diff --git a/config.sample.yaml b/config.sample.yaml index 009f017920..733b726f4e 100644 --- a/config.sample.yaml +++ b/config.sample.yaml @@ -49,6 +49,9 @@ tre: # firewall_force_tunnel_ip: __CHANGE_ME__ firewall_sku: Standard app_gateway_sku: Standard_v2 + # See https://learn.microsoft.com/en-us/azure/bastion/bastion-overview#sku + # Set to Basic if wish to connect to VMs in workspaces. + bastion_sku: Developer # Uncomment to deploy to a custom domain # custom_domain: __CHANGE_ME__ diff --git a/config_schema.json b/config_schema.json index 8885822acb..030c460c41 100644 --- a/config_schema.json +++ b/config_schema.json @@ -93,6 +93,10 @@ "description": "SKU of the Application Gateway.", "type": "string" }, + "bastion_sku": { + "description": "SKU of the Azure Bastion.", + "type": "string" + }, "custom_domain": { "description": "Custom domain name.", "type": "string" diff --git a/core/terraform/bastion.tf b/core/terraform/bastion.tf index 1eec8f3d6d..5a08c236db 100644 --- a/core/terraform/bastion.tf +++ b/core/terraform/bastion.tf @@ -13,6 +13,8 @@ resource "azurerm_bastion_host" "bastion" { name = "bas-${var.tre_id}" resource_group_name = azurerm_resource_group.core.name location = azurerm_resource_group.core.location + sku = var.bastion_sku + virtual_network_id = module.network.core_vnet_id ip_configuration { name = "configuration" @@ -24,4 +26,3 @@ resource "azurerm_bastion_host" "bastion" { lifecycle { ignore_changes = [tags] } } - diff --git a/core/terraform/variables.tf b/core/terraform/variables.tf index 1f1004d8bb..b028028061 100644 --- a/core/terraform/variables.tf +++ b/core/terraform/variables.tf @@ -241,3 +241,9 @@ variable "encryption_kv_name" { description = "Name of Key Vault for encryption keys, required only if external_key_store_id is not set (only used if enable_cmk_encryption is true)" default = null } + +variable "bastion_sku" { + type = string + description = "Azure Bastion SKU" + default = "Developer" +} diff --git a/core/version.txt b/core/version.txt index 8e1395bd35..6dd4954d0d 100644 --- a/core/version.txt +++ b/core/version.txt @@ -1 +1 @@ -__version__ = "0.12.3" +__version__ = "0.12.4" diff --git a/docs/tre-admins/environment-variables.md b/docs/tre-admins/environment-variables.md index 04395b9ec9..1a9f46b265 100644 --- a/docs/tre-admins/environment-variables.md +++ b/docs/tre-admins/environment-variables.md @@ -43,6 +43,7 @@ | `RESOURCE_PROCESSOR_NUMBER_PROCESSES_PER_INSTANCE` | Optional. The number of processes to instantiate when the Resource Processor starts. Equates to the number of parallel deployment operations possible in your TRE. Defaults to `5`. | | `FIREWALL_SKU` | Optional. The SKU of the Azure Firewall instance. Default value is `Standard`. Allowed values [`Basic`, `Standard`, `Premium`]. See [Azure Firewall SKU feature comparison](https://learn.microsoft.com/en-us/azure/firewall/choose-firewall-sku). | | `APP_GATEWAY_SKU` | Optional. The SKU of the Application Gateway. Default value is `Standard_v2`. Allowed values [`Standard_v2`, `WAF_v2`] | +| `BASTION_SKU` | Optional. The SKU of the Azure Bastion instance. Default value is `Developer`. Allowed values [`Developer`, `Standard`, `Basic`, `Premium`]. See [Azure Bastion SKU feature comparison](https://learn.microsoft.com/en-us/azure/bastion/bastion-overview#sku). | | `CUSTOM_DOMAIN` | Optional. Custom domain name to access the Azure TRE portal. See [Custom domain name](custom-domain.md). | | `ENABLE_CMK_ENCRYPTION` | If set to `true`, customer-managed key encryption will be enabled for all supported resources. | ## For authentication in `/config.yaml`