![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 55.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETN%3C/text%3E%3C/svg%3E)
Azure Bastion
An Azure service that provides private and fully managed Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to virtual machines.
247 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 76%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EQ%3C/text%3E%3C/svg%3E)
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you would like to know the best practices for using Ansible for deploying resources in Azure.
Azure Bastion Service is a PaaS Service, that is used to provide SSH or RDP Connectivity to VMs in Azure via Browser
- Let's not confuse this with the VM you have created and named as bastion.
- So, we shall call this VM as "vmNamedBastion"
Now,
- For installing Ansible in an Azure VM , You can refer : Configure Ansible on an Azure VM
- This example uses a Linux distros (CentOS)
- From the official Ansible documentation, I see there are some restrictions with using a Windows server.
-
Point to Note:
- Just because you have installed Ansible on an Azure VM, does not mean you can use Ansible and deploy resources directly in Azure.
- You still have to authenticate your requests like you would do in a regular server.
- Because Azure VM only provides you Data plane connectivity to Azure and not Control Plane connectivity.
- i.e., Just like you should sign in to use Azure Portal even if you are inside an Azure VM.
- To configure authentication, refer Create Azure credentials
- Official documentation on how to get the credentials : https://docs.ansible.com/ansible/latest/scenario_guides/guide_azure.html
- From here, you should be able to Write and run Ansible playbooks
To Summarize:
#1 "confused on where to run ansible and there is no way for me to install ansible on that bastion host"
- You can refer to this for installation guide
#2 "how the connection works"
- The connection is via Public Internet
- The authentication can be done Service Principal or using Azure Active Directory Username/Password
- I would prefer and suggest using Service Principal as AAD auth does not support "Multi-Factor Authentication"
These documents may come in handy:
Thanks,
Kapil.
Please Accept an answer if correct.
Original posters help the community find answers faster by identifying the correct answer.