Skip to content

Commit

Permalink
feat: update avm module and docs improvements
Browse files Browse the repository at this point in the history
  • Loading branch information
jaredfholgate committed Dec 13, 2024
1 parent cf0b373 commit 2b7906f
Show file tree
Hide file tree
Showing 15 changed files with 661 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
---
# Basic Inputs
iac: "terraform"
bootstrap: "alz_azuredevops"
starter: "financial_services_landing_zone"

# Shared Interface Inputs
bootstrap_location: "<region-1>"
starter_locations: ["<region-1>"] # NOTE: FSI only support a single region by design
root_parent_management_group_id: ""
subscription_id_management: "<management-subscription-id>"
subscription_id_identity: "<identity-subscription-id>"
subscription_id_connectivity: "<connectivity-subscription-id>"

# Bootstrap Inputs
azure_devops_personal_access_token: "<token-1>"
azure_devops_agents_personal_access_token: "<token-2>"
azure_devops_organization_name: "<azure-devops-organization>"
use_separate_repository_for_templates: true
bootstrap_subscription_id: ""
service_name: "fsi"
environment_name: "mgmt"
postfix_number: 1
azure_devops_use_organisation_legacy_url: false
azure_devops_create_project: true
azure_devops_project_name: "<azure-devops-project-name>"
use_self_hosted_agents: true
use_private_networking: true
allow_storage_access_from_my_ip: false
apply_approvers: ["<email-address>"]
create_branch_policies: true
architecture_definition_name: "fsi"
apply_alz_archetypes_via_architecture_definition_template: true

# Starter Module Specific Variables
allowed_locations: []
allowed_locations_for_confidential_computing: []
az_firewall_policies_enabled: true
bastion_outbound_ssh_rdp_ports: ["22", "3389"]
custom_subnets: {
AzureBastionSubnet: {
address_prefixes: "10.20.15.0/24",
name: "AzureBastionSubnet",
networkSecurityGroupId: "",
routeTableId: ""
},
AzureFirewallSubnet: {
address_prefixes: "10.20.254.0/24",
name: "AzureFirewallSubnet",
networkSecurityGroupId: "",
routeTableId: ""
},
GatewaySubnet: {
address_prefixes: "10.20.252.0/24",
name: "GatewaySubnet",
networkSecurityGroupId: "",
routeTableId: ""
}
}
customer: "Country/Region"
customer_policy_sets: {}
default_postfix: ""
default_prefix: "fsi"
deploy_bastion: true
deploy_ddos_protection: true
deploy_hub_network: true
deploy_log_analytics_workspace: true
enable_firewall: true
enable_telemetry: true
express_route_gateway_config: {name: "noconfigEr"}
hub_network_address_prefix: "10.20.0.0/16"
landing_zone_management_group_children: {}
log_analytics_workspace_retention_in_days: "365"
ms_defender_for_cloud_email_security_contact: "[email protected]"
policy_assignment_enforcement_mode: "Default"
policy_effect: "Deny"
policy_exemptions: {}
subscription_billing_scope: ""
tags: {}
use_premium_firewall: true
vpn_gateway_config: {name: "noconfigVpn"}

# Advanced Inputs
bootstrap_module_version: "v4.1.3"
starter_module_version: "latest"
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
---
# Basic Inputs
iac: "terraform"
bootstrap: "alz_github"
starter: "financial_services_landing_zone"

# Shared Interface Inputs
bootstrap_location: "<region-1>"
starter_locations: ["<region-1>"] # NOTE: FSI only support a single region by design
root_parent_management_group_id: ""
subscription_id_management: "<management-subscription-id>"
subscription_id_identity: "<identity-subscription-id>"
subscription_id_connectivity: "<connectivity-subscription-id>"

