你当前正在访问 Microsoft Azure Global Edition 技术文档网站。如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站，请访问 https://docs.azure.cn。

快速入门：创建 NAT 网关 - ARM 模板

项目
07/21/2023

通过 Azure 资源管理器模板（ARM 模板）开始使用 Azure NAT 网关。此模板部署虚拟网络、NAT 网关资源和 Ubuntu 虚拟机。 Ubuntu 虚拟机将部署到与 NAT 网关资源关联的子网。

Diagram of resources created in nat gateway quickstart.

Azure 资源管理器模板是定义项目基础结构和配置的 JavaScript 对象表示法 (JSON) 文件。模板使用声明性语法。你可以在不编写用于创建部署的编程命令序列的情况下，描述预期部署。

如果你的环境满足先决条件，并且你熟悉如何使用 ARM 模板，请选择“部署到 Azure”按钮。模板将在 Azure 门户中打开。

先决条件

如果没有 Azure 订阅，请在开始之前创建一个免费帐户。

如果没有 Azure 订阅，请在开始之前创建一个免费帐户。
Azure PowerShell（本地安装）或 Azure Cloud Shell。
登录到 Azure PowerShell，并确保已选择要使用此功能的订阅。有关详细信息，请参阅使用 Azure PowerShell 登录。
请确保 Az.Network 模块是 4.3.0 或更高版本。若要验证已安装的模块，请使用命令 Get-InstalledModule -Name "Az.Network"。如果模块需要更新，必要时请使用命令 Update-Module -Name Az.Network。

如果选择在本地安装并使用 PowerShell，则本文需要 Azure PowerShell 模块 5.4.1 或更高版本。运行 Get-Module -ListAvailable Az 查找已安装的版本。如果需要进行升级，请参阅 Install Azure PowerShell module（安装 Azure PowerShell 模块）。如果在本地运行 PowerShell，则还需运行 Connect-AzAccount 以创建与 Azure 的连接。

