diff --git a/templates/.config/ALZ-Powershell.config.json b/templates/.config/ALZ-Powershell.config.json index a6bf17a..681969d 100644 --- a/templates/.config/ALZ-Powershell.config.json +++ b/templates/.config/ALZ-Powershell.config.json @@ -1,5 +1,10 @@ { "starter_modules": { + "complete_azure_verified_modules": { + "location": "avm", + "short_name": "Complete Multi-Region with Azure Verified Modules", + "description": "Complete Azure Landing Zones Configurable Deployment with Multi-Region Support" + }, "complete_multi_region": { "location": "complete_multi_region", "short_name": "Complete Multi-Region", @@ -38,11 +43,6 @@ "short_name": "Hub Networking", "description": "Hub Networking Azure Landing Zones Deployment with Management Groups, Policy and Hub Networking" }, - "complete_vnext": { - "location": "complete_vnext", - "short_name": "Complete vNext", - "description": "vNext Complete Azure Landing Zones Configurable Deployment (Warning: This is a work in progress)" - }, "test": { "location": "test", "short_name": "Test", diff --git a/templates/avm/examples/config-avm-hub-and-spoke-vnet-multi-region.tfvars b/templates/avm/examples/config-avm-hub-and-spoke-vnet-multi-region.tfvars index ecdb006..b276a6c 100644 --- a/templates/avm/examples/config-avm-hub-and-spoke-vnet-multi-region.tfvars +++ b/templates/avm/examples/config-avm-hub-and-spoke-vnet-multi-region.tfvars @@ -1,6 +1,7 @@ /* -This file contains templated variables to avoid repeating the same hard-coded values. -Templated variables are denoted by the dollar-dollar curly braces token (e.g. $${starter_location_01}). The following details each templated variable that you can use: +--- Built-in Replacements --- +This file contains built-in replacements to avoid repeating the same hard-coded values. +Replacements are denoted by the dollar-dollar curly braces token (e.g. $${starter_location_01}). The following details each built-in replacemnets that you can use: `starter_location_01`: This the primary an Azure location sourced from the `starter_locations` variable. This can be used to set the location of resources. `starter_location_02` to `starter_location_10`: These are the secondary Azure locations sourced from the `starter_locations` variable. This can be used to set the location of resources. `starter_location_01_availability_zones` to `starter_location_10_availability_zones`: These are the availability zones for the Azure locations sourced from the `starter_locations` variable. This can be used to set the availability zones of resources. @@ -12,32 +13,60 @@ Templated variables are denoted by the dollar-dollar curly braces token (e.g. $$ `subscription_id_management`: The subscription ID of the subscription to deploy the management resources to, sourced from the variable `subscription_id_management`. */ -/* -Custom Names: Based on any of the above variables, you can create your own custom names to use in the configuration by supplying them in the `custom_names` map variable. -This avoids repeating the same hard-coded values in the configuration. -For example, you can use the custom name `$${management_resource_group_name}` in the configuration instead of hard-coding the value `rg-management-$${starter_location_01}`. -NOTE: You cannot build a custom name based on another custom name. You can only build a custom name based on the templated variables. +/* +--- Custom Replacements --- +You can define custom replacements to use throughout the configuration. */ -custom_names = { - # Resource group names - management_resource_group_name = "rg-management-$${starter_location_01}" +custom_replacements = { + /* + --- Custom Name Replacements --- + You can define custom names and other strings to use throughout the configuration. + You can only use the built in replacements in this section. + NOTE: You cannot refer to another custom name in this variable. + */ + names = { + # Resource group names + management_resource_group_name = "rg-management-$${starter_location_01}" + connectivity_hub_primary_resource_group_name = "rg-hub-$${starter_location_01}" + connectivity_hub_secondary_resource_group_name = "rg-hub-$${starter_location_02}" + dns_resource_group_name = "rg-hub-dns-$${starter_location_01}" + ddos_resource_group_name = "rg-hub-ddos-$${starter_location_01}" - connectivity_hub_primary_resource_group_name = "rg-hub-$${starter_location_01}" - connectivity_hub_secondary_resource_group_name = "rg-hub-$${starter_location_02}" - dns_resource_group_name = "rg-hub-dns-$${starter_location_01}" - ddos_resource_group_name = "rg-hub-ddos-$${starter_location_01}" + # Resource names + log_analytics_workspace_name = "law-management-$${starter_location_01}" + ddos_protection_plan_name = "ddos-hub-$${starter_location_01}" + automation_account_name = "aa-management-$${starter_location_01}" + ama_user_assigned_managed_identity_name = "uami-management-ama-$${starter_location_01}" + dcr_change_tracking_name = "dcr-change-tracking" + dcr_defender_sql_name = "dcr-defender-sql" + dcr_vm_insights_name = "dcr-vm-insights" + } - # Resource names - log_analytics_workspace_name = "law-management-$${starter_location_01}" - ddos_protection_plan_name = "ddos-hub-$${starter_location_01}" - automation_account_name = "aa-management-$${starter_location_01}" - ama_user_assigned_managed_identity_name = "uami-management-ama-$${starter_location_01}" - dcr_change_tracking_name = "dcr-change-tracking" - dcr_defender_sql_name = "dcr-defender-sql" - dcr_vm_insights_name = "dcr-vm-insights" + /* + --- Custom Resource Group Identifier Replacements --- + You can define custom resource group identifiers to use throughout the configuration. + You can only use the templated variables and custom names in this section. + NOTE: You cannot refer to another custom resource group identifier in this variable. + */ + resource_group_identifiers = { + management_resource_group_id = "/subscriptions/$${subscription_id_management}/resourcegroups/$${management_resource_group_name}" + ddos_protection_plan_resource_group_id = "/subscriptions/$${subscription_id_connectivity}/resourcegroups/$${ddos_resource_group_name}" + } - # Resource identifiers - management_resource_group_id = "/subscriptions/$${subscription_id_management}/resourcegroups/rg-management-$${starter_location_01}" + /* + --- Custom Resource Identifier Replacements --- + You can define custom resource identifiers to use throughout the configuration. + You can only use the templated variables, custom names and customer resource group identifiers in this variable. + NOTE: You cannot refer to another custom resource identifier in this variable. + */ + resource_identifiers = { + ama_change_tracking_data_collection_rule_id = "$${management_resource_group_id}/providers/Microsoft.Insights/dataCollectionRules/$${dcr_change_tracking_name}" + ama_mdfc_sql_data_collection_rule_id = "$${management_resource_group_id}/providers/Microsoft.Insights/dataCollectionRules/$${dcr_defender_sql_name}" + ama_vm_insights_data_collection_rule_id = "$${management_resource_group_id}/providers/Microsoft.Insights/dataCollectionRules/$${dcr_vm_insights_name}" + ama_user_assigned_managed_identity_id = "$${management_resource_group_id}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$${ama_user_assigned_managed_identity_name}" + log_analytics_workspace_id = "$${management_resource_group_id}/providers/Microsoft.OperationalInsights/workspaces/$${log_analytics_workspace_name}" + ddos_protection_plan_id = "$${ddos_protection_plan_resource_group_id}/providers/Microsoft.Network/ddosProtectionPlans/$${ddos_protection_plan_name}" + } } enable_telemetry = false @@ -70,13 +99,13 @@ management_group_settings = { architecture_name = "alz" parent_resource_id = "$${root_parent_management_group_id}" policy_default_values = { - ama_change_tracking_data_collection_rule_id = "$${management_resource_group_id}/providers/Microsoft.Insights/dataCollectionRules/$${dcr_change_tracking_name}" - ama_mdfc_sql_data_collection_rule_id = "$${management_resource_group_id}/providers/Microsoft.Insights/dataCollectionRules/$${dcr_defender_sql_name}" - ama_vm_insights_data_collection_rule_id = "$${management_resource_group_id}/providers/Microsoft.Insights/dataCollectionRules/$${dcr_vm_insights_name}" - ama_user_assigned_managed_identity_id = "$${management_resource_group_id}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$${ama_user_assigned_managed_identity_name}" - ama_user_assigned_managed_identity_name = "uami-management-ama-$${starter_location_01}" - log_analytics_workspace_id = "$${management_resource_group_id}/providers/Microsoft.OperationalInsights/workspaces/$${log_analytics_workspace_name}" - ddos_protection_plan_id = "$${management_resource_group_id}/providers/Microsoft.Network/ddosProtectionPlans/$${ddos_protection_plan_name}" + ama_change_tracking_data_collection_rule_id = "$${ama_change_tracking_data_collection_rule_id}" + ama_mdfc_sql_data_collection_rule_id = "$${ama_mdfc_sql_data_collection_rule_id}" + ama_vm_insights_data_collection_rule_id = "$${ama_vm_insights_data_collection_rule_id}" + ama_user_assigned_managed_identity_id = "$${ama_user_assigned_managed_identity_id}" + ama_user_assigned_managed_identity_name = "$${ama_user_assigned_managed_identity_name}" + log_analytics_workspace_id = "$${log_analytics_workspace_id}" + ddos_protection_plan_id = "$${ddos_protection_plan_id}" private_dns_zone_subscription_id = "$${subscription_id_connectivity}" private_dns_zone_region = "$${starter_location_01}" private_dns_zone_resource_group_name = "$${dns_resource_group_name}" diff --git a/templates/avm/lib/alz_library_metadata.json b/templates/avm/lib/alz_library_metadata.json new file mode 100644 index 0000000..5685b80 --- /dev/null +++ b/templates/avm/lib/alz_library_metadata.json @@ -0,0 +1,12 @@ +{ + "$schema": "https://raw.githubusercontent.com/Azure/Azure-Landing-Zones-Library/main/schemas/library_metadata.json", + "name": "local", + "display_name": "Financial Services Industry", + "description": "This library provides the reference set of Financial Services Industry (FSI) policies, archetypes, and management group architecture.", + "dependencies": [ + { + "path": "platform/alz", + "ref": "2024.11.0" + } + ] +} \ No newline at end of file diff --git a/templates/avm/locals.config.tf b/templates/avm/locals.config.tf index ed47059..6c8fcb6 100644 --- a/templates/avm/locals.config.tf +++ b/templates/avm/locals.config.tf @@ -1,5 +1,5 @@ locals { - config_template_file_variables = { + built_in_replacements = { starter_location_01 = var.starter_locations[0] starter_location_02 = try(var.starter_locations[1], null) starter_location_03 = try(var.starter_locations[2], null) @@ -47,13 +47,38 @@ locals { } } +# Custom name replacements locals { - custom_names_json = tostring(jsonencode(var.custom_names)) - custom_names_json_templated = templatestring(local.custom_names_json, local.config_template_file_variables) + custom_names_json = tostring(jsonencode(var.custom_replacements.names)) + custom_names_json_templated = templatestring(local.custom_names_json, local.built_in_replacements) custom_names_json_final = replace(replace(local.custom_names_json_templated, "\"[", "["), "]\"", "]") custom_names = jsondecode(local.custom_names_json_final) } locals { - template_replacements = merge(local.config_template_file_variables, local.custom_names) + custom_name_replacements = merge(local.built_in_replacements, local.custom_names) +} + +# Custom resource group identifiers +locals { + custom_resource_group_identifiers_json = tostring(jsonencode(var.custom_replacements.resource_group_identifiers)) + custom_resource_group_identifiers_json_templated = templatestring(local.custom_resource_group_identifiers_json, local.custom_name_replacements) + custom_resource_group_identifiers_json_final = replace(replace(local.custom_resource_group_identifiers_json_templated, "\"[", "["), "]\"", "]") + custom_resource_group_identifiers = jsondecode(local.custom_resource_group_identifiers_json_final) +} + +locals { + custom_resource_group_replacements = merge(local.custom_name_replacements, local.custom_resource_group_identifiers) +} + +# Custom resource identifiers +locals { + custom_resource_identifiers_json = tostring(jsonencode(var.custom_replacements.resource_identifiers)) + custom_resource_identifiers_json_templated = templatestring(local.custom_resource_identifiers_json, local.custom_resource_group_replacements) + custom_resource_identifiers_json_final = replace(replace(local.custom_resource_identifiers_json_templated, "\"[", "["), "]\"", "]") + custom_resource_identifiers = jsondecode(local.custom_resource_identifiers_json_final) +} + +locals { + template_replacements = merge(local.custom_resource_group_replacements, local.custom_resource_identifiers) } diff --git a/templates/avm/locals.management.tf b/templates/avm/locals.management.tf index b28a105..7781ff9 100644 --- a/templates/avm/locals.management.tf +++ b/templates/avm/locals.management.tf @@ -11,3 +11,18 @@ locals { management_group_settings_json_final = replace(replace(local.management_group_settings_json_templated, "\"[", "["), "]\"", "]") management_group_settings = jsondecode(local.management_group_settings_json_final) } + +locals { + management_group_dependencies = { + policy_assignments = [ + module.management_resources, + module.hub_and_spoke_vnet, + module.virtual_wan + ] + policy_role_assignments = [ + module.management_resources, + module.hub_and_spoke_vnet, + module.virtual_wan + ] + } +} \ No newline at end of file diff --git a/templates/avm/main.management.tf b/templates/avm/main.management.tf index 0765f71..b606c85 100644 --- a/templates/avm/main.management.tf +++ b/templates/avm/main.management.tf @@ -14,16 +14,5 @@ module "management_groups" { enable_telemetry = var.enable_telemetry management_group_settings = local.management_group_settings - dependencies = { - policy_assignments = [ - module.management_resources, - module.hub_and_spoke_vnet, - module.virtual_wan - ] - policy_role_assignments = [ - module.management_resources, - module.hub_and_spoke_vnet, - module.virtual_wan - ] - } + dependencies = local.management_group_dependencies } diff --git a/templates/avm/terraform.tf b/templates/avm/terraform.tf index 492d59d..b1335a2 100644 --- a/templates/avm/terraform.tf +++ b/templates/avm/terraform.tf @@ -24,10 +24,6 @@ terraform { provider "alz" { library_overwrite_enabled = true library_references = [ - { - path = "platform/alz" - ref = "2024.11.0" - }, { custom_url = "${path.root}/lib" } diff --git a/templates/avm/variables.tf b/templates/avm/variables.tf index bc32418..62aa26b 100644 --- a/templates/avm/variables.tf +++ b/templates/avm/variables.tf @@ -30,8 +30,16 @@ variable "enable_telemetry" { description = "Flag to enable/disable telemetry" } -variable "custom_names" { - type = map(string) - default = {} - description = "Custom names for resources" +variable "custom_replacements" { + type = object({ + names = optional(map(string), {}) + resource_group_identifiers = optional(map(string), {}) + resource_identifiers = optional(map(string), {}) + }) + default = { + names = {} + resource_group_identifiers = {} + resource_identifiers = {} + } + description = "Custom replacements" }