That Bastion stuff wasn't that bad, was it? But in case you were playing Solitare the entire time, here you go:
.\3-bastion-jumpbox.ps1 -TeamName <your team name>
Virtual networks, like galaxies. Systems of cells interlinked within cells interlinked. Cells interlinked. Drifting away in the empty vastness of silent space. In solitude, forever to travel alone until the last dark star shines its last light.
Against the dark, a tall white fountain played.
...
Right... It's kinda important for our case that the virtual networks are connected. In order to do that we need to peer them using a hub and spoke (hub-spoke) model. Remember, the spokes are the virtual networks in EU and US. Enough talking, let's get to it: Peer the virtual networks so that the one in the shared location acts as the hub. What are you waiting for? Go! Execute!
Now you should be able to open a browser in the virtual machine and navigate to the web app https://app-<your team name>-dev-eu.azurewebsites.net/list_blobs in the virtual network. If you can't, you're doing something wrong.
Set up Azure Firewall - not the basic SKU - in the virtual network in the shared location.
Finally:
- Add a route table and direct next hop traffic from VM to Azure Firewall
- Block all sites except GitHub