查看模板

本快速入门中使用的模板来自 Azure 快速启动模板。

此模板配置为创建：

虚拟网络
NAT 网关资源
Ubuntu 虚拟机

Ubuntu VM 部署到与 NAT 网关资源关联的子网。

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "metadata": {
    "_generator": {
      "name": "bicep",
      "version": "0.25.53.49325",
      "templateHash": "15583664434476061565"
    }
  },
  "parameters": {
    "vmname": {
      "type": "string",
      "defaultValue": "vm-1",
      "metadata": {
        "description": "Name of the virtual machine"
      }
    },
    "vmsize": {
      "type": "string",
      "defaultValue": "Standard_D2s_v3",
      "metadata": {
        "description": "Size of the virtual machine"
      }
    },
    "vnetname": {
      "type": "string",
      "defaultValue": "vnet-1",
      "metadata": {
        "description": "Name of the virtual network"
      }
    },
    "subnetname": {
      "type": "string",
      "defaultValue": "subnet-1",
      "metadata": {
        "description": "Name of the subnet for virtual network"
      }
    },
    "vnetaddressspace": {
      "type": "string",
      "defaultValue": "10.0.0.0/16",
      "metadata": {
        "description": "Address space for virtual network"
      }
    },
    "vnetsubnetprefix": {
      "type": "string",
      "defaultValue": "10.0.0.0/24",
      "metadata": {
        "description": "Subnet prefix for virtual network"
      }
    },
    "natgatewayname": {
      "type": "string",
      "defaultValue": "nat-gateway",
      "metadata": {
        "description": "Name of the NAT gateway"
      }
    },
    "networkinterfacename": {
      "type": "string",
      "defaultValue": "nic-1",
      "metadata": {
        "description": "Name of the virtual machine nic"
      }
    },
    "publicipname": {
      "type": "string",
      "defaultValue": "public-ip-nat",
      "metadata": {
        "description": "Name of the NAT gateway public IP"
      }
    },
    "nsgname": {
      "type": "string",
      "defaultValue": "nsg-1",
      "metadata": {
        "description": "Name of the virtual machine NSG"
      }
    },
    "adminusername": {
      "type": "string",
      "metadata": {
        "description": "Administrator username for virtual machine"
      }
    },
    "adminpassword": {
      "type": "securestring",
      "metadata": {
        "description": "Administrator password for virtual machine"
      }
    },
    "location": {
      "type": "string",
      "defaultValue": "[resourceGroup().location]",
      "metadata": {
        "description": "Name of resource group"
      }
    }
  },
  "resources": [
    {
      "type": "Microsoft.Network/networkSecurityGroups",
      "apiVersion": "2021-05-01",
      "name": "[parameters('nsgname')]",
      "location": "[parameters('location')]",
      "properties": {
        "securityRules": [
          {
            "name": "SSH",
            "properties": {
              "protocol": "Tcp",
              "sourcePortRange": "*",
              "destinationPortRange": "22",
              "sourceAddressPrefix": "*",
              "destinationAddressPrefix": "*",
              "access": "Allow",
              "priority": 300,
              "direction": "Inbound"
            }
          }
        ]
      }
    },
    {
      "type": "Microsoft.Network/publicIPAddresses",
      "apiVersion": "2021-05-01",
      "name": "[parameters('publicipname')]",
      "location": "[parameters('location')]",
      "sku": {
        "name": "Standard"
      },
      "properties": {
        "publicIPAddressVersion": "IPv4",
        "publicIPAllocationMethod": "Static",
        "idleTimeoutInMinutes": 4
      }
    },
    {
      "type": "Microsoft.Compute/virtualMachines",
      "apiVersion": "2021-11-01",
      "name": "[parameters('vmname')]",
      "location": "[parameters('location')]",
      "properties": {
        "hardwareProfile": {
          "vmSize": "[parameters('vmsize')]"
        },
        "storageProfile": {
          "imageReference": {
            "publisher": "Canonical",
            "offer": "0001-com-ubuntu-server-jammy",
            "sku": "22_04-lts-gen2",
            "version": "latest"
          },
          "osDisk": {
            "osType": "Linux",
            "name": "[format('{0}_disk1', parameters('vmname'))]",
            "createOption": "FromImage",
            "caching": "ReadWrite",
            "managedDisk": {
              "storageAccountType": "Premium_LRS"
            },
            "diskSizeGB": 30
          }
        },
        "osProfile": {
          "computerName": "[parameters('vmname')]",
          "adminUsername": "[parameters('adminusername')]",
          "adminPassword": "[parameters('adminpassword')]",
          "linuxConfiguration": {
            "disablePasswordAuthentication": false,
            "provisionVMAgent": true
          },
          "allowExtensionOperations": true
        },
        "networkProfile": {
          "networkInterfaces": [
            {
              "id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkinterfacename'))]"
            }
          ]
        }
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkinterfacename'))]"
      ]
    },
    {
      "type": "Microsoft.Network/virtualNetworks",
      "apiVersion": "2021-05-01",
      "name": "[parameters('vnetname')]",
      "location": "[parameters('location')]",
      "properties": {
        "addressSpace": {
          "addressPrefixes": [
            "[parameters('vnetaddressspace')]"
          ]
        },
        "subnets": [
          {
            "name": "[parameters('subnetname')]",
            "properties": {
              "addressPrefix": "[parameters('vnetsubnetprefix')]",
              "natGateway": {
                "id": "[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]"
              },
              "privateEndpointNetworkPolicies": "Enabled",
              "privateLinkServiceNetworkPolicies": "Enabled"
            }
          }
        ],
        "enableDdosProtection": false,
        "enableVmProtection": false
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]"
      ]
    },
    {
      "type": "Microsoft.Network/natGateways",
      "apiVersion": "2021-05-01",
      "name": "[parameters('natgatewayname')]",
      "location": "[parameters('location')]",
      "sku": {
        "name": "Standard"
      },
      "properties": {
        "idleTimeoutInMinutes": 4,
        "publicIpAddresses": [
          {
            "id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicipname'))]"
          }
        ]
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicipname'))]"
      ]
    },
    {
      "type": "Microsoft.Network/virtualNetworks/subnets",
      "apiVersion": "2021-05-01",
      "name": "[format('{0}/{1}', parameters('vnetname'), 'subnet-1')]",
      "properties": {
        "addressPrefix": "[parameters('vnetsubnetprefix')]",
        "natGateway": {
          "id": "[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]"
        },
        "privateEndpointNetworkPolicies": "Enabled",
        "privateLinkServiceNetworkPolicies": "Enabled"
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]",
        "[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetname'))]"
      ]
    },
    {
      "type": "Microsoft.Network/networkInterfaces",
      "apiVersion": "2021-05-01",
      "name": "[parameters('networkinterfacename')]",
      "location": "[parameters('location')]",
      "properties": {
        "ipConfigurations": [
          {
            "name": "ipconfig-1",
            "properties": {
              "privateIPAddress": "10.0.0.4",
              "privateIPAllocationMethod": "Dynamic",
              "subnet": {
                "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetname'), 'subnet-1')]"
              },
              "primary": true,
              "privateIPAddressVersion": "IPv4"
            }
          }
        ],
        "enableAcceleratedNetworking": false,
        "enableIPForwarding": false,
        "networkSecurityGroup": {
          "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgname'))]"
        }
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgname'))]",
        "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetname'), 'subnet-1')]"
      ]
    }
  ],
  "outputs": {
    "location": {
      "type": "string",
      "value": "[parameters('location')]"
    },
    "name": {
      "type": "string",
      "value": "[parameters('natgatewayname')]"
    },
    "resourceGroupName": {
      "type": "string",
      "value": "[resourceGroup().name]"
    },
    "resourceId": {
      "type": "string",
      "value": "[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]"
    }
  }
}

