Tools: From Terminal to Cloud: A Mac User's Guide to Deploying Linux on Azure cli
🏗️ Introduction
How to Create Azure Infrastructure Using Azure CLI on macOS (Step-by-Step Guide)
1. Install Azure CLI on macOS
Install Azure CLI
Confirm Installation
2. Authenticate With Your Azure Account
Sign In
Check Your Active Subscription
Switch Subscription (Optional)
Define Variables
Verify Creation
4. Create a Virtual Network
Create the VNet
5. Create a Subnet
Create the Subnet
6. Create a Network Security Group
Create the NSG
7. Allow SSH and HTTP Traffic
Allow SSH
Allow HTTP
8. Attach the NSG to the Subnet
9. Allocate a Public IP Address
Create a Static Public IP
10. Create the Linux Virtual Machine
Provision the VM
11. Retrieve the VM's Public IP
12. Confirm the VM is Running
13. Connect via SSH and Install Nginx
Connect to the VM
Install Nginx
Start and Enable the Web Server
14. Test the Web Server
Conclusion This comprehensive guide will show you how to transition from a clean macOS terminal to a fully functioning Linux web server in Azure using the Azure CLI. By following these steps, you’ll implement a secure, segmented architecture aligned with cloud best practices. Building in the cloud shouldn't require clicking through dozens of portal screens. Using the Azure CLI on your Mac allows for repeatable, scriptable, and professional infrastructure management. In this guide, we will follow the Azure Well-Architected Framework pillars—specifically Security and Operational Excellence—to deploy a virtualized environment. Below is a Dev.to-style tutorial rewritten in original wording and structured as a step-by-step guide for macOS users. You can paste this directly into a Dev.to article editor. Managing cloud infrastructure from the command line is one of the fastest and most repeatable ways to deploy resources in Microsoft Azure. Instead of manually clicking through the Azure Portal, you can automate the entire process with the Azure CLI. In this guide, you'll learn how to: By the end, you'll have a working Linux VM running inside your own Azure network and accessible through the internet. This approach also aligns with Azure Well-Architected Framework best practices, particularly Operational Excellence, by encouraging automation and repeatable infrastructure deployment. Before interacting with Azure resources from your terminal, you need the Azure Command Line Interface installed locally. macOS users typically install software using Homebrew, a popular package manager. This command downloads and installs the Azure CLI along with its dependencies. If the installation succeeded, the terminal will display the CLI version and installed components. Running the CLI locally allows you to interact directly with Azure APIs from your machine. Next, you must sign in so Azure knows which account and subscription will own the resources you create. Your default browser will open and prompt you to authenticate with your Azure account. Once authenticated, your terminal session becomes authorized to execute Azure commands. To confirm my active subscription, I entered 1 as this is my only active subscription. This command returns details about the currently selected Azure subscription. If you have multiple subscriptions: This ensures all resources created during the lab are billed under the correct account. From a security standpoint, authentication ensures only authorized users can create or modify cloud infrastructure. In Azure, every resource must exist inside a Resource Group, which acts as a logical container for related services. Resource groups make it easier to: To make commands reusable and reduce typos, define variables for the resource group name and location. Using variables allows you to reference the same values throughout your script. Creates a named resource group in East US. All resources in this lab will be placed here for easy cleanup. Azure requires every resource to live inside a resource group. They make it easy to manage, monitor, and delete everything together at the end of the lab. Operational Excellence — grouping related resources together is a best practice for manageability and cost tracking. This command provisions a new resource group in the East US region. Notice also the provisioning state is succeeded. You can also verify if it was created by running this command The output confirms the group exists and displays its configuration. Organizing infrastructure into groups is a core Operational Excellence practice in Azure. Most cloud resources require a private network so they can communicate securely.
