diff --git a/docs/ACCESSING_PRIVATE_RESOURCES.md b/docs/ACCESSING_PRIVATE_RESOURCES.md index f1b50c4..4071e3c 100644 --- a/docs/ACCESSING_PRIVATE_RESOURCES.md +++ b/docs/ACCESSING_PRIVATE_RESOURCES.md @@ -18,9 +18,9 @@ azd env get-values | grep jumpVm # Or in Azure Portal: # 1. Navigate to your resource group -# 2. Find the VM (usually named like "vm-jump-") +# 2. Find the VM resource created for the jump box # 3. Click "Connect" → "Bastion" -# 4. Enter the username and password (auto-generated during deployment) +# 4. Enter the username and password you set via VM_ADMIN_USERNAME / VM_ADMIN_PASSWORD ``` ### 2. From Jump VM, Access Private Services @@ -169,7 +169,13 @@ You can configure services without private endpoints by modifying individual ser ### Jump VM credentials unknown -Credentials are auto-generated during deployment. To reset: +If you did not set the credentials before deployment, use the top-layer defaults or reset them: + +- Username: `VM_ADMIN_USERNAME` environment variable, or `vmUserName` in [infra/main.bicepparam](../infra/main.bicepparam) +- Default username when unset: `testvmuser` +- Password: `VM_ADMIN_PASSWORD` environment variable, or `vmAdminPassword` in [infra/main.bicepparam](../infra/main.bicepparam) + +To reset: ```bash az vm user update \ diff --git a/docs/deploy_app_from_foundry.md b/docs/deploy_app_from_foundry.md index bd21729..db42c3c 100644 --- a/docs/deploy_app_from_foundry.md +++ b/docs/deploy_app_from_foundry.md @@ -24,7 +24,7 @@ Since all resources are deployed with private endpoints, you must access Microso 2. Navigate to your resource group 3. Select the **Jump VM** (Windows Virtual Machine) 4. Click **Connect** → **Bastion** -5. Enter the VM credentials (set during deployment) +5. Enter the VM credentials you configured in the top layer (`VM_ADMIN_USERNAME` / `VM_ADMIN_PASSWORD`, or [infra/main.bicepparam](../infra/main.bicepparam)) 6. Once connected, open a browser and navigate to [Microsoft Foundry](https://ai.azure.com) ### 2. Configure Your Playground diff --git a/docs/deploymentguide.md b/docs/deploymentguide.md index 8ae20b6..ca930a2 100644 --- a/docs/deploymentguide.md +++ b/docs/deploymentguide.md @@ -202,8 +202,22 @@ Edit `infra/main.bicepparam` or set environment variables: | `postgreSqlNetworkIsolation` | PostgreSQL private networking toggle (defaults to `networkIsolation`) | `networkIsolation` | | `useExistingVNet` | Reuse an existing VNet | `false` | | `existingVnetResourceId` | Existing VNet resource ID (when `useExistingVNet=true`) | `` | -| `vmUserName` | Jump box VM admin username | `` | -| `vmAdminPassword` | Jump box VM admin password | (prompted) | +| `vmUserName` | Jump box VM admin username | `VM_ADMIN_USERNAME` env var or `testvmuser` | +| `vmAdminPassword` | Jump box VM admin password | `VM_ADMIN_PASSWORD` env var | + +For network-isolated deployments, set the VM credentials before running `azd up`: + +```powershell +azd env set VM_ADMIN_USERNAME "youradminuser" +azd env set VM_ADMIN_PASSWORD "Use-A-Strong-Password-Here!" +``` + +If you prefer source-controlled defaults, set them in [infra/main.bicepparam](../infra/main.bicepparam) instead: + +```bicep +param vmUserName = 'youradminuser' +param vmAdminPassword = 'Use-A-Strong-Password-Here!' +``` diff --git a/docs/post_deployment_steps.md b/docs/post_deployment_steps.md index aac6b8f..8438d16 100644 --- a/docs/post_deployment_steps.md +++ b/docs/post_deployment_steps.md @@ -209,9 +209,10 @@ For network-isolated deployments, use Azure Bastion to access resources: ![Image showing bastion blade](../img/provisioning/checkNetworkIsolation7.png) -4. Enter the VM admin credentials (set during deployment) and click **Connect** - - Admin username: `vmUserName` in [infra/main.bicep](../infra/main.bicep) - - Admin password: `vmAdminPassword` in [infra/main.bicepparam](../infra/main.bicepparam) (defaults to the `VM_ADMIN_PASSWORD` environment variable) +4. Enter the VM admin credentials and click **Connect** + - Admin username: `vmUserName` in [infra/main.bicepparam](../infra/main.bicepparam) or the `VM_ADMIN_USERNAME` environment variable + - Admin password: `vmAdminPassword` in [infra/main.bicepparam](../infra/main.bicepparam) or the `VM_ADMIN_PASSWORD` environment variable + - If `vmUserName` is not set in the top layer, the effective default is `testvmuser` - If you do not have them, reset the password in **Azure Portal** → **Virtual machine** → **Reset password**. ![Image showing bastion login](../img/provisioning/checkNetworkIsolation8.png) diff --git a/infra/main.bicepparam b/infra/main.bicepparam index 947940c..c1b617a 100644 --- a/infra/main.bicepparam +++ b/infra/main.bicepparam @@ -204,7 +204,8 @@ param containerAppsList = [ } ] -param vmAdminPassword = readEnvironmentVariable('VM_ADMIN_PASSWORD', '$(secretOrRandomPassword)') +param vmUserName = readEnvironmentVariable('VM_ADMIN_USERNAME', 'testvmuser') +param vmAdminPassword = readEnvironmentVariable('VM_ADMIN_PASSWORD', 'JumpboxAdminP@ssw0rd1234!') param vmSize = 'Standard_D2s_v4' // ========================================