added baston and jump box modules in main bicep file

Vemarthula-Microsoft · Vemarthula-Microsoft · commit 9122d3167f4d · 2025-10-13T18:35:57.000+05:30
diff --git a/infra/main.bicep b/infra/main.bicep
@@ -85,6 +85,18 @@ param existingLogAnalyticsWorkspaceId string = ''
 @description('Use this parameter to use an existing AI project resource ID')
 param existingFoundryProjectResourceId string = ''
 
+@description('Optional. Size of the Jumpbox Virtual Machine when created. Set to custom value if enablePrivateNetworking is true.')
+param vmSize string? 
+
+@description('Optional. Admin username for the Jumpbox Virtual Machine. Set to custom value if enablePrivateNetworking is true.')
+@secure()
+param vmAdminUsername string?
+
+@description('Optional. Admin password for the Jumpbox Virtual Machine. Set to custom value if enablePrivateNetworking is true.')
+@secure()
+param vmAdminPassword string?
+
+
 // ========== Variables ========== //
 var solutionPrefix = 'cps-${padLeft(take(toLower(uniqueString(subscription().id, environmentName, resourceGroup().location, resourceGroup().name)), 12), 12, '0')}'
 // ============== //
@@ -353,6 +365,94 @@ module virtualNetwork './modules/virtualNetwork.bicep' = if (enablePrivateNetwor
   }
 }
 
+// Azure Bastion Host
+var bastionHostName = 'bas-${solutionPrefix}'
+module bastionHost 'br/public:avm/res/network/bastion-host:0.6.1' = if (enablePrivateNetworking) {
+  name: take('avm.res.network.bastion-host.${bastionHostName}', 64)
+  params: {
+    name: bastionHostName
+    skuName: 'Standard'
+    location: resourceGroupLocation
+    virtualNetworkResourceId: virtualNetwork!.outputs.resourceId
+    diagnosticSettings: [
+      {
+        name: 'bastionDiagnostics'
+        workspaceResourceId: existingLogAnalyticsWorkspaceId
+        logCategoriesAndGroups: [
+          {
+            categoryGroup: 'allLogs'
+            enabled: true
+          }
+        ]
+      }
+    ]
+    tags: tags
+    enableTelemetry: enableTelemetry
+    publicIPAddressObject: {
+      name: 'pip-${bastionHostName}'
+      zones: []
+    }
+  }
+}
+// Jumpbox Virtual Machine
+var jumpboxVmName = take('vm-jumpbox-${solutionPrefix}', 15)
+module jumpboxVM 'br/public:avm/res/compute/virtual-machine:0.15.0' = if (enablePrivateNetworking) {
+  name: take('avm.res.compute.virtual-machine.${jumpboxVmName}', 64)
+  params: {
+    name: take(jumpboxVmName, 15) // Shorten VM name to 15 characters to avoid Azure limits
+    vmSize: vmSize ?? 'Standard_DS2_v2'
+    location: resourceGroupLocation
+    adminUsername: vmAdminUsername ?? 'JumpboxAdminUser'
+    adminPassword: vmAdminPassword ?? 'JumpboxAdminP@ssw0rd1234!'
