Navigation :

Bastion

The Azure Bastion service allows you to connect to your virtual machines using your browser and the Azure portal, or native SSH, or RDP client. The Bastion is a fully managed PAAS service and requires no maintenance.

The following example will deploy a Bastion within a virtual network.

---
Connection:
# Replace the TenantId and SubscriptionID with your values
  - Name: az-jd-sub1
    Azure: 
      Environment: AzureCloud
      TenantId: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
      Context:
        SubscriptionId: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

# -------------------------------------------------------------------------------------------------------------------

azResourceGroup:
    # Mandatory
  - Name: rg-jdex-bastion
    ConnectionName: az-jd-sub1
    Location: uksouth
    # Optional
    Tag:
      CostCentre: '666'
      ProjectManager: 'Fred Smith'
    Lock:
      - Name: StopAccidentalDelete
        Level: CanNotDelete                         # CanNotDelete, ReadOnly
        Notes: 'stop deletion'

azPublicIP:
    # Mandatory
  - Name: pip-jdex-bastion
    ConnectionName: az-jd-sub1
    ResourceGroupName: rg-jdex-bastion
    Location: uksouth
    # Optional
    Zone:
      - 1
    Tag:
      CostCentre: '666'
      ProjectManager: 'Fred Smith'
    AllocationMethod: Static                        # Static, Dynamic
    Sku: Standard                                   # Basic, Standard (Standard allows multiple zones)

azVirtualNetwork:
    # Mandatory
  - Name: vnet-jdex-bastion
    ConnectionName: az-jd-sub1
    Location: uksouth
    AddressPrefix: '10.0.0.0/16'
    ResourceGroupName: rg-jdex-bastion
    # Optional
    Tag:
      CostCentre: '666'
      ProjectManager: 'Fred Smith'

azSubnet:
    # Mandatory
  - Name: AzureBastionSubnet                        # This must be called AzureBastionSubnet
    ConnectionName: az-jd-sub1
    ResourceGroupName: rg-jdex-bastion
    VNetName: vnet-jdex-bastion
    AddressPrefix: '10.0.255.224/27'

azBastion:
    # Mandatory
  - Name: bst-jdex-bastion
    ConnectionName: az-jd-sub1
    ResourceGroupName: rg-jdex-bastion
    VNetName: vnet-jdex-bastion
    VNetResourceGroupName: rg-jdex-bastion
    PublicIPName: pip-jdex-bastion
    # Optional
    Sku:                                            # Basic (D), Standard
    ScaleUnit:

Copy the above into a new .yml file and substitute in your tenant and subscription ids.

Validation

Execute the following powershell command to validate your resources. You will be prompted to authenticate to Azure with a suitable Microsoft account. Please ensure the account you choose has the relevant permissions to check your resources.

Confirm-JDResource -Verbose -Type All -DeploymentFile "<filename>.yml"

The above command will validate the resources in the yaml file. The -Type parameter allows the execution of just part of a yaml file that may contain other resource types.

Deployment

Execute the following powershell command to deploy your resources. You will be prompted to authenticate to Azure with a suitable Microsoft account. Please ensure the account you choose has the relevant permissions to check your resources.

Deploy-JDResource -Verbose -Type All -DeploymentFile "<filename>.yml"

The above command will create all resource types in the yaml file. The -Type parameter allows the execution of just part of a yaml file that may contain other resource types.