az network bastion

Manage Azure Bastion host.

Commands

az network bastion create	Create a Azure Bastion host machine.
az network bastion delete	Delete a Azure Bastion host machine.
az network bastion list	List all Azure Bastion host machines.
az network bastion rdp	RDP to target Virtual Machine using Tunneling from Azure Bastion.
az network bastion show	Show a Azure Bastion host machine.
az network bastion ssh	SSH to a virtual machine using Tunneling from Azure Bastion.
az network bastion tunnel	Open a tunnel through Azure Bastion to a target virtual machine.
az network bastion update	Update a Azure Bastion host machine.
az network bastion wait	Place the CLI in a waiting state until a condition of the Azure Bastion host machine is met.

az network bastion create

Create a Azure Bastion host machine.

az network bastion create --name
                          --public-ip-address
                          --resource-group
                          --vnet-name
                          [--disable-copy-paste {false, true}]
                          [--enable-ip-connect {false, true}]
                          [--enable-tunneling {false, true}]
                          [--location]
                          [--no-wait]
                          [--scale-units]
                          [--sku {Basic, Standard}]
                          [--tags]

Examples

Create a Azure Bastion host machine. (autogenerated)

az network bastion create --location westus2 --name MyBastionHost --public-ip-address MyPublicIpAddress --resource-group MyResourceGroup --vnet-name MyVnet

Required Parameters

--name -n

Name of the bastion host.

--public-ip-address

Name or ID of the Azure public IP. The SKU of the public IP must be Standard.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--vnet-name

Name of the virtual network. It must have a subnet called AzureBastionSubnet.

Optional Parameters

--disable-copy-paste

Disable copy and paste for all sessions on this Azure Bastion resource.

accepted values: false, true

default value: False

--enable-ip-connect

Enable IP-based Connections on this Azure Bastion resource.

accepted values: false, true

default value: False

--enable-tunneling

Enable Native Client Support on this Azure Bastion resource.

accepted values: false, true

default value: False

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--no-wait

Do not wait for the long-running operation to finish.

default value: False

--scale-units

The scale units for the Bastion Host resource, which minimum is 2 and maximum is 50.

--sku

The SKU of this Bastion Host.

accepted values: Basic, Standard

default value: Standard

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network bastion delete

Delete a Azure Bastion host machine.

az network bastion delete [--ids]
                          [--name]
                          [--resource-group]
                          [--subscription]

Examples

Delete a Azure Bastion host machine. (autogenerated)

az network bastion delete --name MyBastionHost --resource-group MyResourceGroup

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the bastion host.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network bastion list

List all Azure Bastion host machines.

az network bastion list [--resource-group]

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network bastion rdp

RDP to target Virtual Machine using Tunneling from Azure Bastion.

az network bastion rdp --target-resource-id
                       [--configure]
                       [--disable-gateway {false, true}]
                       [--ids]
                       [--name]
                       [--resource-group]
                       [--resource-port]
                       [--subscription]

Examples

RDP to virtual machine using Azure Bastion.

az network bastion rdp --name MyBastionHost --resource-group MyResourceGroup --target-resource-id vmResourceId

Required Parameters

--target-resource-id

ResourceId of the target Virtual Machine.

Optional Parameters

--configure

Flag to configure RDP session.

default value: False

--disable-gateway

Flag to disable access through RD gateway.

accepted values: false, true

default value: False

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the bastion host.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--resource-port

Resource port of the target VM to which the bastion will connect.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network bastion show

Show a Azure Bastion host machine.

az network bastion show [--ids]
                        [--name]
                        [--resource-group]
                        [--subscription]

Examples

Show a Azure Bastion host machine.

az network bastion show --name MyBastionHost --resource-group MyResourceGroup

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the bastion host.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network bastion ssh

SSH to a virtual machine using Tunneling from Azure Bastion.

