-
Notifications
You must be signed in to change notification settings - Fork 517
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feedback Request - AVM Integration and Accelerator Enhancements #791
Comments
Looks looks promising! 💯 The proposed AVM integration does not mention a module for policy exemptions, this was added recently in |
Moving to AVM sounds like the logical step to take to move forward with ALZ-Bicep, although I realize it's quite a project. As more and more people are starting to adopt AVM, it would be illogical for ALZ-Bicep to stay behind. Some of the things I would like to see when switching to AVM:
|
I think this is the next logical evolution of this repo, as a partner we have created Bicep Landing Zone assets that are based on the LZ vending and this ALZ-Bicep repos to form part of our Platform and Application Landing Zone offerings. As outlined by @MarcoJanse, some of the things we have done include,
|
Thank you @MarcoJanse and @tulpy for your feedback! We have considered transitioning to .bicepparams in the past but there was some complexity/time constraints with the existing modules and having to handle the path references in terms of the Accelerator. However, with using the AVM modules, I think this is something we can take another look at for potentially incorporating. Adding flexibility to the Hub Networking module is definitely one of the core goals for this initiative so glad you feel the same! @MarcoJanse could you clarify what you are referring to in regards to "deployment slots", are you referring to Azure DevOps/GitHub environments for canary testing? @tulpy Very cool to hear that you have created pattern modules for platform landing zones, I'd be interested in hearing any downfalls or concerns (if any) that you have had to address with this. |
Hi @oZakari. Sorry, for the confusion. I meant Bicep deployment stacks. I have now updated my original comment as well. |
@MarcoJanse ah thank you for the clarification! Deployment Stacks are indeed something we are considering again now that they are generally available (GA). We still need to investigate a bit more to be conclusive, but we should be able to shed some more light on this in the near future. |
Hi @oZakari No major issues or downfalls outside minor things like outputs for some AVM modules that don't exist that are passed between modules. The other thing that was a little challenging (not to do with AVM specifically) was Day 2 operations for Azure Firewall Rules and VPN connections, running the Hub module for Azure Firewall rules is quite risky and time-consuming so we created a module that creates the IP Groups and Firewall rules using Bicep Import/Export to make it more modular. We use the existing Hub module to create the Azure Firewall Policy resource and then the new module does the rest. Happy to chat separately if you find that of value. |
Thanks everyone for your feedback, locking this down and will close out once complete! |
Let us know the feedback or general question
Overview
We're currently evaluating the future of ALZ-Bicep and would like to hear your input, before we make any decisions.
We have several ideas up for consideration, and we're looking forward to your feedback on which proposals are most sought after. Or maybe there is something we have missed that you have been thinking about, let us know!
Important
Please add any additional comments or scenarios you would like to discuss either using the comment section below. Looking forward to hearing from you all!
Proposal - Utilize Azure Verified Modules
We're considering migrating towards utilizing AVM into the ALZ Bicep framework to replace the existing ALZ-Bicep built and maintained modules, where possible and appropriate.
Note
There will still be some modules we need to maintain as the ALZ Bicep team, but these will be published as AVM modules also.
What This Means for ALZ-Bicep?
Put very simply, all ALZ Bicep modules will be deprecated and instead a new version of ALZ Bicep will be released that will be built solely of AVM Bicep modules (Resource & Pattern). The ALZ Bicep repo will transition to become the home of the accelerator providing examples and reference code bases of how to deploy the various ALZ reference architectures (Contoso (Virtual WAN), Adventure Works (Hub & Spoke), etc.)
Transition Plan: We are planning to transition all modules to be AVM modules
Benefits for You (Consumers)
Current Architecture
Proposed AVM Integration
Proposal - Provide Different and/or More Complex Deployment Scenarios within the Accelerator
A note on Deployment Stacks
As you may know Deployment Stacks are now GA and therefore as part of this effort for ALZ Bicep, our intent is to also migrate our suggested deployment method to use Deployment Stacks. We are collaborating with the product groups for Deployment Stacks to work through any current limitations and will adapt the re-write to AVM of ALZ Bicep to either accommodate or highlight these for resolution so that Deployment Stacks can be used with the AVM re-write of ALZ Bicep 👍
Call to action
Thanks for getting this far 😂 Please do leave your comments and questions below to help us shape the future of ALZ Bicep
Code of Conduct
The text was updated successfully, but these errors were encountered: