Create a virtual machine with a static public IP address using the Azure CLI
In this article, you'll create a VM with a static public IP address. A public IP address enables communication to a virtual machine from the internet. Assign a static public IP address, instead of a dynamic address, to ensure the address never changes.
If you prefer to run CLI reference commands locally, install the Azure CLI. If you are running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see How to run the Azure CLI in a Docker container.
If you're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For additional sign-in options, see Sign in with the Azure CLI.
When you're prompted, install Azure CLI extensions on first use. For more information about extensions, see Use extensions with the Azure CLI.
- An Azure account with an active subscription. Create an account for free.
- This tutorial requires version 2.0.28 or later of the Azure CLI. If using Azure Cloud Shell, the latest version is already installed.
Create a resource group
An Azure resource group is a logical container into which Azure resources are deployed and managed.
Create a resource group with az group create named myResourceGroup in the eastus2 location.
az group create \ --name myResourceGroup \ --location eastus2
Create a public IP address
Use az network public-ip create to create a standard public IPv4 address.
The following command creates a zone-redundant public IP address named myPublicIP in myResourceGroup.
az network public-ip create \ --resource-group myResourceGroup \ --name myPublicIP \ --version IPv4 \ --sku Standard \ --zone 1 2 3
Create a virtual machine
Create a virtual machine with az vm create.
The following command creates a Windows Server virtual machine. You'll enter the name of the public IP address created previously in the
-PublicIPAddressName parameter. When prompted, provide a username and password to be used as the credentials for the virtual machine:
az vm create \ --name myVM \ --resource-group TutorVMRoutePref-rg \ --public-ip-address myPublicIP \ --size Standard_A2 \ --image MicrosoftWindowsServer:WindowsServer:2019-Datacenter:latest \ --admin-username azureuser
For more information on public IP SKUs, see Public IP address SKUs. A virtual machine can be added to the backend pool of an Azure Load Balancer. The SKU of the public IP address must match the SKU of a load balancer's public IP. For more information, see Azure Load Balancer.
View the public IP address assigned and confirm that it was created as a static address, with az network public-ip show:
az network public-ip show \ --resource-group myResourceGroup \ --name myPublicIP \ --query [ipAddress,publicIpAllocationMethod,sku] \ --output table
Do not modify the IP address settings within the virtual machine's operating system. The operating system is unaware of Azure public IP addresses. Though you can add private IP address settings to the operating system, we recommend not doing so unless necessary, and not until after reading Add a private IP address to an operating system.
Azure provides an default outbound access IP for Azure Virtual Machines which aren't assigned a public IP address, or are in the backend pool of an internal Basic Azure Load Balancer. The default outbound access IP mechanism provides an outbound IP address that isn't configurable.
For more information about default outbound access, see Default outbound access in Azure
The default outbound access IP is disabled when a public IP address is assigned to the virtual machine, or the virtual machine is placed in the backend pool of a Standard Load Balancer with or without outbound rules. If a Azure Virtual Network NAT gateway resource is assigned to the subnet of the virtual machine, the default outbound access IP is disabled.
Virtual machines created by Virtual Machine Scale sets in Flexible Orchestration mode don't have default outbound access.
For more information about outbound connections in Azure, see Using Source Network Address Translation (SNAT) for outbound connections.
Clean up resources
When no longer needed, you can use az group delete to remove the resource group and all of the resources it contains:
az group delete --name myResourceGroup --yes