Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

include a Windows virtual machine for jumpbox access #417

Merged
merged 2 commits into from
Sep 21, 2021

Conversation

glennmusa
Copy link
Contributor

Description

This change introduces a Windows Virtual Machine into the remoteAccess module, giving a user a remote desktop interface inside the network by specifying deployRemoteAccess=true and a value for linuxVmAdminPasswordOrKey and windowsVmAdminPassword at deployment time.

To demo this (it's easiest to use the .devcontainer to generate a password with openssl) try:

my_password=$(openssl rand -base64 14)

az deployment sub create \
  --name "myRemoteAccessDeployment" \
  --location "eastus" \
  --template-file "src/bicep/mlz.bicep" \
  --parameters deployRemoteAccess="true" \
  --parameters linuxVmAdminPasswordOrKey="$my_password" \
  --parameters windowsVmAdminPassword="$my_password"

If a user attempts to set deployRemoteAccess=true but forgets to supply a password like this:

az deployment sub create \
  --name "myInvalidRemoteAccessDeployment" \
  --location "eastus" 
  --template-file "src/bicep/mlz.bicep" \
  --parameters deployRemoteAccess="true"

template validation will helpfully fail:

{
  "error": {
    "code": "InvalidTemplate",
    "message": "Deployment template validation failed: 'The provided value for the template parameter 'windowsVmAdminPassword' at line '311' and column '21' is not valid. Length of the value should be greater than or equal to '14'. Please see https://aka.ms/arm-template/#parameters for usage details.'."
  }
}

Issue reference

The issue this PR will close #343

Checklist

Please make sure you've completed the relevant tasks for this PR, out of the following list:

  • Code compiles or validates correctly
    [ ] BASH scripts have been validated using shellcheck
  • All tests pass (manual and automated)
  • The documentation is updated to cover any new or changed features
  • Markdown files have been linted using the recommended linter. (See .vscode/extensions.json.)
  • Relevant issues are linked to this PR

@glennmusa glennmusa linked an issue Sep 17, 2021 that may be closed by this pull request
@glennmusa glennmusa enabled auto-merge (squash) September 17, 2021 20:34
@glennmusa glennmusa changed the title include a windows virtual machine for jumpbox access include a Windows virtual machine for jumpbox access Sep 20, 2021
@glennmusa glennmusa disabled auto-merge September 20, 2021 20:37
@glennmusa glennmusa enabled auto-merge (squash) September 20, 2021 21:03
Copy link
Member

@shawngib shawngib left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works as advertised. Love to chat about hardening this for security but not currently in this scope.

@glennmusa glennmusa merged commit 334f58c into bicep Sep 21, 2021
@glennmusa glennmusa deleted the glenn/addWindowsVmRemoteAccess branch September 21, 2021 18:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Deploy a Windows VM in the remoteAccess example
2 participants