Terraform module to create a Bastion Host.
Resource names should clearly indicate their type, workload, environment, and region. Using a consistent naming convention ensures clarity, uniformity, and easy identification across all repositories.
<resource_prefix>-<app_or_project>-<environment>-<region>-<optional_unique_suffix>
| Component | Description | Example |
|---|---|---|
resource_prefix |
Short abbreviation for the resource type. | rg (Resource Group) |
app_or_project |
Identifier for the application or project. | qoh |
environment |
Environment where the resource is deployed (prod, dev, test, etc.). |
prod |
region |
Azure region where the resource resides (e.g., cus for centralus). |
cus |
optional_unique_suffix |
Optional unique string for ensuring name uniqueness, often random or incremental. | abcd, a42n |
| Name | Version |
|---|---|
| terraform | >=0.13 |
| azurerm | >=4.0.0 |
| Name | Version |
|---|---|
| azurerm | >=4.0.0 |
No modules.
| Name | Type |
|---|---|
| azurerm_bastion_host.bastion_host | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| copy_paste_enabled | (Optional) Is Copy/Paste feature enabled for the Bastion Host. Defaults to true. | bool |
true |
no |
| file_copy_enabled | (Optional) Is File Copy feature enabled for the Bastion Host. Defaults to false. | bool |
false |
no |
| ip_configuration | (Optional) A ip_configuration block | any |
{} |
no |
| ip_connect_enabled | (Optional) Is IP Connect feature enabled for the Bastion Host. Defaults to false. | bool |
false |
no |
| kerberos_enabled | (Optional) Is Kerberos authentication feature enabled for the Bastion Host. Defaults to false. | bool |
false |
no |
| location | (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. | string |
n/a | yes |
| name | (Required) Specifies the name of the Bastion Host. Changing this forces a new resource to be created. | string |
n/a | yes |
| resource_group_name | (Required) The name of the resource group in which to create the Bastion Host. Changing this forces a new resource to be created. | string |
n/a | yes |
| scale_units | (Optional) The number of scale units with which to provision the Bastion Host. Possible values are between 2 and 50. Defaults to 2. | number |
2 |
no |
| session_recording_enabled | (Optional) Is Session Recording feature enabled for the Bastion Host. Defaults to false. | bool |
false |
no |
| shareable_link_enabled | (Optional) Is Shareable Link feature enabled for the Bastion Host. Defaults to false. | bool |
false |
no |
| sku | (Optional) The SKU of the Bastion Host. Accepted values are Developer, Basic, Standard and Premium. Defaults to Basic. | string |
"Basic" |
no |
| tags | (Optional) A mapping of tags to assign to the resource. | map(any) |
{} |
no |
| tunneling_enabled | (Optional) Is Tunneling feature enabled for the Bastion Host. Defaults to false. | bool |
false |
no |
| virtual_network_id | (Optional) The ID of the Virtual Network for the Developer Bastion Host. Changing this forces a new resource to be created. | string |
null |
no |
| zones | (Optional) Specifies a list of Availability Zones in which this Public Bastion Host should be located. Changing this forces a new resource to be created. | list(any) |
[] |
no |
| Name | Description |
|---|---|
| dns_name | The FQDN for the Bastion Host. |
| id | The ID of the Bastion Host. |
| name | The Name of the Bastion Host. |