update docs so that users know Firewall Premium is the default

[glennmusa]

Description

Sets the firewallSkuTier parameter in the Bicep deployment to Premium in clouds that support it and Standard elsewhere.

Updates documentation so that a user can override this value at deployment time.

Issue reference

The issue this PR will close: #357

Checklist

Please make sure you've completed the relevant tasks for this PR out of the following list:

• All acceptance criteria in the backlog item are met
• The documentation is updated to cover any new or changed features
• Manual tests have passed
• Relevant issues are linked to this PR

[shawngib]

Is this truly needed beyond documenting as premium will be released in GOV, we should also consider this along with other settings for none public/gov deployments.

[glennmusa]

Is this truly needed beyond documenting as premium will be released in GOV, we should also consider this along with other settings for none public/gov deployments.

I'm for documenting "if your deployment isn't into one of these regions, then set firewallSkuTier=Standard" but that sounds error-prone given we currently default to Premium.

Ideally, a custom validator/function would be helpful here that could check an ARM authoritative set of supported regions, but, given that a Firewall is not optional I think this change increases the likelihood a quickstart deploys without user intervention in whichever cloud the deployment occurs in. I will still update the docs for supported regions since that makes sense to warn of potential failure ahead of deployment.

I think your second point, design considerations for region-specific resource availability, is valuable, but both the design and implementation of that is new and undefined scope. It smells like maintaining where resource X and resource Y work in every region across clouds is expensive to maintain, changes with each provider version, and is an unknown and will not be implemented for air gapped clouds.

[shawngib]

Just to be clear by what I mean do we still need this. "Development word on the street is that Azure FW Premium is available for use in USSec. We will try to get a verification of this, this week" quote from Byron. If premium becomes supported in all, sooner rather than later are we forcing something we shouldn't?

[glennmusa]

Just to be clear by what I mean do we still need this. "Development word on the street is that Azure FW Premium is available for use in USSec. We will try to get a verification of this, this week" quote from Byron. If premium becomes supported in all, sooner rather than later are we forcing something we shouldn't?

after our other discussions about user's decisions always being first, I'm in agreement that we default something and provide docs to point them to when they need to change something, will update.

[shawngib]

Perfect!!