+    tags: tags
+    zone: 0
+    imageReference: {
+      offer: 'WindowsServer'
+      publisher: 'MicrosoftWindowsServer'
+      sku: '2019-datacenter'
+      version: 'latest'
+    }
+    osType: 'Windows'
+    osDisk: {
+      name: 'osdisk-${jumpboxVmName}'
+      managedDisk: {
+        storageAccountType: 'Standard_LRS'
+      }
+    }
+    encryptionAtHost: false // Some Azure subscriptions do not support encryption at host
+    nicConfigurations: [
+      {
+        name: 'nic-${jumpboxVmName}'
+        ipConfigurations: [
+          {
+            name: 'ipconfig1'
+            subnetResourceId: virtualNetwork!.outputs.jumpboxSubnetResourceId
+          }
+        ]
+        diagnosticSettings: [
+          {
+            name: 'jumpboxDiagnostics'
+            workspaceResourceId: existingLogAnalyticsWorkspaceId
+            logCategoriesAndGroups: [
+              {
+                categoryGroup: 'allLogs'
+                enabled: true
+              }
+            ]
+            metricCategories: [
+              {
+                category: 'AllMetrics'
+                enabled: true
+              }
+            ]
+          }
+        ]
+      }
+    ]
+    enableTelemetry: enableTelemetry
+  }
+}
+
 // ========== Private DNS Zones ========== //
 var privateDnsZones = [
   'privatelink.cognitiveservices.azure.com'
@@ -568,7 +668,7 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.20.0' = {
                 }
               ]
             }
-            subnetResourceId: virtualNetwork.outputs.containersSubnetResourceId // Use the backend subnet
+            subnetResourceId: virtualNetwork.outputs.backendSubnetResourceId // Use the backend subnet
             service: 'blob'
           }
           {
@@ -582,7 +682,7 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.20.0' = {
                 }
               ]
             }
-            subnetResourceId: virtualNetwork.outputs.containersSubnetResourceId // Use the backend subnet
+            subnetResourceId: virtualNetwork.outputs.backendSubnetResourceId // Use the backend subnet
             service: 'queue'
           }
         ]
@@ -679,7 +779,7 @@ module avmAiServices 'modules/account/main.bicep' = {
                 }
               ]
             }
-            subnetResourceId: virtualNetwork.outputs.containersSubnetResourceId // Use the backend subnet
+            subnetResourceId: virtualNetwork.outputs.backendSubnetResourceId // Use the backend subnet
           }
         ]
       : []
@@ -740,7 +840,7 @@ module avmAiServices_cu 'br/public:avm/res/cognitive-services/account:0.11.0' =
                 }
               ]
             }
-            subnetResourceId: virtualNetwork.outputs.containersSubnetResourceId // Use the backend subnet
+            subnetResourceId: virtualNetwork.outputs.backendSubnetResourceId // Use the backend subnet
           }
         ]
       : []
@@ -1080,7 +1180,7 @@ module avmCosmosDB 'br/public:avm/res/document-db/database-account:0.15.0' = {
               ]
             }
             service: 'MongoDB'
-            subnetResourceId: virtualNetwork.outputs.containersSubnetResourceId // Use the backend subnet
+            subnetResourceId: virtualNetwork.outputs.backendSubnetResourceId // Use the backend subnet
           }
         ]
       : []
@@ -1257,7 +1357,7 @@ module avmAppConfig_update 'br/public:avm/res/app-configuration/configuration-st
             }
           ]
         }