az network bastion ssh --auth-type
                       --target-resource-id
                       [--ids]
                       [--name]
                       [--resource-group]
                       [--resource-port]
                       [--ssh-key]
                       [--subscription]
                       [--username]

Examples

SSH to virtual machine using Azure Bastion using password.

az network bastion ssh --name MyBastionHost --resource-group MyResourceGroup --target-resource-id vmResourceId --auth-type password --username xyz

SSH to virtual machine using Azure Bastion using ssh key file.

az network bastion ssh --name MyBastionHost --resource-group MyResourceGroup --target-resource-id vmResourceId --auth-type ssh-key --username xyz --ssh-key C:/filepath/sshkey.pem

SSH to virtual machine using Azure Bastion using AAD.

az network bastion ssh --name MyBastionHost --resource-group MyResourceGroup --target-resource-id vmResourceId --auth-type AAD

Required Parameters

--auth-type

Auth type to use for SSH connections.

--target-resource-id

ResourceId of the target Virtual Machine.

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the bastion host.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--resource-port

Resource port of the target VM to which the bastion will connect.

--ssh-key

SSH key file location for SSH connections.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--username

User name for SSH connections.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network bastion tunnel

Open a tunnel through Azure Bastion to a target virtual machine.

az network bastion tunnel --port
                          --resource-port
                          --target-resource-id
                          [--ids]
                          [--name]
                          [--resource-group]
                          [--subscription]
                          [--timeout]

Examples

Open a tunnel through Azure Bastion to a target virtual machine.

az network bastion tunnel --name MyBastionHost --resource-group MyResourceGroup --target-resource-id vmResourceId --resource-port 22 --port 50022

Required Parameters

--port

Local port to use for the tunneling.

--resource-port

Resource port of the target VM to which the bastion will connect.

--target-resource-id

ResourceId of the target Virtual Machine.

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the bastion host.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--timeout

Timeout for connection to bastion host tunnel.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network bastion update

Update a Azure Bastion host machine.

az network bastion update [--add]
                          [--disable-copy-paste {false, true}]
                          [--enable-ip-connect {false, true}]
                          [--enable-tunneling {false, true}]
                          [--force-string]
                          [--ids]
                          [--name]
                          [--no-wait]
                          [--remove]
                          [--resource-group]
                          [--scale-units]
                          [--set]
                          [--sku {Basic, Standard}]
                          [--subscription]

Examples

Update a Azure Bastion host machine to enable native client support

az network bastion update --name MyBastionHost --resource-group MyResourceGroup --enable-tunneling

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

default value: []

--disable-copy-paste

Disable copy and paste for all sessions on this Azure Bastion resource.

accepted values: false, true

--enable-ip-connect

Enable IP-based Connections on this Azure Bastion resource.

accepted values: false, true

--enable-tunneling

Enable Native Client Support on this Azure Bastion resource.

accepted values: false, true

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

default value: False

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the bastion host.

--no-wait

Do not wait for the long-running operation to finish.

default value: False

--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

default value: []

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--scale-units

The scale units for the Bastion Host resource, which minimum is 2 and maximum is 50.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

default value: []

--sku

The SKU of this Bastion Host.

accepted values: Basic, Standard

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network bastion wait

Place the CLI in a waiting state until a condition of the Azure Bastion host machine is met.

az network bastion wait [--created]
                        [--custom]
                        [--deleted]
                        [--exists]
                        [--ids]
                        [--interval]
                        [--name]
                        [--resource-group]
                        [--subscription]
                        [--timeout]
                        [--updated]

Examples

Place the CLI in a waiting state until the Azure Bastion host machine is created.

az network bastion wait --resource-group MyResourceGroup --name MyBastionHost --created

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

default value: False

--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

default value: False

--exists

Wait until the resource exists.

default value: False

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--interval

Polling interval in seconds.

default value: 30

--name -n

Name of the bastion host.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--timeout

Maximum wait in seconds.

default value: 3600

--updated

Wait until updated with provisioningState at 'Succeeded'.

default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.