0
0
Azurecloud~30 mins

Azure Bastion for secure VM access - Mini Project: Build & Apply

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Azure Bastion for secure VM access
📖 Scenario: You are managing a small company's Azure cloud environment. You want to securely connect to a virtual machine (VM) without exposing it to the public internet. Azure Bastion provides a secure way to access VMs through the Azure portal using SSL without needing a public IP on the VM.
🎯 Goal: Build an Azure Bastion host setup that allows secure RDP/SSH access to a VM inside a virtual network without exposing the VM to the internet.
📋 What You'll Learn
Create a virtual network with a subnet for Azure Bastion
Create an Azure Bastion resource in the Bastion subnet
Create a virtual machine inside the virtual network
Configure the VM to be accessible only through Azure Bastion
💡 Why This Matters
🌍 Real World
Azure Bastion is used in real companies to securely manage virtual machines without exposing them to the internet, reducing security risks.
💼 Career
Cloud engineers and administrators use Azure Bastion to provide secure remote access to VMs, a common task in cloud infrastructure management.
Progress0 / 4 steps
1
Create a virtual network with a Bastion subnet
Create a virtual network called myVnet with address space 10.0.0.0/16. Inside it, create a subnet called AzureBastionSubnet with address prefix 10.0.1.0/24. Use Azure CLI commands exactly as shown.
Azure
Need a hint?

Use az network vnet create with the --subnet-name and --subnet-prefix options to create the Bastion subnet.

2
Create the Azure Bastion host
Create an Azure Bastion host called myBastionHost in the resource group myResourceGroup inside the virtual network myVnet. Use the subnet AzureBastionSubnet and assign a public IP called myBastionIP with SKU Standard. Use Azure CLI commands exactly as shown.
Azure
Need a hint?

Create a public IP with az network public-ip create before creating the Bastion host with az network bastion create.

3
Create a virtual machine inside the virtual network
Create a virtual machine called myVM in resource group myResourceGroup inside the virtual network myVnet and subnet default. Use UbuntuLTS image, admin username azureuser, and disable public IP assignment. Use Azure CLI commands exactly as shown.
Azure
Need a hint?

Use --public-ip-address "" to disable public IP on the VM.

4
Connect to the VM securely using Azure Bastion
Add a tag called Access with value AzureBastion to the virtual machine myVM to indicate it should be accessed only via Azure Bastion. Use Azure CLI commands exactly as shown.
Azure
Need a hint?

Use az vm update with --set tags.Access=AzureBastion to add the tag.