Ooh wee! The previous exercise sure was tedious. I don't blame you, if you didn't get all the way through. To catch up, run the script:
.\2-private-network.ps1 -TeamName <your team name>
Oops! Anybody got the key? Now, this is embarrassing; I think we just locked ourselves out of the entire system! Try it out by access the web apps or storage accounts.
Let's fix that!
- Create network security group (NSG) in the shared location.
- Create a Windows desktop virtual machine, in the shared location, with no public IP or public inbound ports. Assign the network security group to the virtual machine.
Naming recommendations:
- NSG:
nsg-jumpbox-{team name}-dev- VM:
vm{team name}
So, umm... we created a virtual machine we can't access. What was the point of that?!
The solution:
- Create a subnet for Azure Bastion in the VNET in the shared location - the name and size need to be specific and you must figure out what they are
- Create a public IP address in the shared location
- Create Azure Bastion resource using the newly created public IP address and add it to the virtual network
Naming recommendations:
- Public IP address:
pip-bastion-{team name}-dev- Bastion:
bas-{team name}-dev
Login to the virtual machine using Azure Bastion and verify that your Private DNS zones work by running the following command in the command prompt/PowerShell: nslookup app-<your team name>-dev-eu.azurewebsites.net. You should see an IP in the private IP address space. Try accessing the web app in the browser of your jumpbox - does that work? Should it?
This exercise can only be completed by installing Solitaire and winning the game. Extra points for pro mode i.e., allowing only one time to go through the deck.