快速入門：建立 NAT 閘道 - ARM 範本

發行項
06/03/2024

使用 Azure Resource Manager 範本 (ARM 範本) 開始使用 Azure NAT 閘道。此範本會部署虛擬網路、NAT 閘道資源和 Ubuntu 虛擬機器。 Ubuntu 虛擬機器會部署到與 NAT 閘道資源相關聯的子網路。

Azure Resource Manager 範本是一個 JavaScript 物件標記法 (JSON) 檔案，會定義專案的基礎結構和設定。範本使用宣告式語法。您可以描述預期的部署，而不需要撰寫程式設計命令順序來建立部署。

如果您的環境符合必要條件，而且您很熟悉 ARM 範本，請選取 [部署至 Azure] 按鈕。範本會在 Azure 入口網站中開啟。

必要條件

如尚未擁有 Azure 訂用帳戶，請在開始之前先建立免費帳戶。

如尚未擁有 Azure 訂用帳戶，請在開始之前先建立免費帳戶。
已在本地安裝 Azure PowerShell 或 Azure Cloud Shell。
登入 Azure PowerShell，並確定您已選取要使用此功能的訂用帳戶。如需詳細資訊，請參閱使用 Azure PowerShell 登入 \(英文\)。
確定您的 Az.Network 模組為 4.3.0 或更新版本。若要確認已安裝的模組，請使用 Get-InstalledModule -Name "Az.Network" 命令。如果模組需要更新，可在必要時使用 Update-Module -Name Az.Network 命令。

如果您選擇在本機安裝和使用 PowerShell，本文會要求使用 Azure PowerShell 模組版本 5.4.1 或更新版本。執行 Get-Module -ListAvailable Az 以尋找安裝的版本。如果您需要升級，請參閱安裝 Azure PowerShell 模組。如果正在本機執行 PowerShell，也需要執行 Connect-AzAccount，以建立與 Azure 的連線。

