Table: azure_bastion_host - Query Azure Bastion Hosts using SQL

Azure Bastion is a fully managed network virtual appliance that provides seamless RDP and SSH connectivity to your virtual machines over the Secure Sockets Layer (SSL). This service is provisioned directly in your Virtual Network (VNet) and supports all VMs in your VNet using SSL without any exposure through public IP addresses. It enables secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over SSL.

Table Usage Guide

The azure_bastion_host table provides insights into Azure Bastion Hosts within Microsoft Azure. As a network administrator, explore details about these hosts through this table, including their locations, subnet IDs, and provisioning states. Utilize it to uncover information about hosts, such as their public IP addresses, scale units, and tags, helping ensure secure and seamless connectivity to your virtual machines.

Examples

Basic info

Explore which Azure Bastion hosts are being used by checking their provision status and location. This can aid in understanding the distribution of resources and their operational state across different regions and groups.

select
  name,
  dns_name,
  provisioning_state,
  region,
  resource_group
from
  azure_bastion_host;

select
  name,
  dns_name,
  provisioning_state,
  region,
  resource_group
from
  azure_bastion_host;

List bastion hosts that are in failed state

Determine the areas in which Azure Bastion hosts are not provisioned successfully. This query is useful in identifying and troubleshooting the failed instances, allowing for prompt resolution and minimizing downtime.

select
  name,
  dns_name,
  provisioning_state,
  region,
  resource_group
from
  azure_bastion_host
where
  provisioning_state = 'Failed';

select
  name,
  dns_name,
  provisioning_state,
  region,
  resource_group
from
  azure_bastion_host
where
  provisioning_state = 'Failed';

Get subnet details associated with each host

This query is useful for identifying the specific subnet details associated with each host within your Azure environment. It can provide valuable insights for network management, helping to understand the distribution of hosts across different subnets.

select
  h.name as bastion_host_name,
  s.id as subnet_id,
  s.name as subnet_name,
  address_prefix
from
  azure_bastion_host h,
  jsonb_array_elements(ip_configurations) ip,
  azure_subnet s
where
  s.id = ip -> 'properties' -> 'subnet' ->> 'id';

select
  h.name as bastion_host_name,
  s.id as subnet_id,
  s.name as subnet_name,
  address_prefix
from
  azure_bastion_host h,
  json_each(h.ip_configurations) ip,
  azure_subnet s
where
  s.id = json_extract(ip.value, '$.properties.subnet.id');

Get IP configuration details associated with each host

This query is used to analyze the IP configuration details associated with each host in the Azure Bastion service. It can help in understanding the allocation method and SKU of each IP configuration, thereby providing insights into the network setup of your Azure resources.

select
  h.name as bastion_host_name,
  i.name as ip_configuration_name,
  ip_configuration_id,
  ip_address,
  public_ip_allocation_method,
  sku_name as ip_configuration_sku
from
  azure_bastion_host h,
  jsonb_array_elements(ip_configurations) ip,
  azure_public_ip i
where
  i.id = ip -> 'properties' -> 'publicIPAddress' ->> 'id';

select
  h.name as bastion_host_name,
  i.name as ip_configuration_name,
  ip_configuration_id,
  ip_address,
  public_ip_allocation_method,
  sku_name as ip_configuration_sku
from
  azure_bastion_host h,
  json_each(ip_configurations) ip,
  azure_public_ip i
where
  i.id = json_extract(ip.value, '$.properties.publicIPAddress.id');

Control examples

Schema for azure_bastion_host

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
cloud_environment	text		The Azure Cloud Environment.
dns_name	text		FQDN for the endpoint on which bastion host is accessible.
etag	text		A unique read-only string that changes whenever the resource is updated.
id	text		Contains ID to identify a bastion host uniquely.
ip_configurations	jsonb		IP configuration of the bastion host resource.
name	text	=	The friendly name that identifies the bastion host.
provisioning_state	text		The provisioning state of the bastion host resource.
region	text		The Azure region/location in which the resource is located.
resource_group	text	=	The resource group which holds this resource.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
subscription_id	text	=, !=, ~~, ~~, !~~, !~~	The Azure Subscription ID in which the resource is located.
tags	jsonb		A map of tags for the resource.
title	text		Title of the resource.
type	text		The resource type of the bastion host.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azure

You can pass the configuration to the command with the --config argument:

steampipe_export_azure --config '<your_config>' azure_bastion_host