|
| 1 | +--- |
| 2 | +title: 'Create a Bastion host using Azure CLI | Azure Bastion' |
| 3 | +description: In this article, learn how to create and delete a Bastion host |
| 4 | +services: bastion |
| 5 | +author: cherylmc |
| 6 | + |
| 7 | +ms.service: bastion |
| 8 | +ms.topic: conceptual |
| 9 | +ms.date: 03/26/2020 |
| 10 | +ms.author: cherylmc |
| 11 | +# Customer intent: As someone with a networking background, I want to create an Azure Bastion host. |
| 12 | + |
| 13 | +--- |
| 14 | + |
| 15 | +# Create an Azure Bastion host using Azure CLI |
| 16 | + |
| 17 | +This article shows you how to create an Azure Bastion host using Azure CLI. Once you provision the Azure Bastion service in your virtual network, the seamless RDP/SSH experience is available to all of the VMs in the same virtual network. Azure Bastion deployment is per virtual network, not per subscription/account or virtual machine. |
| 18 | + |
| 19 | +Optionally, you can create an Azure Bastion host by using the [Azure portal](bastion-create-host-portal.md), or using [Azure PowerShell](bastion-create-host-powershell.md). |
| 20 | + |
| 21 | +## Before you begin |
| 22 | + |
| 23 | +Verify that you have an Azure subscription. If you don't already have an Azure subscription, you can activate your [MSDN subscriber benefits](https://azure.microsoft.com/pricing/member-offers/msdn-benefits-details) or sign up for a [free account](https://azure.microsoft.com/pricing/free-trial). |
| 24 | + |
| 25 | +[!INCLUDE [cloudshell cli](../../includes/vpn-gateway-cloud-shell-cli.md)] |
| 26 | + |
| 27 | +## <a name="createhost"></a>Create a bastion host |
| 28 | + |
| 29 | +This section helps you create a new Azure Bastion resource using Azure CLI. |
| 30 | + |
| 31 | +1. Create a virtual network and an Azure Bastion subnet. You must create the Azure Bastion subnet using the name value **AzureBastionSubnet**. This value lets Azure know which subnet to deploy the Bastion resources to. This is different than a Gateway subnet. You must use a subnet of at least /27 or larger subnet (/27, /26, and so on). Create the **AzureBastionSubnet** without any route tables or delegations. If you use Network Security Groups on the **AzureBastionSubnet**, refer to the [Work with NSGs](bastion-nsg.md) article. |
| 32 | + |
| 33 | + ```azurecli-interactive |
| 34 | + az network vnet create -g MyResourceGroup -n MyVnet --address-prefix 10.0.0.0/16 --subnet-name AzureBastionSubnet --subnet-prefix 10.0.0.0/24 |
| 35 | + ``` |
| 36 | + |
| 37 | +2. Create a public IP address for Azure Bastion. The public IP is the public IP address the Bastion resource on which RDP/SSH will be accessed (over port 443). The public IP address must be in the same region as the Bastion resource you are creating. |
| 38 | + |
| 39 | + ```azurecli-interactive |
| 40 | + az network public-ip create -g MyResourceGroup -n MyIp |
| 41 | + ``` |
| 42 | + |
| 43 | +3. Create a new Azure Bastion resource in the AzureBastionSubnet of your virtual network. It takes about 5 minutes for the Bastion resource to create and deploy. |
| 44 | + |
| 45 | + ```azurecli-interactive |
| 46 | + az network bastion create --name $name--public-ip-address $publicip--resource-group $RgName --vnet-name $VNetName --location $location |
| 47 | + |
| 48 | + ``` |
| 49 | + |
| 50 | +## Next steps |
| 51 | + |
| 52 | +* Read the [Bastion FAQ](bastion-faq.md) for additional information. |
| 53 | + |
| 54 | +* To use Network Security Groups with the Azure Bastion subnet, see [Work with NSGs](bastion-nsg.md). |
0 commit comments