该模板中定义了九个 Azure 资源：

Microsoft.Network/networkSecurityGroups ：创建网络安全组。
Microsoft.Network/networkSecurityGroups/securityRules ：创建安全规则。
Microsoft.Network/publicIPAddresses ：创建公共 IP 地址。
Microsoft.Network/publicIPPrefixes ：创建公共 IP 前缀。
Microsoft.Compute/virtualMachines ：创建虚拟机。
Microsoft.Network/virtualNetworks ：创建虚拟网络。
Microsoft.Network/natGateways ：创建 NAT 网关资源。
Microsoft.Network/virtualNetworks/subnets ：创建虚拟网络子网。
Microsoft.Network/networkinterfaces ：创建网络接口。

部署模板

查看已部署的资源

登录 Azure 门户。
从左侧窗格中选择“资源组”。
选择你在上一部分中创建的资源组。默认资源组名称是 myResourceGroupNAT
验证是否在资源组中创建了以下资源：

$location = Read-Host -Prompt "Enter the location (i.e. westcentralus)"
$templateUri = "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.network/nat-gateway-1-vm/azuredeploy.json"

$resourceGroupName = "myResourceGroupNAT"

New-AzResourceGroup -Name $resourceGroupName -Location $location
New-AzResourceGroupDeployment -ResourceGroupName $resourceGroupName -TemplateUri $templateUri

read -p "Enter the location (i.e. westcentralus): " location
resourceGroupName="myResourceGroupNAT"
templateUri="https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.network/nat-gateway-1-vm/azuredeploy.json"

az group create \
--name $resourceGroupName \
--location $location

az deployment group create \
--resource-group $resourceGroupName \
--template-uri  $templateUri

清理资源

如果不再需要上述资源组、NAT 网关和所有相关资源，请将其删除。选择包含 NAT 网关的资源组 myResourceGroupNAT，然后选择“删除”。

如果不再需要上述资源组及其包含的所有资源，可以使用 Remove-AzResourceGroup 命令将其删除。

Remove-AzResourceGroup -Name myResourceGroupNAT

如果不再需要上述资源组及其包含的所有资源，可以使用 az group delete 命令将其删除。

  az group delete \
    --name myResourceGroupNAT

后续步骤

在本快速入门中，我们创建了：

NAT 网关资源
虚拟网络
Ubuntu 虚拟机

虚拟机部署到与 NAT 网关关联的虚拟网络子网。

要详细了解 Azure NAT 网关和 Azure 资源管理器，请继续阅读以下文章。

阅读 Azure NAT 网关概述
了解 NAT 网关资源
了解有关 Azure 资源管理器的详细信息