# Bootstrap Inputs
github_personal_access_token: "<token-1>"
github_runners_personal_access_token: "<token-2>"
github_organization_name: "<github-organization>"
use_separate_repository_for_templates: true
bootstrap_subscription_id: ""
service_name: "fsi"
environment_name: "mgmt"
postfix_number: 1
use_self_hosted_runners: true
use_private_networking: true
allow_storage_access_from_my_ip: false
apply_approvers: ["<email-address>"]
create_branch_policies: true
architecture_definition_name: "fsi"
apply_alz_archetypes_via_architecture_definition_template: true

# Starter Module Specific Variables
allowed_locations: []
allowed_locations_for_confidential_computing: []
az_firewall_policies_enabled: true
bastion_outbound_ssh_rdp_ports: ["22", "3389"]
custom_subnets: {
AzureBastionSubnet: {
address_prefixes: "10.20.15.0/24",
name: "AzureBastionSubnet",
networkSecurityGroupId: "",
routeTableId: ""
},
AzureFirewallSubnet: {
address_prefixes: "10.20.254.0/24",
name: "AzureFirewallSubnet",
networkSecurityGroupId: "",
routeTableId: ""
},
GatewaySubnet: {
address_prefixes: "10.20.252.0/24",
name: "GatewaySubnet",
networkSecurityGroupId: "",
routeTableId: ""
}
}
customer: "Country/Region"
customer_policy_sets: {}
default_postfix: ""
default_prefix: "fsi"
deploy_bastion: true
deploy_ddos_protection: true
deploy_hub_network: true
deploy_log_analytics_workspace: true
enable_firewall: true
enable_telemetry: true
express_route_gateway_config: {name: "noconfigEr"}
hub_network_address_prefix: "10.20.0.0/16"
landing_zone_management_group_children: {}
log_analytics_workspace_retention_in_days: "365"
ms_defender_for_cloud_email_security_contact: "[email protected]"
policy_assignment_enforcement_mode: "Default"
policy_effect: "Deny"
policy_exemptions: {}
subscription_billing_scope: ""
tags: {}
use_premium_firewall: true
vpn_gateway_config: {name: "noconfigVpn"}

# Advanced Inputs
bootstrap_module_version: "v4.1.3"
starter_module_version: "latest"
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
---
# Basic Inputs
iac: "terraform"
bootstrap: "alz_local"
starter: "financial_services_landing_zone"

# Shared Interface Inputs
bootstrap_location: "<region-1>"
starter_locations: ["<region-1>"] # NOTE: FSI only support a single region by design
root_parent_management_group_id: ""
subscription_id_management: "<management-subscription-id>"
subscription_id_identity: "<identity-subscription-id>"
subscription_id_connectivity: "<connectivity-subscription-id>"

# Bootstrap Inputs
target_directory: ""
create_bootstrap_resources_in_azure: false
bootstrap_subscription_id: ""
service_name: "fsi"
environment_name: "mgmt"
postfix_number: 1
architecture_definition_name: "fsi"
apply_alz_archetypes_via_architecture_definition_template: true

# Starter Module Specific Variables
allowed_locations: []
allowed_locations_for_confidential_computing: []
az_firewall_policies_enabled: true
bastion_outbound_ssh_rdp_ports: ["22", "3389"]
custom_subnets: {
AzureBastionSubnet: {
address_prefixes: "10.20.15.0/24",
name: "AzureBastionSubnet",
networkSecurityGroupId: "",
routeTableId: ""
},
AzureFirewallSubnet: {
address_prefixes: "10.20.254.0/24",
name: "AzureFirewallSubnet",
networkSecurityGroupId: "",
routeTableId: ""
},
GatewaySubnet: {
address_prefixes: "10.20.252.0/24",
name: "GatewaySubnet",
networkSecurityGroupId: "",
routeTableId: ""
}
}
customer: "Country/Region"
customer_policy_sets: {}
default_postfix: ""
default_prefix: "fsi"
deploy_bastion: true
deploy_ddos_protection: true
deploy_hub_network: true
deploy_log_analytics_workspace: true
enable_firewall: true
enable_telemetry: true
express_route_gateway_config: {name: "noconfigEr"}
hub_network_address_prefix: "10.20.0.0/16"
landing_zone_management_group_children: {}
log_analytics_workspace_retention_in_days: "365"
ms_defender_for_cloud_email_security_contact: "[email protected]"
policy_assignment_enforcement_mode: "Default"
policy_effect: "Deny"
policy_exemptions: {}
subscription_billing_scope: ""
tags: {}
use_premium_firewall: true
vpn_gateway_config: {name: "noconfigVpn"}

