audunsolemdal · May 23, 2020 13:42
diff --git a/Connect-AzVM.ps1 b/Connect-AzVM.ps1
 # ----------------------------------------------------------------------------------
 #
 # Copyright Microsoft Corporation
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 # http://www.apache.org/licenses/LICENSE-2.0
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ----------------------------------------------------------------------------------

 # Requirements:
 # Powershell 7.0 or newer
 # Az module: Install-Module Az

 <#
 .SYNOPSIS
 Initiate JIT network access policy request
 #>
 function Connect-AzVM()
 {
    [CmdletBinding()]
    param (
        [Parameter(Mandatory=$true, ParameterSetName="Default", Position=0)]
        [string] $VMName,
        [Parameter(Mandatory=$false, ParameterSetName="Default", Position=1)]
        [string] $RGType,
        [Parameter(Mandatory=$false, ParameterSetName="Default", Position=2)]
        [switch] $Fast

    )

    $RGType = "external"
    $RGName = "$RGType-vms"

    if (!$fast) { # Use -Fast switch to skip JiT and waiting

    Import-Module Az.Resources

    $localIP = Get-NetIPAddress | Select-Object -Property IPAddress | Where-Object -Property IPAddress -Like "10.*"

 	[Microsoft.Azure.Commands.Security.Models.JitNetworkAccessPolicies.PSSecurityJitNetworkAccessPolicyInitiateVirtualMachine]$vm = New-Object -TypeName Microsoft.Azure.Commands.Security.Models.JitNetworkAccessPolicies.PSSecurityJitNetworkAccessPolicyInitiateVirtualMachine
 	$vm.Id = "/subscriptions/xxxx/resourceGroups/$RGName/providers/Microsoft.Compute/virtualMachines/$VMName"
 	[Microsoft.Azure.Commands.Security.Models.JitNetworkAccessPolicies.PSSecurityJitNetworkAccessPolicyInitiatePort]$port = New-Object -TypeName Microsoft.Azure.Commands.Security.Models.JitNetworkAccessPolicies.PSSecurityJitNetworkAccessPolicyInitiatePort
 	$port.AllowedSourceAddressPrefix = $localIP
 	$port.EndTimeUtc = [DateTime]::UtcNow.AddHours(2)
 	$port.Number = 22
 	$vm.Ports = (,$port)

    Start-AzJitNetworkAccessPolicy -ResourceGroupName $RGName -Location "norwayeast" -Name "OP-VMs-JIT-Policy" -VirtualMachine (,$vm)

    if ($?) {
        Write-Host "Successfully sent JiT request, now waiting 30 secs before connecting as the port opening takes some time ..."
    }
    Start-Sleep 30

 }
    ssh -i $HOME/.ssh/id_rsa root@"$vmName".xxx.com
 }
	# ----------------------------------------------------------------------------------
	#
	# Copyright Microsoft Corporation
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	# http://www.apache.org/licenses/LICENSE-2.0
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	# ----------------------------------------------------------------------------------

	# Requirements:
	# Powershell 7.0 or newer
	# Az module: Install-Module Az

	<#
	.SYNOPSIS
	Initiate JIT network access policy request
	#>
	function Connect-AzVM()
	{
	[CmdletBinding()]
	param (
	[Parameter(Mandatory=$true, ParameterSetName="Default", Position=0)]
	[string] $VMName,
	[Parameter(Mandatory=$false, ParameterSetName="Default", Position=1)]
	[string] $RGType,
	[Parameter(Mandatory=$false, ParameterSetName="Default", Position=2)]
	[switch] $Fast

	)

	$RGType = "external"
	$RGName = "$RGType-vms"

	if (!$fast) { # Use -Fast switch to skip JiT and waiting

	Import-Module Az.Resources

	$localIP = Get-NetIPAddress \| Select-Object -Property IPAddress \| Where-Object -Property IPAddress -Like "10.*"

	[Microsoft.Azure.Commands.Security.Models.JitNetworkAccessPolicies.PSSecurityJitNetworkAccessPolicyInitiateVirtualMachine]$vm = New-Object -TypeName Microsoft.Azure.Commands.Security.Models.JitNetworkAccessPolicies.PSSecurityJitNetworkAccessPolicyInitiateVirtualMachine
	$vm.Id = "/subscriptions/xxxx/resourceGroups/$RGName/providers/Microsoft.Compute/virtualMachines/$VMName"
	[Microsoft.Azure.Commands.Security.Models.JitNetworkAccessPolicies.PSSecurityJitNetworkAccessPolicyInitiatePort]$port = New-Object -TypeName Microsoft.Azure.Commands.Security.Models.JitNetworkAccessPolicies.PSSecurityJitNetworkAccessPolicyInitiatePort
	$port.AllowedSourceAddressPrefix = $localIP
	$port.EndTimeUtc = [DateTime]::UtcNow.AddHours(2)
	$port.Number = 22
	$vm.Ports = (,$port)

	Start-AzJitNetworkAccessPolicy -ResourceGroupName $RGName -Location "norwayeast" -Name "OP-VMs-JIT-Policy" -VirtualMachine (,$vm)

	if ($?) {
	Write-Host "Successfully sent JiT request, now waiting 30 secs before connecting as the port opening takes some time ..."
	}
	Start-Sleep 30

	}
	ssh -i $HOME/.ssh/id_rsa root@"$vmName".xxx.com
	}