wip

Author: mrlockstar

.gitleaksignore

@@ -35,3 +35,6 @@ infrastructure/terraform/hub/data.tf:generic-api-key:22
 infrastructure/terraform/resource_group_init/core.bicep:generic-api-key:11
 infrastructure/terraform/resource_group_init/keyVault.bicep:generic-api-key:10
 infrastructure/terraform/resource_group_init/main.bicep:generic-api-key:30
+infrastructure/terraform/hub/virtual_desktop.tf:generic-api-key:22
+infrastructure/terraform/hub/virtual_desktop.tf:generic-api-key:23
+infrastructure/terraform/hub/virtual_desktop.tf:generic-api-key:24

docs/infrastructure/new-subscription-setup.md

@@ -52,3 +52,19 @@ The following quotas need to be increased, raise a support ticket with Azure sup
 | Lung Cancer Risk Check - Review       | ******                                      | Review      | UK South | N/A                | N/A        | Regional deployment         | Compute       | B_Standard_B1ms    | N/A              | Units | 1      | 1      | 1      | 1      | 1      | 1      |
 | Lung Cancer Risk Check - Prod         | ******                                      | Prod        | UK South | N/A                | N/A        | Regional deployment         | Compute       | GP_Standard_D2ds_v5| N/A              | Units | 3      | 3      | 3      | 3      | 3      | 3      |
 | Lung Cancer Risk Check - Preprod      | ******                                      | Preprod     | UK South | N/A                | N/A        | Regional deployment         | Compute       | GP_Standard_D2ds_v5| N/A              | Units | 3      | 3      | 3      | 3      | 3      | 3      |
+
+
+alastairlock@Mac lung_cancer_screening % az feature register \
+  --namespace Microsoft.Compute \
+  --name EncryptionAtHost
+
+Once the feature 'EncryptionAtHost' is registered, invoking 'az provider register -n Microsoft.Compute' is required to get the change propagated
+{
+  "id": "/subscriptions/819ef61d-786e-4906-bbd7-9061b095a91d/providers/Microsoft.Features/providers/Microsoft.Compute/features/EncryptionAtHost",
+  "name": "Microsoft.Compute/EncryptionAtHost",
+  "properties": {
+    "state": "Registered"
+  },
+  "type": "Microsoft.Features/providers/features"
+}
+alastairlock@Mac lung_cancer_screening %

infrastructure/terraform/hub/virtual_desktop.tf

@@ -19,6 +19,9 @@ locals {
     var.virtual_desktop_group_active == "both-with-blue-primary-but-equal-vms" || var.virtual_desktop_group_active == "both-with-green-primary-but-equal-vms"
   )
 
+  entra_users_group_id  = "14fb0025-1031-4f11-b374-837f2b9453c1"
+  entra_admins_group_id = "22f7249-6d90-493a-97f8-137eb9aac9bc"
+  principal_id          = "9cdead84-a844-4324-93f2-b2e6bb768d07"
 }
 
 resource "azurerm_resource_group" "avd-blue" {
@@ -28,6 +31,17 @@ resource "azurerm_resource_group" "avd-blue" {
   location = each.key
 }
 
+resource "azurerm_role_assignment" "avd_autoscale_blue" {
+  for_each = (local.deploy_blue_avd ? var.regions : {})
+
+  scope                = azurerm_resource_group.avd-blue[each.key].id
+  role_definition_name = "Desktop Virtualization Contributor"
+
+  # Azure Virtual Desktop autoscale service principal (Microsoft-managed)
+  principal_id         = local.principal_id
+}
+
+
 module "virtual-desktop-blue" {
   for_each = (local.deploy_blue_avd ? var.regions : {})
 
@@ -45,7 +59,7 @@ module "virtual-desktop-blue" {
   #   : data.azuread_group.avd_users.id
   # )
 
-  entra_users_group_id = "14fb0025-1031-4f11-b374-837f2b9453c1"
+  entra_users_group_id = local.entra_users_group_id
 
 
   # entra_admins_group_id = (
@@ -54,7 +68,7 @@ module "virtual-desktop-blue" {
   #   : data.azuread_group.avd_admins.id
   # )
 
-  entra_admins_group_id = "22f7249-6d90-493a-97f8-137eb9aac9bc"
+  entra_admins_group_id = local.entra_admins_group_id
 
   maximum_sessions_allowed  = var.avd_maximum_sessions_allowed
   resource_group_name       = azurerm_resource_group.avd-blue[each.key].name
@@ -105,14 +119,15 @@ module "virtual-desktop-green" {
   #   : data.azuread_group.avd_users.id
   # )
 
-  entra_users_group_id = "14fb0025-1031-4f11-b374-837f2b9453c1"
+  entra_users_group_id = local.entra_users_group_id
 
   # entra_admins_group_id = (
   #   local.green_avd_primary
   #   ? data.azuread_group.avd_admins.id
   #   : data.azuread_group.avd_admins.id
   # )
-  entra_admins_group_id = "22f7249-6d90-493a-97f8-137eb9aac9bc"
+
+  entra_admins_group_id = local.entra_admins_group_id
 
   maximum_sessions_allowed  = var.avd_maximum_sessions_allowed
   resource_group_name       = azurerm_resource_group.avd-green[each.key].name