├── .DS_Store ├── .devcontainer └── devcontainer.json ├── .gitattributes ├── .github ├── dependabot.yml ├── release-drafter.yml └── workflows │ ├── deploy.yml │ ├── release-drafter.yml │ └── test-deploy.yml ├── .gitignore ├── .vscode └── tasks.json ├── CODE_OF_CONDUCT.md ├── LICENSE ├── README.md ├── scripts └── setup.sh ├── website ├── .gitignore ├── README.md ├── babel.config.js ├── blog │ ├── 2019-05-28-first-blog-post.md │ ├── 2019-05-29-long-blog-post.md │ ├── 2021-08-01-mdx-blog-post.mdx │ ├── 2021-08-26-welcome │ │ ├── docusaurus-plushie-banner.jpeg │ │ └── index.md │ └── authors.yml ├── docs │ ├── azure-landing-zones │ │ └── landingzones │ │ │ ├── intro.md │ │ │ ├── platform │ │ │ ├── choice.md │ │ │ ├── codespace1.png │ │ │ ├── codespace2.png │ │ │ ├── codespace3.png │ │ │ ├── create-repo-from-template.png │ │ │ ├── extension-remote-containers.png │ │ │ ├── files_reference.md │ │ │ ├── find-replace.png │ │ │ ├── level0-launchpad-readme.png │ │ │ ├── org-setup.mdx │ │ │ ├── replace.png │ │ │ ├── repo-tag.png │ │ │ ├── single reuse │ │ │ │ ├── getting-started.png │ │ │ │ └── intro.md │ │ │ ├── vscode-new-terminal.png │ │ │ ├── vscode-open-zsh.png │ │ │ ├── vscode-orgs-template-folder-structure.png │ │ │ ├── vscode-reopen-container.png │ │ │ ├── vscode-trust-folder.png │ │ │ ├── vscode-zsh.png │ │ │ └── vscode.png │ │ │ └── process-alz.png │ ├── fundamentals │ │ ├── composition.md │ │ ├── compute.md │ │ ├── intro.md │ │ └── pictures │ │ │ ├── terraform-model-gitops.png │ │ │ ├── terraform-model-levels-svm.png │ │ │ ├── terraform-model-levels.png │ │ │ └── terraform-model-levels3-4.png │ ├── intro.mdx │ ├── module │ │ └── intro.md │ ├── provider │ │ └── intro.md │ ├── rover │ │ ├── commands.md │ │ ├── ignite.md │ │ ├── init.md │ │ ├── intro.mdx │ │ ├── rover-ignite.png │ │ ├── terraform-dev-rover.png │ │ ├── tfc.md │ │ └── tools.md │ ├── terraform-sre-components.png │ └── terraform-sre-functions.png ├── docusaurus.config.js ├── package.json ├── sidebars.js ├── src │ ├── components │ │ ├── HomepageFeatures.js │ │ └── HomepageFeatures.module.css │ ├── css │ │ └── custom.css │ └── pages │ │ ├── index.js │ │ ├── index.module.css │ │ └── markdown-page.md ├── staging-docs │ ├── contributors │ │ ├── architecture │ │ │ └── intro.md │ │ ├── community │ │ │ └── intro.md │ │ └── conventions │ │ │ └── intro.md │ └── gitops │ │ └── intro.md ├── static │ ├── .nojekyll │ └── img │ │ ├── docusaurus.png │ │ ├── favicon.ico │ │ ├── homepage.png │ │ ├── landingzones.ico │ │ ├── logo_landingzone.png │ │ ├── undraw_docusaurus_mountain.svg │ │ ├── undraw_docusaurus_react.svg │ │ └── undraw_docusaurus_tree.svg ├── versioned_docs │ └── version-2203.1 │ │ ├── azure-landing-zones │ │ └── landingzones │ │ │ ├── intro.md │ │ │ ├── platform │ │ │ ├── choice.md │ │ │ ├── codespace1.png │ │ │ ├── codespace2.png │ │ │ ├── codespace3.png │ │ │ ├── create-repo-from-template.png │ │ │ ├── extension-remote-containers.png │ │ │ ├── files_reference.md │ │ │ ├── find-replace.png │ │ │ ├── level0-launchpad-readme.png │ │ │ ├── org-setup.mdx │ │ │ ├── replace.png │ │ │ ├── repo-tag.png │ │ │ ├── single reuse │ │ │ │ ├── getting-started.png │ │ │ │ └── intro.md │ │ │ ├── vscode-new-terminal.png │ │ │ ├── vscode-open-zsh.png │ │ │ ├── vscode-orgs-template-folder-structure.png │ │ │ ├── vscode-reopen-container.png │ │ │ ├── vscode-trust-folder.png │ │ │ ├── vscode-zsh.png │ │ │ └── vscode.png │ │ │ └── process-alz.png │ │ ├── fundamentals │ │ ├── composition.md │ │ ├── compute.md │ │ ├── intro.md │ │ └── pictures │ │ │ ├── terraform-model-gitops.png │ │ │ ├── terraform-model-levels-svm.png │ │ │ ├── terraform-model-levels.png │ │ │ └── terraform-model-levels3-4.png │ │ ├── intro.mdx │ │ ├── module │ │ └── intro.md │ │ ├── provider │ │ └── intro.md │ │ ├── rover │ │ ├── commands.md │ │ ├── ignite.md │ │ ├── intro.mdx │ │ ├── rover-ignite.png │ │ ├── terraform-dev-rover.png │ │ ├── tfc.md │ │ └── tools.md │ │ ├── terraform-sre-components.png │ │ └── terraform-sre-functions.png ├── versioned_sidebars │ └── version-2203.1-sidebars.json ├── versions.json └── yarn.lock └── yarn.lock /.