Upgrade Azure Firewall to Premium in LIVE

[AErmie]

As part of our network security requirements, we will be exploring the use of Azure Firewall Premium features.

This requires updating the existing CAF Terraform module settings (specifically the settings.connectivity.tf file), and changing the Azure Firewall SKU to "Premium".

            azure_firewall = {
              enabled = true
              config = {
                enable_dns_proxy = true
                dns_servers = [
                  "10.41.12.4" # Prvate IP address of Private DNS Resolver inbound endpoint
                ]
                sku_tier                      = "Premium"
                base_policy_id                = ""
                private_ip_ranges             = []
                threat_intelligence_mode      = ""
                threat_intelligence_allowlist = {}
                availability_zones = {
                  zone_1 = true
                  zone_2 = true
                  zone_3 = true
                }
              }
            }

IMPORTANT

See the comments in Upgrade Azure Firewall to Premium in FORGE regarding upgrade experience, downtime, etc.

Order of Operations

1. Manually removing the Policy association.
2. Applying the CAF Terraform module (with the updated SKU)
3. Re-applying the Azure Firewall Policy with the Rule Collection Groups, etc.

[AErmie]

Firewall upgrade has been completed: https://github.com/BC-Gov-PaaS-Platform-Services/azure-lz-core-live/actions/runs/11253429108/job/31288670132

Additionally, re-applying the firewall rules (specifically for 443 and DNS) has also been completed.