Create a virtual machine with a static public IP address using the Azure CLI
In this article, you'll create a VM with a static public IP address. A public IP address enables communication to a virtual machine from the internet. Assign a static public IP address, instead of a dynamic address, to ensure the address never changes.
If you prefer to run CLI reference commands locally, install the Azure CLI. If you're running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see How to run the Azure CLI in a Docker container.
If you're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For other sign-in options, see Sign in with the Azure CLI.
When you're prompted, install the Azure CLI extension on first use. For more information about extensions, see Use extensions with the Azure CLI.
- An Azure account with an active subscription. Create an account for free.
- This tutorial requires version 2.0.28 or later of the Azure CLI. If using Azure Cloud Shell, the latest version is already installed.
Create a resource group
An Azure resource group is a logical container into which Azure resources are deployed and managed.
Create a resource group with az group create named myResourceGroup in the eastus2 location.
az group create \ --name myResourceGroup \ --location eastus2
Create a public IP address
Use az network public-ip create to create a standard public IPv4 address.
The following command creates a zone-redundant public IP address named myPublicIP in myResourceGroup.
az network public-ip create \ --resource-group myResourceGroup \ --name myPublicIP \ --version IPv4 \ --sku Standard \ --zone 1 2 3
Create a virtual machine
Create a virtual machine with az vm create.
The following command creates a Windows Server virtual machine. You'll enter the name of the public IP address created previously in the
-PublicIPAddressName parameter. When prompted, provide a username and password to be used as the credentials for the virtual machine:
az vm create \ --name myVM \ --resource-group TutorVMRoutePref-rg \ --public-ip-address myPublicIP \ --size Standard_A2 \ --image MicrosoftWindowsServer:WindowsServer:2019-Datacenter:latest \ --admin-username azureuser
For more information on public IP SKUs, see Public IP address SKUs. A virtual machine can be added to the backend pool of an Azure Load Balancer. The SKU of the public IP address must match the SKU of a load balancer's public IP. For more information, see Azure Load Balancer.
View the public IP address assigned and confirm that it was created as a static address, with az network public-ip show:
az network public-ip show \ --resource-group myResourceGroup \ --name myPublicIP \ --query [ipAddress,publicIpAllocationMethod,sku] \ --output table
Do not modify the IP address settings within the virtual machine's operating system. The operating system is unaware of Azure public IP addresses. Though you can add private IP address settings to the operating system, we recommend not doing so unless necessary, and not until after reading Add a private IP address to an operating system.
Azure provides a default outbound access IP for VMs that either aren't assigned a public IP address or are in the back-end pool of an internal basic Azure load balancer. The default outbound access IP mechanism provides an outbound IP address that isn't configurable.
The default outbound access IP is disabled when one of the following events happens:
- A public IP address is assigned to the VM.
- The VM is placed in the back-end pool of a standard load balancer, with or without outbound rules.
- An Azure Virtual Network NAT gateway resource is assigned to the subnet of the VM.
VMs that you create by using virtual machine scale sets in flexible orchestration mode don't have default outbound access.
For more information about outbound connections in Azure, see Default outbound access in Azure and Use Source Network Address Translation (SNAT) for outbound connections.
Clean up resources
When no longer needed, you can use az group delete to remove the resource group and all of the resources it contains:
az group delete --name myResourceGroup --yes