01 Run network vnet create command (Windows/macOS/Linux) to create the virtual network (and the required AzureBastionSubnet subnet) for your bastion host:
az network vnet create
--resource-group cloud-shell-storage-westeurope
--location westeurope
--name cc-bastion-vnet
--address-prefixes 10.0.0.0/16
--subnet-name AzureBastionSubnet
--subnet-prefixes 10.0.1.0/26
02 The command output should return the configuration information available for the new Azure Virtual Network (VNet):
{
"newVNet": {
"addressSpace": {
"addressPrefixes": [
"10.0.0.0/16"
]
},
"enableDdosProtection": false,
"id": "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Network/virtualNetworks/cc-bastion-vnet",
"location": "westeurope",
"name": "cc-bastion-vnet",
"provisioningState": "Succeeded",
"resourceGroup": "cloud-shell-storage-westeurope",
"subnets": [
{
"addressPrefix": "10.0.1.0/26",
"delegations": [],
"id": "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Network/virtualNetworks/cc-bastion-vnet/subnets/AzureBastionSubnet",
"name": "AzureBastionSubnet",
"privateEndpointNetworkPolicies": "Disabled",
"privateLinkServiceNetworkPolicies": "Enabled",
"provisioningState": "Succeeded",
"resourceGroup": "cloud-shell-storage-westeurope",
"type": "Microsoft.Network/virtualNetworks/subnets"
}
],
"type": "Microsoft.Network/virtualNetworks",
"virtualNetworkPeerings": []
}
}
03 Run network public-ip create command (Windows/macOS/Linux) to create the public IP address to be used within the frontend IP configuration of the bastion host:
az network public-ip create
--resource-group cloud-shell-storage-westeurope
--name cc-bastion-ip
--sku Standard
--zone 1 2 3
04 The command output should return the configuration information available for the new public IP address:
{
"publicIp": {
"ddosSettings": {
"protectionMode": "VirtualNetworkInherited"
},
"id": "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Network/publicIPAddresses/cc-bastion-ip",
"idleTimeoutInMinutes": 4,
"ipAddress": "20.13.42.222",
"ipTags": [],
"location": "westeurope",
"name": "cc-bastion-ip",
"provisioningState": "Succeeded",
"publicIPAddressVersion": "IPv4",
"publicIPAllocationMethod": "Static",
"resourceGroup": "cloud-shell-storage-westeurope",
"sku": {
"name": "Standard",
"tier": "Regional"
},
"type": "Microsoft.Network/publicIPAddresses",
"zones": [
"1",
"2",
"3"
]
}
}
05 Run network bastion create command (Windows/macOS/Linux) to create your new Azure Bastion host machine:
az network bastion create
--subscription abcdabcd-1234-abcd-1234-abcdabcdabcd
--resource-group cloud-shell-storage-westeurope
--name cc-bastion-host
--public-ip-address cc-bastion-ip
--vnet-name cc-bastion-vnet
--location westeurope
--scale-units 2
--sku Standard
06 The command output should return the configuration information available for your new bastion host:
{
"disableCopyPaste": false,
"dnsName": "bst-abcdabcd-1234-abcd-1234-abcdabcdabcd.bastion.azure.com",
"enableIpConnect": false,
"enableTunneling": false,
"id": "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Network/bastionHosts/cc-bastion-host",
"ipConfigurations": [
{
"id": "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Network/bastionHosts/cc-bastion-host/bastionHostIpConfigurations/bastion_ip_config",
"name": "bastion_ip_config",
"privateIPAllocationMethod": "Dynamic",
"provisioningState": "Succeeded",
"publicIPAddress": {
"id": "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Network/publicIPAddresses/cc-bastion-ip",
"resourceGroup": "cloud-shell-storage-westeurope"
},
"resourceGroup": "cloud-shell-storage-westeurope",
"subnet": {
"id": "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Network/virtualNetworks/cc-bastion-vnet/subnets/AzureBastionSubnet",
"resourceGroup": "cloud-shell-storage-westeurope"
},
"type": "Microsoft.Network/bastionHosts/bastionHostIpConfigurations"
}
],
"location": "westeurope",
"name": "cc-bastion-host",
"provisioningState": "Succeeded",
"resourceGroup": "cloud-shell-storage-westeurope",
"scaleUnits": 2,
"sku": {
"name": "Standard"
},
"type": "Microsoft.Network/bastionHosts"
}
07 Repeat steps no. 1 – 6 for each subscription available within your Microsoft Azure cloud account.