Azure Bastion ARM Template – Ready-to-Deploy Reusable Solution
Azure Bastion ARM Template – Ready-to-Deploy Reusable Solution
Azure Bastion ARM Template – Ready-to-Deploy Solution
Overview
This deployment package provides a fully configured Azure Bastion environment using Azure Resource Manager (ARM) templates.
The solution deploys a Virtual Network with a dedicated Bastion subnet, a Public IP address, and an Azure Bastion host, enabling secure browser-based connectivity to virtual machines
What This Template Deploys
- Azure Virtual Network
- AzureBastionSubnet (Required Subnet)
- Azure Public IP (Standard, Static)
- Azure Bastion Host
Files Included
template.json
ARM template defining the VNet, Public IP, and Bastion Host
parameters.json
Parameter file used to Customize Deployment Values
deploy.ps1
PowerShell script for validation, What-If, and deployment
Prerequisites
To use this template, you will need:
- An active Azure subscription
- Access to Azure Portal or Azure Cloud Shell
- Azure PowerShell (optional if using Cloud Shell)
Important Design Requirements
Azure Bastion has strict requirements that are enforced in this template:
- Subnet name must be exactly: AzureBastionSubnet
- Subnet size must be at least /27
- Public IP must be Standard SKU
How to Deploy
Step 1: Update Parameters
Open **parameters.json** and update:
- vnetName
Name of the Virtual Network
- bastionName
Name of the Bastion Host
- publicIpName
Name of the Public IP resource
- location
Example: eastus
Step 2: Upload Files (Cloud Shell)
Upload:
- template.json
- parameters.json
- deploy.ps1
Step 3: Run Deployment Script
The script supports three modes:
Validate (recommended first)
```powershell
.\deploy.ps1 -resourceGroupName RG-ARM-TEMPLATES -mode Validate
Deployment Behavior
The script performs:
Resource group validation or creation
Template validation or preview (based on mode)
Optional deployment
Expected Result
After deployment:
Virtual Network is created
AzureBastionSubnet is configured
Public IP is provisioned
Bastion Host is deployed
Important Notes
Bastion Usage
Azure Bastion provides:
Secure RDP and SSH access via browser
No need for public IPs on virtual machines
No direct exposure of VMs to the internet
Cost Consideration
Azure Bastion is a billable service:
It incurs continuous cost once deployed
Pricing varies by region and SKU
Deploy only when required.
Networking Considerations
Bastion must reside in its own dedicated subnet
The subnet cannot be used for other resources
Virtual machines must be in the same VNet or peered VNets
Summary
This package provides a reusable Azure Bastion deployment solution
with correct subnet configuration, proper dependency handling,
and a production-ready network access design for secure remote connectivity.
Support
For questions or custom template requests, please contact:
ITCloudAcademy Support Team
Email: support@ITCloudAcademy.net
Email: info@ITCloudAcademy.net
Website: http://www.itcloudacademy.net
Support Hours:
Monday to Friday
9:00 AM to 6:00 PM MST
