Azure, Microsoft

Infrastructure as Code – Deploy Bastion in Azure

Summary

Azure Bastion is a service you deploy that lets you connect to a virtual machine using your browser and the Azure portal. The Azure Bastion service is a fully platform-managed PaaS service that you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over TLS. When you connect via Azure Bastion, your virtual machines do not need a public IP address, agent, or special client software.

Bastion provides secure RDP and SSH connectivity to all of the VMs in the virtual network in which it is provisioned. Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the outside world, while still providing secure access using RDP/SSH.

Plan

This image has an empty alt attribute; its file name is image-30.png

The design above expands Infrastructure as Code – Deploy VMs in Azure environment by deploying Azure Bastion.

Cost

Build

#Update based on your organizational requirements
$Location = "westus2"
$ResourceGroupName = "ADonAzureVMs"
$VNetName = "VNet-AzureVMsWestUS2"

$BastionSubnetName = "AzureBastionSubnet"
$BastionSubnetAddress = "10.10.0.0/24"

$PublicIPName = "VNet-AzureVMsWestUS2-ip"
$PublicIPSKU = "Standard"

$BastionName = "VNet-AzureVMsWestUS2-bastion"


# Create a bastion subnet
az network vnet subnet create --address-prefix $BastionSubnetAddress `
                              --name $BastionSubnetName `
                              --resource-group $ResourceGroupName `
                              --vnet-name $VNetName 

#Create public IP for bastion
az network public-ip create --resource-group $ResourceGroupName `
                            --name $PublicIPName `
                            --sku $PublicIPSKU `
                            --location $Location

#Create a bastion in VNet-AzureVMsWestUS2
az network bastion create --location $Location `
                          --name $BastionName `
                          --public-ip-address $PublicIPName `
                          --resource-group $ResourceGroupName `
                          --vnet-name $VNetName             

Run

Azure Bastion created
HTML5 based RDP connection via Bastion

Delete

Code to delete Bastion for cost containment.

#Update based on your organizational requirements
$ResourceGroupName = "ADonAzureVMs"
$VNetName = "VNet-AzureVMsWestUS2"

$BastionSubnetName = "AzureBastionSubnet"

$PublicIPName = "VNet-AzureVMsWestUS2-ip"

$BastionName = "VNet-AzureVMsWestUS2-bastion"


#Delete bastion in VNet-AzureVMsWestUS2
az network bastion delete --name $BastionName `
 
                          --resource-group $ResourceGroupName
#Delete public IP for bastion
az network public-ip delete --resource-group $ResourceGroupName `
                            --name $PublicIPName 

# Delete bastion subnet
az network vnet subnet delete --name $BastionSubnetName `
                              --resource-group $ResourceGroupName `
                              --vnet-name $VNetName 

Leave a Reply

Your email address will not be published. Required fields are marked *

Close Bitnami banner
Bitnami