Associate a public IP address to a virtual machine (2023)

Table of Contents
In this article Azure portal Azure CLI PowerShell Allow network traffic to the VM Next steps
  • Article
  • 10 minutes to read

In this article, you learn how to associate a public IP address to an existing virtual machine (VM). If you want to create a new VM with a public IP address, you can do so using the Azure portal, the Azure CLI, or Azure PowerShell. Public IP addresses have a nominal fee. For details, see pricing. There's a limit to the number of public IP addresses that you can use per subscription. For details, see limits.

You can use the Azure portal, the Azure CLI, or Azure PowerShell to associate a public IP address to a VM.

Note

Azure provides a default outbound access IP for VMs that either aren't assigned a public IP address or are in the back-end pool of an internal basic Azure load balancer. The default outbound access IP mechanism provides an outbound IP address that isn't configurable.

The default outbound access IP is disabled when a public IP address is assigned to the VM, the VM is placed in the back-end pool of a standard load balancer, with or without outbound rules, or if an Azure Virtual Network NAT gateway resource is assigned to the subnet of the VM.

VMs that are created by virtual machine scale sets in flexible orchestration mode don't have default outbound access.

For more information about outbound connections in Azure, see Default outbound access in Azure and Use source network address translation (SNAT) for outbound connections.

Azure portal

  1. Sign in to the Azure portal.

  2. Browse to, or search for the virtual machine that you want to add the public IP address to and then select it.

  3. Under Settings, select Networking, and then select the network interface you want to add the public IP address to, as shown in the following picture:

    Associate a public IP address to a virtual machine (1)

    Note

    Public IP addresses are associated to network interfaces attached to a VM. In the previous picture, the VM only has one network interface. If the VM had multiple network interfaces, they would all appear, and you'd select the network interface you want to associate the public IP address to.

  4. Select IP configurations and then select an IP configuration, as shown in the following picture:

    Associate a public IP address to a virtual machine (2)

    See Also
    Publish to web from Power BI - Power BIMigrate your public folders to Microsoft 365 Groups in Exchange OnlinePublic and Private Symbols - Windows driversSharePoint Online Public Websites to be discontinued - SharePoint

    Note

    Public IP addresses are associated to IP configurations for a network interface. In the previous picture, the network interface has one IP configuration. If the network interface had multiple IP configurations, they would all appear in the list, and you'd select the IP configuration that you want to associate the public IP address to.

  5. Select Associate, then select Choose public IP address to choose an existing public IP address. If you don't have any available public IP addresses listed, you need to create one. To learn how, see Create a public IP address.

    Associate a public IP address to a virtual machine (3)

  6. Select Save, as shown in the picture that follows, and then close the box for the IP configuration.

    Associate a public IP address to a virtual machine (4)

    Note

    The public IP addresses that appear are those that exist in the same region as the VM. If you have multiple public IP addresses created in the region, all will appear here. If any are grayed out, it's because the address is already associated to a different resource.

  7. View the public IP address assigned to the IP configuration, as shown in the picture that follows. It may take a few seconds for an IP address to appear.

    Associate a public IP address to a virtual machine (5)

    Note

    The address is assigned from a pool of addresses used in each Azure region. To see a list of address pools used in each region, see Azure IP Ranges and Service Tags. The address assigned can be any address in the pools used for the region. If you need the address to be assigned from a specific pool in the region, use a Public IP address prefix.

  8. Allow network traffic to the VM with security rules in a network security group.

Azure CLI

Install the Azure CLI, or use the Azure Cloud Shell. The Azure Cloud Shell is a free Bash shell that you can run directly within the Azure portal. It has the Azure CLI preinstalled and configured to use with your account. Select the Try it button in the CLI commands that follow. Selecting Try it invokes a Cloud Shell that you can sign in to your Azure account with.

  1. If using the CLI locally in Bash, sign in to Azure with az login.

  2. A public IP address is associated to an IP configuration of a network interface attached to a VM. Use the az network nic ip-config update command to associate a public IP address to an IP configuration. The following example associates an existing public IP address named myPublicIP to the IP configuration named ipconfig1 of an existing network interface named myVMNic that exists in a resource group named myResourceGroup.

