-
Notifications
You must be signed in to change notification settings - Fork 37
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: update avm module and docs improvements
- Loading branch information
1 parent
cf0b373
commit 2b7906f
Showing
15 changed files
with
661 additions
and
0 deletions.
There are no files selected for viewing
85 changes: 85 additions & 0 deletions
85
...one/examples/bootstrap/inputs-azure-devops-terraform-financial-services-landing-zone.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
--- | ||
# Basic Inputs | ||
iac: "terraform" | ||
bootstrap: "alz_azuredevops" | ||
starter: "financial_services_landing_zone" | ||
|
||
# Shared Interface Inputs | ||
bootstrap_location: "<region-1>" | ||
starter_locations: ["<region-1>"] # NOTE: FSI only support a single region by design | ||
root_parent_management_group_id: "" | ||
subscription_id_management: "<management-subscription-id>" | ||
subscription_id_identity: "<identity-subscription-id>" | ||
subscription_id_connectivity: "<connectivity-subscription-id>" | ||
|
||
# Bootstrap Inputs | ||
azure_devops_personal_access_token: "<token-1>" | ||
azure_devops_agents_personal_access_token: "<token-2>" | ||
azure_devops_organization_name: "<azure-devops-organization>" | ||
use_separate_repository_for_templates: true | ||
bootstrap_subscription_id: "" | ||
service_name: "fsi" | ||
environment_name: "mgmt" | ||
postfix_number: 1 | ||
azure_devops_use_organisation_legacy_url: false | ||
azure_devops_create_project: true | ||
azure_devops_project_name: "<azure-devops-project-name>" | ||
use_self_hosted_agents: true | ||
use_private_networking: true | ||
allow_storage_access_from_my_ip: false | ||
apply_approvers: ["<email-address>"] | ||
create_branch_policies: true | ||
architecture_definition_name: "fsi" | ||
apply_alz_archetypes_via_architecture_definition_template: true | ||
|
||
# Starter Module Specific Variables | ||
allowed_locations: [] | ||
allowed_locations_for_confidential_computing: [] | ||
az_firewall_policies_enabled: true | ||
bastion_outbound_ssh_rdp_ports: ["22", "3389"] | ||
custom_subnets: { | ||
AzureBastionSubnet: { | ||
address_prefixes: "10.20.15.0/24", | ||
name: "AzureBastionSubnet", | ||
networkSecurityGroupId: "", | ||
routeTableId: "" | ||
}, | ||
AzureFirewallSubnet: { | ||
address_prefixes: "10.20.254.0/24", | ||
name: "AzureFirewallSubnet", | ||
networkSecurityGroupId: "", | ||
routeTableId: "" | ||
}, | ||
GatewaySubnet: { | ||
address_prefixes: "10.20.252.0/24", | ||
name: "GatewaySubnet", | ||
networkSecurityGroupId: "", | ||
routeTableId: "" | ||
} | ||
} | ||
customer: "Country/Region" | ||
customer_policy_sets: {} | ||
default_postfix: "" | ||
default_prefix: "fsi" | ||
deploy_bastion: true | ||
deploy_ddos_protection: true | ||
deploy_hub_network: true | ||
deploy_log_analytics_workspace: true | ||
enable_firewall: true | ||
enable_telemetry: true | ||
express_route_gateway_config: {name: "noconfigEr"} | ||
hub_network_address_prefix: "10.20.0.0/16" | ||
landing_zone_management_group_children: {} | ||
log_analytics_workspace_retention_in_days: "365" | ||
ms_defender_for_cloud_email_security_contact: "[email protected]" | ||
policy_assignment_enforcement_mode: "Default" | ||
policy_effect: "Deny" | ||
policy_exemptions: {} | ||
subscription_billing_scope: "" | ||
tags: {} | ||
use_premium_firewall: true | ||
vpn_gateway_config: {name: "noconfigVpn"} | ||
|
||
# Advanced Inputs | ||
bootstrap_module_version: "v4.1.3" | ||
starter_module_version: "latest" |
82 changes: 82 additions & 0 deletions
82
...ding_zone/examples/bootstrap/inputs-github-terraform-financial-services-landing-zone.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
--- | ||
# Basic Inputs | ||
iac: "terraform" | ||
bootstrap: "alz_github" | ||
starter: "financial_services_landing_zone" | ||
|
||
# Shared Interface Inputs | ||
bootstrap_location: "<region-1>" | ||
starter_locations: ["<region-1>"] # NOTE: FSI only support a single region by design | ||
root_parent_management_group_id: "" | ||
subscription_id_management: "<management-subscription-id>" | ||
subscription_id_identity: "<identity-subscription-id>" | ||
subscription_id_connectivity: "<connectivity-subscription-id>" | ||
|
||
