add a windows VM as a jumpbox to Bastion RDP into the Hub network

[glennmusa]

Description

This change proposes adding a Windows VM to allow for Bastion RDP into the Hub network via a new module called jumpbox. To demo this, deploy MLZ in your preferred way and initiate a Bastion RDP session to the VM in the hub resource group. To retrieve the login credentials, add a KeyVault get secret management access policy for your principal.

These changes propose:

• Adding a new module called jumpbox
  • creates a KeyVault resource
  • creates two secret values for jumpbox username and jumpbox password to the KeyVault
  • calls the windows-virtual-machine module to create a VM and supply these credentials
• Adds a jumpbox-subnet subnet module to saca-hub to set up traffic flow logs and NSG rules for SSH and RDP
• Adds mlz_objectid as a variable to reference the MLZ Service Principal's AAD object ID for assigning KeyVault policies

Issue reference

The issue this PR will close: #187, close: #190

Checklist

Please make sure you've completed the relevant tasks for this PR, out of the following list:

• Code compiles or validates correctly
• BASH scripts have been validated using shellcheck
• All tests pass (manual and automated)
• The documentation is updated to cover any new or changed features
• Markdown files have been linted using the recommended linter. (See .vscode/extensions.json.)
• Relevant issues are linked to this PR

[brooke-hamilton]

I'm getting this error when deploying in this way:

src/scripts/deploy.sh -s <subscriptionid> -z <deployment name>

Error: A resource with the ID "/subscriptions/<sub id>/resourcegroups/rg-t0-jbh006/providers/microsoft.network/virtualnetworks/vn-t0-jbh006/providers/microsoft.insights/diagnosticSettings/vn-t0-jbh006-vn-diagnostics" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_monitor_diagnostic_setting" for more information.

  on ../../modules/virtual-network/main.tf line 30, in resource "azurerm_monitor_diagnostic_setting" "vnet":
  30: resource "azurerm_monitor_diagnostic_setting" "vnet" {


ERROR: failed to apply tier-0 (1/5). Trying some manual clean-up and Terraform destroy...
Initializing modules...

[glennmusa]

I'm getting this error when deploying in this way:

src/scripts/deploy.sh -s <subscriptionid> -z <deployment name>

Error: A resource with the ID "/subscriptions/<sub id>/resourcegroups/rg-t0-jbh006/providers/microsoft.network/virtualnetworks/vn-t0-jbh006/providers/microsoft.insights/diagnosticSettings/vn-t0-jbh006-vn-diagnostics" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_monitor_diagnostic_setting" for more information.

  on ../../modules/virtual-network/main.tf line 30, in resource "azurerm_monitor_diagnostic_setting" "vnet":
  30: resource "azurerm_monitor_diagnostic_setting" "vnet" {


ERROR: failed to apply tier-0 (1/5). Trying some manual clean-up and Terraform destroy...
Initializing modules...

A resource with the ID "/subscriptions/<sub id>/resourcegroups/rg-t0-jbh006/providers/microsoft.network/virtualnetworks/vn-t0-jbh006/providers/microsoft.insights/diagnosticSettings/vn-t0-jbh006-vn-diagnostics" already exists - to be managed via Terraform this resource needs to be imported into the State. is an error unrelated to these changes, but is encountered by diagnostic settings that are in an unknown state. Typically you'd see this when a resource is created by Terraform, but deleted manually. The solution is to recreate the resources at the ID signature and destroy them using Terraform: hashicorp/terraform-provider-azurerm#8109

[brooke-hamilton]

I'm getting this error when deploying in this way:

src/scripts/deploy.sh -s <subscriptionid> -z <deployment name>

Error: A resource with the ID "/subscriptions/<sub id>/resourcegroups/rg-t0-jbh006/providers/microsoft.network/virtualnetworks/vn-t0-jbh006/providers/microsoft.insights/diagnosticSettings/vn-t0-jbh006-vn-diagnostics" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_monitor_diagnostic_setting" for more information.

  on ../../modules/virtual-network/main.tf line 30, in resource "azurerm_monitor_diagnostic_setting" "vnet":
  30: resource "azurerm_monitor_diagnostic_setting" "vnet" {


ERROR: failed to apply tier-0 (1/5). Trying some manual clean-up and Terraform destroy...
Initializing modules...

A resource with the ID "/subscriptions/<sub id>/resourcegroups/rg-t0-jbh006/providers/microsoft.network/virtualnetworks/vn-t0-jbh006/providers/microsoft.insights/diagnosticSettings/vn-t0-jbh006-vn-diagnostics" already exists - to be managed via Terraform this resource needs to be imported into the State. is an error unrelated to these changes, but is encountered by diagnostic settings that are in an unknown state. Typically you'd see this when a resource is created by Terraform, but deleted manually. The solution is to recreate the resources at the ID signature and destroy them using Terraform: terraform-providers/terraform-provider-azurerm#8109

Thanks for the help on this - it's an issue that happens if I create the resource using terraform and then delete it using the Azure CLI or Azure portal, and then recreate the resource using the same name. If I delete the resource using terraform then the issue does not happen (or if I use a unique name).

[brooke-hamilton]

I was able to deploy and log into the VM via Bastion. 🥇