    See Also
    Configure anonymous public read access for containers and blobs - Azure Storage

    az network nic ip-config update \ --name ipconfig1 \ --nic-name myVMNic \ --resource-group myResourceGroup \ --public-ip-address myPublicIP

    • If you don't have an existing public IP address, use the az network public-ip create command to create one. For example, the following command creates a public IP address named myPublicIP in a resource group named myResourceGroup.

      az network public-ip create --name myPublicIP --resource-group myResourceGroup

      Note

      The previous command creates a public IP address with default values for several settings that you may want to customize. To learn more about all public IP address settings, see Create a public IP address. The address is assigned from a pool of public IP addresses used for each Azure region. To see a list of address pools used in each region, see Azure IP Ranges and Service Tags.

    • If you don't know the name of a network interface attached to your VM, use the az vm nic list command to view them. For example, the following command lists the names of the network interfaces attached to a VM named myVM in a resource group named myResourceGroup:

      az vm nic list --vm-name myVM --resource-group myResourceGroup

      The output includes one or more lines that are similar to the following example:

      "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/myVMNic",

      In the previous example, myVMNic is the name of the network interface.

    • If you don't know the name of an IP configuration for a network interface, use the az network nic ip-config list command to retrieve them. For example, the following command lists the names of the IP configurations for a network interface named myVMNic in a resource group named myResourceGroup:

      az network nic ip-config list --nic-name myVMNic --resource-group myResourceGroup --out table

  3. View the public IP address assigned to the IP configuration with the az vm list-ip-addresses command. The following example shows the IP addresses assigned to an existing VM named myVM in a resource group named myResourceGroup.

    az vm list-ip-addresses --name myVM --resource-group myResourceGroup --out table

    Note

    The address is assigned from a pool of addresses used in each Azure region. To see a list of address pools used in each region, see Azure IP Ranges and Service Tags. The address assigned can be any address in the pools used for the region. If you need the address to be assigned from a specific pool in the region, use a Public IP address prefix.

  4. Allow network traffic to the VM with security rules in a network security group.

PowerShell

Install PowerShell, or use the Azure Cloud Shell. The Azure Cloud Shell is a free shell that you can run directly within the Azure portal. It has PowerShell preinstalled and configured to use with your account. Select the Try it button in the PowerShell commands that follow. Selecting Try it invokes a Cloud Shell that you can sign in to your Azure account with.

  1. If using PowerShell locally, sign in to Azure with Connect-AzAccount.

  2. A public IP address is associated to an IP configuration of a network interface attached to a VM. Use the Get-AzVirtualNetwork and Get-AzVirtualNetworkSubnetConfig commands to get the virtual network and subnet that the network interface is in. Next, use the Get-AzNetworkInterface command to get a network interface and the Get-AzPublicIpAddress command to get an existing public IP address. Then use the Set-AzNetworkInterfaceIpConfig command to associate the public IP address to the IP configuration and the Set-AzNetworkInterface command to write the new IP configuration to the network interface.

    The following example associates an existing public IP address named myPublicIP to the IP configuration named ipconfig1 of an existing network interface named myVMNic that exists in a subnet named mySubnet in a virtual network named myVNet. All resources are in a resource group named myResourceGroup.

    $vnet = Get-AzVirtualNetwork -Name myVNet -ResourceGroupName myResourceGroup$subnet = Get-AzVirtualNetworkSubnetConfig -Name mySubnet -VirtualNetwork $vnet$nic = Get-AzNetworkInterface -Name myVMNic -ResourceGroupName myResourceGroup$pip = Get-AzPublicIpAddress -Name myPublicIP -ResourceGroupName myResourceGroup$nic | Set-AzNetworkInterfaceIpConfig -Name ipconfig1 -PublicIPAddress $pip -Subnet $subnet$nic | Set-AzNetworkInterface

    • If you don't have an existing public IP address, use the New-AzPublicIpAddress command to create one. For example, the following command creates a dynamic public IP address named myPublicIP in a resource group named myResourceGroup in the eastus region.

      New-AzPublicIpAddress -Name myPublicIP -ResourceGroupName myResourceGroup -AllocationMethod Dynamic -Location eastus

      Note

      The previous command creates a public IP address with default values for several settings that you may want to customize. To learn more about all public IP address settings, see Create a public IP address. The address is assigned from a pool of public IP addresses used for each Azure region. To see a list of address pools used in each region, see Azure IP Ranges and Service Tags.