# Bootstrap Inputs | ||
github_personal_access_token: "<token-1>" | ||
github_runners_personal_access_token: "<token-2>" | ||
github_organization_name: "<github-organization>" | ||
use_separate_repository_for_templates: true | ||
bootstrap_subscription_id: "" | ||
service_name: "fsi" | ||
environment_name: "mgmt" | ||
postfix_number: 1 | ||
use_self_hosted_runners: true | ||
use_private_networking: true | ||
allow_storage_access_from_my_ip: false | ||
apply_approvers: ["<email-address>"] | ||
create_branch_policies: true | ||
architecture_definition_name: "fsi" | ||
apply_alz_archetypes_via_architecture_definition_template: true | ||
|
||
# Starter Module Specific Variables | ||
allowed_locations: [] | ||
allowed_locations_for_confidential_computing: [] | ||
az_firewall_policies_enabled: true | ||
bastion_outbound_ssh_rdp_ports: ["22", "3389"] | ||
custom_subnets: { | ||
AzureBastionSubnet: { | ||
address_prefixes: "10.20.15.0/24", | ||
name: "AzureBastionSubnet", | ||
networkSecurityGroupId: "", | ||
routeTableId: "" | ||
}, | ||
AzureFirewallSubnet: { | ||
address_prefixes: "10.20.254.0/24", | ||
name: "AzureFirewallSubnet", | ||
networkSecurityGroupId: "", | ||
routeTableId: "" | ||
}, | ||
GatewaySubnet: { | ||
address_prefixes: "10.20.252.0/24", | ||
name: "GatewaySubnet", | ||
networkSecurityGroupId: "", | ||
routeTableId: "" | ||
} | ||
} | ||
customer: "Country/Region" | ||
customer_policy_sets: {} | ||
default_postfix: "" | ||
default_prefix: "fsi" | ||
deploy_bastion: true | ||
deploy_ddos_protection: true | ||
deploy_hub_network: true | ||
deploy_log_analytics_workspace: true | ||
enable_firewall: true | ||
enable_telemetry: true | ||
express_route_gateway_config: {name: "noconfigEr"} | ||
hub_network_address_prefix: "10.20.0.0/16" | ||
landing_zone_management_group_children: {} | ||
log_analytics_workspace_retention_in_days: "365" | ||
ms_defender_for_cloud_email_security_contact: "[email protected]" | ||
policy_assignment_enforcement_mode: "Default" | ||
policy_effect: "Deny" | ||
policy_exemptions: {} | ||
subscription_billing_scope: "" | ||
tags: {} | ||
use_premium_firewall: true | ||
vpn_gateway_config: {name: "noconfigVpn"} | ||
|
||
# Advanced Inputs | ||
bootstrap_module_version: "v4.1.3" | ||
starter_module_version: "latest" |
75 changes: 75 additions & 0 deletions
75
...nding_zone/examples/bootstrap/inputs-local-terraform-financial-services-landing-zone.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
--- | ||
# Basic Inputs | ||
iac: "terraform" | ||
bootstrap: "alz_local" | ||
starter: "financial_services_landing_zone" | ||
|
||
# Shared Interface Inputs | ||
bootstrap_location: "<region-1>" | ||
starter_locations: ["<region-1>"] # NOTE: FSI only support a single region by design | ||
root_parent_management_group_id: "" | ||
subscription_id_management: "<management-subscription-id>" | ||
subscription_id_identity: "<identity-subscription-id>" | ||
subscription_id_connectivity: "<connectivity-subscription-id>" | ||
|
||
# Bootstrap Inputs | ||
target_directory: "" | ||
create_bootstrap_resources_in_azure: false | ||
bootstrap_subscription_id: "" | ||
service_name: "fsi" | ||
environment_name: "mgmt" | ||
postfix_number: 1 | ||
architecture_definition_name: "fsi" | ||
apply_alz_archetypes_via_architecture_definition_template: true | ||
|
||
# Starter Module Specific Variables | ||
allowed_locations: [] | ||
allowed_locations_for_confidential_computing: [] | ||
az_firewall_policies_enabled: true | ||
bastion_outbound_ssh_rdp_ports: ["22", "3389"] | ||
custom_subnets: { | ||
AzureBastionSubnet: { | ||
address_prefixes: "10.20.15.0/24", | ||
name: "AzureBastionSubnet", | ||
networkSecurityGroupId: "", | ||
routeTableId: "" | ||
}, | ||
AzureFirewallSubnet: { | ||
address_prefixes: "10.20.254.0/24", | ||
name: "AzureFirewallSubnet", | ||
networkSecurityGroupId: "", | ||
routeTableId: "" | ||
}, | ||
GatewaySubnet: { | ||
address_prefixes: "10.20.252.0/24", | ||
name: "GatewaySubnet", | ||
networkSecurityGroupId: "", | ||
routeTableId: "" | ||
} | ||
} | ||
customer: "Country/Region" | ||
customer_policy_sets: {} | ||
default_postfix: "" | ||
default_prefix: "fsi" | ||
deploy_bastion: true | ||
deploy_ddos_protection: true | ||
deploy_hub_network: true | ||
