TEST CASE - Deploy LZ Starter to MAG, Single Subscription, using Terraform CLI, Remote State Storage

[timothymeyers]

This issue is a test case for landing zone starter deployment.

This issue is for a: (mark with an x)

- [ ] bug report -> please search issues before submitting
- [X] test case
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Test steps

0. (Optionally) Create a branch (or Fork) for testing
1. Clone repository to your local computer (or into a Codespace)
2. cd <cloned-dir>/infrastructure/terraform
3. cp ../../tfvars/parameters.tfvars .
4. terraform version (should be version >= 1.4.6)
5. Authenticate Terraform with Azure. Note that authenticating with Azure Government requires the use of the ARM_ENVIRONMENT environment variable and az cloud set
6. Configure Terraform for Remote state storage. A helper script az-remote-backend.sh is described in this doc, but YMMV.
7. terraform init
8. terraform plan -out test.plan
9. terraform apply -f test.plan

Expected Results:

1. Remote Terraform State - this should be in a storage account by your naming. ref in doc Remote-State-Storage.md)
2. Landing Zone RGs with LZ resources - assumes location is usgovirginia (usgva) a. anoa-usgva-alerting-dev-rg b. anoa-usgva-devsecops-dev-rg c. anoa-usgva-hub-core-dev-rg d. anoa-usgva-id-dev-rg e. anoa-usgva-ops-dev-rg f. anoa-usgva-ops-mgt-logging-dev-rg
3. Check for AZ firewall at premium level in anoa-usgva-hub-core-dev-rg
4. Check if there is a Log Analytics workspace in anoa-usgva-ops-mgt-logging-dev-rg
5. Check if there is a Activity log alert rule in the anoa-usgva-alerting-dev-rg
6. Check if there is a vnet, subnet and nsg in all the resource groups
7. Check if Force Tunneling is in each management spoke resource groups

Other helpful details