Microsoft.Network bastionHosts 2023-02-01

Bicep resource definition

The bastionHosts resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/bastionHosts resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Network/bastionHosts@2023-02-01' = {
  scope: resourceSymbolicName or scope
  ___location: 'string'
  name: 'string'
  properties: {
    disableCopyPaste: bool
    dnsName: 'string'
    enableFileCopy: bool
    enableIpConnect: bool
    enableKerberos: bool
    enableShareableLink: bool
    enableTunneling: bool
    ipConfigurations: [
      {
        id: 'string'
        name: 'string'
        properties: {
          privateIPAllocationMethod: 'string'
          publicIPAddress: {
            id: 'string'
          }
          subnet: {
            id: 'string'
          }
        }
      }
    ]
    scaleUnits: int
  }
  sku: {
    name: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}

Property Values

Microsoft.Network/bastionHosts

BastionHostIPConfiguration

BastionHostIPConfigurationPropertiesFormat

BastionHostPropertiesFormat

ResourceTags

Sku

SubResource

Usage Examples

Azure Verified Modules

The following Azure Verified Modules can be used to deploy this resource type.

Azure Quickstart Samples

The following Azure Quickstart templates contain Bicep samples for deploying this resource type.

ARM template resource definition

The bastionHosts resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/bastionHosts resource, add the following JSON to your template.

{
  "type": "Microsoft.Network/bastionHosts",
  "apiVersion": "2023-02-01",
  "name": "string",
  "___location": "string",
  "properties": {
    "disableCopyPaste": "bool",
    "dnsName": "string",
    "enableFileCopy": "bool",
    "enableIpConnect": "bool",
    "enableKerberos": "bool",
    "enableShareableLink": "bool",
    "enableTunneling": "bool",
    "ipConfigurations": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "privateIPAllocationMethod": "string",
          "publicIPAddress": {
            "id": "string"
          },
          "subnet": {
            "id": "string"
          }
        }
      }
    ],
    "scaleUnits": "int"
  },
  "sku": {
    "name": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property Values

Microsoft.Network/bastionHosts

BastionHostIPConfiguration

BastionHostIPConfigurationPropertiesFormat

BastionHostPropertiesFormat

ResourceTags

Sku

SubResource

Usage Examples

Azure Quickstart Templates

The following Azure Quickstart templates deploy this resource type.

Template	Description
AKS Cluster with a NAT Gateway and an Application Gateway	This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections.
AKS cluster with the Application Gateway Ingress Controller	This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault
Azure Bastion as a Service	This template provisions Azure Bastion in a Virtual Network
Azure Bastion as a Service with NSG	This template provisions Azure Bastion in a Virtual Network
Azure Machine Learning end-to-end secure setup	This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Azure Machine Learning end-to-end secure setup (legacy)	This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Create a cross-region load balancer	This template creates a cross-region load balancer with a backend pool containing two regional load balancers. Cross-region load balancer is currently available in limited regions. The regional load balancers behind the cross-region load balancer can be in any region.
Create a Private AKS Cluster	This sample shows how to create a private AKS cluster in a virtual network along with a jumpbox virtual machine.
Create a Private AKS Cluster with a Public DNS Zone	This sample shows how to a deploy a private AKS cluster with a Public DNS Zone.
Create a standard internal load balancer	This template creates a standard internal Azure Load Balancer with a rule load-balancing port 80
Create a standard load-balancer	This template creates an Internet-facing load-balancer, load balancing rules, and three VMs for the backend pool with each VM in a redundant zone.
Deploy a Bastion host in a hub Virtual Network	This template creates two vNets with peerings, a Bastion host in the Hub vNet and a Linux VM in the spoke vNet
Deploy Darktrace Autoscaling vSensors	This template allows you to deploy an automatically autoscaling deployment of Darktrace vSensors
Deploy Secure AI Foundry with a managed virtual network	This template creates a secure Azure AI Foundry environment with robust network and identity security restrictions.
Example Parameterized Deployment With Linked Templates	This sample template will deploy multiple tiers of resources into an Azure Resource Group. Each tier has configurable elements, to show how you can expose parameterization to the end user.
Public Load Balancer chained to a Gateway Load Balancer	This template allows you to deploy a Public Standard Load Balancer chained to a Gateway Load Balancer. The traffic incoming from internet is routed to the Gateway Load Balancer with linux VMs (NVAs) in the backend pool.
Standard Load Balancer with Backend Pool by IP Addresses	This template is used to demonstrate how ARM Templates can be used to configure the Backend Pool of a Load Balancer by IP Address as outlined in the Backend Pool management document.
Testing environment for Azure Firewall Premium	This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology	This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering.

