forked from Azure/azure-docs-powershell-samples
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request Azure#176 from CarlRabeler/az-mi
First managed instance create script
- Loading branch information
Showing
1 changed file
with
191 additions
and
0 deletions.
There are no files selected for viewing
191 changes: 191 additions & 0 deletions
191
sql-database/managed-instance/create-and-configure-managed-instance.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,191 @@ | ||
| # Connect-AzAccount | ||
| # The SubscriptionId in which to create these objects | ||
| $SubscriptionId = '' | ||
| # Set the resource group name and location for your managed instance | ||
| $resourceGroupName = "myResourceGroup-$(Get-Random)" | ||
| $location = "westus2" | ||
| # Set the networking values for your managed instance | ||
| $vNetName = "myVnet-$(Get-Random)" | ||
| $vNetAddressPrefix = "10.0.0.0/16" | ||
| $defaultSubnetName = "myDefaultSubnet-$(Get-Random)" | ||
| $defaultSubnetAddressPrefix = "10.0.0.0/24" | ||
| $miSubnetName = "myMISubnet-$(Get-Random)" | ||
| $miSubnetAddressPrefix = "10.0.0.0/24" | ||
| #Set the managed instance name for the new managed instance | ||
| $instanceName = "myMIName-$(Get-Random)" | ||
| # Set the admin login and password for your managed instance | ||
| $miAdminSqlLogin = "SqlAdmin" | ||
| $miAdminSqlPassword = "ChangeYourAdminPassword1" | ||
| # Set the managed instance service tier, compute level, and license mode | ||
| $edition = "General Purpose" | ||
| $vCores = 8 | ||
| $maxStorage = 256 | ||
| $computeGeneration = "Gen4" | ||
| $license = "LicenseIncluded" #"BasePrice" or LicenseIncluded if you have don't have SQL Server licence that can be used for AHB discount | ||
|
|
||
| # Set subscription context | ||
| Set-AzContext -SubscriptionId $subscriptionId | ||
|
|
||
| # Create a resource group | ||
| $resourceGroup = New-AzResourceGroup -Name $resourceGroupName -Location $location | ||
|
|
||
| # Configure virtual network, subnets, network security group, and routing table | ||
| $virtualNetwork = New-AzVirtualNetwork ` | ||
| -ResourceGroupName $resourceGroupName ` | ||
| -Location $location ` | ||
| -Name $vNetName ` | ||
| -AddressPrefix $vNetAddressPrefix | ||
|
|
||
| Add-AzVirtualNetworkSubnetConfig ` | ||
| -Name $miSubnetName ` | ||
| -VirtualNetwork $virtualNetwork ` | ||
| -AddressPrefix $miSubnetAddressPrefix ` | ||
| | Set-AzVirtualNetwork | ||
|
|
||
| $virtualNetwork = Get-AzVirtualNetwork -Name $vNetName -ResourceGroupName $resourceGroupName | ||
|
|
||
| $miSubnetConfig = Get-AzVirtualNetworkSubnetConfig ` | ||
| -Name $miSubnetName ` | ||
| -VirtualNetwork $virtualNetwork | ||
|
|
||
| $miSubnetConfigId = $miSubnetConfig.Id | ||
|
|
||
| $networkSecurityGroupMiManagementService = New-AzNetworkSecurityGroup ` | ||
| -Name 'myNetworkSecurityGroupMiManagementService' ` | ||
| -ResourceGroupName $resourceGroupName ` | ||
| -location $location | ||
|
|
||
| $routeTableMiManagementService = New-AzRouteTable ` | ||
| -Name 'myRouteTableMiManagementService' ` | ||
| -ResourceGroupName $resourceGroupName ` | ||
| -location $location | ||
|
|
||
| Set-AzVirtualNetworkSubnetConfig ` | ||
| -VirtualNetwork $virtualNetwork ` | ||
| -Name $miSubnetName ` | ||
| -AddressPrefix $miSubnetAddressPrefix ` | ||
| -NetworkSecurityGroup $networkSecurityGroupMiManagementService ` | ||
| -RouteTable $routeTableMiManagementService | ` | ||
| Set-AzVirtualNetwork | ||
|
|
||
| Get-AzNetworkSecurityGroup ` | ||
| -ResourceGroupName $resourceGroupName ` | ||
| -Name "myNetworkSecurityGroupMiManagementService" ` | ||
| | Add-AzNetworkSecurityRuleConfig ` | ||
| -Priority 100 ` | ||
| -Name "allow_management_inbound" ` | ||
| -Access Allow ` | ||
| -Protocol Tcp ` | ||
| -Direction Inbound ` | ||
| -SourcePortRange * ` | ||