檢閱範本

本快速入門中使用的範本是來自 Azure 快速入門範本。

此範本已設定為建立：

虛擬網路
NAT 閘道資源
Ubuntu 虛擬機器

Ubuntu VM會部署到與 NAT 閘道資源相關聯的子網路。

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "metadata": {
    "_generator": {
      "name": "bicep",
      "version": "0.25.53.49325",
      "templateHash": "15583664434476061565"
    }
  },
  "parameters": {
    "vmname": {
      "type": "string",
      "defaultValue": "vm-1",
      "metadata": {
        "description": "Name of the virtual machine"
      }
    },
    "vmsize": {
      "type": "string",
      "defaultValue": "Standard_D2s_v3",
      "metadata": {
        "description": "Size of the virtual machine"
      }
    },
    "vnetname": {
      "type": "string",
      "defaultValue": "vnet-1",
      "metadata": {
        "description": "Name of the virtual network"
      }
    },
    "subnetname": {
      "type": "string",
      "defaultValue": "subnet-1",
      "metadata": {
        "description": "Name of the subnet for virtual network"
      }
    },
    "vnetaddressspace": {
      "type": "string",
      "defaultValue": "10.0.0.0/16",
      "metadata": {
        "description": "Address space for virtual network"
      }
    },
    "vnetsubnetprefix": {
      "type": "string",
      "defaultValue": "10.0.0.0/24",
      "metadata": {
        "description": "Subnet prefix for virtual network"
      }
    },
    "natgatewayname": {
      "type": "string",
      "defaultValue": "nat-gateway",
      "metadata": {
        "description": "Name of the NAT gateway"
      }
    },
    "networkinterfacename": {
      "type": "string",
      "defaultValue": "nic-1",
      "metadata": {
        "description": "Name of the virtual machine nic"
      }
    },
    "publicipname": {
      "type": "string",
      "defaultValue": "public-ip-nat",
      "metadata": {
        "description": "Name of the NAT gateway public IP"
      }
    },
    "nsgname": {
      "type": "string",
      "defaultValue": "nsg-1",
      "metadata": {
        "description": "Name of the virtual machine NSG"
      }
    },
    "adminusername": {
      "type": "string",
      "metadata": {
        "description": "Administrator username for virtual machine"
      }
    },
    "adminpassword": {
      "type": "securestring",
      "metadata": {
        "description": "Administrator password for virtual machine"
      }
    },
    "location": {
      "type": "string",
      "defaultValue": "[resourceGroup().location]",
      "metadata": {
        "description": "Name of resource group"
      }
    }
  },
  "resources": [
    {
      "type": "Microsoft.Network/networkSecurityGroups",
      "apiVersion": "2021-05-01",
      "name": "[parameters('nsgname')]",
      "location": "[parameters('location')]",
      "properties": {
        "securityRules": [
          {
            "name": "SSH",
            "properties": {
              "protocol": "Tcp",
              "sourcePortRange": "*",
              "destinationPortRange": "22",
              "sourceAddressPrefix": "*",
              "destinationAddressPrefix": "*",
              "access": "Allow",
              "priority": 300,
              "direction": "Inbound"
            }
          }
        ]
      }
    },
    {
      "type": "Microsoft.Network/publicIPAddresses",
      "apiVersion": "2021-05-01",
      "name": "[parameters('publicipname')]",
      "location": "[parameters('location')]",
      "sku": {
        "name": "Standard"
      },
      "properties": {
        "publicIPAddressVersion": "IPv4",
        "publicIPAllocationMethod": "Static",
        "idleTimeoutInMinutes": 4
      }
    },
    {
      "type": "Microsoft.Compute/virtualMachines",
      "apiVersion": "2021-11-01",
      "name": "[parameters('vmname')]",
      "location": "[parameters('location')]",
      "properties": {
        "hardwareProfile": {
          "vmSize": "[parameters('vmsize')]"
        },
        "storageProfile": {
          "imageReference": {
            "publisher": "Canonical",
            "offer": "0001-com-ubuntu-server-jammy",
            "sku": "22_04-lts-gen2",
            "version": "latest"
          },
          "osDisk": {
            "osType": "Linux",
            "name": "[format('{0}_disk1', parameters('vmname'))]",
            "createOption": "FromImage",
            "caching": "ReadWrite",
            "managedDisk": {
              "storageAccountType": "Premium_LRS"
            },
            "diskSizeGB": 30
          }
        },
        "osProfile": {
          "computerName": "[parameters('vmname')]",
          "adminUsername": "[parameters('adminusername')]",
          "adminPassword": "[parameters('adminpassword')]",
          "linuxConfiguration": {
            "disablePasswordAuthentication": false,
            "provisionVMAgent": true
          },
          "allowExtensionOperations": true
        },
        "networkProfile": {
          "networkInterfaces": [
            {
              "id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkinterfacename'))]"
            }
          ]
        }
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkinterfacename'))]"
      ]
    },
    {
      "type": "Microsoft.Network/virtualNetworks",
      "apiVersion": "2021-05-01",
      "name": "[parameters('vnetname')]",
      "location": "[parameters('location')]",
      "properties": {
        "addressSpace": {
          "addressPrefixes": [
            "[parameters('vnetaddressspace')]"
          ]
        },
        "subnets": [
          {
            "name": "[parameters('subnetname')]",
            "properties": {
              "addressPrefix": "[parameters('vnetsubnetprefix')]",
              "natGateway": {
                "id": "[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]"
              },
              "privateEndpointNetworkPolicies": "Enabled",
              "privateLinkServiceNetworkPolicies": "Enabled"
            }
          }
        ],
        "enableDdosProtection": false,
        "enableVmProtection": false
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]"
      ]
    },
    {
      "type": "Microsoft.Network/natGateways",
      "apiVersion": "2021-05-01",
      "name": "[parameters('natgatewayname')]",
      "location": "[parameters('location')]",
      "sku": {
        "name": "Standard"
      },
      "properties": {
        "idleTimeoutInMinutes": 4,
        "publicIpAddresses": [
          {
            "id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicipname'))]"
          }
        ]
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicipname'))]"
      ]
    },
    {
      "type": "Microsoft.Network/virtualNetworks/subnets",
      "apiVersion": "2021-05-01",
      "name": "[format('{0}/{1}', parameters('vnetname'), 'subnet-1')]",
      "properties": {
        "addressPrefix": "[parameters('vnetsubnetprefix')]",
        "natGateway": {
          "id": "[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]"
        },
        "privateEndpointNetworkPolicies": "Enabled",
        "privateLinkServiceNetworkPolicies": "Enabled"
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]",
        "[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetname'))]"
      ]
    },
    {
      "type": "Microsoft.Network/networkInterfaces",
      "apiVersion": "2021-05-01",
      "name": "[parameters('networkinterfacename')]",
      "location": "[parameters('location')]",
      "properties": {
        "ipConfigurations": [
          {
            "name": "ipconfig-1",
            "properties": {
              "privateIPAddress": "10.0.0.4",
              "privateIPAllocationMethod": "Dynamic",
              "subnet": {
                "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetname'), 'subnet-1')]"
              },
              "primary": true,
              "privateIPAddressVersion": "IPv4"
            }
          }
        ],
        "enableAcceleratedNetworking": false,
        "enableIPForwarding": false,
        "networkSecurityGroup": {
          "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgname'))]"
        }
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgname'))]",
        "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetname'), 'subnet-1')]"
      ]
    }
  ],
  "outputs": {
    "location": {
      "type": "string",
      "value": "[parameters('location')]"
    },
    "name": {
      "type": "string",
      "value": "[parameters('natgatewayname')]"
    },
    "resourceGroupName": {
      "type": "string",
      "value": "[resourceGroup().name]"
    },
    "resourceId": {
      "type": "string",
      "value": "[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]"
    }
  }
}

