Azure VM With NAT Gateway to route internet traffic securely and avoid SNAT port exhaustion issues.

1. 🧰 Prerequisites

   This demo, instructions, scripts and bicep template is designed to be run in westeurope. With few or no modifications you can try it out in other regions as well(Not covered here).

   • 🛠 Azure CLI Installed & Configured - Get help here
   • 🛠 Bicep Installed & Configured - Get help here
   • 🛠 VS Code & Bicep Extenstions - Get help here

2. ⚙️ Setting up the environment

   • Get the application code

     https://github.com/miztiik/custom-metrics-to-azure-monitor
     cd custom-metrics-to-azure-monitor

3. 🚀 Prepare the environment

   Let check you have Azure Cli working with

     # You should have azure cli preinstalled
     az account show

   You should see an output like this,

    {
      "environmentName": "AzureCloud",
      "homeTenantId": "16b30820b6d3",
      "id": "1ac6fdbff37cd9e3",
      "isDefault": true,
      "managedByTenants": [],
      "name": "YOUR-SUBS-NAME",
      "state": "Enabled",
      "tenantId": "16b30820b6d3",
      "user": {
        "name": "miztiik@",
        "type": "user"
      }
    }

4. 🚀 Deploying the application

   • Register an App to Azure AD - Doc Ref^[3]

     • Create the client secret as well. Note down its value, as it is only shown during the creation time.

   • Create & Authorize a Service Principal to emit metrics (preferably a VM/FunctionApp)Doc Ref^[4]

     • Follow the rest of the instructions

   • Get Auth Token:

     #Get TenantID
     az account show
     # or
     az account tenant list

   • Stack: Main Bicep The params required for the modules are in params.json. Do modify them to suit your need.(Especially the adminPassword.secureString for the VM. You are strongly encouraged to Just-In-Time access or use SSH key instead of password based authentication). The helper deployment script deploy.sh will deploy the main.bicep file. This will inturn call the modules for Resource Group(RG), VNet & Virtual Machine & NAT Gateway.

     sh deploy.sh

     At this moment, i couldn't find a elegant way of creating the NATGW and associating with an existing subnet with bicep.(Do let me know if you know how to do it)

   Associate NAT with subnet

   az network vnet subnet update \
     --resource-group [myResourceGroup] \
     --vnet-name [myVnet] \  
     --name [myIntegrationSubnet] \
     --nat-gateway myNATgateway

5. 🔬 Testing the solution

   • Connect to the VM

     Chart the metric from Azure Monitor Portal

     

image.png

1. 📒 Conclusion

   Here we have demonstrated how to deploy NAT Gateway and route internet traffic through it.

2. 🧹 CleanUp

If you want to destroy all the resources created by the stack, Execute the below command to delete the stack, or you can delete the stack from console as well

• Resources created during Deploying The Application
• Any other custom resources, you have created for this demo

# Delete from resource group
az group delete --name Miztiik_Enterprises_xxx --yes
# Follow any on-screen prompt

This is not an exhaustive list, please carry out other necessary steps as maybe applicable to your needs.

This repository aims to show how to Bicep to new developers, Solution Architects & Ops Engineers in Azure.

Thank you for your interest in contributing to our project. Whether it is a bug report, new feature, correction, or additional documentation or solutions, we greatly value feedback and contributions from our community. Start here

Buy me a coffee ☕.

1. Azure Docs: Design virtual networks with NAT gateway

Level: 100