# Advanced Inputs
bootstrap_module_version: "v4.1.3"
starter_module_version: "latest"
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
---
# For detailed instructions on using this file, visit:
# https://github.com/Azure/ALZ-PowerShell-Module/wiki/%5BUser-Guide%5D-Quick-Start-Phase-2-Azure-DevOps#2212-azure-devops-with-terraform

# Basic Inputs
iac: "terraform"
bootstrap: "alz_azuredevops"
starter: "sovereign_landing_zone"

# Shared Interface Inputs
bootstrap_location: "<region-1>"
starter_locations: ["<region-1>"] # NOTE: SLZ only support a single region by design
root_parent_management_group_id: ""
subscription_id_management: "<management-subscription-id>"
subscription_id_identity: "<identity-subscription-id>"
subscription_id_connectivity: "<connectivity-subscription-id>"

# Bootstrap Inputs
azure_devops_personal_access_token: "<token-1>"
azure_devops_agents_personal_access_token: "<token-2>"
azure_devops_organization_name: "<azure-devops-organization>"
use_separate_repository_for_templates: true
bootstrap_subscription_id: ""
service_name: "slz"
environment_name: "mgmt"
postfix_number: 1
azure_devops_use_organisation_legacy_url: false
azure_devops_create_project: true
azure_devops_project_name: "<azure-devops-project-name>"
use_self_hosted_agents: true
use_private_networking: true
allow_storage_access_from_my_ip: false
apply_approvers: ["<email-address>"]
create_branch_policies: true
architecture_definition_name: "slz"
apply_alz_archetypes_via_architecture_definition_template: true

# Sovereign Landing Zone Starter Module Specific Variables
# (Details: https://github.com/Azure/ALZ-PowerShell-Module/wiki/%5BUser-Guide%5D-Starter-Module-Terraform-Sovereign-Landing-Zone)
allowed_locations: []
allowed_locations_for_confidential_computing: []
az_firewall_policies_enabled: true
bastion_outbound_ssh_rdp_ports: ["22", "3389"]
custom_subnets: {
AzureBastionSubnet: {
address_prefixes: "10.20.15.0/24",
name: "AzureBastionSubnet",
networkSecurityGroupId: "",
routeTableId: ""
},
AzureFirewallSubnet: {
address_prefixes: "10.20.254.0/24",
name: "AzureFirewallSubnet",
networkSecurityGroupId: "",
routeTableId: ""
},
GatewaySubnet: {
address_prefixes: "10.20.252.0/24",
name: "GatewaySubnet",
networkSecurityGroupId: "",
routeTableId: ""
}
}
customer: "Country/Region"
customer_policy_sets: {}
default_postfix: ""
default_prefix: "slz"
deploy_bastion: true
deploy_ddos_protection: true
deploy_hub_network: true
deploy_log_analytics_workspace: true
enable_firewall: true
enable_telemetry: true
express_route_gateway_config: {name: "noconfigEr"}
hub_network_address_prefix: "10.20.0.0/16"
landing_zone_management_group_children: {}
log_analytics_workspace_retention_in_days: "365"
ms_defender_for_cloud_email_security_contact: "[email protected]"
policy_assignment_enforcement_mode: "Default"
policy_effect: "Deny"
policy_exemptions: {}
subscription_billing_scope: ""
tags: {}
use_premium_firewall: true
vpn_gateway_config: {name: "noconfigVpn"}

# Advanced Inputs
bootstrap_module_version: "latest"
starter_module_version: "latest"
Loading

0 comments on commit 2b7906f

Please sign in to comment.