Quickstart: Create a NAT gateway - ARM template

Get started with Azure NAT Gateway by using an Azure Resource Manager template (ARM template). This template deploys a virtual network, a NAT gateway resource, and Ubuntu virtual machine. The Ubuntu virtual machine is deployed to a subnet that is associated with the NAT gateway resource.

Diagram of resources created in nat gateway quickstart.

An Azure Resource Manager template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. The template uses declarative syntax. You describe your intended deployment without writing the sequence of programming commands to create the deployment.

If your environment meets the prerequisites and you're familiar with using ARM templates, select the Deploy to Azure button. The template opens in the Azure portal.

Button to deploy the Resource Manager template to Azure.

Prerequisites

  • If you don't have an Azure subscription, create a trial account before you begin.

Review the template

The template used in this quickstart is from Azure Quickstart Templates.

This template is configured to create a:

  • Virtual network

  • NAT gateway resource

  • Ubuntu virtual machine

The Ubuntu VM is deployed to a subnet that's associated with the NAT gateway resource.

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "metadata": {
    "_generator": {
      "name": "bicep",
      "version": "0.4.1272.37030",
      "templateHash": "8775765973444437006"
    }
  },
  "parameters": {
    "vmname": {
      "type": "string",
      "defaultValue": "myVM",
      "metadata": {
        "description": "Name of the virtual machine"
      }
    },
    "vmsize": {
      "type": "string",
      "defaultValue": "Standard_D2s_v3",
      "metadata": {
        "description": "Size of the virtual machine"
      }
    },
    "vnetname": {
      "type": "string",
      "defaultValue": "myVnet",
      "metadata": {
        "description": "Name of the virtual network"
      }
    },
    "subnetname": {
      "type": "string",
      "defaultValue": "mySubnet",
      "metadata": {
        "description": "Name of the subnet for virtual network"
      }
    },
    "vnetaddressspace": {
      "type": "string",
      "defaultValue": "192.168.0.0/16",
      "metadata": {
        "description": "Address space for virtual network"
      }
    },
    "vnetsubnetprefix": {
      "type": "string",
      "defaultValue": "192.168.0.0/24",
      "metadata": {
        "description": "Subnet prefix for virtual network"
      }
    },
    "natgatewayname": {
      "type": "string",
      "defaultValue": "myNATgateway",
      "metadata": {
        "description": "Name of the NAT gateway"
      }
    },
    "networkinterfacename": {
      "type": "string",
      "defaultValue": "myvmNIC",
      "metadata": {
        "description": "Name of the virtual machine nic"
      }
    },
    "publicipname": {
      "type": "string",
      "defaultValue": "myPublicIP",
      "metadata": {
        "description": "Name of the NAT gateway public IP"
      }
    },
    "nsgname": {
      "type": "string",
      "defaultValue": "myVMnsg",
      "metadata": {
        "description": "Name of the virtual machine NSG"
      }
    },
    "publicipvmname": {
      "type": "string",
      "defaultValue": "myPublicIPVM",
      "metadata": {
        "description": "Name of the virtual machine public IP"
      }
    },
    "publicipprefixname": {
      "type": "string",
      "defaultValue": "myPublicIPPrefix",
      "metadata": {
        "description": "Name of the NAT gateway public IP"
      }
    },
    "adminusername": {
      "type": "string",
      "metadata": {
        "description": "Administrator username for virtual machine"
      }
    },
    "adminpassword": {
      "type": "secureString",
      "metadata": {
        "description": "Administrator password for virtual machine"
      }
    },
    "location": {
      "type": "string",
      "defaultValue": "[resourceGroup().location]",
      "metadata": {
        "description": "Name of resource group"
      }
    }
  },
  "resources": [
    {
      "type": "Microsoft.Network/networkSecurityGroups",
      "apiVersion": "2021-05-01",
      "name": "[parameters('nsgname')]",
      "location": "[parameters('location')]",
      "properties": {
        "securityRules": [
          {
            "name": "SSH",
            "properties": {
              "protocol": "Tcp",
              "sourcePortRange": "*",
              "destinationPortRange": "22",
              "sourceAddressPrefix": "*",
              "destinationAddressPrefix": "*",
              "access": "Allow",
              "priority": 300,
              "direction": "Inbound"
            }
          }
        ]
      }
    },
    {
      "type": "Microsoft.Network/publicIPAddresses",
      "apiVersion": "2021-05-01",
      "name": "[parameters('publicipname')]",
      "location": "[parameters('location')]",
      "sku": {
        "name": "Standard"
      },
      "properties": {
        "publicIPAddressVersion": "IPv4",
        "publicIPAllocationMethod": "Static",
        "idleTimeoutInMinutes": 4
      }
    },
    {
      "type": "Microsoft.Network/publicIPAddresses",
      "apiVersion": "2021-05-01",
      "name": "[parameters('publicipvmname')]",
      "location": "[parameters('location')]",
      "sku": {
        "name": "Standard"
      },
      "properties": {
        "publicIPAddressVersion": "IPv4",
        "publicIPAllocationMethod": "Static",
