terraform-azure-mcaf-bastion

The terraform-azure-mcaf-bastion module is a Terraform module designed to deploy and manage an Azure Bastion Host. Azure Bastion is a fully managed service that provides secure and seamless RDP and SSH connectivity to virtual machines directly through the Azure portal. This module simplifies the deployment of Azure Bastion by providing configurable options for various parameters such as SKU, subnet, virtual network, and additional features like Kerberos authentication, tunneling, and session recording.

Features

• Deploys an Azure Bastion Host with configurable parameters.
• Supports multiple SKUs: Basic, Standard, Developer, and Premium.
• Enables optional features like Kerberos authentication, tunneling, session recording, and more.
• Allows customization of public IP address settings.
• Provides outputs for the Bastion Host's DNS name, resource name, resource object, and resource ID.

Requirements

Name	Version
terraform	>= 1.8
azurerm	>= 4.5

Providers

Name	Version
azurerm	>= 4.5

Modules

No modules.

Resources

Name	Type
azurerm_bastion_host.this	resource
azurerm_public_ip.this	resource

Inputs

Name	Description	Type	Default	Required
bastion	The Azure Bastion Host configuration. - name - The name of the Azure Bastion Host. - location - The location of the Azure Bastion Host. - resource_group_name - The name of the resource group where the Azure Bastion Host is located. - subnet_id - The ID of the subnet where the Azure Bastion Host will be deployed. - virtual_network_id - The ID of the virtual network where the Azure Bastion Host will be deployed. Default is null. only for Developer SKU. - sku - The SKU of the Azure Bastion Host. Default is 'Standard'. Valid values are 'Basic', 'Standard', 'Developer' or 'Premium'. - kerberos_enabled - Specifies whether Kerberos authentication is enabled for the Azure Bastion Host. Default is false. - scale_units - The number of scale units for the Azure Bastion Host. Default is 2. - tunneling_enabled - Specifies whether tunneling functionality is enabled for the Azure Bastion Host. Default is false. - shareable_link_enabled - Specifies whether shareable link functionality is enabled for the Azure Bastion Host. Default is false. - session_recording_enabled - Specifies whether session recording functionality is enabled for the Azure Bastion Host. Default is false. - public_ip_name - The name of the public IP address associated with the Azure Bastion Host. Default is null. - ip_connect_enabled - Specifies whether IP connect functionality is enabled for the Azure Bastion Host. Default is false. - copy_paste_enabled - Specifies whether copy-paste functionality is enabled for the Azure Bastion Host. Default is true. - file_copy_enabled - Specifies whether file copy functionality is enabled for the Azure Bastion Host. Default is true. - idle_timeout_in_minutes - The idle timeout in minutes for the Azure Bastion Host. Default is 4. - tags - Tags of the resource. Default is {}. - domain_name_label - The domain name label of the Azure Bastion Host. Default is null. - zones - The availability zones of the Azure Bastion Host. Default is [].	object({ name = string subnet_id = string virtual_network_id = optional(string, null) sku = optional(string, "Standard") kerberos_enabled = optional(bool, false) scale_units = optional(number, 2) tunneling_enabled = optional(bool, false) shareable_link_enabled = optional(bool, false) session_recording_enabled = optional(bool, false) public_ip_name = optional(string, null) ip_connect_enabled = optional(bool, false) copy_paste_enabled = optional(bool, false) file_copy_enabled = optional(bool, false) idle_timeout_in_minutes = optional(number, 4) tags = optional(map(string), {}) domain_name_label = optional(string, null) zones = optional(list(string), []) })	n/a	yes
location	The location of the Azure Bastion Host.	string	n/a	yes
resource_group_name	The name of the resource group where the Azure Bastion resources are located.	string	n/a	yes
public_ip	(Optional) The public IP address associated with the Azure Bastion Host.	object({ name = optional(string) resource_group_name = optional(string) location = optional(string) allocation_method = optional(string, "Static") sku = optional(string, "Standard") idle_timeout_in_minutes = optional(number) tags = optional(map(string)) zones = optional(list(string), []) domain_name_label = optional(string) })	{}	no
tags	(Optional) Tags of the resource.	map(string)	null	no

Outputs

Name	Description
dns_name	The FQDN of the Azure Bastion resource
name	The name of the Azure Bastion resource
resource	The Azure Bastion resource
resource_id	The ID of the Azure Bastion resource

License

Copyright: Schuberg Philis

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.