Review security risks (Azure#305)

* Work in progress. Removed Usernames and Passwords.

* Removed hardcoded IP addresses.

---------

Co-authored-by: Victor Saad Bueno Valadares <[email protected]>

Author: vivalada

AVS-Landing-Zone/GreenField Lite/PortalUI/Bicep/GreenFieldLiteDeploy.parameters.json

@@ -6,7 +6,7 @@
             "value": "SJLITE-SDDC"
         },
         "PrivateCloudAddressSpace": {
-            "value": "10.55.0.0/22"
+            "value": ""
         },
         "PrivateCloudSKU": {
             "value": "AV36P"
@@ -16,7 +16,7 @@
         },
         "AlertEmails": {
             "value": [
-                "example@microsoft.com"
+                "example@contoso.com"
             ]
         }
     }

AVS-Landing-Zone/GreenField/ARM/ESLZDeploy.parameters.json

@@ -6,7 +6,7 @@
             "value": "ESLZ"
         },
         "PrivateCloudAddressSpace": {
-            "value": "10.0.0.0/22"
+            "value": ""
         },
         "PrivateCloudSKU": {
             "value": "AV36P"
@@ -15,30 +15,30 @@
             "value": 3
         },
         "VNetAddressSpace": {
-            "value": "10.1.0.0/16"
+            "value": ""
         },
         "VNetGatewaySubnet": {
-            "value": "10.1.0.0/24"
+            "value": ""
         },
         "AlertEmails": {
             "value": [
-                "example@microsoft.com"
+                "example@contoso.com"
             ]
         },
         "DeployJumpbox": {
             "value": true
         },
         "JumpboxUsername": {
-            "value": "avsjump"
+            "value": ""
         },
         "JumpboxPassword": {
-            "value": "ChangeM3!"
+            "value": ""
         },
         "JumpboxSubnet": {
-            "value": "10.1.1.0/25"
+            "value": ""
         },
         "BastionSubnet": {
-            "value": "10.1.1.128/25"
+            "value": ""
         },
         "VNetExists": {
             "value": false

AVS-Landing-Zone/GreenField/Bicep/ESLZDeploy.parameters.json

@@ -6,7 +6,7 @@
             "value": "LZA"
         },
         "PrivateCloudAddressSpace": {
-            "value": "10.0.0.0/22"
+            "value": ""
         },
         "PrivateCloudSKU": {
             "value": "AV36P"
@@ -15,27 +15,27 @@
             "value": 3
         },
         "VNetAddressSpace": {
-            "value": "10.1.0.0/16"
+            "value": ""
         },
         "VNetGatewaySubnet": {
-            "value": "10.1.0.0/24"
+            "value": ""
         },
         "AlertEmails": {
             "value": [
-                "example@microsoft.com"
+                "example@contoso.com"
             ]
         },
         "DeployJumpbox": {
             "value": true
         },
         "JumpboxUsername": {
-            "value": "avsjump"
+            "value": ""
         },
         "JumpboxPassword": {
-            "value": "ChangeM3!"
+            "value": ""
         },
         "JumpboxSubnet": {
-            "value": "10.1.1.0/25"
+            "value": ""
         },
         "OSVersion": {
             "value": "2022-datacenter-azure-edition-smalldisk"
@@ -50,7 +50,7 @@
             "value": "https://raw.githubusercontent.com/Azure/Enterprise-Scale-for-AVS/main/AVS-Landing-Zone/GreenField/Scripts/bootstrap.ps1"
         },
         "BastionSubnet": {
-            "value": "10.1.1.128/25"
+            "value": ""
         },
         "VNetExists": {
             "value": false