範本中定義了九個 Azure 資源：

Microsoft.Network/networkSecurityGroups：建立網路安全性群組。
Microsoft.Network/networkSecurityGroups/securityRules：建立安全性規則。
Microsoft.Network/publicIPAddresses：建立公用 IP 位址。
Microsoft.Network/publicIPPrefixes：建立公用 IP 首碼。
Microsoft.Compute/virtualMachines：建立虛擬機器。
Microsoft.Network/virtualNetworks：可建立虛擬網路。
Microsoft.Network/natGateways：建立 NAT 閘道資源。
Microsoft.Network/virtualNetworks/subnets：建立虛擬網路子網路。
Microsoft.Network/networkinterfaces：建立網路介面。

部署範本

檢閱已部署的資源

登入 Azure 入口網站。
選取左側面板中的 [資源群組]。
選取您在上一節中建立的資源群組。預設的資源組名為 myResourceGroupNAT
確認下列資源是在資源群組中建立的：

$location = Read-Host -Prompt "Enter the location (i.e. westcentralus)"
$templateUri = "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.network/nat-gateway-1-vm/azuredeploy.json"

$resourceGroupName = "myResourceGroupNAT"

New-AzResourceGroup -Name $resourceGroupName -Location $location
New-AzResourceGroupDeployment -ResourceGroupName $resourceGroupName -TemplateUri $templateUri

read -p "Enter the location (i.e. westcentralus): " location
resourceGroupName="myResourceGroupNAT"
templateUri="https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.network/nat-gateway-1-vm/azuredeploy.json"

az group create \
--name $resourceGroupName \
--location $location

az deployment group create \
--resource-group $resourceGroupName \
--template-uri  $templateUri

清除資源

若不再需要，可刪除資源群組、NAT 閘道和所有相關資源。選取包含 NAT 閘道的資源群組 myResourceGroupNAT，然後選取 [刪除]。

當不再需要時，您可以使用 Remove-AzResourceGroup 命令來移除資源群組和其中所有資源。

Remove-AzResourceGroup -Name myResourceGroupNAT

若不再需要，您可以使用 az group delete 命令來移除資源群組及其內含的所有資源。

  az group delete \
    --name myResourceGroupNAT

下一步

在本快速入門中，您已建立一個：

NAT 閘道資源
虛擬網路
Ubuntu 虛擬機器

虛擬機器會部署到與 NAT 閘道相關聯的虛擬網路子網路。

若要深入了解 Azure NAT 閘道和 Azure Resource Manager，請繼續閱讀下列文章。

閱讀 Azure NAT 閘道概觀
閱讀 NAT 閘道資源相關文章
深入了解 Azure Resource Manager

共用方式為