-        subnetResourceId: virtualNetwork.outputs.containersSubnetResourceId // Use the backend subnet
+        subnetResourceId: virtualNetwork.outputs.backendSubnetResourceId // Use the backend subnet
       }
     ]
   }

Original file line number	Diff line number	Diff line change
`@@ -85,6 +85,18 @@ param existingLogAnalyticsWorkspaceId string = ''`
`85`	`85`	`@description('Use this parameter to use an existing AI project resource ID')`
`86`	`86`	`param existingFoundryProjectResourceId string = ''`
`87`	`87`
	`88`	`+@description('Optional. Size of the Jumpbox Virtual Machine when created. Set to custom value if enablePrivateNetworking is true.')`
	`89`	`+param vmSize string?`
	`90`	`+`
	`91`	`+@description('Optional. Admin username for the Jumpbox Virtual Machine. Set to custom value if enablePrivateNetworking is true.')`
	`92`	`+@secure()`
	`93`	`+param vmAdminUsername string?`
	`94`	`+`
	`95`	`+@description('Optional. Admin password for the Jumpbox Virtual Machine. Set to custom value if enablePrivateNetworking is true.')`
	`96`	`+@secure()`
	`97`	`+param vmAdminPassword string?`
	`98`	`+`
	`99`	`+`
`88`	`100`	`// ========== Variables ========== //`
`89`	`101`	`var solutionPrefix = 'cps-${padLeft(take(toLower(uniqueString(subscription().id, environmentName, resourceGroup().location, resourceGroup().name)), 12), 12, '0')}'`
`90`	`102`	`// ============== //`
`@@ -353,6 +365,94 @@ module virtualNetwork './modules/virtualNetwork.bicep' = if (enablePrivateNetwor`
`353`	`365`	`}`
`354`	`366`	`}`
`355`	`367`
	`368`	`+// Azure Bastion Host`
	`369`	`+var bastionHostName = 'bas-${solutionPrefix}'`
	`370`	`+module bastionHost 'br/public:avm/res/network/bastion-host:0.6.1' = if (enablePrivateNetworking) {`
	`371`	`+ name: take('avm.res.network.bastion-host.${bastionHostName}', 64)`
	`372`	`+ params: {`
	`373`	`+ name: bastionHostName`
	`374`	`+ skuName: 'Standard'`
	`375`	`+ location: resourceGroupLocation`
	`376`	`+ virtualNetworkResourceId: virtualNetwork!.outputs.resourceId`
	`377`	`+ diagnosticSettings: [`
	`378`	`+ {`
	`379`	`+ name: 'bastionDiagnostics'`
	`380`	`+ workspaceResourceId: existingLogAnalyticsWorkspaceId`
	`381`	`+ logCategoriesAndGroups: [`
	`382`	`+ {`
	`383`	`+ categoryGroup: 'allLogs'`
	`384`	`+ enabled: true`
	`385`	`+ }`
	`386`	`+ ]`
	`387`	`+ }`
	`388`	`+ ]`
	`389`	`+ tags: tags`
	`390`	`+ enableTelemetry: enableTelemetry`
	`391`	`+ publicIPAddressObject: {`
	`392`	`+ name: 'pip-${bastionHostName}'`
	`393`	`+ zones: []`
	`394`	`+ }`
	`395`	`+ }`
	`396`	`+}`
	`397`	`+// Jumpbox Virtual Machine`
	`398`	`+var jumpboxVmName = take('vm-jumpbox-${solutionPrefix}', 15)`
	`399`	`+module jumpboxVM 'br/public:avm/res/compute/virtual-machine:0.15.0' = if (enablePrivateNetworking) {`
	`400`	`+ name: take('avm.res.compute.virtual-machine.${jumpboxVmName}', 64)`
	`401`	`+ params: {`
	`402`	`+ name: take(jumpboxVmName, 15) // Shorten VM name to 15 characters to avoid Azure limits`
	`403`	`+ vmSize: vmSize ?? 'Standard_DS2_v2'`
	`404`	`+ location: resourceGroupLocation`
	`405`	`+ adminUsername: vmAdminUsername ?? 'JumpboxAdminUser'`
	`406`	`+ adminPassword: vmAdminPassword ?? 'JumpboxAdminP@ssw0rd1234!'`
	`407`	`+ tags: tags`
	`408`	`+ zone: 0`
	`409`	`+ imageReference: {`
	`410`	`+ offer: 'WindowsServer'`
	`411`	`+ publisher: 'MicrosoftWindowsServer'`
	`412`	`+ sku: '2019-datacenter'`
	`413`	`+ version: 'latest'`
	`414`	`+ }`
	`415`	`+ osType: 'Windows'`
	`416`	`+ osDisk: {`
	`417`	`+ name: 'osdisk-${jumpboxVmName}'`
	`418`	`+ managedDisk: {`
	`419`	`+ storageAccountType: 'Standard_LRS'`
	`420`	`+ }`
