Azure Bastion | Securely Connect Your Azure Instance

There are couple of way to connect to our instance in Azure. One simplest way is by providing public ip address to our instance so we can remote it directly. This approach is simple but pose more risk because our instance is publicly open to the internet.

Azure provide Azure Bastion to help us connect to our instance securely. Azure Bastion is a service you deploy that lets you connect to a virtual machine using your browser and the Azure portal. The Azure Bastion service is a fully platform-managed PaaS service that you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over TLS. When you connect via Azure Bastion, your virtual machines do not need a public IP address, agent, or special client software.

Azure Bastion just like a jumphost. All we need is to just use this jumphost to connect to our instance. And since this is a PaaS, Microsoft Azure will take care of Security Patches and Stuffs. To setup an Azure Bastion, simply follow these steps :

• Login to your Azure Portal, choose your VM / Instance
• Under Operations Blade, click Bastion

• Expand your virtual network space, most likely this step is just to verify we have enough ip to be used as our Bastion

• Create Bastion Subnet, you may also use Network Security Group to harden it

Wait for couple of minutes, and once your Bastion ready, it will goes something like this

Now you can connect your Instance using Bastion securely and easy.

Reff :

https://docs.microsoft.com/en-us/azure/bastion/bastion-overview

https://azure.microsoft.com/en-us/pricing/details/azure-bastion/