Quickstart: Deploy Azure Bastion in a virtual network using an ARM template
This quickstart describes how to use Azure Bastion template to deploy to a virtual network.
If your environment meets the prerequisites and you're familiar with using ARM templates, select the Deploy to Azure button. The template will open in the Azure portal.
The use of Azure Bastion with Azure Private DNS Zones is not supported at this time. Before you begin, please make sure that the virtual network where you plan to deploy your Bastion resource is not linked to a private DNS zone.
Review the template
To view the entire template used for this quickstart, see Azure Quickstart Templates: Azure Bastion as a Service.
This template by default, creates an Azure Bastion deployment with a resource group, a virtual network, network security group settings, an AzureBastionSubnet subnet, a bastion host, and a public IP address resource that's used for the bastion host.
- Microsoft.Network/bastionHosts creates the bastion host.
- Microsoft.Network/virtualNetworks creates a virtual network.
- Microsoft.Network/virtualNetworks/subnets creates the subnet.
- Microsoft Network/networkSecurityGroups controls the network security group settings.
- Microsoft.Network/publicIpAddresses specifies the public IP address value used for the bastion host.
|Region||Azure region for Bastion and virtual network.|
|vnet-name||Name of new or existing virtual network to which Azure Bastion should be deployed.|
|vnet-ip-prefix||IP prefix for available addresses in virtual network address space.|
|vnet-new-or-existing||Specify whether to deploy new virtual network or deploy to an existing one.|
|bastion-subnet-ip-prefix||Bastion subnet IP prefix MUST be within the virtual network IP prefix address space.|
|bastion-host-name||Name of Azure Bastion resource.|
To find more templates, see Azure Quickstart Templates.
Deploy the template
Hourly pricing starts from the moment Bastion is deployed, regardless of outbound data usage. For more information, see Pricing and SKUs. If you're deploying Bastion as part of a tutorial or test, we recommend that you delete this resource once you've finished using it.
In this section, you'll deploy Bastion using the Deploy to Azure button below or in the Azure portal. You don't connect and sign in to your virtual machine or deploy Bastion from your VM directly.
Sign in to the Azure portal.
Select the Deploy to Azure button below.
In the Azure Bastion as a Service: Azure Quickstart Template, enter or select the following information.
- If you're using the template for a test environment, you can use the example values specified.
- To view the template, click Edit template. On this page, you can adjust some of the values such as address space or the name of certain resources. Save to save your changes, or Discard.
- If you decide to create your bastion host in an existing VNet, make sure to fill in the values for the template as they are in your deployed environment, or the template will fail.
Setting Example value Subscription Select your Azure subscription Resource Group Select Create new enter TestRG1, and select OK Region Enter East US vnet-name Enter VNet1 vnet-ip-prefix Enter 10.1.0.0/16 vnet-new-or-existing Select new bastion-subnet-ip-prefix Enter 10.1.1.0/24 bastion-host-name Enter TestBastionHost
Select the Review + create tab or select the Review + create button. Select Create.
The deployment will complete within 10 minutes. You can view the progress on the template Overview page. If you close the portal, deployment will continue.
Validate the deployment
In this section, you'll validate the deployment of Azure Bastion.
- Sign in to the Azure portal.
- Select the TestRG1 resource group that you created in the previous section.
- From the Overview page of the resource group, scroll down to Resources in the middle pane. Validate the Bastion resource.
Clean up resources
When you're done using the virtual network and the virtual machines, delete the resource group and all of the resources it contains:
- Enter the name of your resource group in the Search box at the top of the portal and select it from the search results.
- Select Delete resource group.
- Enter your resource group for TYPE THE RESOURCE GROUP NAME and select Delete.
In this quickstart, you deployed Bastion using the Bastion ARM template, and then connected to a virtual machine securely via Bastion. Next, you can continue with the following steps if you want to copy and paste to your virtual machine.