From 2b7906f5c73a14aaa16ddec86f7b96707d728ff9 Mon Sep 17 00:00:00 2001 From: Jared Holgate Date: Fri, 13 Dec 2024 13:05:49 +0000 Subject: [PATCH] feat: update avm module and docs improvements --- ...aform-financial-services-landing-zone.yaml | 85 ++++++++++++++++++ ...aform-financial-services-landing-zone.yaml | 82 +++++++++++++++++ ...aform-financial-services-landing-zone.yaml | 75 ++++++++++++++++ ...vops-terraform-sovereign-landing-zone.yaml | 89 +++++++++++++++++++ ...thub-terraform-sovereign-landing-zone.yaml | 86 ++++++++++++++++++ ...ocal-terraform-sovereign-landing-zone.yaml | 79 ++++++++++++++++ ...evops-terraform-complete-multi-region.yaml | 39 ++++++++ ...ithub-terraform-complete-multi-region.yaml | 36 ++++++++ ...local-terraform-complete-multi-region.yaml | 30 +++++++ .../hub-and-spoke-vnet.tfvars | 10 +++ .../full-multi-region-nva/virtual-wan.tfvars | 10 +++ .../hub-and-spoke-vnet.tfvars | 10 +++ .../full-multi-region/virtual-wan.tfvars | 10 +++ .../hub-and-spoke-vnet.tfvars | 10 +++ .../full-single-region/virtual-wan.tfvars | 10 +++ 15 files changed, 661 insertions(+) create mode 100644 templates/microsoft_cloud_for_industry/financial_services_landing_zone/examples/bootstrap/inputs-azure-devops-terraform-financial-services-landing-zone.yaml create mode 100644 templates/microsoft_cloud_for_industry/financial_services_landing_zone/examples/bootstrap/inputs-github-terraform-financial-services-landing-zone.yaml create mode 100644 templates/microsoft_cloud_for_industry/financial_services_landing_zone/examples/bootstrap/inputs-local-terraform-financial-services-landing-zone.yaml create mode 100644 templates/microsoft_cloud_for_industry/sovereign_landing_zone/examples/bootstrap/inputs-azure-devops-terraform-sovereign-landing-zone.yaml create mode 100644 templates/microsoft_cloud_for_industry/sovereign_landing_zone/examples/bootstrap/inputs-github-terraform-sovereign-landing-zone.yaml create mode 100644 templates/microsoft_cloud_for_industry/sovereign_landing_zone/examples/bootstrap/inputs-local-terraform-sovereign-landing-zone.yaml create mode 100644 templates/platform_landing_zone/examples/bootstrap/inputs-azure-devops-terraform-complete-multi-region.yaml create mode 100644 templates/platform_landing_zone/examples/bootstrap/inputs-github-terraform-complete-multi-region.yaml create mode 100644 templates/platform_landing_zone/examples/bootstrap/inputs-local-terraform-complete-multi-region.yaml diff --git a/templates/microsoft_cloud_for_industry/financial_services_landing_zone/examples/bootstrap/inputs-azure-devops-terraform-financial-services-landing-zone.yaml b/templates/microsoft_cloud_for_industry/financial_services_landing_zone/examples/bootstrap/inputs-azure-devops-terraform-financial-services-landing-zone.yaml new file mode 100644 index 0000000..e8ca178 --- /dev/null +++ b/templates/microsoft_cloud_for_industry/financial_services_landing_zone/examples/bootstrap/inputs-azure-devops-terraform-financial-services-landing-zone.yaml @@ -0,0 +1,85 @@ +--- +# Basic Inputs +iac: "terraform" +bootstrap: "alz_azuredevops" +starter: "financial_services_landing_zone" + +# Shared Interface Inputs +bootstrap_location: "" +starter_locations: [""] # NOTE: FSI only support a single region by design +root_parent_management_group_id: "" +subscription_id_management: "" +subscription_id_identity: "" +subscription_id_connectivity: "" + +# Bootstrap Inputs +azure_devops_personal_access_token: "" +azure_devops_agents_personal_access_token: "" +azure_devops_organization_name: "" +use_separate_repository_for_templates: true +bootstrap_subscription_id: "" +service_name: "fsi" +environment_name: "mgmt" +postfix_number: 1 +azure_devops_use_organisation_legacy_url: false +azure_devops_create_project: true +azure_devops_project_name: "" +use_self_hosted_agents: true +use_private_networking: true +allow_storage_access_from_my_ip: false +apply_approvers: [""] +create_branch_policies: true +architecture_definition_name: "fsi" +apply_alz_archetypes_via_architecture_definition_template: true + +# Starter Module Specific Variables +allowed_locations: [] +allowed_locations_for_confidential_computing: [] +az_firewall_policies_enabled: true +bastion_outbound_ssh_rdp_ports: ["22", "3389"] +custom_subnets: { + AzureBastionSubnet: { + address_prefixes: "10.20.15.0/24", + name: "AzureBastionSubnet", + networkSecurityGroupId: "", + routeTableId: "" + }, + AzureFirewallSubnet: { + address_prefixes: "10.20.254.0/24", + name: "AzureFirewallSubnet", + networkSecurityGroupId: "", + routeTableId: "" + }, + GatewaySubnet: { + address_prefixes: "10.20.252.0/24", + name: "GatewaySubnet", + networkSecurityGroupId: "", + routeTableId: "" + } +} +customer: "Country/Region" +customer_policy_sets: {} +default_postfix: "" +default_prefix: "fsi" +deploy_bastion: true +deploy_ddos_protection: true +deploy_hub_network: true +deploy_log_analytics_workspace: true +enable_firewall: true +enable_telemetry: true +express_route_gateway_config: {name: "noconfigEr"} +hub_network_address_prefix: "10.20.0.0/16" +landing_zone_management_group_children: {} +log_analytics_workspace_retention_in_days: "365" +ms_defender_for_cloud_email_security_contact: "security_contact@replaceme.com" +policy_assignment_enforcement_mode: "Default" +policy_effect: "Deny" +policy_exemptions: {} +subscription_billing_scope: "" +tags: {} +use_premium_firewall: true +vpn_gateway_config: {name: "noconfigVpn"} + +# Advanced Inputs +bootstrap_module_version: "v4.1.3" +starter_module_version: "latest" diff --git a/templates/microsoft_cloud_for_industry/financial_services_landing_zone/examples/bootstrap/inputs-github-terraform-financial-services-landing-zone.yaml b/templates/microsoft_cloud_for_industry/financial_services_landing_zone/examples/bootstrap/inputs-github-terraform-financial-services-landing-zone.yaml new file mode 100644 index 0000000..14ea878 --- /dev/null +++ b/templates/microsoft_cloud_for_industry/financial_services_landing_zone/examples/bootstrap/inputs-github-terraform-financial-services-landing-zone.yaml @@ -0,0 +1,82 @@ +--- +# Basic Inputs +iac: "terraform" +bootstrap: "alz_github" +starter: "financial_services_landing_zone" + +# Shared Interface Inputs +bootstrap_location: "" +starter_locations: [""] # NOTE: FSI only support a single region by design +root_parent_management_group_id: "" +subscription_id_management: "" +subscription_id_identity: "" +subscription_id_connectivity: "" + +# Bootstrap Inputs +github_personal_access_token: "" +github_runners_personal_access_token: "" +github_organization_name: "" +use_separate_repository_for_templates: true +bootstrap_subscription_id: "" +service_name: "fsi" +environment_name: "mgmt" +postfix_number: 1 +use_self_hosted_runners: true +use_private_networking: true +allow_storage_access_from_my_ip: false +apply_approvers: [""] +create_branch_policies: true +architecture_definition_name: "fsi" +apply_alz_archetypes_via_architecture_definition_template: true + +# Starter Module Specific Variables +allowed_locations: [] +allowed_locations_for_confidential_computing: [] +az_firewall_policies_enabled: true +bastion_outbound_ssh_rdp_ports: ["22", "3389"] +custom_subnets: { + AzureBastionSubnet: { + address_prefixes: "10.20.15.0/24", + name: "AzureBastionSubnet", + networkSecurityGroupId: "", + routeTableId: "" + }, + AzureFirewallSubnet: { + address_prefixes: "10.20.254.0/24", + name: "AzureFirewallSubnet", + networkSecurityGroupId: "", + routeTableId: "" + }, + GatewaySubnet: { + address_prefixes: "10.20.252.0/24", + name: "GatewaySubnet", + networkSecurityGroupId: "", + routeTableId: "" + } +} +customer: "Country/Region" +customer_policy_sets: {} +default_postfix: "" +default_prefix: "fsi" +deploy_bastion: true +deploy_ddos_protection: true +deploy_hub_network: true +deploy_log_analytics_workspace: true +enable_firewall: true +enable_telemetry: true +express_route_gateway_config: {name: "noconfigEr"} +hub_network_address_prefix: "10.20.0.0/16" +landing_zone_management_group_children: {} +log_analytics_workspace_retention_in_days: "365" +ms_defender_for_cloud_email_security_contact: "security_contact@replaceme.com" +policy_assignment_enforcement_mode: "Default" +policy_effect: "Deny" +policy_exemptions: {} +subscription_billing_scope: "" +tags: {} +use_premium_firewall: true +vpn_gateway_config: {name: "noconfigVpn"} + +# Advanced Inputs +bootstrap_module_version: "v4.1.3" +starter_module_version: "latest" diff --git a/templates/microsoft_cloud_for_industry/financial_services_landing_zone/examples/bootstrap/inputs-local-terraform-financial-services-landing-zone.yaml b/templates/microsoft_cloud_for_industry/financial_services_landing_zone/examples/bootstrap/inputs-local-terraform-financial-services-landing-zone.yaml new file mode 100644 index 0000000..542d230 --- /dev/null +++ b/templates/microsoft_cloud_for_industry/financial_services_landing_zone/examples/bootstrap/inputs-local-terraform-financial-services-landing-zone.yaml @@ -0,0 +1,75 @@ +--- +# Basic Inputs +iac: "terraform" +bootstrap: "alz_local" +starter: "financial_services_landing_zone" + +# Shared Interface Inputs +bootstrap_location: "" +starter_locations: [""] # NOTE: FSI only support a single region by design +root_parent_management_group_id: "" +subscription_id_management: "" +subscription_id_identity: "" +subscription_id_connectivity: "" + +# Bootstrap Inputs +target_directory: "" +create_bootstrap_resources_in_azure: false +bootstrap_subscription_id: "" +service_name: "fsi" +environment_name: "mgmt" +postfix_number: 1 +architecture_definition_name: "fsi" +apply_alz_archetypes_via_architecture_definition_template: true + +# Starter Module Specific Variables +allowed_locations: [] +allowed_locations_for_confidential_computing: [] +az_firewall_policies_enabled: true +bastion_outbound_ssh_rdp_ports: ["22", "3389"] +custom_subnets: { + AzureBastionSubnet: { + address_prefixes: "10.20.15.0/24", + name: "AzureBastionSubnet", + networkSecurityGroupId: "", + routeTableId: "" + }, + AzureFirewallSubnet: { + address_prefixes: "10.20.254.0/24", + name: "AzureFirewallSubnet", + networkSecurityGroupId: "", + routeTableId: "" + }, + GatewaySubnet: { + address_prefixes: "10.20.252.0/24", + name: "GatewaySubnet", + networkSecurityGroupId: "", + routeTableId: "" + } +} +customer: "Country/Region" +customer_policy_sets: {} +default_postfix: "" +default_prefix: "fsi" +deploy_bastion: true +deploy_ddos_protection: true +deploy_hub_network: true +deploy_log_analytics_workspace: true +enable_firewall: true +enable_telemetry: true +express_route_gateway_config: {name: "noconfigEr"} +hub_network_address_prefix: "10.20.0.0/16" +landing_zone_management_group_children: {} +log_analytics_workspace_retention_in_days: "365" +ms_defender_for_cloud_email_security_contact: "security_contact@replaceme.com" +policy_assignment_enforcement_mode: "Default" +policy_effect: "Deny" +policy_exemptions: {} +subscription_billing_scope: "" +tags: {} +use_premium_firewall: true +vpn_gateway_config: {name: "noconfigVpn"} + +# Advanced Inputs +bootstrap_module_version: "v4.1.3" +starter_module_version: "latest" diff --git a/templates/microsoft_cloud_for_industry/sovereign_landing_zone/examples/bootstrap/inputs-azure-devops-terraform-sovereign-landing-zone.yaml b/templates/microsoft_cloud_for_industry/sovereign_landing_zone/examples/bootstrap/inputs-azure-devops-terraform-sovereign-landing-zone.yaml new file mode 100644 index 0000000..436e28c --- /dev/null +++ b/templates/microsoft_cloud_for_industry/sovereign_landing_zone/examples/bootstrap/inputs-azure-devops-terraform-sovereign-landing-zone.yaml @@ -0,0 +1,89 @@ +--- +# For detailed instructions on using this file, visit: +# https://github.com/Azure/ALZ-PowerShell-Module/wiki/%5BUser-Guide%5D-Quick-Start-Phase-2-Azure-DevOps#2212-azure-devops-with-terraform + +# Basic Inputs +iac: "terraform" +bootstrap: "alz_azuredevops" +starter: "sovereign_landing_zone" + +# Shared Interface Inputs +bootstrap_location: "" +starter_locations: [""] # NOTE: SLZ only support a single region by design +root_parent_management_group_id: "" +subscription_id_management: "" +subscription_id_identity: "" +subscription_id_connectivity: "" + +# Bootstrap Inputs +azure_devops_personal_access_token: "" +azure_devops_agents_personal_access_token: "" +azure_devops_organization_name: "" +use_separate_repository_for_templates: true +bootstrap_subscription_id: "" +service_name: "slz" +environment_name: "mgmt" +postfix_number: 1 +azure_devops_use_organisation_legacy_url: false +azure_devops_create_project: true +azure_devops_project_name: "" +use_self_hosted_agents: true +use_private_networking: true +allow_storage_access_from_my_ip: false +apply_approvers: [""] +create_branch_policies: true +architecture_definition_name: "slz" +apply_alz_archetypes_via_architecture_definition_template: true + +# Sovereign Landing Zone Starter Module Specific Variables +# (Details: https://github.com/Azure/ALZ-PowerShell-Module/wiki/%5BUser-Guide%5D-Starter-Module-Terraform-Sovereign-Landing-Zone) +allowed_locations: [] +allowed_locations_for_confidential_computing: [] +az_firewall_policies_enabled: true +bastion_outbound_ssh_rdp_ports: ["22", "3389"] +custom_subnets: { + AzureBastionSubnet: { + address_prefixes: "10.20.15.0/24", + name: "AzureBastionSubnet", + networkSecurityGroupId: "", + routeTableId: "" + }, + AzureFirewallSubnet: { + address_prefixes: "10.20.254.0/24", + name: "AzureFirewallSubnet", + networkSecurityGroupId: "", + routeTableId: "" + }, + GatewaySubnet: { + address_prefixes: "10.20.252.0/24", + name: "GatewaySubnet", + networkSecurityGroupId: "", + routeTableId: "" + } +} +customer: "Country/Region" +customer_policy_sets: {} +default_postfix: "" +default_prefix: "slz" +deploy_bastion: true +deploy_ddos_protection: true +deploy_hub_network: true +deploy_log_analytics_workspace: true +enable_firewall: true +enable_telemetry: true +express_route_gateway_config: {name: "noconfigEr"} +hub_network_address_prefix: "10.20.0.0/16" +landing_zone_management_group_children: {} +log_analytics_workspace_retention_in_days: "365" +ms_defender_for_cloud_email_security_contact: "security_contact@replaceme.com" +policy_assignment_enforcement_mode: "Default" +policy_effect: "Deny" +policy_exemptions: {} +subscription_billing_scope: "" +tags: {} +use_premium_firewall: true +vpn_gateway_config: {name: "noconfigVpn"} + +# Advanced