Infrastructure as Code – Deploy Bastion in Azure
Summary
Azure Bastion is a service you deploy that lets you connect to a virtual machine using your browser and the Azure portal. The Azure Bastion service is a fully platform-managed PaaS service that you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over TLS. When you connect via Azure Bastion, your virtual machines do not need a public IP address, agent, or special client software.
Bastion provides secure RDP and SSH connectivity to all of the VMs in the virtual network in which it is provisioned. Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the outside world, while still providing secure access using RDP/SSH.
Plan
The design above expands Infrastructure as Code – Deploy VMs in Azure environment by deploying Azure Bastion.
Cost
Build
#Update based on your organizational requirements
$Location = "westus2"
$ResourceGroupName = "ADonAzureVMs"
$VNetName = "VNet-AzureVMsWestUS2"
$BastionSubnetName = "AzureBastionSubnet"
$BastionSubnetAddress = "10.10.0.0/24"
$PublicIPName = "VNet-AzureVMsWestUS2-ip"
$PublicIPSKU = "Standard"
$BastionName = "VNet-AzureVMsWestUS2-bastion"
# Create a bastion subnet
az network vnet subnet create --address-prefix $BastionSubnetAddress `
--name $BastionSubnetName `
--resource-group $ResourceGroupName `
--vnet-name $VNetName
#Create public IP for bastion
az network public-ip create --resource-group $ResourceGroupName `
--name $PublicIPName `
--sku $PublicIPSKU `
--location $Location
#Create a bastion in VNet-AzureVMsWestUS2
az network bastion create --location $Location `
--name $BastionName `
--public-ip-address $PublicIPName `
--resource-group $ResourceGroupName `
--vnet-name $VNetName Run
Delete
Code to delete Bastion for cost containment.
#Update based on your organizational requirements
$ResourceGroupName = "ADonAzureVMs"
$VNetName = "VNet-AzureVMsWestUS2"
$BastionSubnetName = "AzureBastionSubnet"
$PublicIPName = "VNet-AzureVMsWestUS2-ip"
$BastionName = "VNet-AzureVMsWestUS2-bastion"
#Delete bastion in VNet-AzureVMsWestUS2
az network bastion delete --name $BastionName `
--resource-group $ResourceGroupName
#Delete public IP for bastion
az network public-ip delete --resource-group $ResourceGroupName `
--name $PublicIPName
# Delete bastion subnet
az network vnet subnet delete --name $BastionSubnetName `
--resource-group $ResourceGroupName `
--vnet-name $VNetName
