First, let's set some parameters
UNIQUE="chi2"
LOCATION=westus2
Create rg
az group create --resource-group rg-$UNIQUE-dev --location $LOCATION
Keep rg handy
RG="rg-$UNIQUE-dev"
Create 'on-prem vnet'
az network vnet create -g $RG -n vnet-1-$UNIQUE --address-prefix 10.0.0.0/22 --subnet-name sn-1-$UNIQUE
Create vnet2 - make sure your address space doesn't overlap
az network vnet create -g $RG -n vnet-2-$UNIQUE --address-prefix 10.1.0.0/22 --subnet-name sn-2-$UNIQUE
get the full id of on-prem and vnet-2
VNET1ID=$(az network vnet show --resource-group $RG --name vnet-1-$UNIQUE --query "id" -o tsv | tr -d '"')
VNET2ID=$(az network vnet show --resource-group $RG --name vnet-2-$UNIQUE --query "id" -o tsv | tr -d '"')
peer vnet onprem to 2
az network vnet peering create --name peer-2-$UNIQUE-1 -g $RG --vnet-name vnet-1-$UNIQUE --remote-vnet $VNET2ID --allow-vnet-access
peer vnet 2 to onprem
az network vnet peering create --name peer-2-$UNIQUE-1 -g $RG --vnet-name vnet-2-$UNIQUE --remote-vnet $VNET1ID --allow-vnet-access
az network public-ip create -g $RG --name BastionPublicIp --sku Standard --location $LOCATION
az network vnet subnet create --name AzureBastionSubnet --resource-group $RG --vnet-name vnet-1-$UNIQUE --address-prefixes 10.0.1.0/26 --private-endpoint-network-policies Disabled --private-link-service-network-policies Disabled
az network bastion create --name bh-$UNIQUE --public-ip-address BastionPublicIP --resource-group $RG --vnet-name vnet-1-$UNIQUE --location $LOCATION
az appservice plan create --name $UNIQUE-app-plan --resource-group $RG --location $LOCATION --sku S1
az webapp create --name webapp-$UNIQUE --resource-group $RG --plan $UNIQUE-app-plan --runtime "DOTNET|6.0"
get web app id
WEBAPPID=$(az webapp show -g $RG --name webapp-$UNIQUE --query "id" -o tsv | tr -d '"')
az network vnet subnet create --name sn-$UNIQUE-app --resource-group $RG --vnet-name vnet-2-$UNIQUE --address-prefixes 10.1.0.0/26 --private-endpoint-network-policies Disabled --private-link-service-network-policies Disabled
az network private-endpoint create --connection-name pep-$UNIQUE-web --name pep-app-$UNIQUE -g $RG --subnet sn-$UNIQUE-app --group-id sites --location $LOCATION --nic-name nic-pep-app-$UNIQUE --vnet-name vnet-2-$UNIQUE --private-connection-resource-id $WEBAPPID
az network private-dns zone create -g $RG -n privatelink.azurewebsites.net
az network private-dns link vnet create --name vnet-privatelink-$UNIQUE-websites --registration-enabled false --resource-group $RG --virtual-network $VNET2ID --zone-name privatelink.azurewebsites.net
make sure you set 'Yoursecret1234'
az network nsg create --name nsg-$UNIQUE-jb --resource-group $RG --location $LOCATION
az network nic create --name $UNIQUE-nicjb --location $LOCATION --vnet-name vnet-1-$UNIQUE --network-security-group nsg-$UNIQUE-jb --subnet sn-1-$UNIQUE --resource-group $RG
az vm create --name $UNIQUE-jump --resourge-group $RG --location $LOCATION --image "MicrosoftWindowsDesktop:windows-11:win11-23h2-pro:22631.3007.240105" --admin-username $UNIQUE-user --nics $UNIQUE-nicjb --os-disk-name $UNIQUE-disk --admin-password Yoursecret1234