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/.DS_Store -------------------------------------------------------------------------------- /.devcontainer/devcontainer.json: -------------------------------------------------------------------------------- 1 | { 2 | "image": "mcr.microsoft.com/vscode/devcontainers/base:ubuntu-22.04", 3 | "customizations": { 4 | "vscode": { 5 | "settings": { 6 | "[typescript]": { 7 | "editor.defaultFormatter": "esbenp.prettier-vscode", 8 | "editor.formatOnSave": true 9 | }, 10 | "[json]": { 11 | "editor.defaultFormatter": "esbenp.prettier-vscode", 12 | "editor.formatOnSave": true 13 | }, 14 | "[jsonc]": { 15 | "editor.defaultFormatter": "esbenp.prettier-vscode", 16 | "editor.formatOnSave": true 17 | } 18 | }, 19 | "extensions": [ 20 | "dbaeumer.vscode-eslint", 21 | "orta.vscode-jest", 22 | "esbenp.prettier-vscode", 23 | "streetsidesoftware.code-spell-checker", 24 | "ms-vscode.wordcount", 25 | "GitHub.copilot" 26 | ] 27 | } 28 | }, 29 | "forwardPorts": [3000], 30 | "containerUser": "vscode", 31 | "postCreateCommand": "yarn install", 32 | "waitFor": "postCreateCommand", // otherwise automated jest tests fail 33 | "features": { 34 | "node": { 35 | "version": "20" 36 | }, 37 | "github-cli": "latest" 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | * text=auto eol=lf 2 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: "github-actions" 4 | directory: "/" 5 | schedule: 6 | interval: "daily" 7 | - package-ecosystem: "npm" 8 | directory: "/website" 9 | schedule: 10 | interval: "daily" 11 | -------------------------------------------------------------------------------- /.github/release-drafter.yml: -------------------------------------------------------------------------------- 1 | name-template: '$RESOLVED_VERSION' 2 | tag-template: '$RESOLVED_VERSION' 3 | categories: 4 | - title: 'Features' 5 | labels: 6 | - 'feature' 7 | - 'new submodule' 8 | - title: 'Enhancements' 9 | labels: 10 | - 'enhancement' 11 | - title: 'Bug Fixes' 12 | labels: 13 | - 'fix' 14 | - 'bugfix' 15 | - 'bug' 16 | change-template: '- $TITLE (#$NUMBER)' 17 | change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks. 18 | version-resolver: 19 | major: 20 | labels: 21 | - 'major' 22 | minor: 23 | labels: 24 | - 'minor' 25 | patch: 26 | labels: 27 | - 'patch' 28 | default: patch 29 | template: | 30 | $CHANGES -------------------------------------------------------------------------------- /.github/workflows/deploy.yml: -------------------------------------------------------------------------------- 1 | name: Deploy to GitHub Pages 2 | 3 | on: 4 | push: 5 | branches: [main] 6 | 7 | jobs: 8 | deploy: 9 | name: Deploy to GitHub Pages 10 | runs-on: ubuntu-latest 11 | steps: 12 | - uses: actions/checkout@v4 13 | - uses: actions/setup-node@v4 14 | with: 15 | node-version: 20.x 16 | - name: Build website 17 | working-directory: website 18 | run: | 19 | yarn install --frozen-lockfile 20 | yarn build 21 | 22 | # Popular action to deploy to GitHub Pages: 23 | # Docs: https://github.com/peaceiris/actions-gh-pages#%EF%B8%8F-docusaurus 24 | - name: Deploy to GitHub Pages 25 | uses: peaceiris/actions-gh-pages@v4 26 | with: 27 | github_token: ${{ secrets.GITHUB_TOKEN }} 28 | # Build output to publish to the `gh-pages` branch: 29 | publish_dir: ./website/build 30 | # Assign commit authorship to the official GH-Actions bot for deploys to `gh-pages` branch: 31 | # https://github.com/actions/checkout/issues/13#issuecomment-724415212 32 | # The GH actions bot is used by default if you didn't specify the two fields. 33 | # You can swap them out with your own user credentials. 34 | user_name: github-actions[bot] 35 | user_email: github-actions[bot]@users.noreply.github.com -------------------------------------------------------------------------------- /.github/workflows/release-drafter.yml: -------------------------------------------------------------------------------- 1 | name: Release Drafter 2 | 3 | on: 4 | push: 5 | # branches to consider in the event; optional, defaults to all 6 | branches: 7 | - master 8 | 9 | jobs: 10 | update_release_draft: 11 | runs-on: ubuntu-latest 12 | steps: 13 | # Drafts your next Release notes as Pull Requests are merged into "master" 14 | - uses: release-drafter/release-drafter@v6 15 | #with: 16 | # (Optional) specify config name to use, relative to .github/. Default: release-drafter.yml 17 | # config-name: my-config.yml 18 | env: 19 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} -------------------------------------------------------------------------------- /.github/workflows/test-deploy.yml: -------------------------------------------------------------------------------- 1 | name: Test deployment 2 | 3 | on: 4 | pull_request: 5 | branches: [main] 6 | paths: [website/**] 7 | 8 | jobs: 9 | test-deploy: 10 | name: Test deployment 11 | runs-on: ubuntu-latest 12 | steps: 13 | - uses: