Hello Friends, Happy to see you again. In this article, I will briefly talk about Azure Bastion Session Management. In the first part of the series, I will go over the basics of session monitoring and management for Azure Bastion. Let's get into it.
π¬What is Bastion's Session Management?β
You might want to manage the sessions if you're using Azure Bastion. For example, you wish to terminate the session or view the session details and so forth. Session Management is a feature that allows you to manage active sessions or terminate the sessions. If you're already using Azure Bastion, you should be sending the logs to Log Analytics. If you're not, please do that as soon as possible. Log analytics can help to see the session details and Bastion Audit Logs. The Diagnostics Logs can be sent to Log Analytics and Storage Accounts so that you can view the session details.
π±How to Manage Azure Bastion Sessions?β
It is evident that you can manage the sessions from the Azure Portal, but key point is that we would like to manage the sessions from PowerShell. In order to do that, we will interact with the Azure Bastion REST API. When you skim through the Azure Bastion REST API, you will see that there are two endpoints. One is for the getActiveSessions and the other one is for the disconnectActiveSessions.
π§βπ» Quick insight into the REST API endpointsβ
π getActiveSessionsβ
The GetActiveSessions endpoint is used to get the active sessions. It returns the list of active sessions. The endpoint is as follows:
Method: POST
"https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/bastionHosts/{bastionHostName}/getActiveSessions?api-version=2022-07-01"
When you send a request to the endpoint, you will probably get the following response:
{
"value": [
{
"sessionId": "sessionId",
"startTime": "2019-1-1T12:00:00.0000Z",
"targetSubscriptionId": "subid",
"resourceType": "VM",
"targetHostName": "vm01",
"targetResourceGroup": "rg1",
"userName": "user",
"targetIpAddress": "1.1.1.1",
"protocol": "SSH",
"targetResourceId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Compute/virtualMachines/vm01",
"sessionDurationInMins": 0
}
]
}
The result of the GetActiveSessions endpoint is a list of active sessions. The sessionId is the unique identifier of the session. Generally, the endpoint returns responses 200 and 202. If the response is 202, it means that the request is accepted, and the session details will be returned later. Bear in mind that you will need to send the request again to get the session details.
π disconnectActiveSessionsβ
Method: POST
"POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/bastionHosts/{bastionHostName}/disconnectActiveSessions?api-version=2022-07-01"
Once you get the session details, you can terminate the session by sending a request to the disconnectActiveSessions endpoint. When you send a request to the endpoint, you must send the sessionIds as a request body. The request body must be in the following format:
sessionIds: [
"session1",
"session2",
"session3"
]
Looks like Azure Bastion REST API is pretty straightforward for newcomers. The tricky part is that you will need to send the request again to get the session details. I look forward to finishing the PowerShell part in the following article. We are getting closer to the end of the article. Stay tuned for the next part.