Open in app

Sign in

Write

Sign in

Mastodon

Deploy Azure Bastion (Preview) Using an ARM Template

Amine Charot
Charot
Published in
3 min readJun 20, 2019

--

Hello, Recently Microsoft Azure announced the public preview of Azure Bastion Service.

Azure Bastion is a PaaS service which provides an RDP or SSH connectivity to VMs over SSL. In other words, Azure Bastion can be deployed in an existing Virtual Network providing a connectivity (RDP or SSH) to all the VMs that are inside the VNET.

You won’t need any Public IP Address, which means that you won’t need another Virtual Machine that allows you to remotely connect to the VM in question. In other words, you won’t need a JumpBox anymore.

Another thing that I find cool, you can connect directly through your browser.

How to deploy Azure Bastion using ARM Templates

First question that you may ask is : I don’t find the service in my portal where is it ? You should use this Portal.

You should register to the preview to be able to create an Azure Bastion. Using PowerShell :

Login-AzAccountRegister-AzProviderFeature -FeatureName AllowBastionHost -ProviderNamespace Microsoft.NetworkRegister-AzResourceProvider -ProviderNamespace Microsoft.Network

Wait for few minutes then use the following cmdlet to ensure that you are registred :

Get-AzProviderFeature -ListAvailable

Once is done, you can use the following ARM Template that I’ve created. It allows you to :

  • Add the subnet “AzureBastionSubnet” which is required to create a Bastion;
  • Create the Public Address Ip for the Bastion;
  • Create the Bastion.

ARM Template File :

Template Parameters File :

You can run the deployment using :

new-azresourcegroupdeployment

Once is done, you should see something beautiful, something like a Bastion, something like :

How to use Azure Bastion to remotely connect to a VM

Good news, in addition of a Virtual Machines, if you are using a VMSS, and you’ve deployed Azure Bastion in the same VNet as your VMSS, you will be able to remotely connect to each instance of your VMSS !

Which means, I have my VMSS inside a VNet (testamine-vnet) as following :

Azure Bastion is deployed inside the same Vnet

So I can use the Azure Bastion to connect to any instance of my VMSS :

Of course, the same Bastion may be used to connect to another Virtual Machine in the same VNet :

Enjoy, ciao,

Azure
Azure Bastion
Arm Templates
DevOps
Infrastructure As Code

--

--

Amine Charot
Charot

334 Followers
Editor for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams