QuickStart: Create and configure Azure DDoS IP Protection using Azure CLI
Get started with Azure DDoS IP Protection by using Azure CLI. In this QuickStart, you'll enable DDoS IP protection and link it to a public IP address.
Prerequisites
- An Azure account with an active subscription. Create an account for free.
- Azure CLI installed locally or Azure Cloud Shell
Azure Cloud Shell
Azure hosts Azure Cloud Shell, an interactive shell environment that you can use through your browser. You can use either Bash or PowerShell with Cloud Shell to work with Azure services. You can use the Cloud Shell preinstalled commands to run the code in this article, without having to install anything on your local environment.
To start Azure Cloud Shell:
| Option | Example/Link |
|---|---|
| Select Try It in the upper-right corner of a code or command block. Selecting Try It doesn't automatically copy the code or command to Cloud Shell. |  |
| Go to https://shell.azure.com, or select the Launch Cloud Shell button to open Cloud Shell in your browser. |  |
| Select the Cloud Shell button on the menu bar at the upper right in the Azure portal. |  |
To use Azure Cloud Shell:
Start Cloud Shell.
Select the Copy button on a code block (or command block) to copy the code or command.
Paste the code or command into the Cloud Shell session by selecting Ctrl+Shift+V on Windows and Linux, or by selecting Cmd+Shift+V on macOS.
Select Enter to run the code or command.
If you choose to install and use the CLI locally, this quickstart requires Azure CLI version 2.0.56 or later. To find the version, run az --version. If you need to install or upgrade, see Install the Azure CLI.
Create a resource group
In Azure, you allocate related resources to a resource group. You can either use an existing resource group or create a new one.
To create a resource group, use az group create. In this example, we'll name our resource group MyResourceGroup and use the East US location:
az group create \
--name MyResourceGroup \
--location eastus
Enable DDoS IP Protection on a public IP address
New public IP address
You can enable DDoS IP Protection when creating a public IP address. In this example, we'll name our public IP address myStandardPublicIP:
az network public-ip create \
--resource-group MyResourceGroup \
--name myStandardPublicIP \
--location eastus \
--allocation-method Static \
--sku Standard \
--ddos-protection-mode Enabled
Existing public IP address
You can enable DDoS IP Protection on an existing public IP address.
az network public-ip update \
--resource-group MyResourceGroup \
--name myStandardPublicIP \
--ddos-protection-mode Enabled
Disable DDoS IP Protection:
You can disable DDoS IP Protection on an existing public IP address.
az network public-ip update \
--resource-group MyResourceGroup \
--name myStandardPublicIP \
--ddos-protection-mode Disabled
Note
When changing DDoS IP protection from Enabled to Disabled, telemetry for the public IP resource will no longer be active.
Validate and test
Check the details of your DDoS IP Protection:
az network public-ip show \
--resource-group MyResourceGroup \
--name myStandardPublicIP
Under ddosSettings, Verify protectionMode as Enabled.
Clean up resources
You can keep your resources for the next guide. If no longer needed, delete the MyResourceGroup resource group. When you delete the resource group, you also delete all its related resources.
When deleting the resource group, use az group delete:
az group delete \
--name MyResourceGroup
Next steps
In this quickstart, you created:
- A resource group
- A public IP address
- Enabled DDoS IP Protection using Azure CLI.
To learn how to configure telemetry for DDoS Protection, continue to the how-to guides.
Feedback
Submit and view feedback for