QuickStart: Create and configure Azure DDoS IP Protection using Azure PowerShell
Get started with Azure DDoS IP Protection by using Azure PowerShell. In this QuickStart, you'll enable DDoS IP protection and link it to a public IP address utilizing PowerShell.
Prerequisites
- An Azure account with an active subscription. Create an account for free.
- Azure PowerShell installed locally or Azure Cloud Shell
- If you choose to install and use PowerShell locally, this article requires the Azure PowerShell module version 9.0.0 or later. Run
Get-Module -ListAvailable Az
to find the installed version. If you need to upgrade, see Install Azure PowerShell module. If you're running PowerShell locally, you also need to runConnect-AzAccount
to create a connection with Azure.
Note
We recommend that you use the Azure Az PowerShell module to interact with Azure. To get started, see Install Azure PowerShell. To learn how to migrate to the Az PowerShell module, see Migrate Azure PowerShell from AzureRM to Az.
Azure Cloud Shell
Azure hosts Azure Cloud Shell, an interactive shell environment that you can use through your browser. You can use either Bash or PowerShell with Cloud Shell to work with Azure services. You can use the Cloud Shell preinstalled commands to run the code in this article, without having to install anything on your local environment.
To start Azure Cloud Shell:
Option | Example/Link |
---|---|
Select Try It in the upper-right corner of a code or command block. Selecting Try It doesn't automatically copy the code or command to Cloud Shell. | |
Go to https://shell.azure.com, or select the Launch Cloud Shell button to open Cloud Shell in your browser. | |
Select the Cloud Shell button on the menu bar at the upper right in the Azure portal. |
To use Azure Cloud Shell:
Start Cloud Shell.
Select the Copy button on a code block (or command block) to copy the code or command.
Paste the code or command into the Cloud Shell session by selecting Ctrl+Shift+V on Windows and Linux, or by selecting Cmd+Shift+V on macOS.
Select Enter to run the code or command.
Enable DDoS IP Protection for a public IP address
You can enable DDoS IP Protection when creating a public IP address. In this example, we'll name our public IP address myStandardPublicIP:
#Creates the resource group
New-AzResourceGroup -Name MyResourceGroup -Location eastus
#Creates the IP address and enables DDoS IP Protection
New-AzPublicIpAddress -Name myStandardPublicIP -ResourceGroupName MyResourceGroup -Sku Standard -Location "East US" -AllocationMethod Static -DdosProtectionMode Enabled
Note
DDoS IP Protection is enabled only on Public IP Standard SKU.
Enable DDoS IP Protection for an existing public IP address
You can associate an existing public IP address:
#Gets the public IP address
$publicIp = Get-AzPublicIpAddress -Name myStandardPublicIP -ResourceGroupName MyResourceGroup
#Enables DDoS IP Protection for the public IP address
$publicIp.DdosSettings.ProtectionMode = 'Enabled'
#Updates public IP address
Set-AzPublicIpAddress -PublicIpAddress $publicIp
Validate and test
Check the details of your public IP address and verify that DDoS IP Protection is enabled.
#Gets the public IP address
$publicIp = Get-AzPublicIpAddress -Name myStandardPublicIP -ResourceGroupName MyResourceGroup
#Checks the status of the public IP address
$protectionMode = $publicIp.DdosSettings.ProtectionMode
#Returns the status of the public IP address
$protectionMode
Disable DDoS IP Protection for an existing public IP address
$publicIp = Get-AzPublicIpAddress -Name myStandardPublicIP -ResourceGroupName MyResourceGroup
$publicIp.DdosSettings.ProtectionMode = 'Disabled'
Set-AzPublicIpAddress -PublicIpAddress $publicIp
Note
When changing DDoS IP protection from Enabled to Disabled, telemetry for the public IP resource will no longer be active.
Clean up resources
You can keep your resources for the next tutorial. If no longer needed, delete the MyResourceGroup resource group. When you delete the resource group, you also delete the DDoS protection plan and all its related resources.
Remove-AzResourceGroup -Name MyResourceGroup
Next steps
In this quickstart, you created:
- A resource group
- A public IP address
You enabled DDoS IP Protection using Azure PowerShell. To learn how to view and configure telemetry for your DDoS protection plan, continue to the tutorials.