Bicep resource definition
The bastionHosts resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/bastionHosts resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/bastionHosts@2019-12-01' = {
location: 'string'
name: 'string'
properties: {
dnsName: 'string'
ipConfigurations: [
{
id: 'string'
name: 'string'
properties: {
privateIPAllocationMethod: 'string'
publicIPAddress: {
id: 'string'
}
subnet: {
id: 'string'
}
}
}
]
}
tags: {
{customized property}: 'string'
}
}
Property Values
Microsoft.Network/bastionHosts
| Name |
Description |
Value |
| location |
Resource location. |
string |
| name |
The resource name |
string (required) |
| properties |
Represents the bastion host resource. |
BastionHostPropertiesFormat |
| tags |
Resource tags |
Dictionary of tag names and values. See Tags in templates |
BastionHostIPConfiguration
| Name |
Description |
Value |
| id |
Resource ID. |
string |
| name |
Name of the resource that is unique within a resource group. This name can be used to access the resource. |
string |
| properties |
Represents the ip configuration associated with the resource. |
BastionHostIPConfigurationPropertiesFormat |
| Name |
Description |
Value |
| privateIPAllocationMethod |
Private IP allocation method. |
'Dynamic'
'Static' |
| publicIPAddress |
Reference of the PublicIP resource. |
SubResource (required) |
| subnet |
Reference of the subnet resource. |
SubResource (required) |
| Name |
Description |
Value |
| dnsName |
FQDN for the endpoint on which bastion host is accessible. |
string |
| ipConfigurations |
IP configuration of the Bastion Host resource. |
BastionHostIPConfiguration[] |
SubResource
| Name |
Description |
Value |
| id |
Resource ID. |
string |
Usage Examples
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
| Module |
Description |
| Bastion Host |
AVM Resource Module for Bastion Host |
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
| Bicep File |
Description |
| AKS Cluster with a NAT Gateway and an Application Gateway |
This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. |
| AKS cluster with the Application Gateway Ingress Controller |
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault |
| Azure Bastion as a Service |
This template provisions Azure Bastion in a Virtual Network |
| Azure Bastion as a Service with NSG |
This template provisions Azure Bastion in a Virtual Network |
| Azure Machine Learning end-to-end secure setup |
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
| Azure Machine Learning end-to-end secure setup (legacy) |
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
| Create a cross-region load balancer |
This template creates a cross-region load balancer with a backend pool containing two regional load balancers. Cross-region load balancer is currently available in limited regions. The regional load balancers behind the cross-region load balancer can be in any region. |
| Create a Private AKS Cluster |
This sample shows how to create a private AKS cluster in a virtual network along with a jumpbox virtual machine. |
| Create a standard internal load balancer |
This template creates a standard internal Azure Load Balancer with a rule load-balancing port 80 |
| Create a standard load-balancer |
This template creates an Internet-facing load-balancer, load balancing rules, and three VMs for the backend pool with each VM in a redundant zone. |
| Deploy a Bastion host in a hub Virtual Network |
This template creates two vNets with peerings, a Bastion host in the Hub vNet and a Linux VM in the spoke vNet |
| Deploy Secure AI Foundry with a managed virtual network |
This template creates a secure Azure AI Foundry environment with robust network and identity security restrictions. |
| Public Load Balancer chained to a Gateway Load Balancer |
This template allows you to deploy a Public Standard Load Balancer chained to a Gateway Load Balancer. The traffic incoming from internet is routed to the Gateway Load Balancer with linux VMs (NVAs) in the backend pool. |
| Testing environment for Azure Firewall Premium |
This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering |
| Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology |
This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering. |
ARM template resource definition
The bastionHosts resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/bastionHosts resource, add the following JSON to your template.