Terraform (AzAPI provider) resource definition

The bastionHosts resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/bastionHosts resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/bastionHosts@2023-02-01"
  name = "string"
  parent_id = "string"
  ___location = "string"
  tags = {
    {customized property} = "string"
  }
  body = {
    properties = {
      disableCopyPaste = bool
      dnsName = "string"
      enableFileCopy = bool
      enableIpConnect = bool
      enableKerberos = bool
      enableShareableLink = bool
      enableTunneling = bool
      ipConfigurations = [
        {
          id = "string"
          name = "string"
          properties = {
            privateIPAllocationMethod = "string"
            publicIPAddress = {
              id = "string"
            }
            subnet = {
              id = "string"
            }
          }
        }
      ]
      scaleUnits = int
    }
    sku = {
      name = "string"
    }
  }
}

Property Values

Microsoft.Network/bastionHosts

BastionHostIPConfiguration

BastionHostIPConfigurationPropertiesFormat

BastionHostPropertiesFormat

ResourceTags

Sku

SubResource

Usage Examples

Terraform Samples

A basic example of deploying Bastion Host.

terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}

provider "azapi" {
  skip_provider_registration = false
}

variable "resource_name" {
  type    = string
  default = "acctest0001"
}

variable "___location" {
  type    = string
  default = "westeurope"
}

resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  ___location = var.___location
}

resource "azapi_resource" "virtualNetwork" {
  type      = "Microsoft.Network/virtualNetworks@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  ___location  = var.___location
  body = {
    properties = {
      addressSpace = {
        addressPrefixes = [
          "192.168.1.0/24",
        ]
      }
      dhcpOptions = {
        dnsServers = [
        ]
      }
      subnets = [
      ]
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
  lifecycle {
    ignore_changes = [body.properties.subnets]
  }
}

resource "azapi_resource" "publicIPAddress" {
  type      = "Microsoft.Network/publicIPAddresses@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  ___location  = var.___location
  body = {
    properties = {
      ddosSettings = {
        protectionMode = "VirtualNetworkInherited"
      }
      idleTimeoutInMinutes     = 4
      publicIPAddressVersion   = "IPv4"
      publicIPAllocationMethod = "Static"
    }
    sku = {
      name = "Standard"
      tier = "Regional"
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

resource "azapi_resource" "subnet" {
  type      = "Microsoft.Network/virtualNetworks/subnets@2022-07-01"
  parent_id = azapi_resource.virtualNetwork.id
  name      = "AzureBastionSubnet"
  body = {
    properties = {
      addressPrefix = "192.168.1.224/27"
      delegations = [
      ]
      privateEndpointNetworkPolicies    = "Enabled"
      privateLinkServiceNetworkPolicies = "Enabled"
      serviceEndpointPolicies = [
      ]
      serviceEndpoints = [
      ]
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

resource "azapi_resource" "bastionHost" {
  type      = "Microsoft.Network/bastionHosts@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  ___location  = var.___location
  body = {
    properties = {
      disableCopyPaste    = false
      enableFileCopy      = false
      enableIpConnect     = false
      enableShareableLink = false
      enableTunneling     = false
      ipConfigurations = [
        {
          name = "ip-configuration"
          properties = {
            publicIPAddress = {
              id = azapi_resource.publicIPAddress.id
            }
            subnet = {
              id = azapi_resource.subnet.id
            }
          }
        },
      ]
      scaleUnits = 2
    }
    sku = {
      name = "Basic"
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

Azure Verified Modules

The following Azure Verified Modules can be used to deploy this resource type.