The bastionHosts resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/bastionHosts resource, add the following JSON to your template.
{
"type": "Microsoft.Network/bastionHosts",
"apiVersion": "2023-04-01",
"name": "string",
"location": "string",
"tags": {
"tagName1": "tagValue1",
"tagName2": "tagValue2"
},
"sku": {
"name": "string"
},
"properties": {
"disableCopyPaste": "bool",
"dnsName": "string",
"enableFileCopy": "bool",
"enableIpConnect": "bool",
"enableKerberos": "bool",
"enableShareableLink": "bool",
"enableTunneling": "bool",
"ipConfigurations": [
{
"id": "string",
"name": "string",
"properties": {
"privateIPAllocationMethod": "string",
"publicIPAddress": {
"id": "string"
},
"subnet": {
"id": "string"
}
}
}
],
"scaleUnits": "int"
}
}
Name | Description | Value |
---|---|---|
type | The resource type | 'Microsoft.Network/bastionHosts' |
apiVersion | The resource api version | '2023-04-01' |
name | The resource name | string (required) Character limit: 1-80 Valid characters: Alphanumerics, underscores, periods, and hyphens. Start with alphanumeric. End alphanumeric or underscore. |
location | Resource location. | string |
tags | Resource tags. | Dictionary of tag names and values. See Tags in templates |
sku | The sku of this Bastion Host. | Sku |
properties | Represents the bastion host resource. | BastionHostPropertiesFormat |
Name | Description | Value |
---|---|---|
disableCopyPaste | Enable/Disable Copy/Paste feature of the Bastion Host resource. | bool |
dnsName | FQDN for the endpoint on which bastion host is accessible. | string |
enableFileCopy | Enable/Disable File Copy feature of the Bastion Host resource. | bool |
enableIpConnect | Enable/Disable IP Connect feature of the Bastion Host resource. | bool |
enableKerberos | Enable/Disable Kerberos feature of the Bastion Host resource. | bool |
enableShareableLink | Enable/Disable Shareable Link of the Bastion Host resource. | bool |
enableTunneling | Enable/Disable Tunneling feature of the Bastion Host resource. | bool |
ipConfigurations | IP configuration of the Bastion Host resource. | BastionHostIPConfiguration[] |
scaleUnits | The scale units for the Bastion Host resource. | int |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | Name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Represents the ip configuration associated with the resource. | BastionHostIPConfigurationPropertiesFormat |
Name | Description | Value |
---|---|---|
privateIPAllocationMethod | Private IP allocation method. | 'Dynamic' 'Static' |
publicIPAddress | Reference of the PublicIP resource. | SubResource (required) |
subnet | Reference of the subnet resource. | SubResource (required) |
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
Name | Description | Value |
---|---|---|
name | The name of this Bastion Host. | 'Basic' 'Standard' |
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Deploy Darktrace Autoscaling vSensors |
This template allows you to deploy an automatically autoscaling deployment of Darktrace vSensors |
SharePoint Subscription / 2019 / 2016 / 2013 all configured |
This template creates a SharePoint Subscription / 2019 / 2016 / 2013 farm with an extensive configuration that would take ages to perform manually, including a federated authentication with ADFS, an OAuth trust, the User Profiles service and a web application with 2 zones that contains multiple path based and host-named site collections. On the SharePoint virtual machines, Chocolatey is used to install the latest version of Notepad++, Visual Studio Code, Azure Data Studio, Fiddler, ULS Viewer and 7-Zip. |
AKS Cluster with a NAT Gateway and an Application Gateway |
This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. |
Public Load Balancer chained to a Gateway Load Balancer |
This template allows you to deploy a Public Standard Load Balancer chained to a Gateway Load Balancer. The traffic incoming from internet is routed to the Gateway Load Balancer with linux VMs (NVAs) in the backend pool. |
Example Parameterized Deployment With Linked Templates |
This sample template will deploy multiple tiers of resources into an Azure Resource Group. Each tier has configurable elements, to show how you can expose parameterization to the end user. |
Create a Private AKS Cluster |
This sample shows how to create a private AKS cluster in a virtual network along with a jumpbox virtual machine. |
Create a Private AKS Cluster with a Public DNS Zone |
This sample shows how to a deploy a private AKS cluster with a Public DNS Zone. |
Azure Machine Learning end-to-end secure setup |
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Azure Machine Learning end-to-end secure setup (legacy) |
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
AKS cluster with the Application Gateway Ingress Controller |
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault |
Azure Bastion as a Service |
This template provisions Azure Bastion in a Virtual Network |
Azure Bastion as a Service with NSG |
This template provisions Azure Bastion in a Virtual Network |
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology |
This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering. |
Testing environment for Azure Firewall Premium |
This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering |
Deploy a Bastion host in a hub Virtual Network |
This template creates two vNets with peerings, a Bastion host in the Hub vNet and a Linux VM in the spoke vNet |
Create a cross-region load balancer |
This template creates a cross-region load balancer with a backend pool containing two regional load balancers. Cross-region load balancer is currently available in limited regions. The regional load balancers behind the cross-region load balancer can be in any region. |
Standard Load Balancer with Backend Pool by IP Addresses |
This template is used to demonstrate how ARM Templates can be used to configure the Backend Pool of a Load Balancer by IP Address as outlined in the Backend Pool management document. |
Create a standard load-balancer |
This template creates an Internet-facing load-balancer, load balancing rules, and three VMs for the backend pool with each VM in a redundant zone. |