Inputs +bootstrap_module_version: "latest" +starter_module_version: "latest" diff --git a/templates/microsoft_cloud_for_industry/sovereign_landing_zone/examples/bootstrap/inputs-github-terraform-sovereign-landing-zone.yaml b/templates/microsoft_cloud_for_industry/sovereign_landing_zone/examples/bootstrap/inputs-github-terraform-sovereign-landing-zone.yaml new file mode 100644 index 0000000..6efa12f --- /dev/null +++ b/templates/microsoft_cloud_for_industry/sovereign_landing_zone/examples/bootstrap/inputs-github-terraform-sovereign-landing-zone.yaml @@ -0,0 +1,86 @@ +--- +# For detailed instructions on using this file, visit: +# https://github.com/Azure/ALZ-PowerShell-Module/wiki/%5BUser-Guide%5D-Quick-Start-Phase-2-GitHub#2222-github-with-terraform + +# Basic Inputs +iac: "terraform" +bootstrap: "alz_github" +starter: "sovereign_landing_zone" + +# Shared Interface Inputs +bootstrap_location: "" +starter_locations: [""] # NOTE: SLZ only support a single region by design +root_parent_management_group_id: "" +subscription_id_management: "" +subscription_id_identity: "" +subscription_id_connectivity: "" + +# Bootstrap Inputs +github_personal_access_token: "" +github_runners_personal_access_token: "" +github_organization_name: "" +use_separate_repository_for_templates: true +bootstrap_subscription_id: "" +service_name: "slz" +environment_name: "mgmt" +postfix_number: 1 +use_self_hosted_runners: true +use_private_networking: true +allow_storage_access_from_my_ip: false +apply_approvers: [""] +create_branch_policies: true +architecture_definition_name: "slz" +apply_alz_archetypes_via_architecture_definition_template: true + +# Sovereign Landing Zone Starter Module Specific Variables +# (Details: https://github.com/Azure/ALZ-PowerShell-Module/wiki/%5BUser-Guide%5D-Starter-Module-Terraform-Sovereign-Landing-Zone) +allowed_locations: [] +allowed_locations_for_confidential_computing: [] +az_firewall_policies_enabled: true +bastion_outbound_ssh_rdp_ports: ["22", "3389"] +custom_subnets: { + AzureBastionSubnet: { + address_prefixes: "10.20.15.0/24", + name: "AzureBastionSubnet", + networkSecurityGroupId: "", + routeTableId: "" + }, + AzureFirewallSubnet: { + address_prefixes: "10.20.254.0/24", + name: "AzureFirewallSubnet", + networkSecurityGroupId: "", + routeTableId: "" + }, + GatewaySubnet: { + address_prefixes: "10.20.252.0/24", + name: "GatewaySubnet", + networkSecurityGroupId: "", + routeTableId: "" + } +} +customer: "Country/Region" +customer_policy_sets: {} +default_postfix: "" +default_prefix: "slz" +deploy_bastion: true +deploy_ddos_protection: true +deploy_hub_network: true +deploy_log_analytics_workspace: true +enable_firewall: true +enable_telemetry: true +express_route_gateway_config: {name: "noconfigEr"} +hub_network_address_prefix: "10.20.0.0/16" +landing_zone_management_group_children: {} +log_analytics_workspace_retention_in_days: "365" +ms_defender_for_cloud_email_security_contact: "security_contact@replaceme.com" +policy_assignment_enforcement_mode: "Default" +policy_effect: "Deny" +policy_exemptions: {} +subscription_billing_scope: "" +tags: {} +use_premium_firewall: true +vpn_gateway_config: {name: "noconfigVpn"} + +# Advanced Inputs +bootstrap_module_version: "latest" +starter_module_version: "latest" diff --git a/templates/microsoft_cloud_for_industry/sovereign_landing_zone/examples/bootstrap/inputs-local-terraform-sovereign-landing-zone.yaml b/templates/microsoft_cloud_for_industry/sovereign_landing_zone/examples/bootstrap/inputs-local-terraform-sovereign-landing-zone.yaml new file mode 100644 index 0000000..c0e5cb6 --- /dev/null +++ b/templates/microsoft_cloud_for_industry/sovereign_landing_zone/examples/bootstrap/inputs-local-terraform-sovereign-landing-zone.yaml @@ -0,0 +1,79 @@ +--- +# For detailed instructions on using this file, visit: +# https://github.com/Azure/ALZ-PowerShell-Module/wiki/%5BUser-Guide%5D-Quick-Start-Phase-2-Local#2232-local-file-system-with-terraform + +# Basic Inputs +iac: "terraform" +bootstrap: "alz_local" +starter: "sovereign_landing_zone" + +# Shared Interface Inputs +bootstrap_location: "" +starter_locations: [""] # NOTE: SLZ only support a single region by design +root_parent_management_group_id: "" +subscription_id_management: "" +subscription_id_identity: "" +subscription_id_connectivity: "" + +# Bootstrap Inputs +target_directory: "" +create_bootstrap_resources_in_azure: false +bootstrap_subscription_id: "" +service_name: "slz" +environment_name: "mgmt" +postfix_number: 1 +architecture_definition_name: "slz" +apply_alz_archetypes_via_architecture_definition_template: true + +# Sovereign Landing Zone Starter Module Specific Variables +# (Details: https://github.com/Azure/ALZ-PowerShell-Module/wiki/%5BUser-Guide%5D-Starter-Module-Terraform-Sovereign-Landing-Zone) +allowed_locations: [] +allowed_locations_for_confidential_computing: [] +az_firewall_policies_enabled: true +bastion_outbound_ssh_rdp_ports: ["22", "3389"] +custom_subnets: { + AzureBastionSubnet: { + address_prefixes: "10.20.15.0/24", + name: "AzureBastionSubnet", + networkSecurityGroupId: "", + routeTableId: "" + }, + AzureFirewallSubnet: { + address_prefixes: "10.20.254.0/24", + name: "AzureFirewallSubnet", + networkSecurityGroupId: "", + routeTableId: "" + }, + GatewaySubnet: { + address_prefixes: "10.20.252.0/24", + name: "GatewaySubnet", + networkSecurityGroupId: "", + routeTableId: "" + } +} +customer: "Country/Region" +customer_policy_sets: {} +default_postfix: "" +default_prefix: "slz" +deploy_bastion: true +deploy_ddos_protection: true +deploy_hub_network: true +deploy_log_analytics_workspace: true +enable_firewall: true +enable_telemetry: true +express_route_gateway_config: {name: "noconfigEr"} +hub_network_address_prefix: "10.20.0.0/16" +landing_zone_management_group_children: {} +log_analytics_workspace_retention_in_days: "365" +ms_defender_for_cloud_email_security_contact: "security_contact@replaceme.com" +policy_assignment_enforcement_mode: "Default" +policy_effect: "Deny" +policy_exemptions: {} +subscription_billing_scope: "" +tags: {} +use_premium_firewall: true +vpn_gateway_config: {name: "noconfigVpn"} + +# Advanced Inputs +bootstrap_module_version: "latest" +starter_module_version: "latest" diff --git a/templates/platform_landing_zone/examples/bootstrap/inputs-azure-devops-terraform-complete-multi-region.yaml b/templates/platform_landing_zone/examples/bootstrap/inputs-azure-devops-terraform-complete-multi-region.yaml new file mode 100644 index 0000000..db5c8b7 --- /dev/null +++ b/templates/platform_landing_zone/examples/bootstrap/inputs-azure-devops-terraform-complete-multi-region.yaml @@ -0,0 +1,39 @@ +--- +# For detailed instructions on using this file, visit: +# https://aka.ms/alz/accelerator/docs + +# Basic Inputs +iac_type: "terraform" +bootstrap_module_name: "alz_azuredevops" +starter_module_name: "platform_landing_zone" + +# Shared Interface Inputs +bootstrap_location: "" +starter_locations: ["", ""] +root_parent_management_group_id: "" +subscription_id_management: "" +subscription_id_identity: "" +subscription_id_connectivity: "" + +# Bootstrap Inputs +azure_devops_personal_access_token: "" +azure_devops_agents_personal_access_token: "" +azure_devops_organization_name: "" +use_separate_repository_for_templates: true +bootstrap_subscription_id: "" +service_name: "alz" +environment_name: "mgmt" +postfix_number: 1 +azure_devops_use_organisation_legacy_url: false +azure_devops_create_project: true +azure_devops_project_name: "" +use_self_hosted_agents: true +use_private_networking: true +allow_storage_access_from_my_ip: false +apply_approvers: [""] +create_branch_policies: true + +# Advanced Inputs +bootstrap_module_version: "latest" +starter_module_version: "latest" +#output_folder_path: "/accelerator/output" diff --git a/templates/platform_landing_zone/examples/bootstrap/inputs-github-terraform-complete-multi-region.yaml b/templates/platform_landing_zone/examples/bootstrap/inputs-github-terraform-complete-multi-region.yaml new file mode 100644 index 0000000..1e1851b --- /dev/null +++ b/templates/platform_landing_zone/examples/bootstrap/inputs-github-terraform-complete-multi-region.yaml @@ -0,0 +1,36 @@ +--- +# For detailed instructions on using this file, visit: +# https://aka.ms/alz/accelerator/docs + +# Basic Inputs +iac_type: "terraform" +bootstrap_module_name: "alz_github" +starter_module_name: "platform_landing_zone" + +# Shared Interface Inputs +bootstrap_location: "" +starter_locations: ["", ""] +root_parent_management_group_id: "" +subscription_id_management: "" +subscription_id_identity: "" +subscription_id_connectivity: "" + +# Bootstrap Inputs +github_personal_access_token: "" +github_runners_personal_access_token: "" +github_organization_name: "" +use_separate_repository_for_templates: true +bootstrap_subscription_id: "" +service_name: "alz" +environment_name: "mgmt" +postfix_number: 1 +use_self_hosted_runners: true +use_private_networking: true +allow_storage_access_from_my_ip: false +apply_approvers: [""] +create_branch_policies: true + +# Advanced Inputs +bootstrap_module_version: "latest" +starter_module_version: "latest" +#output_folder_path: "/accelerator/output" diff --git a/templates/platform_landing_zone/examples/bootstrap/inputs-local-terraform-complete-multi-region.yaml b/templates/platform_landing_zone/examples/bootstrap/inputs-local-terraform-complete-multi-region.yaml new file mode 100644 index 0000000..6f44665 --- /dev/null +++ b/templates/platform_landing_zone/examples/bootstrap/inputs-local-terraform-complete-multi-region.yaml @@ -0,0 +1,30 @@ +--- +# For detailed instructions on using this file, visit: +# https://aka.ms/alz/accelerator/docs + +# Basic Inputs +iac_type: "terraform" +bootstrap_module_name: "alz_local" +starter_module_name: "platform_landing_zone" + +# Shared Interface Inputs +bootstrap_location: "" +starter_locations: ["", ""] +root_parent_management_group_id: "" +subscription_id_management: "" +subscription_id_identity: "" +subscription_id_connectivity: "" + +# Bootstrap Inputs +target_directory: "" +create_bootstrap_resources_in_azure: true +bootstrap_subscription_id: "" +service_name: "alz" +environment_name: "mgmt" +postfix_number: 1 +grant_permissions_to_current_user: true + +# Advanced Inputs +bootstrap_module_version: "latest" +starter_module_version: "latest" +#output_folder_path: "/accelerator/output" diff --git a/templates/platform_landing_zone/examples/full-multi-region-nva/hub-and-spoke-vnet.tfvars b/templates/platform_landing_zone/examples/full-multi-region-nva/hub-and-spoke-vnet.tfvars index e3193c2..6b43d6f 100644 --- a/templates/platform_landing_zone/examples/full-multi-region-nva/hub-and-spoke-vnet.tfvars +++ b/templates/platform_landing_zone/examples/full-multi-region-nva/hub-and-spoke-vnet.tfvars @@ -198,6 +198,16 @@ management_group_settings = { } } */ + /* + # Example of how to update a policy assignment enforcement mode for Private Link DNS Zones + corp = { + policy_assignments = { + Deploy-Private-DNS-Zones = { + enforcement_mode = "DoNotEnforce" + } + } + } + */ } } diff --git a/templates/platform_landing_zone/examples/full-multi-region-nva/virtual-wan.tfvars b/templates/platform_landing_zone/examples/full-multi-region-nva/virtual-wan.tfvars index 866c431..40b42ef 100644 --- a/templates/platform_landing_zone/examples/full-multi-region-nva/virtual-wan.tfvars +++ b/templates/platform_landing_zone/examples/full-multi-region-nva/virtual-wan.tfvars @@ -198,6 +198,16 @@ management_group_settings = { } } */ + /* + # Example of how to update a policy assignment enforcement mode for Private Link DNS Zones + corp = { + policy_assignments = { + Deploy-Private-DNS-Zones = { + enforcement_mode = "DoNotEnforce" + } + } + } + */ } } diff --git a/templates/platform_landing_zone/examples/full-multi-region/hub-and-spoke-vnet.tfvars b/templates/platform_landing_zone/examples/full-multi-region/hub-and-spoke-vnet.tfvars index dd94267..85ace85 100644 --- a/templates/platform_landing_zone/examples/full-multi-region/hub-and-spoke-vnet.tfvars +++ b/templates/platform_landing_zone/examples/full-multi-region/hub-and-spoke-vnet.tfvars @@ -196,6 +196,16 @@ management_group_settings = { } } */ + /* + # Example of how to update a policy assignment enforcement mode for Private Link DNS Zones + corp = { + policy_assignments = { + Deploy-Private-DNS-Zones = { + enforcement_mode = "DoNotEnforce" + } + } + } + */ } } diff --git a/templates/platform_landing_zone/examples/full-multi-region/virtual-wan.tfvars b/templates/platform_landing_zone/examples/full-multi-region/virtual-wan.tfvars index 2a9ae95..578f1aa 100644 --- a/templates/platform_landing_zone/examples/full-multi-region/virtual-wan.tfvars +++ b/templates/platform_landing_zone/examples/full-multi-region/virtual-wan.tfvars @@ -193,6 +193,16 @@ management_group_settings = { } } */ + /* + # Example of how to update a policy assignment enforcement mode for Private Link DNS Zones + corp = { + policy_assignments = { + Deploy-Private-DNS-Zones = { + enforcement_mode = "DoNotEnforce" + } + } + } + */ } } diff --git a/templates/platform_landing_zone/examples/full-single-region/hub-and-spoke-vnet.tfvars b/templates/platform_landing_zone/examples/full-single-region/hub-and-spoke-vnet.tfvars index b6a29d6..22ff6ac 100644 --- a/templates/platform_landing_zone/examples/full-single-region/hub-and-spoke-vnet.tfvars +++ b/templates/platform_landing_zone/examples/full-single-region/hub-and-spoke-vnet.tfvars @@ -186,6 +186,16 @@ management_group_settings = { } } */ + /* + # Example of how to update a policy assignment enforcement mode for Private Link DNS Zones + corp = { + policy_assignments = { + Deploy-Private-DNS-Zones = { + enforcement_mode = "DoNotEnforce" + } + } + } + */ } } diff --git a/templates/platform_landing_zone/examples/full-single-region/virtual-wan.tfvars b/templates/platform_landing_zone/examples/full-single-region/virtual-wan.tfvars index dd578a5..581fe1b 100644 --- a/templates/platform_landing_zone/examples/full-single-region/virtual-wan.tfvars +++ b/templates/platform_landing_zone/examples/full-single-region/virtual-wan.tfvars @@ -185,6 +185,16 @@ management_group_settings = { } } */ + /* + # Example of how to update a policy assignment enforcement mode for Private Link DNS Zones + corp = { + policy_assignments = { + Deploy-Private-DNS-Zones = { + enforcement_mode = "DoNotEnforce" + } + } + } + */ } }