{
"type": "Microsoft.Network/bastionHosts",
"apiVersion": "2019-12-01",
"name": "string",
"location": "string",
"properties": {
"dnsName": "string",
"ipConfigurations": [
{
"id": "string",
"name": "string",
"properties": {
"privateIPAllocationMethod": "string",
"publicIPAddress": {
"id": "string"
},
"subnet": {
"id": "string"
}
}
}
]
},
"tags": {
"{customized property}": "string"
}
}
Property Values
Microsoft.Network/bastionHosts
| Name |
Description |
Value |
| apiVersion |
The api version |
'2019-12-01' |
| location |
Resource location. |
string |
| name |
The resource name |
string (required) |
| properties |
Represents the bastion host resource. |
BastionHostPropertiesFormat |
| tags |
Resource tags |
Dictionary of tag names and values. See Tags in templates |
| type |
The resource type |
'Microsoft.Network/bastionHosts' |
BastionHostIPConfiguration
| Name |
Description |
Value |
| id |
Resource ID. |
string |
| name |
Name of the resource that is unique within a resource group. This name can be used to access the resource. |
string |
| properties |
Represents the ip configuration associated with the resource. |
BastionHostIPConfigurationPropertiesFormat |
| Name |
Description |
Value |
| privateIPAllocationMethod |
Private IP allocation method. |
'Dynamic'
'Static' |
| publicIPAddress |
Reference of the PublicIP resource. |
SubResource (required) |
| subnet |
Reference of the subnet resource. |
SubResource (required) |
| Name |
Description |
Value |
| dnsName |
FQDN for the endpoint on which bastion host is accessible. |
string |
| ipConfigurations |
IP configuration of the Bastion Host resource. |
BastionHostIPConfiguration[] |
SubResource
| Name |
Description |
Value |
| id |
Resource ID. |
string |
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
| Template |
Description |
AKS Cluster with a NAT Gateway and an Application Gateway
 |
This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. |
AKS cluster with the Application Gateway Ingress Controller
|
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault |
Azure Bastion as a Service
|
This template provisions Azure Bastion in a Virtual Network |
Azure Bastion as a Service with NSG
|
This template provisions Azure Bastion in a Virtual Network |
Azure Machine Learning end-to-end secure setup
|
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Azure Machine Learning end-to-end secure setup (legacy)
|
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Create a cross-region load balancer
|
This template creates a cross-region load balancer with a backend pool containing two regional load balancers. Cross-region load balancer is currently available in limited regions. The regional load balancers behind the cross-region load balancer can be in any region. |
Create a Private AKS Cluster
|
This sample shows how to create a private AKS cluster in a virtual network along with a jumpbox virtual machine. |
Create a Private AKS Cluster with a Public DNS Zone
|
This sample shows how to a deploy a private AKS cluster with a Public DNS Zone. |
Create a standard internal load balancer
|
This template creates a standard internal Azure Load Balancer with a rule load-balancing port 80 |
Create a standard load-balancer
|
This template creates an Internet-facing load-balancer, load balancing rules, and three VMs for the backend pool with each VM in a redundant zone. |
Deploy a Bastion host in a hub Virtual Network
|
This template creates two vNets with peerings, a Bastion host in the Hub vNet and a Linux VM in the spoke vNet |
Deploy Darktrace Autoscaling vSensors
|
This template allows you to deploy an automatically autoscaling deployment of Darktrace vSensors |
Deploy Secure AI Foundry with a managed virtual network
|
This template creates a secure Azure AI Foundry environment with robust network and identity security restrictions. |
Example Parameterized Deployment With Linked Templates
|
This sample template will deploy multiple tiers of resources into an Azure Resource Group. Each tier has configurable elements, to show how you can expose parameterization to the end user. |
Public Load Balancer chained to a Gateway Load Balancer
|
This template allows you to deploy a Public Standard Load Balancer chained to a Gateway Load Balancer. The traffic incoming from internet is routed to the Gateway Load Balancer with linux VMs (NVAs) in the backend pool. |
Standard Load Balancer with Backend Pool by IP Addresses
|
This template is used to demonstrate how ARM Templates can be used to configure the Backend Pool of a Load Balancer by IP Address as outlined in the Backend Pool management document. |
Testing environment for Azure Firewall Premium
|
This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering |
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology
|
This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering. |
The bastionHosts resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/bastionHosts resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Network/bastionHosts@2019-12-01"
name = "string"
parent_id = "string"
location = "string"
tags = {
{customized property} = "string"
}
body = {
properties = {
dnsName = "string"
ipConfigurations = [
{
id = "string"
name = "string"
properties = {
privateIPAllocationMethod = "string"
publicIPAddress = {
id = "string"
}
subnet = {
id = "string"
}
}
}
]
}
}
}
Property Values
Microsoft.Network/bastionHosts
| Name |
Description |
Value |
| location |
Resource location. |
string |
| name |
The resource name |
string (required) |
| properties |
Represents the bastion host resource. |
BastionHostPropertiesFormat |
| tags |
Resource tags |
Dictionary of tag names and values. |
| type |
The resource type |
"Microsoft.Network/bastionHosts@2019-12-01" |
BastionHostIPConfiguration
| Name |
Description |
Value |
| id |
Resource ID. |
string |
| name |
Name of the resource that is unique within a resource group. This name can be used to access the resource. |
string |
| properties |
Represents the ip configuration associated with the resource. |
BastionHostIPConfigurationPropertiesFormat |
| Name |
Description |
Value |
| privateIPAllocationMethod |
Private IP allocation method. |
'Dynamic'
'Static' |
| publicIPAddress |
Reference of the PublicIP resource. |
SubResource (required) |
| subnet |
Reference of the subnet resource. |
SubResource (required) |
| Name |
Description |
Value |
| dnsName |
FQDN for the endpoint on which bastion host is accessible. |
string |
| ipConfigurations |
IP configuration of the Bastion Host resource. |
BastionHostIPConfiguration[] |
SubResource
| Name |
Description |
Value |
| id |
Resource ID. |
string |
Usage Examples
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
| Module |
Description |
| Bastion Host |
AVM Resource Module for Bastion Host |