Merge pull request #220786 from asudbring/pe-ddos-posh

prmerger-automator[bot] · web-flow · commit 87b6e06a4845 · 2022-12-07T19:14:23.000Z
Added DDoS info to VNET create for private endpoint create - Powershell
diff --git a/articles/private-link/create-private-endpoint-powershell.md b/articles/private-link/create-private-endpoint-powershell.md
@@ -40,6 +40,19 @@ Create a resource group with [New-AzResourceGroup](/powershell/module/az.resourc
 New-AzResourceGroup -Name 'CreatePrivateEndpointQS-rg' -Location 'eastus'
 ```
 
+### Create a DDoS Protection plan
+
+Create a DDoS Protection plan with [New-AzDdosProtectionPlan](/powershell/module/az.network/new-azddosprotectionplan) to associate with the virtual network. This example creates a DDoS Protection plan named **myDDoSPlan** in the **EastUS** location:
+
+```azurepowershell-interactive
+$ddosplan = @{
+    Name = 'myDDoSPlan'
+    ResourceGroupName = 'CreatePrivateEndpointQS-rg'
+    Location = 'EastUS'
+}
+New-AzDdosProtectionPlan @ddosplan
+```
+
 ## Create a virtual network and bastion host
 
 A virtual network and subnet is required for to host the private IP address for the private endpoint. You'll create a bastion host to connect securely to the virtual machine to test the private endpoint. You'll create the virtual machine in a later section.
@@ -55,19 +68,23 @@ In this section, you'll:
 - Create the bastion host with [New-AzBastion](/powershell/module/az.network/new-azbastion)
 
 ```azurepowershell-interactive
+## Place DDoS plan created previously into a variable. ##
+$ddosplan = Get-AzDdosProtectionPlan -ResourceGroupName CreatePrivateEndpointQS-rg -Name myDDosPlan
+
 ## Configure the back-end subnet. ##
-$subnetConfig = New-AzVirtualNetworkSubnetConfig -Name myBackendSubnet -AddressPrefix 10.0.0.0/24
+$subnetConfig = New-AzVirtualNetworkSubnetConfig -Name myBackendSubnet -AddressPrefix 10.1.0.0/24
 
 ## Create the Azure Bastion subnet. ##
-$bastsubnetConfig = New-AzVirtualNetworkSubnetConfig -Name AzureBastionSubnet -AddressPrefix 10.0.1.0/24
+$bastsubnetConfig = New-AzVirtualNetworkSubnetConfig -Name AzureBastionSubnet -AddressPrefix 10.1.1.0/24
 
 ## Create the virtual network. ##
 $net = @{
     Name = 'MyVNet'
     ResourceGroupName = 'CreatePrivateEndpointQS-rg'
     Location = 'eastus'
-    AddressPrefix = '10.0.0.0/16'
+    AddressPrefix = '10.1.0.0/16'
     Subnet = $subnetConfig, $bastsubnetConfig
+    DDoSProtectionPlan = $ddosplan.Id
 }
 $vnet = New-AzVirtualNetwork @net
 
@@ -160,7 +177,7 @@ $ip = @{
     Name = 'myIPconfig'
     GroupId = 'sites'
     MemberName = 'sites'
-    PrivateIPAddress = '10.0.0.10'
+    PrivateIPAddress = '10.1.0.10'
 }
 $ipconfig = New-AzPrivateEndpointIpConfiguration @ip
 
@@ -324,6 +341,14 @@ Use the VM you created in the previous step to connect to the webapp across the
 
 10. Close the connection to **myVM**.
 
+## Clean up resources
+
+When no longer needed, you can use the [Remove-AzResourceGroup](/powershell/module/az.resources/remove-azresourcegroup) command to remove the resource group, virtual network, and the remaining resources.
+
+```azurepowershell-interactive
+Remove-AzResourceGroup -Name 'CreatePrivateEndpointQS-rg'
+```
+
 ## Next steps
 
 For more information about the services that support private endpoints, see:
