In lieu of a way to do it using the Azure CLI, and frustrated by the constant need to login to the Azure GUI console to enable Just-in-Time, this is a little Python CLI I've made to enable Just-in-Time on a Virtual Machine from my terminal, using the Azure API.
pip3 install -r requirements.txt
pip3 install .
_JIT_COMPLETE=bash_source jit > ./.jit-complete.bash
Source the above file in your .bashrc
file.
. <path-to-repo>/.jit-complete.bash
The API request needs an authorisation token to successfully authenticate.
For now I just run the below when my current token has expired, and the script will grab the token from the AZURE_TOKEN
environment variable. The CLI will error if AZURE_TOKEN
doesn't exist.
export AZURE_TOKEN=$(az account get-access-token | jq -r '.accessToken')
The utility will prompt you for the required parameters, but they can also be provided as below.
python3 main.py activate \
--justification "" \
--location <region> \
--jit_policy_name <policy-name>
--subscription_id <subscription-id> \
--resource_group <resource-group> \
--ip_address <your-public-ip>