    • If you don't know the name of a network interface attached to your VM, use the Get-AzVM command to view them. For example, the following command lists the names of the network interfaces attached to a VM named myVM in a resource group named myResourceGroup:

      $vm = Get-AzVM -name myVM -ResourceGroupName myResourceGroup$vm.NetworkProfile

      The output includes one or more lines that are similar to the example that follows. In the example output, myVMNic is the name of the network interface.

      "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/myVMNic",

    • If you don't know the name of the virtual network or subnet that the network interface is in, use the Get-AzNetworkInterface command to view the information. For example, the following command gets the virtual network and subnet information for a network interface named myVMNic in a resource group named myResourceGroup:

      $nic = Get-AzNetworkInterface -Name myVMNic -ResourceGroupName myResourceGroup$ipConfigs = $nic.IpConfigurations$ipConfigs.Subnet | Select Id

      The output includes one or more lines that are similar to the example that follows. In the example output, myVNet is the name of the virtual network and mySubnet is the name of the subnet.

      "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet/subnets/mySubnet",

    • If you don't know the name of an IP configuration for a network interface, use the Get-AzNetworkInterface command to retrieve them. For example, the following command lists the names of the IP configurations for a network interface named myVMNic in a resource group named myResourceGroup:

      $nic = Get-AzNetworkInterface -Name myVMNic -ResourceGroupName myResourceGroup$nic.IPConfigurations

      The output includes one or more lines that are similar to the example that follows. In the example output, ipconfig1 is the name of an IP configuration.

      Id : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/myVMNic/ipConfigurations/ipconfig1

  3. View the public IP address assigned to the IP configuration with the Get-AzPublicIpAddress command. The following example shows the address assigned to a public IP address named myPublicIP in a resource group named myResourceGroup.

    Get-AzPublicIpAddress -Name myPublicIP -ResourceGroupName myResourceGroup | Select IpAddress

    If you don't know the name of the public IP address assigned to an IP configuration, run the following commands to get it:

    $nic = Get-AzNetworkInterface -Name myVMNic -ResourceGroupName myResourceGroup$nic.IPConfigurations$address = $nic.IPConfigurations.PublicIpAddress$address | Select Id

    The output includes one or more lines that are similar to the example that follows. In the example output, myPublicIP is the name of the public IP address assigned to the IP configuration.

    "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Network/publicIPAddresses/myPublicIP"

    Note

    The address is assigned from a pool of addresses used in each Azure region. To see a list of address pools used in each region, see Azure IP Ranges and Service Tags. The address assigned can be any address in the pools used for the region. If you need the address to be assigned from a specific pool in the region, use a Public IP address prefix.

  4. Allow network traffic to the VM with security rules in a network security group.

Allow network traffic to the VM

Before you can connect to the public IP address from the internet, ensure that you have the necessary ports open in any network security group that you might have associated to the network interface, the subnet of the network interface, or both. Though security groups filter traffic to the private IP address of the network interface, once inbound internet traffic arrives at the public IP address, Azure translates the public address to the private IP address, so if a network security group prevents the traffic flow, the communication with the public IP address fails. You can view the effective security rules for a network interface and its subnet using the Portal, CLI, or PowerShell.

Next steps

In this article, you learned how to associate a public IP address to a VM using Azure portal, Azure CLI or Azure PowerShell.

Use a network security group to allow inbound Internet traffic to your VM. To learn how to create a network security group, see Work with network security groups.

Top Articles
Latest Posts
Article information

Author: Rueben Jacobs

Last Updated: 04/24/2023

Views: 6056

Rating: 4.7 / 5 (57 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Rueben Jacobs

Birthday: 1999-03-14

Address: 951 Caterina Walk, Schambergerside, CA 67667-0896

Phone: +6881806848632

Job: Internal Education Planner

Hobby: Candle making, Cabaret, Poi, Gambling, Rock climbing, Wood carving, Computer programming

Introduction: My name is Rueben Jacobs, I am a cooperative, beautiful, kind, comfortable, glamorous, open, magnificent person who loves writing and wants to share my knowledge and understanding with you.