This is a preview of azurerm module for enterprise-scale landing zones on Terraform. Microsoft Cloud Adoption Framework for Azure provides you with guidance and best practices to adopt Azure.
Deploying the core of enterprise-scale landing zones will use two elements:
- landing zones repository (https://github.com/Azure/caf-terraform-landingzones): will assemble all components together and do service composition.
- this module, called from the Terraform registry (https://registry.terraform.io/namespaces/aztfmod): will provide all the logic to deploy fundamental components.
This module can be called from landing zones using the Terraform registry: https://registry.terraform.io/modules/aztfmod/caf-enterprise-scale/azurerm/
module "caf-enterprise-scale" {
source = "aztfmod/caf-enterprise-scale/azurerm"
version = "~>0.2"
# insert the 7 required variables here
}-
Prerequisites are the same as for current version of landing zones, please setup your environment using the following guide: https://github.com/Azure/caf-terraform-landingzones/blob/master/documentation/getting_started/getting_started.md.
-
Clone the Azure landing zones repo:
git clone --branch vnext https://github.com/Azure/caf-terraform-landingzones.git /tf/caf/public
- Log in the subscription with the rover:
rover login
### you can alternatively specify the tenant space and subscription ID on command line arguments:
rover login --tenant <tenant_name>.onmicrosoft.com -s <subscription_id>- Deploy the basic launchpad:
rover -lz /tf/caf/public/landingzones/caf_launchpad -launchpad -var-file /tf/caf/public/landingzones/caf_launchpad/scenario/100/configuration.tfvars -a applyOnce completed you would see 2 resource groups in your subscription. The scenario 100 is pretty basic and include the minimum to get the terraform remote state management working.
- Upgrade to advanced launchpad (if you have Azure AD permissions - not working on AIRS):
rover -lz /tf/caf/public/landingzones/caf_launchpad -launchpad -var-file /tf/caf/public/landingzones/caf_launchpad/scenario/200/configuration.tfvars -a apply- Deploy the caf_foundations. This is currently mostly a stub, but will implement enterprise management groups, policies, alerts, etc.:
rover -lz /tf/caf/public/landingzones/caf_foundations -a apply- Deploy a networking scenario:
rover -lz /tf/caf/public/landingzones/caf_networking/ -var-file /tf/caf/public/landingzones/caf_networking/scenario/100-single-region-hub/configuration.tfvars -a applyThis vnext is relying extensively on Terraform 0.13 capabilities (module iterations, conditional modules, variables validation, etc.).
Those new features allow more complex and more dynamic code composition. The following concepts are used:
- No code environment composition: a landing zone environment can be composed customizing variable files and code must be robust enough to accommodate combinations and composition.
- Flexible foundations to meet customer needs: everything is customizable at all layers.
- Key-based configuration and customization: all configuration objects will call each other based on the object keys.
- Iteration-based objects deployment: a landing zone calls all its modules, iterating on complex objects for technical resources deployment.
We categorize the various examples in this repo as follow:
| level | functionalities | supported environments |
|---|---|---|
| 100 | basic functionalities and features, no RBAC or security hardening - for demo and simple POC | working on AIRS subscriptions |
| 200 | intermediate functionalities includes RBAC features | may not work in AIRS, need AAD permissions |
| 300 | advanced functionalities, multi region support, includes RBAC features | not working in AIRS, need AAD permissions |
| 400 | advanced functionalities, multi region support, includes RBAC features and security hardening | not working in AIRS, need AAD permissions |
Once you deploy the core enterprise scale components, you can leverage the following additional solution landing zones:
| Solution | URL |
|---|---|
| Azure Kubernetes Services | https://github.com/aztfmod/landingzone_aks |
| Data and Analytics | https://github.com/aztfmod/landingzone_data_analytics |
| SAP on Azure | https://github.com/aztfmod/terraform-azurerm-sap |
| Shared Image Gallery | https://github.com/aztfmod/landingzone_shared_image_gallery |
To review the enterprise-scale on Terraform landing zone hierarchy model, you can refer to the classic model:
- Hierarchy model: https://github.com/Azure/caf-terraform-landingzones/blob/master/documentation/code_architecture/hierarchy.md
- Delivery model: https://github.com/Azure/caf-terraform-landingzones/blob/master/documentation/delivery/delivery_landingzones.md
| Repo | Description |
|---|---|
| caf-terraform-landingzones | landing zones repo with sample and core documentations |
| rover | devops toolset for operating landing zones |
| azure_caf_provider | custom provider for naming conventions |
| modules | set of curated modules available in the Terraform registry |
Feel free to open an issue for feature or bug, or to submit a PR.
In case you have any question, you can reach out to tf-landingzones at microsoft dot com.
You can also reach us on Gitter
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.