actions/checkout@v4 14 | - uses: actions/setup-node@v4 15 | with: 16 | node-version: 20.x 17 | cache: yarn 18 | cache-dependency-path: website/yarn.lock 19 | - name: Install dependencies 20 | working-directory: website 21 | run: yarn install --frozen-lockfile 22 | - name: Test build website 23 | working-directory: website 24 | run: yarn build -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | starter 2 | package-lock.json 3 | __pycache__ 4 | node_modules -------------------------------------------------------------------------------- /.vscode/tasks.json: -------------------------------------------------------------------------------- 1 | { 2 | "version": "2.0.0", 3 | "tasks": [ 4 | { 5 | "label": ">Docusaurus build", 6 | "type": "shell", 7 | "command": "yarn build", 8 | "options": { 9 | "cwd": "${workspaceFolder}/website" 10 | }, 11 | "group": { 12 | "kind": "build", 13 | "isDefault": true 14 | }, 15 | "presentation": { 16 | "reveal": "always" 17 | }, 18 | "problemMatcher": [] 19 | }, 20 | { 21 | "label": ">Docusaurus serve", 22 | "type": "shell", 23 | "command": "yarn serve", 24 | "options": { 25 | "cwd": "${workspaceFolder}/website" 26 | }, 27 | "group": { 28 | "kind": "test", 29 | "isDefault": true 30 | }, 31 | "presentation": { 32 | "reveal": "always" 33 | }, 34 | "problemMatcher": [] 35 | }, 36 | { 37 | "label": ">Docusaurus upgrade", 38 | "type": "shell", 39 | "command": "yarn upgrade", 40 | "options": { 41 | "cwd": "${workspaceFolder}/website" 42 | }, 43 | "group": { 44 | "kind": "test", 45 | "isDefault": true 46 | }, 47 | "presentation": { 48 | "reveal": "always" 49 | }, 50 | "problemMatcher": [] 51 | } 52 | ] 53 | } -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Microsoft Open Source Code of Conduct 2 | 3 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). 4 | 5 | Resources: 6 | 7 | - [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/) 8 | - [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) 9 | - Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns 10 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 Microsoft 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Azure Terraform SRE documentation 2 | 3 | This repository centralizes documentation and guidance efforts to deploy Azure Terraform SRE landing zones. 4 | 5 | ## Community 6 | 7 | Feel free to open an issue for feature or bug, or to submit a PR. 8 | 9 | In case you have any question, you can reach out to tf-landingzones at microsoft dot com. 10 | 11 | You can also reach us on [Gitter](https://gitter.im/aztfmod/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge) 12 | 13 | ## Contributing 14 | 15 | This project welcomes contributions and suggestions. Most contributions require you to agree to a 16 | Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us 17 | the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com. 18 | 19 | When you submit a pull request, a CLA bot will automatically determine whether you need to provide 20 | a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions 21 | provided by the bot. You will only need to do this once across all repos using our CLA. 22 | 23 | ## Code of conduct 24 | 25 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). 26 | For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or 27 | contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. 28 | -------------------------------------------------------------------------------- /scripts/setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | function install { 4 | curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | sudo tee /usr/share/keyrings/yarnkey.gpg >/dev/null 5 | echo "deb [signed-by=/usr/share/keyrings/yarnkey.gpg] https://dl.yarnpkg.com/debian stable main" | sudo tee /etc/apt/sources.list.d/yarn.list 6 | curl -sL https://deb.nodesource.com/setup_16.x -o nodesource_setup.sh 7 | chmod +x nodesource_setup.sh 8 | sudo nodesource_setup.sh 9 | rm -rf nodesource_setup.sh 10 | 11 | sudo apt-get install -y nodejs yarn 12 | } 13 | 14 | if [ -z $(which node) ]; then 15 | echo "node is not installed" 16 | install node 17 | fi 18 | 19 | sudo apt upgrade -y 20 | 21 | echo "node $(node -v) is installed." -------------------------------------------------------------------------------- /website/.gitignore: -------------------------------------------------------------------------------- 1 | # Dependencies 2 | /node_modules 3 | 4 | # Production 5 | /build 6 | 7 | # Generated files 8 | .docusaurus 9 | .cache-loader 10 | 11 | # Misc 12 | .DS_Store 13 | .env.local 14 | .env.development.local 15 | .env.test.local 16 | .env.production.local 17 | 18 | npm-debug.log* 19 | yarn-debug.log* 20 | yarn-error.log* 21 | -------------------------------------------------------------------------------- /website/README.md: -------------------------------------------------------------------------------- 1 | # Website 2 | 3 | This website is built using [Docusaurus 2](https://docusaurus.io/), a modern static website generator. 