        "idleTimeoutInMinutes": 4
      }
    },
    {
      "type": "Microsoft.Network/publicIPPrefixes",
      "apiVersion": "2021-05-01",
      "name": "[parameters('publicipprefixname')]",
      "location": "[parameters('location')]",
      "sku": {
        "name": "Standard"
      },
      "properties": {
        "prefixLength": 31,
        "publicIPAddressVersion": "IPv4"
      }
    },
    {
      "type": "Microsoft.Compute/virtualMachines",
      "apiVersion": "2021-11-01",
      "name": "[parameters('vmname')]",
      "location": "[parameters('location')]",
      "properties": {
        "hardwareProfile": {
          "vmSize": "[parameters('vmsize')]"
        },
        "storageProfile": {
          "imageReference": {
            "publisher": "Canonical",
            "offer": "UbuntuServer",
            "sku": "18.04-LTS",
            "version": "latest"
          },
          "osDisk": {
            "osType": "Linux",
            "name": "[format('{0}_disk1', parameters('vmname'))]",
            "createOption": "FromImage",
            "caching": "ReadWrite",
            "managedDisk": {
              "storageAccountType": "Premium_LRS"
            },
            "diskSizeGB": 30
          }
        },
        "osProfile": {
          "computerName": "[parameters('vmname')]",
          "adminUsername": "[parameters('adminusername')]",
          "adminPassword": "[parameters('adminpassword')]",
          "linuxConfiguration": {
            "disablePasswordAuthentication": false,
            "provisionVMAgent": true
          },
          "allowExtensionOperations": true
        },
        "networkProfile": {
          "networkInterfaces": [
            {
              "id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkinterfacename'))]"
            }
          ]
        }
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkinterfacename'))]"
      ]
    },
    {
      "type": "Microsoft.Network/virtualNetworks",
      "apiVersion": "2021-05-01",
      "name": "[parameters('vnetname')]",
      "location": "[parameters('location')]",
      "properties": {
        "addressSpace": {
          "addressPrefixes": [
            "[parameters('vnetaddressspace')]"
          ]
        },
        "subnets": [
          {
            "name": "[parameters('subnetname')]",
            "properties": {
              "addressPrefix": "[parameters('vnetsubnetprefix')]",
              "natGateway": {
                "id": "[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]"
              },
              "privateEndpointNetworkPolicies": "Enabled",
              "privateLinkServiceNetworkPolicies": "Enabled"
            }
          }
        ],
        "enableDdosProtection": false,
        "enableVmProtection": false
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]"
      ]
    },
    {
      "type": "Microsoft.Network/natGateways",
      "apiVersion": "2021-05-01",
      "name": "[parameters('natgatewayname')]",
      "location": "[parameters('location')]",
      "sku": {
        "name": "Standard"
      },
      "properties": {
        "idleTimeoutInMinutes": 4,
        "publicIpAddresses": [
          {
            "id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicipname'))]"
          }
        ],
        "publicIpPrefixes": [
          {
            "id": "[resourceId('Microsoft.Network/publicIPPrefixes', parameters('publicipprefixname'))]"
          }
        ]
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicipname'))]",
        "[resourceId('Microsoft.Network/publicIPPrefixes', parameters('publicipprefixname'))]"
      ]
    },
    {
      "type": "Microsoft.Network/virtualNetworks/subnets",
      "apiVersion": "2021-05-01",
      "name": "[format('{0}/{1}', parameters('vnetname'), 'mySubnet')]",
      "properties": {
        "addressPrefix": "[parameters('vnetsubnetprefix')]",
        "natGateway": {
          "id": "[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]"
        },
        "privateEndpointNetworkPolicies": "Enabled",
        "privateLinkServiceNetworkPolicies": "Enabled"
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]",
        "[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetname'))]"
      ]
    },
    {
      "type": "Microsoft.Network/networkInterfaces",
      "apiVersion": "2021-05-01",
      "name": "[parameters('networkinterfacename')]",
      "location": "[parameters('location')]",
      "properties": {
        "ipConfigurations": [
          {
            "name": "ipconfig1",
            "properties": {
              "privateIPAddress": "192.168.0.4",
              "privateIPAllocationMethod": "Dynamic",
              "publicIPAddress": {
                "id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicipvmname'))]"
              },
              "subnet": {
                "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetname'), 'mySubnet')]"
              },
              "primary": true,
              "privateIPAddressVersion": "IPv4"
            }
          }
        ],
        "enableAcceleratedNetworking": false,
        "enableIPForwarding": false,
        "networkSecurityGroup": {
          "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgname'))]"
        }
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetname'), 'mySubnet')]",
        "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgname'))]",
        "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicipvmname'))]"
      ]
    }
  ]
}

