Schedule Bastion create/delete

Question

I am using Bastion have more secure acces to VMs.

But I try reducing my costs on Azure Bastion as this is really expensive for me.

I have two Ideas on how to do this:

• use LogicApp to delete the resource every night at 11 pm
• use cronjob on the VM itself to run a terraform destroyon the bastion every night at 11 pm

If I want to connect to the VM again, i have to set up the bastion again. The number of times I connect to this VM are not often. Like once or twice a week.

Now my question is, are there any best-practices on how to automate this starting-process ?

I could do a LogicApp that creates a resource but I would prefer a solution where I don't have to open the azure portal.

Would it still be secure to write a bash/powershell script to run on the development-machine, that logs in to azure via Azure CLI and create the bastion using az resource create ?

Answer 1

@previousversiondocs

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I understand that you would like to automate the creation and deletion of Bastion resource.

Wrt, "Would it still be secure to write a bash/powershell script to run on the development-machine"

• This depends on your environment and what you mean by the development-machine.
• You can also use a VM that is not part of development or production.

Also, Andreas Hartig's comment seems to be the best way forward as this would neither require you to login to Portal every time nor sign in to CLI or Powershell from your machine.

You can use a CRON Job to trigger the Logic App and create/delete the Bastion resource.

Kindly let us know if the below helps or you need further assistance on this issue.

Thanks,

Kapil