| -SourceAddressPrefix * ` | ||
| -DestinationPortRange 9000,9003,1438,1440,1452 ` | ||
| -DestinationAddressPrefix * ` | ||
| | Add-AzNetworkSecurityRuleConfig ` | ||
| -Priority 200 ` | ||
| -Name "allow_misubnet_inbound" ` | ||
| -Access Allow ` | ||
| -Protocol * ` | ||
| -Direction Inbound ` | ||
| -SourcePortRange * ` | ||
| -SourceAddressPrefix $miSubnetAddressPrefix ` | ||
| -DestinationPortRange * ` | ||
| -DestinationAddressPrefix * ` | ||
| | Add-AzNetworkSecurityRuleConfig ` | ||
| -Priority 300 ` | ||
| -Name "allow_health_probe_inbound" ` | ||
| -Access Allow ` | ||
| -Protocol * ` | ||
| -Direction Inbound ` | ||
| -SourcePortRange * ` | ||
| -SourceAddressPrefix AzureLoadBalancer ` | ||
| -DestinationPortRange * ` | ||
| -DestinationAddressPrefix * ` | ||
| | Add-AzNetworkSecurityRuleConfig ` | ||
| -Priority 1000 ` | ||
| -Name "allow_tds_inbound" ` | ||
| -Access Allow ` | ||
| -Protocol Tcp ` | ||
| -Direction Inbound ` | ||
| -SourcePortRange * ` | ||
| -SourceAddressPrefix VirtualNetwork ` | ||
| -DestinationPortRange 1433 ` | ||
| -DestinationAddressPrefix * ` | ||
| | Add-AzNetworkSecurityRuleConfig ` | ||
| -Priority 1100 ` | ||
| -Name "allow_redirect_inbound" ` | ||
| -Access Allow ` | ||
| -Protocol Tcp ` | ||
| -Direction Inbound ` | ||
| -SourcePortRange * ` | ||
| -SourceAddressPrefix VirtualNetwork ` | ||
| -DestinationPortRange 11000-11999 ` | ||
| -DestinationAddressPrefix * ` | ||
| | Add-AzNetworkSecurityRuleConfig ` | ||
| -Priority 4096 ` | ||
| -Name "deny_all_inbound" ` | ||
| -Access Deny ` | ||
| -Protocol * ` | ||
| -Direction Inbound ` | ||
| -SourcePortRange * ` | ||
| -SourceAddressPrefix * ` | ||
| -DestinationPortRange * ` | ||
| -DestinationAddressPrefix * ` | ||
| | Add-AzNetworkSecurityRuleConfig ` | ||
| -Priority 100 ` | ||
| -Name "allow_management_outbound" ` | ||
| -Access Allow ` | ||
| -Protocol Tcp ` | ||
| -Direction Outbound ` | ||
| -SourcePortRange * ` | ||
| -SourceAddressPrefix * ` | ||
| -DestinationPortRange 80,443,12000 ` | ||
| -DestinationAddressPrefix * ` | ||
| | Add-AzNetworkSecurityRuleConfig ` | ||
| -Priority 200 ` | ||
| -Name "allow_misubnet_outbound" ` | ||
| -Access Allow ` | ||
| -Protocol * ` | ||
| -Direction Outbound ` | ||
| -SourcePortRange * ` | ||
| -SourceAddressPrefix * ` | ||
| -DestinationPortRange * ` | ||
| -DestinationAddressPrefix $miSubnetAddressPrefix ` | ||
| | Add-AzNetworkSecurityRuleConfig ` | ||
| -Priority 4096 ` | ||
| -Name "deny_all_outbound" ` | ||
| -Access Deny ` | ||
| -Protocol * ` | ||
| -Direction Outbound ` | ||
| -SourcePortRange * ` | ||
| -SourceAddressPrefix * ` | ||
| -DestinationPortRange * ` | ||
| -DestinationAddressPrefix * ` | ||
| | Set-AzNetworkSecurityGroup | ||
|
|
||
|
|
||
| Get-AzRouteTable ` | ||
| -ResourceGroupName $resourceGroupName ` | ||
| -Name "myRouteTableMiManagementService" ` | ||
| | Add-AzRouteConfig ` | ||
| -Name "ToManagedInstanceManagementService" ` | ||
| -AddressPrefix 0.0.0.0/0 ` | ||
| -NextHopType Internet ` | ||
| | Add-AzRouteConfig ` | ||
| -Name "ToLocalClusterNode" ` | ||
| -AddressPrefix $miSubnetAddressPrefix ` | ||
| -NextHopType VnetLocal ` | ||
| | Set-AzRouteTable | ||
|
|
||
| # Create managed instance | ||
| New-AzSqlInstance -Name $instanceName ` | ||
| -ResourceGroupName $resourceGroupName -Location westus2 -SubnetId $miSubnetConfigId ` | ||
| -AdministratorCredential (Get-Credential) ` | ||
| -StorageSizeInGB $maxStorage -VCore $vCores -Edition $edition ` | ||
| -ComputeGeneration $computeGeneration -LicenseType $license | ||
|
|
||
| # This script will take a minimum of 3 hours to create a new managed instance in a new virtual network. | ||
| # A second managed instance is created much faster. | ||
|
|
||
| # Clean up deployment | ||
| # Remove-AzResourceGroup -ResourceGroupName $resourceGroupName |