AVS-Landing-Zone/GreenField/PortalUI/Bicep/ESLZDeploy.parameters.json

@@ -3,25 +3,25 @@
     "contentVersion": "1.0.0.0",
     "parameters": {
         "Prefix": {
-            "value": "SJTEST2"
+            "value": ""
         },
         "DeployPrivateCloud": {
             "value": false
         },
         "PrivateCloudName": {
-            "value": "SA-SDDC-1"
+            "value": ""
         },
         "ExistingPrivateCloudName": {
-            "value": "SA-SDDC-1"
+            "value": ""
         },
         "ExistingPrivateCloudResourceId": {
-            "value": "/subscriptions/1caa5ab4-523f-4851-952b-1b689c48fae9/resourceGroups/SA-SDDC-1/providers/Microsoft.AVS/privateClouds/SA-SDDC-1"
+            "value": ""
         },
         "PrivateCloudResourceGroupName": {
-            "value": "SA-SDDC-1"
+            "value": ""
         },
         "PrivateCloudAddressSpace": {
-            "value": "10.20.0.0/22"
+            "value": ""
         },
         "PrivateCloudSKU": {
             "value": "AV36P"
@@ -36,40 +36,40 @@
             "value": false
         },
         "NewNetworkName": {
-            "value": "SJTESTNET2-vnet"
+            "value": ""
         },
         "NewNetworkResourceGroupName": {
-            "value": "SJTESTNET2"
+            "value": ""
         },
         "NewVNetAddressSpace": {
-            "value": "10.111.0.0/16"
+            "value": ""
         },
         "NewVnetNewGatewaySubnetAddressPrefix": {
-            "value": "10.111.0.0/24"
+            "value": ""
         },
         "ExistingNetworkResourceId": {
-            "value": "/subscriptions/1caa5ab4-523f-4851-952b-1b689c48fae9/resourceGroups/SJTESTNET1/providers/Microsoft.Network/virtualNetworks/SJTESTNET1-vnet"
+            "value": ""
         },
         "ExistingGatewayName": {
-            "value": "SJTEST2-gw"
+            "value": ""
         },
         "AlertEmails": {
-            "value": "example@microsoft.com"
+            "value": "example@contoso.com"
         },
         "DeployJumpbox": {
             "value": true
         },
         "JumpboxUsername": {
-            "value": "avsjump"
+            "value": ""
         },
         "JumpboxPassword": {
-            "value": "ChangeM3!"
+            "value": ""
         },
         "JumpboxSubnet": {
-            "value": "10.111.2.0/24"
+            "value": ""
         },
         "BastionSubnet": {
-            "value": "10.111.1.0/24"
+            "value": ""
         }
     }
 }

AVS-Landing-Zone/GreenField/Terraform/terraform.tfvars

@@ -6,21 +6,21 @@ prefix = "AVS"
 region = "northeurope"
 
 #AVS requires a /22 CIDR range, this must not overlap with other networks to be used with AVS
-avs-networkblock = "10.1.0.0/22"
+avs-networkblock = ""
 avs-sku          = "AV36P"
 avs-hostcount    = 3
 hcx_key_names    = ["hcxsite1", "hcxsite2"]
 
 #Input the Jumpbox local username, password and SKU of your choice
-adminusername = "replace me"
-adminpassword = "replace me"
+adminusername = ""
+adminpassword = ""
 jumpboxsku    = "Standard_D2as_v4"
 
 #Virtual network address space and required subnets, can be any CIDR range
-vnetaddressspace   = "192.168.1.0/24"
-gatewaysubnet      = "192.168.1.0/27"
-azurebastionsubnet = "192.168.1.64/26"
-jumpboxsubnet      = "192.168.1.128/25"
+vnetaddressspace   = ""
+gatewaysubnet      = ""
+azurebastionsubnet = ""
+jumpboxsubnet      = ""
 
 #Enable or Disable telemetry
 telemetry_enabled = true

BrownField/Monitoring/AVS-Service-Health/Bicep/AVSServiceHealth.parameters.json

@@ -3,7 +3,7 @@
     "contentVersion": "1.0.0.0",
     "parameters": {
         "ActionGroupEmails": {
-            "value": "example@microsoft.com"
+            "value": "example@contoso.com"
         },
         "PrivateCloudResourceId": {
             "value": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ExampleRG/providers/Microsoft.AVS/privateClouds/ExamplePrivateCloud"