deploy_log_analytics_workspace: true | ||
enable_firewall: true | ||
enable_telemetry: true | ||
express_route_gateway_config: {name: "noconfigEr"} | ||
hub_network_address_prefix: "10.20.0.0/16" | ||
landing_zone_management_group_children: {} | ||
log_analytics_workspace_retention_in_days: "365" | ||
ms_defender_for_cloud_email_security_contact: "[email protected]" | ||
policy_assignment_enforcement_mode: "Default" | ||
policy_effect: "Deny" | ||
policy_exemptions: {} | ||
subscription_billing_scope: "" | ||
tags: {} | ||
use_premium_firewall: true | ||
vpn_gateway_config: {name: "noconfigVpn"} | ||
|
||
# Advanced Inputs | ||
bootstrap_module_version: "v4.1.3" | ||
starter_module_version: "latest" |
89 changes: 89 additions & 0 deletions
89
...landing_zone/examples/bootstrap/inputs-azure-devops-terraform-sovereign-landing-zone.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
--- | ||
# For detailed instructions on using this file, visit: | ||
# https://github.com/Azure/ALZ-PowerShell-Module/wiki/%5BUser-Guide%5D-Quick-Start-Phase-2-Azure-DevOps#2212-azure-devops-with-terraform | ||
|
||
# Basic Inputs | ||
iac: "terraform" | ||
bootstrap: "alz_azuredevops" | ||
starter: "sovereign_landing_zone" | ||
|
||
# Shared Interface Inputs | ||
bootstrap_location: "<region-1>" | ||
starter_locations: ["<region-1>"] # NOTE: SLZ only support a single region by design | ||
root_parent_management_group_id: "" | ||
subscription_id_management: "<management-subscription-id>" | ||
subscription_id_identity: "<identity-subscription-id>" | ||
subscription_id_connectivity: "<connectivity-subscription-id>" | ||
|
||
# Bootstrap Inputs | ||
azure_devops_personal_access_token: "<token-1>" | ||
azure_devops_agents_personal_access_token: "<token-2>" | ||
azure_devops_organization_name: "<azure-devops-organization>" | ||
use_separate_repository_for_templates: true | ||
bootstrap_subscription_id: "" | ||
service_name: "slz" | ||
environment_name: "mgmt" | ||
postfix_number: 1 | ||
azure_devops_use_organisation_legacy_url: false | ||
azure_devops_create_project: true | ||
azure_devops_project_name: "<azure-devops-project-name>" | ||
use_self_hosted_agents: true | ||
use_private_networking: true | ||
allow_storage_access_from_my_ip: false | ||
apply_approvers: ["<email-address>"] | ||
create_branch_policies: true | ||
architecture_definition_name: "slz" | ||
apply_alz_archetypes_via_architecture_definition_template: true | ||
|
||
# Sovereign Landing Zone Starter Module Specific Variables | ||
# (Details: https://github.com/Azure/ALZ-PowerShell-Module/wiki/%5BUser-Guide%5D-Starter-Module-Terraform-Sovereign-Landing-Zone) | ||
allowed_locations: [] | ||
allowed_locations_for_confidential_computing: [] | ||
az_firewall_policies_enabled: true | ||
bastion_outbound_ssh_rdp_ports: ["22", "3389"] | ||
custom_subnets: { | ||
AzureBastionSubnet: { | ||
address_prefixes: "10.20.15.0/24", | ||
name: "AzureBastionSubnet", | ||
networkSecurityGroupId: "", | ||
routeTableId: "" | ||
}, | ||
AzureFirewallSubnet: { | ||
address_prefixes: "10.20.254.0/24", | ||
name: "AzureFirewallSubnet", | ||
networkSecurityGroupId: "", | ||
routeTableId: "" | ||
}, | ||
GatewaySubnet: { | ||
address_prefixes: "10.20.252.0/24", | ||
name: "GatewaySubnet", | ||
networkSecurityGroupId: "", | ||
routeTableId: "" | ||
} | ||
} | ||
customer: "Country/Region" | ||
customer_policy_sets: {} | ||
default_postfix: "" | ||
default_prefix: "slz" | ||
deploy_bastion: true | ||
deploy_ddos_protection: true | ||
deploy_hub_network: true | ||
deploy_log_analytics_workspace: true | ||
enable_firewall: true | ||
enable_telemetry: true | ||
express_route_gateway_config: {name: "noconfigEr"} | ||
hub_network_address_prefix: "10.20.0.0/16" | ||
landing_zone_management_group_children: {} | ||
log_analytics_workspace_retention_in_days: "365" | ||
ms_defender_for_cloud_email_security_contact: "[email protected]" | ||
policy_assignment_enforcement_mode: "Default" | ||
policy_effect: "Deny" | ||
policy_exemptions: {} | ||
subscription_billing_scope: "" | ||
tags: {} | ||
use_premium_firewall: true | ||
vpn_gateway_config: {name: "noconfigVpn"} | ||
|
||
# Advanced Inputs | ||
bootstrap_module_version: "latest" | ||
starter_module_version: "latest" |
Oops, something went wrong.