Add Bastion native client support (#607)

Co-authored-by: Jack Tracey <[email protected]> Co-authored-by: Juan Gallardo <[email protected]>
Azure · Aug 14, 2023 · d96464b · d96464b
1 parent 800ae63
commit d96464b
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md
@@ -18,6 +18,7 @@ parPublicIpSuffix | No       | Optional Suffix for Public IPs. Include a precedi
 parAzBastionEnabled | No       | Switch to enable/disable Azure Bastion deployment.
 parAzBastionName | No       | Name Associated with Bastion Service.
 parAzBastionSku | No       | Azure Bastion SKU.
+parAzBastionTunneling | No       | Switch to enable/disable Bastion native client support. This is only supported when the Standard SKU is used for Bastion as documented here: https://learn.microsoft.com/azure/bastion/native-client
 parAzBastionNsgName | No       | Name for Azure Bastion Subnet NSG.
 parDdosEnabled | No       | Switch to enable/disable DDoS Network Protection deployment.
 parDdosPlanName | No       | DDoS Plan Name.
@@ -137,6 +138,14 @@ Azure Bastion SKU.
 
 - Allowed values: `Basic`, `Standard`
 
+### parAzBastionTunneling
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Switch to enable/disable Bastion native client support. This is only supported when the Standard SKU is used for Bastion as documented here: https://learn.microsoft.com/azure/bastion/native-client
+
+- Default value: `False`
+
 ### parAzBastionNsgName
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
@@ -404,6 +413,9 @@ outHubVirtualNetworkId | string |
         "parAzBastionSku": {
             "value": "Standard"
         },
+        "parAzBastionTunneling": {
+            "value": false
+        },
         "parAzBastionNsgName": {
             "value": "nsg-AzureBastionSubnet"
         },

diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep
@@ -70,6 +70,9 @@ param parAzBastionName string = '${parCompanyPrefix}-bastion'
 ])
 param parAzBastionSku string = 'Standard'
 
+@sys.description('Switch to enable/disable Bastion native client support. This is only supported when the Standard SKU is used for Bastion as documented here: https://learn.microsoft.com/azure/bastion/native-client')
+param parAzBastionTunneling bool = false
+
 @sys.description('Name for Azure Bastion Subnet NSG.')
 param parAzBastionNsgName string = 'nsg-AzureBastionSubnet'
 
@@ -526,6 +529,7 @@ resource resBastion 'Microsoft.Network/bastionHosts@2023-02-01' = if (parAzBasti
   }
   properties: {
     dnsName: uniqueString(resourceGroup().id)
+    enableTunneling: (parAzBastionSku == 'Standard' && parAzBastionTunneling) ? parAzBastionTunneling : false
     ipConfigurations: [
       {
         name: 'IpConf'