Pieter de Bruin

Helps technical experts share their experience on Microsoft Learn

In previous episodes you may have witnessed me use a virtual machine in Azure. I always do that using Azure Bastion, which gives you secure access to Linux and Windows virtual machines using SSH or RDP over HTTPS, without exposing the VMs to the internet.

img

You can simply access your virtual machines by navigating to them in the Azure Portal, select connect, Bastion, enter credentials and you are in. Or you can use azcli!

This is the point where I would normally provide azcli commands to create the required Azure resources. while creating a virtual network in the Azure Portal, I noticed a couple of interesting things that convinced me to mention that approach too:

  • On the Security tab, there is a checkbox to Enable Azure Bastion.
  • And then on the IP addresses tab, there is guidance on what ranges to use for the virtual network and subnets. This really helps when planning address spaces is not your daily job :-)

img

Couldn’t stop myself and wanted to add an azcli script anyway:

az group create --name blogrg --location westeurope

az network vnet create --resource-group blogrg --name vnetname --address-prefix 172.16.0.0/22 --subnet-name AzureBastionSubnet --subnet-prefix 172.16.0.0/26

az network vnet subnet create -g blogrg --vnet-name vnetname -n default  --address-prefixes 172.16.1.0/24

az network public-ip create --name pipname -g blogrg --sku Standard

az network bastion create --name bastionname --public-ip-address pipname -g blogrg --vnet-name vnetname

Now you can create a sample virtual machine to use through Bastion. With the vnet, bastion and public ip created, you don’t need to create them for the VM: For public inbound ports select None, and for Public IP select None. And here I really don’t share an az vm create script, since there are so many variables (literally over eighty parameters), that you should use the portal doing this once and invest in creating your own script for multiples.

Note that for cost control I always enable auto-shutdown (22:00 local time) without notification. Also note that you will still pay for Bastion.

Once the VM is created, you can use the Azure Portal to navigate to the VM, click connect, Bastion, enter credentials, and do your work.

You can even use azcli to connect your shell or VS Code to an Azure VM using bastion. Read Jose’s post for details.

Thanks for reading! :-)

You May Also Enjoy

Microsoft Build cloud skills challenge

Microsoft Build is happening on May 23-24. Both Build and Ignite are big events at Microsoft; many product groups prepare to have something interesting to pr...

VS Code day 2023

This week the VS Code day happened. If you missed it, you can catch up the recordings of 15 presentations ranging from VS Code essentials, GitHub integration...

KubeCon EU 2023

Last week I attended KubeCon. Nowadays I don’t have much opportunity to travel to conferences, so when one of the biggest events shows up about 30 kilometers...