Here, you will Creates a Virtual Network with a broad 10.0.0.0/16 IP address space.This is needed VMs and other infrastructure need a secure, isolated private network to communicate with each other.Security — creating an isolated network boundary is the foundational step of cloud security. Azure provides this using a Virtual Network (VNet). This command builds a VNet with an address range of 10.0.0.0/16. Think of the VNet as your private data center network inside Azure. Creating isolated networks is an important security boundary in cloud architecture. Subnets divide a larger network into smaller segments. This allows you to separate different resource types and apply specific rules to them.This Carves out a smaller 10.0.1.0/24 piece (subnet) of the VNet specifically for your VMs.Segmenting networks allows you to apply different routing and firewall rules to different types of resources. Here we allocate a smaller portion of the VNet specifically for our virtual machines. Network segmentation improves both security and traffic management. A Network Security Group (NSG) functions as a firewall for Azure resources. It controls which traffic is allowed or denied. Without an NSG attached, Microsoft allows no inbound traffic but allows all outbound traffic. We need an NSG to poke specific holes in the firewall. Security — controlling traffic flow with firewalls is a basic security requirement. The NSG will later be attached to the subnet so all resources inside inherit the same security rules. Adds inbound rules prioritizing SSH (port 22) and HTTP (port 80) access from the internet. You'll need SSH to log in and configure the server, and HTTP so users can view the web page. Security — explicitly defining inbound access using the principle of least privilege. By default, inbound traffic is restricted. We must explicitly allow access for: These rules define exactly which ports external users may access. This follows the principle of least privilege, allowing only required traffic. To enforce the firewall rules, attach the NSG to the subnet. Applying the NSG to the subnet ensures that any VM created in that subnet automatically inherits those exact firewall rules — protecting the entire subnet. Security — subnet-level application of security controls. Applying security at the subnet level ensures every VM deployed in the subnet automatically inherits the rules. For external users to reach your virtual machine, it needs a public IP address.Allocates a static public IP address in Azure. Without a public IP, the VM can only be accessed internally through the VNet or a VPN. You need this to reach your web server from your browser. Reliability — using a Static IP ensures the address does not change upon reboot. Using a static IP ensures the address remains the same even if the VM restarts. Stable IP addresses improve reliability and connectivity. Now it's time to deploy the compute instance that will host your application.Creates a B1s Ubuntu VM with auto-generated SSH keys and connects it to the existing subnet and firewall. This is the actual cloud compute instance that will run your web application code. Performance Efficiency — selecting the appropriately sized VM for your workload (B1s for dev/test). Choosing appropriately sized instances is part of Performance Efficiency in cloud architecture. You’ll need the IP address to connect to the server. Filters the Azure API response to return just the IP address string. You'll need this IP to SSH into the machine and to test the web application. Operational Excellence — automated retrieval of resource attributes avoids manual portal lookups. The command outputs just the IP address for easy copying. Before connecting, verify the VM is successfully deployed. Queries the VM status and displays it in a clean table format. Always verify provisioning success before attempting connections. Operational Excellence — verification and monitoring. This displays the VM name, power state, and public IP in a readable format. Always validating infrastructure after provisioning is a key Operational Excellence practice. Now you can access the server remotely. Log into the VM over the internet via SSH, installs the Nginx package using APT, and starts the service. A fresh VM is blank. Nginx serves as the web server to test our HTTP port 80 firewall rule. Operational Excellence — bootstrap scripts or userdata are typically used to automate this step. Replace <YOUR_PUBLIC_IP> with the IP from the earlier step. This installs and launches the Nginx web server. From your local machine: If everything worked correctly, you'll receive the default Nginx HTML response. You can also open the IP address in your browser to see the web page. Congratulations! You have successfully used your Mac to orchestrate a professional Azure environment. You’ve installed the tooling, established a secure network boundary with NSG rules, and deployed a functional Ubuntu web server.
Using the Azure CLI is a powerful way to deploy and manage cloud infrastructure without relying on the Azure Portal. In this guide, you learned how to: Create foundational infrastructure including: Deploy an Ubuntu Virtual Machine Install and test a web server This CLI-driven workflow is a key step toward Infrastructure as Code, automation, and scalable cloud operations. Mastering the Azure CLI gives you full control over your cloud environment directly from your terminal. I would love to hear from you. Templates let you quickly answer FAQs or store snippets for re-use. Hide child comments as well For further actions, you may consider blocking this person and/or reporting abuse
