Hardcoding the Azure location

[christophetd]

Context

As part of adding support for Azure (thanks to @rcobb-scwx), we identified that the Azure Terraform provider behaves differently than the AWS one.

More precisely:

• An AWS Terraform provider configuration is specific to 1 region, sources automatically from environment
• An Azure Terraform provider configuration is not specific to a region. It can be used to provision resources in multiple regions.

When using Azure, the typical use-case is to create a resource group (in a specific location), and then provision resources in this resource group:

resource "azurerm_resource_group" "my-rg" {
  name     = "my-resourcegroup"
  location = "West US"
}

resource "azurerm_virtual_network" "my-vnet" {
  resource_group_name = azurerm_resource_group.my-rg.name
  // ...
}

In particular, the location argument is mandatory and cannot be sourced from environment.

Problem

The current behavior for AWS is to not handle any region in the Stratus Red Team code, and instead let the user configure his environment or AWS configuration file as they prefer:

$ stratus detonate aws.xxx # Runs in the default region as configured in .aws/config
$ AWS_REGION=us-east-1 stratus detonate aws.xxx # Runs in another region

For Azure, we can't follow this model.

Options

Option 1: Hardcode the Azure location name

Pros: Simple
Cons: Magic values, not configurable, would be challenging to change.

Option 2: Allow the user to specify an Azure location through an environment variable

Pros: Configurable (potentially with a default)
Cons: Requires adding functionality to the core to start passing Terraform input variables to the Terraform code of individual attack techniques.

Decision

Hardcode the Azure location name. Supporting factors:

• In general, the monitoring of Azure activity logs is done per subscription (not "per location"), so users should not miss the generated events
• This avoids having to touch the core of Stratus Red Team
• There is no evidence users care about being able to configure the Azure location