Bastion for IDP

Prerequisites

You will need the ssh extension for Azure CLI.

az extension add -n ssh

Connect

Connect to Talos' Azure tenant

Simply sign in to the AADE subscription

az account set --subscription 6a0b1083-f47f-4167-b7f6-09b5a62cf121

You might have to re-login due to expired credentials.

In that case, do the following:

1. Sign out

   az logout

2. Sign in to AADE's tenant

   az login --tenant "74566a7f-3d73-4abd-bebb-ece0c2e1ad4f" --scope "https://management.core.windows.net//.default"

Connect to Bastion

The following is a hard-typed connection to the IDP's Virtual Machine. To connect to another VM, go to sources.

Simply type the following from a terminal.

az network bastion ssh --name "AADE-Bastion" --resource-group "AADE-Bastion" --target-resource-id "/subscriptions/6a0b1083-f47f-4167-b7f6-09b5a62cf121/resourceGroups/IA01-RG45/providers/Microsoft.Compute/virtualMachines/IA01-RG45-IDPServer-VM01" --auth-type "ssh-key" --username "localadmin" --ssh-key "https://ia-1-rg45-kv1.vault.azure.net/keys/People-IDP/a36ad6516e844386a65255d4bd9e3147"

You will be asked to type the password. It can be found in the Key Vault under the name VM--Password--IDP.

Upload/download files through Bastion

Before reading the instructions, it is easier to simply use FileZilla.

Open a tunnel

az network bastion tunnel --name "AADE-Bastion" --resource-group "AADE-Bastion" --target-resource-id "/subscriptions/6a0b1083-f47f-4167-b7f6-09b5a62cf121/resourceGroups/IA01-RG45/providers/Microsoft.Compute/virtualMachines/IA01-RG45-IDPServer-VM01" --resource-port "22" --port "1234"

This is required to use the SCP protocol.

Use SCP to transfer file(s)

scp -P 1234 <local-file-path> localadmin@127.0.0.1:<vm-target-folder>/

Sources

• https://learn.microsoft.com/en-us/azure/bastion/connect-ip-address
• https://learn.microsoft.com/en-us/azure/bastion/vm-upload-download-native