4 | 5 | ### Installation 6 | 7 | ``` 8 | $ yarn 9 | ``` 10 | 11 | ### Local Development 12 | 13 | ``` 14 | $ yarn start 15 | ``` 16 | 17 | This command starts a local development server and opens up a browser window. Most changes are reflected live without having to restart the server. 18 | 19 | ### Build 20 | 21 | ``` 22 | $ yarn build 23 | ``` 24 | 25 | This command generates static content into the `build` directory and can be served using any static contents hosting service. 26 | 27 | ### Deployment 28 | 29 | Using SSH: 30 | 31 | ``` 32 | $ USE_SSH=true yarn deploy 33 | ``` 34 | 35 | Not using SSH: 36 | 37 | ``` 38 | $ GIT_USER= yarn deploy 39 | ``` 40 | 41 | If you are using GitHub pages for hosting, this command is a convenient way to build the website and push to the `gh-pages` branch. 42 | -------------------------------------------------------------------------------- /website/babel.config.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | presets: [require.resolve('@docusaurus/core/lib/babel/preset')], 3 | }; 4 | -------------------------------------------------------------------------------- /website/blog/2019-05-28-first-blog-post.md: -------------------------------------------------------------------------------- 1 | --- 2 | slug: first-blog-post 3 | title: First Blog Post 4 | authors: 5 | name: Gao Wei 6 | title: Docusaurus Core Team 7 | url: https://github.com/wgao19 8 | image_url: https://github.com/wgao19.png 9 | tags: [hola, docusaurus] 10 | --- 11 | 12 | Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet 13 | -------------------------------------------------------------------------------- /website/blog/2019-05-29-long-blog-post.md: -------------------------------------------------------------------------------- 1 | --- 2 | slug: long-blog-post 3 | title: Long Blog Post 4 | authors: endi 5 | tags: [hello, docusaurus] 6 | --- 7 | 8 | This is the summary of a very long blog post, 9 | 10 | Use a `` comment to limit blog post size in the list view. 11 | 12 | 13 | 14 | Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet 15 | 16 | Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet 17 | 18 | Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet 19 | 20 | Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet 21 | 22 | Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet 23 | 24 | Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet 25 | 26 | Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet 27 | 28 | Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet 29 | 30 | Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet 31 | 32 | Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet 33 | 34 | Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet 35 | 36 | Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet 37 | 38 | Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet 39 | 40 | Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet 41 | 42 | Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet 43 | 44 | Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque elementum dignissim ultricies. Fusce rhoncus ipsum tempor eros aliquam consequat. Lorem ipsum dolor sit amet 45 | -------------------------------------------------------------------------------- /website/blog/2021-08-01-mdx-blog-post.mdx: -------------------------------------------------------------------------------- 1 | --- 2 | slug: mdx-blog-post 3 | title: MDX Blog Post 4 | authors: [slorber] 5 | tags: [docusaurus] 6 | --- 7 | 8 | Blog posts support [Docusaurus Markdown features](https://docusaurus.io/docs/markdown-features), such as [MDX](https://mdxjs.com/). 9 | 10 | :::tip 11 | 12 | Use the power of React to create interactive blog posts. 13 | 14 | ```js 15 | 16 | ``` 17 | 18 | 19 | 20 | ::: 21 | -------------------------------------------------------------------------------- /website/blog/2021-08-26-welcome/docusaurus-plushie-banner.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/blog/2021-08-26-welcome/docusaurus-plushie-banner.jpeg -------------------------------------------------------------------------------- /website/blog/2021-08-26-welcome/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | slug: welcome 3 | title: Welcome 4 | authors: [slorber, yangshun] 5 | tags: [facebook, hello, docusaurus] 6 | --- 7 | 8 | [Docusaurus blogging features](https://docusaurus.io/docs/blog) are powered by the [blog plugin](https://docusaurus.io/docs/api/plugins/@docusaurus/plugin-content-blog). 9 | 10 | Simply add Markdown files (or folders) to the `blog` directory. 11 | 12 | Regular blog authors can be added to `authors.yml`. 13 | 14 | The blog post date can be extracted from filenames, such as: 15 | 16 | - `2019-05-30-welcome.md` 17 | - `2019-05-30-welcome/index.md` 18 | 19 | A blog post folder can be convenient to co-locate blog post images: 20 | 21 | ![Docusaurus Plushie](./docusaurus-plushie-banner.jpeg) 22 | 23 | The blog supports tags as well! 24 | 25 | **And if you don't want a blog**: just delete this directory, and use `blog: false` in your Docusaurus config. 26 | -------------------------------------------------------------------------------- /website/blog/authors.yml: -------------------------------------------------------------------------------- 1 | endi: 2 | name: Endilie Yacop Sucipto 3 | title: Maintainer of Docusaurus 4 | url: https://github.com/endiliey 5 | image_url: https://github.com/endiliey.png 6 | 7 | yangshun: 8 | name: Yangshun Tay 9 | title: Front End Engineer @ Facebook 10 | url: https://github.com/yangshun 11 | image_url: https://github.com/yangshun.png 12 | 13 | slorber: 14 | name: Sébastien Lorber 15 | title: Docusaurus maintainer 16 | url: https://sebastienlorber.com 17 | image_url: https://github.com/slorber.png 18 | -------------------------------------------------------------------------------- /website/docs/azure-landing-zones/landingzones/intro.md: -------------------------------------------------------------------------------- 1 | --- 2 | id: alz-intro 3 | sidebar_position: 1 4 | --- 5 | 6 | # Getting started 7 | 8 | ## Deploy your first platform landing zones 9 | 10 | In this tutorial you are going to learn how to build the Azure Platform Landing zones with the Azure Terraform SRE (CAF) for Azure Terraform landing zones. It is a framework that requires to have both **advanced knowledge of Terraform and Azure services**. 11 | 12 | It is assumed the reader has already deep knowledge of the CAF (https://aka.ms/caf). 13 | It is recommended to be certified to the Azure Architecture track. 14 | 15 | This tutorial will guide you on how to deploy the Platform landing zones and includes: 16 | 17 | - Azure Remote State management (launchpad) 18 | - Azure landing zones (formerly called Enterprise-Scale) for management groups, policy definitions, policy assignments and RBAC 19 | - Identity services (Azure Active Directory Services, extend your on-premise Active Directory Domain Services...) 20 | - Monitoring services 21 | - Connectivity services (virtual WAN, private DNS zones, egress firewall...) 22 | 23 | The steps in the tutorial will guide you through the following process: 24 | 25 | ![Creation of Azure landing zones environment](./process-alz.png) -------------------------------------------------------------------------------- /website/docs/azure-landing-zones/landingzones/platform/choice.md: -------------------------------------------------------------------------------- 1 | --- 2 | id: eslz-choices 3 | sidebar_position: 2 4 | --- 5 | 6 | # Choose your deployment mode 7 | 8 | 9 | Based on your configuration you can select the following deployment guide: 10 | 11 | | Scenario | Prerequisites | Link | 12 | |--------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------| 13 | | Single subscription lab | - **Azure Active Directory**: Global administrator.
- **Subscription**: 1 pre-created subscription, with owner privileges
- **Management groups**: "Management Group Contributor" permissions on a branch or root management group. | [Getting started](./single%20reuse/intro.md) | 14 | | Multi subscriptions (reuse existing subscriptions) | - **Azure Active Directory**: User.
- **Subscription**: 4 pre-created subscriptions, with owner privileges
- **Management groups**: "management group contributor" permissions on a branch or root management group. | [Documentation to be published](./choice.md) | 15 | | Multi subscriptions (creating new subscriptions with EA/MCA) | - **Azure Enterprise Agreement or MCA**: User with department permissions to create.
- **Azure Active Directory**: User.
- **Subscription**: 1 pre-created subscription, with owner privileges
- **Management groups**: "management group contributor" permissions on a branch or root management group. | [Documentation to be published](./choice.md) | 16 | -------------------------------------------------------------------------------- /website/docs/azure-landing-zones/landingzones/platform/codespace1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/docs/azure-landing-zones/landingzones/platform/codespace1.png -------------------------------------------------------------------------------- /website/docs/azure-landing-zones/landingzones/platform/codespace2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/docs/azure-landing-zones/landingzones/platform/codespace2.png -------------------------------------------------------------------------------- /website/docs/azure-landing-zones/landingzones/platform/codespace3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/docs/azure-landing-zones/landingzones/platform/codespace3.png -------------------------------------------------------------------------------- /website/docs/azure-landing-zones/landingzones/platform/create-repo-from-template.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/docs/azure-landing-zones/landingzones/platform/create-repo-from-template.png -------------------------------------------------------------------------------- /website/docs/azure-landing-zones/landingzones/platform/extension-remote-containers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/docs/azure-landing-zones/landingzones/platform/extension-remote-containers.png -------------------------------------------------------------------------------- /website/docs/azure-landing-zones/landingzones/platform/find-replace.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/docs/azure-landing-zones/landingzones/platform/find-replace.png -------------------------------------------------------------------------------- /website/docs/azure-landing-zones/landingzones/platform/level0-launchpad-readme.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/docs/azure-landing-zones/landingzones/platform/level0-launchpad-readme.png -------------------------------------------------------------------------------- /website/docs/azure-landing-zones/landingzones/platform/org-setup.mdx: -------------------------------------------------------------------------------- 1 | --- 2 | id: org-setup 3 | sidebar_position: 1 4 | --- 5 | import ReactPlayer from 'react-player' 6 | import Tabs from '@theme/Tabs'; 7 | import TabItem from '@theme/TabItem'; 8 | 9 | 10 | # Setup your organization 11 | 12 | 13 | ## Organize your private repository 14 | 15 | The first step is create a private repository in your current organization. It has to be a git repository. 16 | 17 | The video below shows you how to setup a private GitHub repository you are going to use to store the configuration of your platform landing zones. 18 | 19 | 20 | 21 | ### Clone the platform starter repository 22 | 23 | The platform starter project is an empty environment that get you started with your initial configuration files and create a coherent stack. 24 | 25 | The [platform starter project is here](https://github.com/Azure/caf-terraform-landingzones-platform-starter). 26 | 27 | If you are using it from GitHub, you can directly select "Use this template", once created you can clone it locally or open it in GitHub Codespace (use the tabs in the following section to get the steps for the desired method.) 28 | 29 | 30 | 31 | 32 | ```bash 33 | # Adjust the name of your organization and repository 34 | git clone git://github.com// contoso && cd contoso 35 | ``` 36 | 37 | You should observe: 38 | 39 | ```bash 40 | Cloning into 'contoso'... 41 | remote: Enumerating objects: 429, done. 42 | remote: Counting objects: 100% (429/429), done. 43 | remote: Compressing objects: 100% (320/320), done. 44 | remote: Total 429 (delta 110), reused 307 (delta 77), pack-reused 0 45 | Receiving objects: 100% (429/429), 2.93 MiB | 1.52 MiB/s, done. 46 | Resolving deltas: 100% (110/110), done. 47 | ``` 48 | 49 | Open Visual Studio Code from the contoso folder 50 | 51 | ```bash 52 | code . 53 | ``` 54 | 55 | Trust the repository 56 | 57 | ![](vscode-trust-folder.png) 58 | 59 | ### Visual Studio code 60 | 61 | Visual Studio code should open your cloned repository and display the following structure. 62 | 63 | ![](vscode.png) 64 | 65 | ### Add remote development extension 66 | 67 | Select the **Remote - Containers** extension and click Install. 