S Nine Azure resources are defined in the template:

Deploy the template

Note

When we deploy resource with specified template file URI that starts with https://raw.githubusercontent.com/, the console will run in error like Unable to download deployment content sometime.

We can follow the actions below to resolve the corresponding issue.

  1. Copy the template URI, convert the URI by changing the prefix, infix, and tempalte file name. For exsample: the origin URI is https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/101-cosmosdb-sql-autoscale/azuredeploy.json

    Category Original value Converted value Action
    Prefix https://raw.githubusercontent.com https://github.com Update
    Infix blob Add before master or main branch name
    Template file name azuredeploy.json your download tempalte file name update

    After modified, the converted URI will show like https://github.com/Azure/azure-quickstart-templates/blob/master/101-cosmosdb-sql-autoscale/azuredeploy.json.

    Please be kindly noticed that some templates URI have been updated as https://github.com/Azure/azure-quickstart-template/quickstarts/{Microsoft_Resource_Provider_Name}/, you can follow the corresponding path regulation to update the original URI.

  2. Copy the converted URI and download the specific template content in Internet browsers manully.

  3. Modify the templates you downloaded or referenced from the GitHub Repo in order to fit in the Azure China 21Vianet Environment. For example, replace some endpoints -- "blob.core.windows.net" by "blob.core.chinacloudapi.cn", "cloudapp.azure.com" by "chinacloudapp.cn"; change some unsupported Location,VM images, VM sizes, SKU, and resource-provider's API Version when necessary.

  4. Replace the parameter of -TemplateUri with -TemplateFile for powershell or --template-uri with --template-file for CLI , then update the specified URI with the downloaded actual file name and run the script again.

    Language category Reference link Action
    PowerShell New-AzResourceGroupDeployment Replace -TemplateUri with -TemplateFile
    Follow the previous steps to download the -TemplateParameterUri content and repalce with -TemplateParameterFile in cmdlet when necessary.
    Azure CLI az deployment group create Replace --template-uri with --template-file

Button to deploy the Resource Manager template to Azure.

Review deployed resources

  1. Sign in to the Azure portal.

  2. Select Resource groups from the left pane.

  3. Select the resource group that you created in the previous section. The default resource group name is myResourceGroupNAT

  4. Verify the following resources were created in the resource group:

    Virtual Network NAT resource group

Clean up resources

When no longer needed, delete the resource group, NAT gateway, and all related resources. Select the resource group myResourceGroupNAT that contains the NAT gateway, and then select Delete.

Next steps

In this quickstart, you created a:

  • NAT gateway resource

  • Virtual network

  • Ubuntu virtual machine

The virtual machine is deployed to a virtual network subnet associated with the NAT gateway.

To learn more about Azure NAT Gateway and Azure Resource Manager, continue to the following articles.