Consumers of commercial cloud Infrastructure-as-a-Service solutions need methods to manage their cloud-based assets. One method employs Bastion Hosts – secure jump boxes that provide remote access to your environment while limiting attack surface. I’ve typically employed a Linux VM for this task, hardened and configured for the single purpose of accessing the environment via ssh. Azure now has in preview the Azure Bastion. It is positioned as a Platform-as-a-Service (PaaS) resource for securely accessing virtual machines in your Azure environment. Let’s take a look at deployment and usage of Azure Bastion (preview) and compare to roll-your-own Linux server bastion hosts.
I’ve been reading more into Azure security lately and explored the topic of Azure Stored Access Policies. These addressed issues inherent in ad hoc Shared Access Signatures and were a tool I wanted in my knowledge base. Available documentation on the Stored Access Policies was good as far as discussing their need and how to create them, but quite lean on actually implementing them. I finally learned that implementing Stored Access Policies requires a method other than Azure Portal but they are quite simple to deploy.