Azure PaaS Automation

Optimise Azure Bastion

Optimise Your Deployment of Azure Bastion with Logic Apps and Automation Account

Introduction

Azure Bastion is a fully managed service that provides secure and seamless RDP and SSH connectivity to your virtual machines directly through the Azure portal. By leveraging Azure Bastion, you can enhance the security of your virtual network without exposing your VMs to the public internet. However, to further optimise costs and resource usage, you can automate the creation and deletion of Azure Bastion instances based on a schedule using Azure Logic Apps and Automation Accounts.

Step-by-Step Implementation Guide

Step 1: Create an Azure Automation Account

  1. Sign in to the Azure portal.
  2. Click on “Create a resource” and search for “Automation”.
  3. Click “Create” and fill in the required details:
    • Name: Enter a name for your Automation Account.
    • Resource Group: Create a new resource group or select an existing one.
    • Location: Choose the region closest to your resources.
  4. Click “Review + create” and then “Create”.

Step 2: Create a Runbook to Delete Azure Bastion

  1. Navigate to your Automation Account in the Azure portal.

  2. Click on “Runbooks” in the left-hand menu and then “Create a runbook”.

  3. Fill in the required details:

    • Name: Enter a name for your runbook (e.g., DeleteBastion).
    • Runbook type: Select “PowerShell”.

  4. Click “Create”.

  5. In the runbook editor, enter the following PowerShell script to delete the Azure Bastion instance:

    1
2
3
4
5
6

    param (
    [string]$ResourceGroupName,
    [string]$BastionName
)

Remove-AzBastion -ResourceGroupName $ResourceGroupName -Name $BastionName

  6. Click “Save” and then “Publish”.

Step 3: Create a Runbook to Create Azure Bastion

  1. Repeat the steps to create another runbook, but this time name it “CreateBastion”.

  2. In the runbook editor, enter the following PowerShell script to create an Azure Bastion instance:

    1
2
3
4
5
6
7
8
9

    param (
    [string]$ResourceGroupName,
    [string]$BastionName,
    [string]$VNetName,
    [string]$SubnetName
)

$bastionConfig = New-AzBastionConfig -Name $BastionName -VirtualNetworkName $VNetName -SubnetName $SubnetName -ResourceGroupName $ResourceGroupName
New-AzBastion -ResourceGroupName $ResourceGroupName -Name $BastionName -BastionConfig $bastionConfig

  3. Click “Save” and then “Publish”.

Step 4: Create a Logic App to Schedule the Runbooks

  1. Navigate to the Azure portal.
  2. Click on “Create a resource” and search for “Logic App”.
  3. Click “Create” and fill in the required details:
    • Name: Enter a name for your Logic App.
    • Resource Group: Create a new resource group or select an existing one.
    • Location: Choose the region closest to your resources.
  4. Click “Review + create” and then “Create”.

Step 5: Configure the Logic App

  1. In the Logic App Designer, select “Recurrence” as the trigger and set the schedule for when you want to delete and create the Azure Bastion instance.
  2. Add an action to “Create Job” for the “DeleteBastion” runbook in your Automation Account.
  3. Add another action to “Create Job” for the “CreateBastion” runbook in your Automation Account.
  4. Configure the parameters for each action (e.g., ResourceGroupName, BastionName, VNetName, SubnetName).
  5. Save and run your Logic App.

Conclusion

By automating the creation and deletion of Azure Bastion instances based on a schedule, you can optimise your deployment and reduce costs. Azure Logic Apps and Automation Accounts provide a powerful combination to achieve this automation seamlessly.

Learn More