Azure Bastion is a fully managed PaaS offering that provides secure RDP and SSH access to the Virtual machines directly through the Azure Portal. Azure Bastion is provisioned in your Virtual Network and supports all the VMs in your network using SSL without any exposure through public IP address.
That’s Microsoft statement:
In simple terms, when you setup Virtual Machines in Azure there are couple of ways you access them, first assign public IP address to Virtual machines directly or setup some form of VPN, assigning public IP address to Virtual Machines has a greater risk because that means they are available on the internet thought protected by network security groups or a very strong password.
I have been working on a project where client didn’t wanted the public IPs associated with Virtual Machines and setting up VPN was an overkill hence i suggested Azure Bastion and with some explanation they accepted the solution.
so here’s how we setup Azure Bastion using Terraform and means to access the VM.
Variables: Well the most import of them all is that the Azure Bastion can only be created in a subnet that’s called as “AzureBastionSubnet“, so make sure you either create it with your Terraform or through some other method have already created.
Note that you also need a Public IP to be associated with your Bastion host and the dependency isn’t added because i had the subnet already created, but you should make sure to add dependency on Vnet, Subnet, Public IP.
Since these are just few lines, I am not going to be copying them in github, take the reference from here and you can try it out.
If you need to read/learn more on Bastion host you can follow the below microsoft link.