From d96464b59c27ad6ee127e6e99ee1fa28032364b1 Mon Sep 17 00:00:00 2001 From: Juan <92594103+juang903@users.noreply.github.com> Date: Mon, 14 Aug 2023 10:19:26 -0400 Subject: [PATCH] Add Bastion native client support (#607) Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com> Co-authored-by: Juan Gallardo --- .../generateddocs/hubNetworking.bicep.md | 12 ++++++++++++ .../bicep/modules/hubNetworking/hubNetworking.bicep | 4 ++++ 2 files changed, 16 insertions(+) diff --git a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md index 0c05b5f2d..738a4cb17 100644 --- a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md +++ b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md @@ -18,6 +18,7 @@ parPublicIpSuffix | No | Optional Suffix for Public IPs. Include a precedi parAzBastionEnabled | No | Switch to enable/disable Azure Bastion deployment. parAzBastionName | No | Name Associated with Bastion Service. parAzBastionSku | No | Azure Bastion SKU. +parAzBastionTunneling | No | Switch to enable/disable Bastion native client support. This is only supported when the Standard SKU is used for Bastion as documented here: https://learn.microsoft.com/azure/bastion/native-client parAzBastionNsgName | No | Name for Azure Bastion Subnet NSG. parDdosEnabled | No | Switch to enable/disable DDoS Network Protection deployment. parDdosPlanName | No | DDoS Plan Name. @@ -137,6 +138,14 @@ Azure Bastion SKU. - Allowed values: `Basic`, `Standard` +### parAzBastionTunneling + +![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) + +Switch to enable/disable Bastion native client support. This is only supported when the Standard SKU is used for Bastion as documented here: https://learn.microsoft.com/azure/bastion/native-client + +- Default value: `False` + ### parAzBastionNsgName ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) @@ -404,6 +413,9 @@ outHubVirtualNetworkId | string | "parAzBastionSku": { "value": "Standard" }, + "parAzBastionTunneling": { + "value": false + }, "parAzBastionNsgName": { "value": "nsg-AzureBastionSubnet" }, diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index 491583e9a..eb60530e8 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -70,6 +70,9 @@ param parAzBastionName string = '${parCompanyPrefix}-bastion' ]) param parAzBastionSku string = 'Standard' +@sys.description('Switch to enable/disable Bastion native client support. This is only supported when the Standard SKU is used for Bastion as documented here: https://learn.microsoft.com/azure/bastion/native-client') +param parAzBastionTunneling bool = false + @sys.description('Name for Azure Bastion Subnet NSG.') param parAzBastionNsgName string = 'nsg-AzureBastionSubnet' @@ -526,6 +529,7 @@ resource resBastion 'Microsoft.Network/bastionHosts@2023-02-01' = if (parAzBasti } properties: { dnsName: uniqueString(resourceGroup().id) + enableTunneling: (parAzBastionSku == 'Standard' && parAzBastionTunneling) ? parAzBastionTunneling : false ipConfigurations: [ { name: 'IpConf'