az network bastion

Manage Azure Bastion host.

Commands

az network bastion create

Create a Azure Bastion host machine.

az network bastion delete

Delete a Azure Bastion host machine.

az network bastion list

List all Azure Bastion host machines.

az network bastion rdp

RDP to target Virtual Machine using Tunneling from Azure Bastion.

az network bastion show

Show a Azure Bastion host machine.

az network bastion ssh

SSH to a virtual machine using Tunneling from Azure Bastion.

az network bastion tunnel

Open a tunnel through Azure Bastion to a target virtual machine.

az network bastion update

Update a Azure Bastion host machine.

az network bastion wait

Place the CLI in a waiting state until a condition of the Azure Bastion host machine is met.

az network bastion create

Create a Azure Bastion host machine.

az network bastion create --name
                          --public-ip-address
                          --resource-group
                          --vnet-name
                          [--disable-copy-paste {false, true}]
                          [--enable-ip-connect {false, true}]
                          [--enable-tunneling {false, true}]
                          [--location]
                          [--no-wait]
                          [--scale-units]
                          [--sku {Basic, Standard}]
                          [--tags]

Examples

Create a Azure Bastion host machine. (autogenerated)

az network bastion create --location westus2 --name MyBastionHost --public-ip-address MyPublicIpAddress --resource-group MyResourceGroup --vnet-name MyVnet

Required Parameters

--name -n

Name of the bastion host.

--public-ip-address

Name or ID of the Azure public IP. The SKU of the public IP must be Standard.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--vnet-name

Name of the virtual network. It must have a subnet called AzureBastionSubnet.

Optional Parameters

--disable-copy-paste

Disable copy and paste for all sessions on this Azure Bastion resource.

accepted values: false, true
--enable-ip-connect

Enable IP-based Connections on this Azure Bastion resource.

accepted values: false, true
--enable-tunneling

Enable Native Client Support on this Azure Bastion resource.

accepted values: false, true
--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--no-wait

Do not wait for the long-running operation to finish.

--scale-units

The scale units for the Bastion Host resource, which minimum is 2 and maximum is 50.

--sku

The SKU of this Bastion Host.

accepted values: Basic, Standard
default value: Standard
--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

az network bastion delete

Delete a Azure Bastion host machine.

az network bastion delete [--ids]
                          [--name]
                          [--resource-group]

Examples

Delete a Azure Bastion host machine. (autogenerated)

az network bastion delete --name MyBastionHost --resource-group MyResourceGroup

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the bastion host.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az network bastion list

List all Azure Bastion host machines.

az network bastion list [--resource-group]

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az network bastion rdp

RDP to target Virtual Machine using Tunneling from Azure Bastion.

az network bastion rdp --target-resource-id
                       [--disable-gateway {false, true}]
                       [--ids]
                       [--name]
                       [--resource-group]
                       [--resource-port]

Examples

RDP to virtual machine using Azure Bastion.

az network bastion rdp --name MyBastionHost --resource-group MyResourceGroup --target-resource-id vmResourceId

Required Parameters

--target-resource-id

ResourceId of the target Virtual Machine.

Optional Parameters

--disable-gateway

Flag to disable access through RD gateway.

accepted values: false, true
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the bastion host.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--resource-port

Resource port of the target VM to which the bastion will connect.

az network bastion show

Show a Azure Bastion host machine.

az network bastion show [--ids]
                        [--name]
                        [--resource-group]

Examples

Show a Azure Bastion host machine.

az network bastion show --name MyBastionHost --resource-group MyResourceGroup

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the bastion host.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az network bastion ssh

SSH to a virtual machine using Tunneling from Azure Bastion.

az network bastion ssh --auth-type
                       --target-resource-id
                       [--ids]
                       [--name]
                       [--resource-group]
                       [--resource-port]
                       [--ssh-key]
                       [--username]

Examples

SSH to virtual machine using Azure Bastion using password.

az network bastion ssh --name MyBastionHost --resource-group MyResourceGroup --target-resource-id vmResourceId --auth-type password --username xyz

SSH to virtual machine using Azure Bastion using ssh key file.

az network bastion ssh --name MyBastionHost --resource-group MyResourceGroup --target-resource-id vmResourceId --auth-type ssh-key --username xyz --ssh-key C:/filepath/sshkey.pem

SSH to virtual machine using Azure Bastion using AAD.

az network bastion ssh --name MyBastionHost --resource-group MyResourceGroup --target-resource-id vmResourceId --auth-type AAD

Required Parameters

--auth-type

Auth type to use for SSH connections.

--target-resource-id

ResourceId of the target Virtual Machine.

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the bastion host.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--resource-port

Resource port of the target VM to which the bastion will connect.

--ssh-key

SSH key file location for SSH connections.

--username

User name for SSH connections.

az network bastion tunnel

Open a tunnel through Azure Bastion to a target virtual machine.

az network bastion tunnel --port
                          --resource-port
                          --target-resource-id
                          [--ids]
                          [--name]
                          [--resource-group]
                          [--timeout]

Examples

Open a tunnel through Azure Bastion to a target virtual machine.

az network bastion tunnel --name MyBastionHost --resource-group MyResourceGroup --target-resource-id vmResourceId --resource-port 22 --port 50022

Required Parameters

--port

Local port to use for the tunneling.

--resource-port

Resource port of the target VM to which the bastion will connect.

--target-resource-id

ResourceId of the target Virtual Machine.

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the bastion host.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--timeout

Timeout for connection to bastion host tunnel.

az network bastion update

Update a Azure Bastion host machine.

az network bastion update [--add]
                          [--disable-copy-paste {false, true}]
                          [--enable-ip-connect {false, true}]
                          [--enable-tunneling {false, true}]
                          [--force-string]
                          [--ids]
                          [--name]
                          [--no-wait]
                          [--remove]
                          [--resource-group]
                          [--scale-units]
                          [--set]
                          [--sku {Basic, Standard}]

Examples

Update a Azure Bastion host machine to enable native client support

az network bastion update --name MyBastionHost --resource-group MyResourceGroup --enable-tunneling

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--disable-copy-paste

Disable copy and paste for all sessions on this Azure Bastion resource.

accepted values: false, true
--enable-ip-connect

Enable IP-based Connections on this Azure Bastion resource.

accepted values: false, true
--enable-tunneling

Enable Native Client Support on this Azure Bastion resource.

accepted values: false, true
--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the bastion host.

--no-wait

Do not wait for the long-running operation to finish.

--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--scale-units

The scale units for the Bastion Host resource, which minimum is 2 and maximum is 50.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

--sku

The SKU of this Bastion Host.

accepted values: Basic, Standard

az network bastion wait

Place the CLI in a waiting state until a condition of the Azure Bastion host machine is met.

az network bastion wait [--created]
                        [--custom]
                        [--deleted]
                        [--exists]
                        [--ids]
                        [--interval]
                        [--name]
                        [--resource-group]
                        [--timeout]
                        [--updated]

Examples

Place the CLI in a waiting state until the Azure Bastion host machine is created.

az network bastion wait --resource-group MyResourceGroup --name MyBastionHost --created

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

--exists

Wait until the resource exists.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--interval

Polling interval in seconds.

default value: 30
--name -n

Name of the bastion host.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--timeout

Maximum wait in seconds.

default value: 3600
--updated

Wait until updated with provisioningState at 'Succeeded'.