68 | 69 | ![](extension-remote-containers.png) 70 | 71 | ### Re-open vscode in the dev container 72 | 73 | Click on the green bottom left button 74 | From the menu select the option 75 | 76 | ![](vscode-reopen-container.png) 77 | 78 | 79 | 80 | 81 | Once you have created your repo, create the Codespace: 82 | 83 | ![](codespace1.png) 84 | 85 | The Codespace is being instantiated: 86 | 87 | ![](codespace2.png) 88 | 89 | And you are ready to go: 90 | 91 | ![](codespace3.png) 92 | 93 | 94 | 95 | 96 | 97 | You should now see the following terminal. This terminal is where you will run all terminal commands described in this on-boarding tutorial. 98 | 99 | ![](vscode-zsh.png) 100 | 101 | 102 | ### Clone the Azure Terraform SRE landingzones code 103 | 104 | Now that you have the configuration folder ready to use, let's clone the logic of landing zones (the Terraform code) that we will use to run the commands. 105 | 106 | :::note 107 | The Azure Terraform SRE landingzones framework assumes the landingzones Terraform code is cloned in a repository called landingzones. 108 | ::: 109 | 110 | :::caution 111 | Do not use another name as **landingzones**. It is a convention used to drive consistency. 112 | ::: 113 | 114 | ```bash 115 | git clone https://github.com/Azure/caf-terraform-landingzones.git landingzones 116 | ``` 117 | 118 | ```bash 119 | Cloning into 'landingzones'... 120 | remote: Enumerating objects: 9067, done. 121 | remote: Counting objects: 100% (393/393), done. 122 | remote: Compressing objects: 100% (281/281), done. 123 | remote: Total 9067 (delta 161), reused 295 (delta 108), pack-reused 8674 124 | Receiving objects: 100% (9067/9067), 11.65 MiB | 6.83 MiB/s, done. 125 | Resolving deltas: 100% (5792/5792), done. 126 | Updating files: 100% (406/406), done. 127 | ``` 128 | 129 | ```bash 130 | # Go to the landingzones folder 131 | ➜ caf git:(main) ✗ cd landingzones 132 | 133 | # Note all folders are starting with /tf/caf in the devcontainers. 134 | ➜ landingzones git:(main) ✗ pwd 135 | /tf/caf/landingzones 136 | ➜ landingzones git:(main) ✗ 137 | ``` 138 | 139 | ### Switch to the selected landingzones tag 140 | 141 | Latest features on Azure Terraform SRE landingzones repository are released on regular basis. In order to align the deployment instructions, you need to make sure the Terraform code is also using the correct branch or tag.Please check the latest tag from the landingzones repo at https://github.com/Azure/caf-terraform-landingzones/releases . 142 | 143 | ![](repo-tag.png) 144 | 145 | From the terminal, run the following command to checkout to the latest tag: 146 | 147 | As, when we are updating the doc, latest tag available is 2203.1 as shown above. 148 | 149 | ```bash 150 | git checkout 2203.1 151 | 152 | Note: switching to '2203.1'. 153 | 154 | You are in 'detached HEAD' state. You can look around, make experimental 155 | changes and commit them, and you can discard any commits you make in this 156 | state without impacting any branches by switching back to a branch. 157 | ``` 158 | 159 | :::note 160 | The detached head is expected as your are getting to a tag (release version) and not into a branch. 161 | ::: 162 | 163 | Go to the next step to choose your scenario! 164 | -------------------------------------------------------------------------------- /website/docs/azure-landing-zones/landingzones/platform/replace.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/docs/azure-landing-zones/landingzones/platform/replace.png -------------------------------------------------------------------------------- /website/docs/azure-landing-zones/landingzones/platform/repo-tag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/docs/azure-landing-zones/landingzones/platform/repo-tag.png -------------------------------------------------------------------------------- /website/docs/azure-landing-zones/landingzones/platform/single reuse/getting-started.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/docs/azure-landing-zones/landingzones/platform/single reuse/getting-started.png -------------------------------------------------------------------------------- /website/docs/azure-landing-zones/landingzones/platform/single reuse/intro.md: -------------------------------------------------------------------------------- 1 | --- 2 | id: elsz-single-reuse 3 | sidebar_position: 1 4 | --- 5 | 6 | # Single subscription deployment lab 7 | 8 | ## Objectives 9 | 10 | Purpose of this lab is to get you started with a mono-subscription environment which will deploy full features and will allow you to experiment landing zones mechanisms and cross-state composition. It will create a platform definition you can then customize to your needs showing you a single Azure region with a production and non_production environment. 