Ever heard of a jump server or bastion server? No? Well then this post is for you Before we dive into what’s Azure Bastion, we should understa
I've talked about Azure Bastion in the past -> Azure Bastion - Managed Jump Server (florinloghiade.ro). To tell it in a nutshell, Azure Bastion is a managed jump server which allows you to directly connect to your workloads without the operational hassle.
Recently the Azure Bastion offering received an update which now allows you to have native RDP and SSH connections without having to open the Azure Portal. The only thing that you need is a terminal with AzCli installed.
If you create a new Bastion Service then you need to go to the advanced tab and check native client support.
Otherwise if you already have a Bastion Service deployed, go to the configuration blade and check the native client support box and press apply.
Be aware that this option requires Azure Bastion Standard SKU which will bring raise the cost of the solution.
Requirements for it to work:
- Reader role on the virtual machine.
- Reader role on the NIC with private IP of the virtual machine.
- Reader role on the Azure Bastion resource.
Virtual Machine Administrator Login or Virtual Machine User Login role, if you’re using the Azure AD sign-in method.
Az Cli Version 2.33.1 or higher
At the time of writing, this solution will not work on Linux or MacOS but I'm pretty sure this will come soon :)
To connect to a Windows Machine
az network bastion rdp --name BastionDemo --resource-group Bastion-Demo --target-resource-id /subscriptions/e2d85901-f23b-4293-90a0-e0e169d95686/resourceGroups/Bastion-Demo/providers/Microsoft.Compute/virtualMachines/bastionwindows
To connect to a Linux Machine
az network bastion ssh --name BastionDemo --resource-group Bastion-Demo --target-resource-id /subscriptions/e2d85901-f23b-4293-90a0-e0e169d95686/resourceGroups/Bastion-Demo/providers/Microsoft.Compute/virtualMachines/bastionlinux --auth-type password --username adminuser
This solution will work with VNET peered bastion services or bastions that are in the same VNET as the VMs. Simple solution that brings a lot of value I say.
Have a good one!