Quickstart: Create a NAT gateway using the Azure CLI
Article
In this quickstart, learn how to create a NAT gateway by using the Azure CLI. The NAT Gateway service provides outbound connectivity for virtual machines in Azure.
If you prefer to run CLI reference commands locally, install the Azure CLI. If you're running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see How to run the Azure CLI in a Docker container.
If you're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For other sign-in options, see Sign in with the Azure CLI.
When you're prompted, install the Azure CLI extension on first use. For more information about extensions, see Use extensions with the Azure CLI.
Run az version to find the version and dependent libraries that are installed. To upgrade to the latest version, run az upgrade.
Create a resource group
Create a resource group with az group create. An Azure resource group is a logical container into which Azure resources are deployed and managed.
az group create \
--name test-rg \
--location eastus2
Create the NAT gateway
In this section, create the NAT gateway and supporting resources.
Create public IP address
To access the Internet, you need one or more public IP addresses for the NAT gateway. Use az network public-ip create to create a public IP address resource.
Create an Azure NAT gateway with az network nat gateway create. The result of this command creates a gateway resource that uses the public IP address defined in the previous step. The idle timeout is set to 10 minutes.
Create a virtual network with a subnet with az network vnet create. The IP address space for the virtual network is 10.0.0.0/16. The subnet within the virtual network is 10.0.0.0/24.
Hourly pricing starts from the moment that Bastion is deployed, regardless of outbound data usage. For more information, see Pricing and SKUs. If you're deploying Bastion as part of a tutorial or test, we recommend that you delete this resource after you finish using it. For more information about Azure Bastion, see Azure Bastion.
The bastion host can take several minutes to deploy. Wait for the bastion host to deploy before moving on to the next section.
Configure NAT service for source subnet
Configure the source subnet in virtual network to use a specific NAT gateway resource with az network vnet subnet update. This command activates the NAT service on the specified subnet.
Wait for the virtual machine creation to complete before moving on to the next section.
Test NAT gateway
In this section, you test the NAT gateway. You first discover the public IP of the NAT gateway. You then connect to the test virtual machine and verify the outbound connection through the NAT gateway.