This is a simple example of the Cloud Adoption Framework subscription vending guidance to show how you can automate the deployment of new application landing zones with an integration to the platform team operated IPAM tool. In this example we are using Azure IPAM but it could be any IPAM tool with an accessible API to reserve/get an unused address space. Read more about Subscription vending at https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/subscription-vending
- Azure IPAM or any other IPAM with an API to request an unused address space
- Service Principal with permission to access the IPAM and to deploy new landing zones Bicep lz vending module permissions
- Change workflow environment variables to fit your environment
Azure IPAM with the concept of Spaces and Blocks for IP address management. Here we have configured a simple block for 10.50.0.0/16 to be further segmented into smaller landing zones.
Fill in details like subscription name, management group placement, virtual network name for the new landing zone. Notice that we are not setting the address space for the virtual network here. We will get the address space from Azure IPAM to not conflict with other address spaces in our Azure environment.
Single workflow combining the IPAM API call and the landing zone deployment with Bicep landing zone vending module.
The new landing zone has been provisioned with a virtual network having the next available address space from the Azure IPAM block 10.50.0.0/16. Notice the tag on the virtual network which Azure IPAM uses to map the address space reservation to the new virtual network for documentation.
Azure IPAM documents all our virtual networks and the mapping to the configured address space blocks.
- Input validations
- Workflow improvements
- vWAN and hub-spoke flexibility
- Multiple vnets in one landing zone
- Multiple landing zones (parameter files) in one deployment
Contributions, issues, and feature requests are welcome! 🤝
Give a ⭐️ if you like this project!
Thanks to the maintainers of Bicep lz vending module and the Azure IPAM project for inspiration and code examples!