updates to readme for allowedIpAddress parameter for Bastion policy

Author: mswantek68

README.md

@@ -42,10 +42,11 @@ The diagram below illustrates the capabilities included in the template.
 
 1. Have access to an Azure subscription and Entra ID account with Contributor permissions.
 2. Confirm the subscription you are deploying into has the [Required Roles and Scopes](docs/Required_roles_scopes_resources.md).
-3. If deploying from your [local environment](docs/local_environment_steps.md), install the [Azure Developer CLI (AZD)](https://learn.microsoft.com/en-us/azure/developer/azure-developer-cli/install-azd?tabs=winget-windows%2Cbrew-mac%2Cscript-linux&pivots=os-windows).
-4. If deploying via [GitHub Codespaces](docs/github_code_spaces_steps.md) - requires the user to be on a GitHub Team or Enterprise Cloud plan.
-5. If leveraging [One-click deployment](#quick-deploy).
-6. If leveraging [GitHub Actions](docs/github_actions_steps.md).
+3. The solution ensures secure access to the private VNET through a jump-box VM with Azure Bastion. By default, Bastion does not require an inbound NSG rule for network traffic. However, if your environment enforces specific policy rules, you can resolve access issues by entering your machine's IP address in the `allowedIpAddress` parameter when prompted during deployment. If not specified, all IP addresses are allowed to connect to Azure Bastion. 
+4. If deploying from your [local environment](docs/local_environment_steps.md), install the [Azure Developer CLI (AZD)](https://learn.microsoft.com/en-us/azure/developer/azure-developer-cli/install-azd?tabs=winget-windows%2Cbrew-mac%2Cscript-linux&pivots=os-windows).
+5. If deploying via [GitHub Codespaces](docs/github_code_spaces_steps.md) - requires the user to be on a GitHub Team or Enterprise Cloud plan.
+6. If leveraging [One-click deployment](#quick-deploy).
+7. If leveraging [GitHub Actions](docs/github_actions_steps.md).
 
 For additional documentation of the default enabled services of this solution accelerator, please see:
 

infra/main.bicep

@@ -15,7 +15,7 @@ param connections connectionType[] = []
 param aiModelDeployments deploymentsType[] = []
 
 @description('Specifies whether creating an Azure Container Registry.')
-param acrEnabled bool //= false
+param acrEnabled bool 
 
 @description('Specifies the size of the jump-box Virtual Machine.')
 param vmSize string = 'Standard_DS4_v2'
@@ -38,7 +38,7 @@ param tags object = {}
 param userObjectId string = deployer().objectId
 
 @description('Specifies if Microsoft APIM is deployed.')
-param apiManagementEnabled bool //= false
+param apiManagementEnabled bool 
 
 @description('Specifies the publisher email for the API Management service. Defaults to admin@[name].com.')
 param apiManagementPublisherEmail string = 'admin@${name}.com'
@@ -47,13 +47,13 @@ param apiManagementPublisherEmail string = 'admin@${name}.com'
 param networkIsolation bool = true
 
 @description('Whether to include Cosmos DB in the deployment.')
-param cosmosDbEnabled bool //= false
+param cosmosDbEnabled bool 
 
 @description('Optional. List of Cosmos DB databases to deploy.')
 param cosmosDatabases sqlDatabaseType[] = []
 
 @description('Whether to include SQL Server in the deployment.')
-param sqlServerEnabled bool //= false
+param sqlServerEnabled bool 
 
 @description('Optional. List of SQL Server databases to deploy.')
 param sqlServerDatabases databasePropertyType[] = []