I have given, in my previous article, a quick guide to using the Azure Bastion Service.

In the new article, I will focus on how to automate the deployment on Azure bastion using not only ARM templates but also  Hashicorp Terraform.

So let’s get started with some definitions! 🙂

Azure Bastion, now in preview, is a managed PaaS that connects customers’ VMs via the Remote Desktop Protocol (RDP) and Secure Shell (SSH) network protocols, and it uses Secure Sockets Layer encryption in the process, Microsoft said. It’s inspired by bastion hosts and jump boxes, long a networking staple for companies that want to place dedicated gateways between the public internet and their private networks.

source: https://searchcloudcomputing.techtarget.com/news/252465418/Microsoft-Azure-Bastion-service-seeks-to-secure-VMs

What’s an ARM template?

ARM Templates, stands for Azure Resource Manager templates, are a way to declare the objects you want, the types, names, and properties in a JSON file which can be checked into source control and managed like any other code file. ARM Templates are what gives us the ability to roll out Azure “Infrastructure as code”.

source: https://www.red-gate.com/simple-talk/cloud/infrastructure-as-a-service/azure-resource-manager-arm-templates/

ARM template Syntax

  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "",
  "apiProfile": "",
  "parameters": {  },
  "variables": {  },
  "functions": [  ],
  "resources": [  ],
  "outputs": {  }

$schema, content version, apiProfile, and resources are required elements. below is a description of different parts of the template

parameters: Values that are provided when deployment is executed to customize resource deployment.

variables: Values that are used as JSON fragments in the template to simplify template language expressions.

functions: User-defined functions that are available within the template.

resources: Yes Resource types that are deployed or updated in a resource group or subscription.

outputs: No Values that are returned after deployment.

For more information take a look at https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authoring-templates

Now, let’s move to the ARM template to build the Azure Bastion.

In my git repository below, I uploaded two files :


The first one is the template file, which containsthe resources that will be created:

1- The public IP address.

2- The virtual network associated with the AZ bastion and its different subnets.

3- The Azure Bastion.

The second one, contains the parameters needed to deploy the resources and which need to be personalized..

Now, let’s deploy the template.

  1. To deploy a customized template through the portal, select Create a resource, search for a template. and then select Template deployment.
  2. Select Create.
  3. You see several options for creating a template choose to Build your own template in the editor: create a template using the portal template editor. The editor is capable to add a resource template schema.
  4. Select the Edit template to explore the portal template editor. The template is loaded in the editor.
  5. Make a minor change to the template. For example, update the  {{changeIT }} by adding your subscription id.
  6. Select Save. Now you see the portal template deployment interface. Notice the two parameters that you defined in the template.
  7. Enter or select the property values:
  • Subscription: Select an Azure subscription.
  • Resource group: Select Create new and give a name.
  • I agree to the terms and conditions stated above: (select)

Finally, click on purchase and your Azure Bastion will be deployed.

I hope this article gives you an overview and a quick-start to deploy ARM template. Stay tuned for my next article, I will focus on how to deploy the Azure Bastion using Terraform.