azure CLI in a Docker container.

    • If you're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For other sign-in options, see Sign in with the Azure CLI.

    • When you're prompted, install the Azure CLI extension on first use. For more information about extensions, see Use extensions with the Azure CLI.

    • Run az version to find the version and dependent libraries that are installed. To upgrade to the latest version, run az upgrade.

  • An Azure account with an active subscription. Create a trial subscription.

  • This tutorial requires version 2.0.28 or later of the Azure CLI.

Create a resource group

An Azure resource group is a logical container into which Azure resources are deployed and managed.

Create a resource group with az group create named myResourceGroup in the chinanorth3 location.

Note

Before you can use Azure CLI in Microsoft Azure operated by 21Vianet, please run az cloud set -n AzureChinaCloud first to change the cloud environment. If you want to switch back to Azure Public Cloud, run az cloud set -n AzureCloud again.

az cloud set -n AzureChinaCloud
az login
az group create \
    --name myResourceGroup \
    --location chinanorth3

Create a public IP address

Use az network public-ip create to create a standard public IPv4 address.

The following command creates a zone-redundant public IP address named myPublicIP in myResourceGroup.

az network public-ip create \
    --resource-group myResourceGroup \
    --name myPublicIP \
    --version IPv4 \
    --sku Standard \
    --zone 1 2 3

Create a virtual machine

Create a virtual machine with az vm create.

The following command creates a Windows Server virtual machine. You'll enter the name of the public IP address created previously in the -PublicIPAddressName parameter. When prompted, provide a username and password to be used as the credentials for the virtual machine:

  az vm create \
    --name myVM \
    --resource-group TutorVMRoutePref-rg \
    --public-ip-address myPublicIP \
    --size Standard_A2 \
    --image MicrosoftWindowsServer:WindowsServer:2019-Datacenter:latest \
    --admin-username azureuser

For more information on public IP SKUs, see Public IP address SKUs. A virtual machine can be added to the backend pool of an Azure Load Balancer. The SKU of the public IP address must match the SKU of a load balancer's public IP. For more information, see Azure Load Balancer.

View the public IP address assigned and confirm that it was created as a static address, with az network public-ip show:

  az network public-ip show \
    --resource-group myResourceGroup \
    --name myPublicIP \
    --query [ipAddress,publicIpAllocationMethod,sku] \
    --output table

Warning

Do not modify the IP address settings within the virtual machine's operating system. The operating system is unaware of Azure public IP addresses. Though you can add private IP address settings to the operating system, we recommend not doing so unless necessary, and not until after reading Add a private IP address to an operating system.

Note

Azure provides a default outbound access IP for VMs that either aren't assigned a public IP address or are in the backend pool of an internal basic Azure load balancer. The default outbound access IP mechanism provides an outbound IP address that isn't configurable.

The default outbound access IP is disabled when one of the following events happens:

  • A public IP address is assigned to the VM.
  • The VM is placed in the backend pool of a standard load balancer, with or without outbound rules.
  • An Azure Virtual Network NAT gateway resource is assigned to the subnet of the VM.

VMs that you create by using virtual machine scale sets in flexible orchestration mode don't have default outbound access.

For more information about outbound connections in Azure, see Default outbound access in Azure and Use Source Network Address Translation (SNAT) for outbound connections.

Clean up resources

When no longer needed, you can use az group delete to remove the resource group and all of the resources it contains:

  az group delete --name myResourceGroup --yes

Next steps