	`421`	`+ }`
	`422`	`+ encryptionAtHost: false // Some Azure subscriptions do not support encryption at host`
	`423`	`+ nicConfigurations: [`
	`424`	`+ {`
	`425`	`+ name: 'nic-${jumpboxVmName}'`
	`426`	`+ ipConfigurations: [`
	`427`	`+ {`
	`428`	`+ name: 'ipconfig1'`
	`429`	`+ subnetResourceId: virtualNetwork!.outputs.jumpboxSubnetResourceId`
	`430`	`+ }`
	`431`	`+ ]`
	`432`	`+ diagnosticSettings: [`
	`433`	`+ {`
	`434`	`+ name: 'jumpboxDiagnostics'`
	`435`	`+ workspaceResourceId: existingLogAnalyticsWorkspaceId`
	`436`	`+ logCategoriesAndGroups: [`
	`437`	`+ {`
	`438`	`+ categoryGroup: 'allLogs'`
	`439`	`+ enabled: true`
	`440`	`+ }`
	`441`	`+ ]`
	`442`	`+ metricCategories: [`
	`443`	`+ {`
	`444`	`+ category: 'AllMetrics'`
	`445`	`+ enabled: true`
	`446`	`+ }`
	`447`	`+ ]`
	`448`	`+ }`
	`449`	`+ ]`
	`450`	`+ }`
	`451`	`+ ]`
	`452`	`+ enableTelemetry: enableTelemetry`
	`453`	`+ }`
	`454`	`+}`
	`455`	`+`
`356`	`456`	`// ========== Private DNS Zones ========== //`
`357`	`457`	`var privateDnsZones = [`
`358`	`458`	`'privatelink.cognitiveservices.azure.com'`
`@@ -568,7 +668,7 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.20.0' = {`
`568`	`668`	`}`
`569`	`669`	`]`
`570`	`670`	`}`
`571`		`- subnetResourceId: virtualNetwork.outputs.containersSubnetResourceId // Use the backend subnet`
	`671`	`+ subnetResourceId: virtualNetwork.outputs.backendSubnetResourceId // Use the backend subnet`
`572`	`672`	`service: 'blob'`
`573`	`673`	`}`
`574`	`674`	`{`
`@@ -582,7 +682,7 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.20.0' = {`
`582`	`682`	`}`
`583`	`683`	`]`
`584`	`684`	`}`
`585`		`- subnetResourceId: virtualNetwork.outputs.containersSubnetResourceId // Use the backend subnet`
	`685`	`+ subnetResourceId: virtualNetwork.outputs.backendSubnetResourceId // Use the backend subnet`
`586`	`686`	`service: 'queue'`
`587`	`687`	`}`
`588`	`688`	`]`
`@@ -679,7 +779,7 @@ module avmAiServices 'modules/account/main.bicep' = {`
`679`	`779`	`}`
`680`	`780`	`]`
`681`	`781`	`}`
`682`		`- subnetResourceId: virtualNetwork.outputs.containersSubnetResourceId // Use the backend subnet`
	`782`	`+ subnetResourceId: virtualNetwork.outputs.backendSubnetResourceId // Use the backend subnet`
`683`	`783`	`}`
`684`	`784`	`]`
`685`	`785`	`: []`
`@@ -740,7 +840,7 @@ module avmAiServices_cu 'br/public:avm/res/cognitive-services/account:0.11.0' =`
`740`	`840`	`}`
`741`	`841`	`]`
`742`	`842`	`}`
`743`		`- subnetResourceId: virtualNetwork.outputs.containersSubnetResourceId // Use the backend subnet`
	`843`	`+ subnetResourceId: virtualNetwork.outputs.backendSubnetResourceId // Use the backend subnet`
`744`	`844`	`}`
`745`	`845`	`]`
`746`	`846`	`: []`
`@@ -1080,7 +1180,7 @@ module avmCosmosDB 'br/public:avm/res/document-db/database-account:0.15.0' = {`
`1080`	`1180`	`]`
`1081`	`1181`	`}`
`1082`	`1182`	`service: 'MongoDB'`
`1083`		`- subnetResourceId: virtualNetwork.outputs.containersSubnetResourceId // Use the backend subnet`
	`1183`	`+ subnetResourceId: virtualNetwork.outputs.backendSubnetResourceId // Use the backend subnet`
`1084`	`1184`	`}`
`1085`	`1185`	`]`
`1086`	`1186`	`: []`
`@@ -1257,7 +1357,7 @@ module avmAppConfig_update 'br/public:avm/res/app-configuration/configuration-st`
`1257`	`1357`	`}`
`1258`	`1358`	`]`
`1259`	`1359`	`}`
`1260`		`- subnetResourceId: virtualNetwork.outputs.containersSubnetResourceId // Use the backend subnet`
	`1360`	`+ subnetResourceId: virtualNetwork.outputs.backendSubnetResourceId // Use the backend subnet`
`1261`	`1361`	`}`
`1262`	`1362`	`]`
`1263`	`1363`	`}`