Public/Deploy/IaaS/bastionhost/New-CmAzIaasBastionHost.json

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "BastionHosts": {
            "type": "Array"
        },
        "Location": {
            "defaultValue": "[resourceGroup().location]",
            "type": "String"
        },
        "Workspace": {
            "type": "Object"
        }
    },
    "resources": [
        {
            "type": "Microsoft.Resources/Deployments",
            "apiVersion": "2019-10-01",
            "name": "[concat(parameters('BastionHosts')[copyIndex('BastionHostCopy')].bastionHostName, copyIndex('BastionHostCopy'))]",
            "copy": {
                "name": "BastionHostCopy",
                "count": "[length(parameters('BastionHosts'))]"
            },
            "properties": {
                "parameters": {
                    "BastionHost": {
                        "Value": "[parameters('BastionHosts')[copyIndex('BastionHostCopy')]]"
                    },
                    "Location": {
                        "Value": "[parameters('Location')]"
                    },
                    "Workspace": {
                        "Value": "[parameters('Workspace')]"
                    }
                },
                "mode": "Incremental",
                "expressionEvaluationOptions": {
                    "scope": "inner"
                },
                "template": {
                    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
                    "contentVersion": "1.0.0.0",
                    "parameters": {
                        "BastionHost": {
                            "Type": "SecureObject"
                        },
                        "Location": {
                            "Type": "String"
                        },
                        "Workspace": {
                            "Type": "Object"
                        }
                    },
                    "resources": [
                        {
                            "condition": "[not(empty(parameters('BastionHost').bastionHostSubnetPrefix))]",
                            "type": "Microsoft.Network/virtualNetworks/subnets",
                            "apiVersion": "2019-04-01",
                            "name": "[concat(parameters('BastionHost').vnetName, '/', 'AzureBastionSubnet')]",
                            "location": "[parameters('Location')]",
                            "properties": {
                                "addressPrefix": "[parameters('BastionHost').bastionHostSubnetPrefix]"
                            }
                        },
                        {
                            "apiVersion": "2019-02-01",
                            "type": "Microsoft.Network/publicIpAddresses",
                            "name": "[parameters('BastionHost').bastionPublicIPName]",
                            "location": "[parameters('Location')]",
                            "sku": {
                                "name": "Standard"
                            },
                            "tags": {
                                "cm-service": "[parameters('BastionHost').service.publish.bastionPublicIP]"
                            },
                            "properties": {
                                "publicIPAllocationMethod": "static",
                                "dnsSettings": {
                                    "domainNameLabel": "[parameters('BastionHost').bastionPublicIPName]",
                                    "fqdn": "[concat(parameters('BastionHost').bastionPublicIPName, '.eastus.cloudapp.azure.com')]"
                                }
                            }
                        },
                        {
                            "apiVersion": "2019-12-01",
                            "type": "Microsoft.Network/bastionHosts",
                            "name": "[parameters('BastionHost').bastionHostName]",
                            "location": "[parameters('Location')]",
                            "dependsOn": [
                                "[resourceId('Microsoft.Network/publicIpAddresses', parameters('BastionHost').bastionPublicIPName)]"
                            ],
                            "tags": {
                                "cm-service": "[parameters('BastionHost').service.publish.bastion]"
                            },
                            "properties": {
                                "ipConfigurations": [
                                    {
                                        "name": "IpConf",
                                        "properties": {
                                            "subnet": {
                                                "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('BastionHost').vnetName, 'AzureBastionSubnet')]"
                                            },
                                            "publicIPAddress": {
                                                "id": "[resourceId('Microsoft.Network/publicIpAddresses', parameters('BastionHost').bastionPublicIPName)]"
                                            }
                                        }
                                    }
                                ]
                            }
                        },
                        {
                            "type": "Microsoft.Network/bastionHosts/Providers/DiagnosticSettings",
                            "name": "[concat(parameters('BastionHost').bastionHostName, '/Microsoft.Insights/Service')]",
                            "apiVersion": "2016-09-01",
                            "location": "[parameters('Workspace').Location]",
                            "dependsOn": [
                                "[resourceId('Microsoft.Network/bastionHosts', parameters('BastionHost').bastionHostName)]"
                            ],
                            "properties": {
                                "WorkspaceId": "[parameters('Workspace').ResourceId]",
                                "logs": [
                                    {
                                        "category": "BastionAuditLogs",
                                        "enabled": true,
                                        "retentionPolicy": {
                                            "enabled": true,
                                            "days": 30
                                        }
                                    }
                                ]
                            }
                        }
                    ]
                }
            }
        }
    ]
}