11 | 12 | ![image](https://user-images.githubusercontent.com/4702224/158935809-d1360dd6-a447-4e35-a6f8-7c8ac2966033.png) 13 | 14 | 15 | ## Required privileges 16 | 17 | :::note 18 | To deploy the platform landing zones, you need the following privileges 19 | 20 | Azure Active Directory: 21 | 22 | - Global Administrator 23 | 24 | Azure subscriptions: 25 | 26 | - 1 subscription with owner privileges. 27 | 28 | Management groups: 29 | 30 | - "management group contributor" permissions on a branch or root management group. 31 | 32 | ::: 33 | 34 | ## Login to Azure 35 | 36 | First step is to login to your Azure environment, you can simply run 37 | 38 | ```bash 39 | ➜ rover login 40 | 41 | /$$$$$$ /$$$$$$ /$$$$$$$$ /$$$$$$$ 42 | /$$__ $$ /$$__ $$| $$_____/ | $$__ $$ 43 | | $$ \__/| $$ \ $$| $$ | $$ \ $$ /$$$$$$ /$$ /$$/$$$$$$ /$$$$$$ 44 | | $$ | $$$$$$$$| $$$$$ | $$$$$$$/ /$$__ $$| $$ /$$/$$__ $$ /$$__ $$ 45 | | $$ | $$__ $$| $$__/ | $$__ $$| $$ \ $$ \ $$/$$/ $$$$$$$$| $$ \__/ 46 | | $$ $$| $$ | $$| $$ | $$ \ $$| $$ | $$ \ $$$/| $$_____/| $$ 47 | | $$$$$$/| $$ | $$| $$ | $$ | $$| $$$$$$/ \ $/ | $$$$$$$| $$ 48 | \______/ |__/ |__/|__/ |__/ |__/ \______/ \_/ \_______/|__/ 49 | 50 | 51 | version: aztfmod/rover:1.1.6-2202.2503 52 | 53 | @calling verify_azure_session 54 | 55 | Checking existing Azure session 56 | Login to azure with tenant terraformdev.onmicrosoft.com 57 | WARNING: To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code D9SPMXLU4 to authenticate. 58 | 59 | ``` 60 | 61 | Click on the URL [https://microsoft.com/devicelogin](https://microsoft.com/devicelogin), set the code and authenticate with your Azure Account. 62 | 63 | When the login is successful, you see the rover displaying the context of your Azure environment. Verify everything is correct. 64 | 65 | ```bash 66 | Set default subscription to 558a029f-aba1-47ff-b620-1d01350e2dd5 67 | Checking existing Azure session 68 | @calling process_target_subscription 69 | Set TF_VAR_tfstate_subscription_id variable to current session's subscription. 70 | caf_command login 71 | target_subscription_id 558a029f-aba1-47ff-b620-1d01350e2dd5 72 | TF_VAR_tfstate_subscription_id 558a029f-aba1-47ff-b620-1d01350e2dd5 73 | Resources from this landing zone are going to be deployed in the following subscription: 74 | { 75 | "environmentName": "AzureCloud", 76 | "homeTenantId": "6700cd11-1a2f-42e9-9ef4-1a919dd66613", 77 | "id": "558a029f-aba1-47ff-b620-1d01350e2dd5", 78 | "isDefault": true, 79 | "managedByTenants": [], 80 | "name": "contoso-management", 81 | "state": "Enabled", 82 | "tenantId": "6700cd11-1a2f-42e9-9ef4-1a919dd66613", 83 | "user": { 84 | "name": "user@terraformdev.onmicrosoft.com", 85 | "type": "user" 86 | } 87 | } 88 | debug: 558a029f-aba1-47ff-b620-1d01350e2dd5 89 | Tfstates subscription set to 558a029f-aba1-47ff-b620-1d01350e2dd5 (contoso-management) 90 | 91 | 92 | mode : 'login' 93 | terraform command output file : '' 94 | terraform plan output file : '' 95 | directory cache : '/home/vscode/.terraform.cache' 96 | tf_action : '' 97 | command and parameters : '' 98 | 99 | level (current) : 'level0' 100 | environment : 'sandpit' 101 | workspace : 'tfstate' 102 | terraform backend type : 'azurerm' 103 | tfstate : '' 104 | tfstate subscription id : '558a029f-aba1-47ff-b620-1d01350e2dd5' 105 | target subscription : 'contoso-management' 106 | CI/CD enabled : 'false' 107 | Symphony Yaml file path : '' 108 | Run all tasks : 'true' 109 | TF_IN_AUTOMATION : 'true' 110 | 111 | @calling process_actions 112 | 113 | You can deploy a landingzone with the rover by running: 114 | rover -lz [landingzone_folder_name] -a [plan|apply|destroy|validate|refresh|graph|import|output|taint|untaint|'state list'|'state rm'|'state show'] 115 | 116 | @calling clean_up_variables 117 | cleanup variables 118 | clean_up backend_files 119 | ➜ caf git:(main) ✗ 120 | ``` 121 | 122 | You can review rover output confirming the authenticated context for AAD and for subscription, as well as the possible next commands. 123 | 124 | ## Create the definition template on your work environment 125 | 126 | Let's now pick the right configuration files example from the landing zones and put it in our configuration repository. 127 | 128 | Just run the following command: 129 | 130 | ```bash 131 | '/tf/caf/landingzones/templates/platform/deploy_platform.sh' 132 | ``` 133 | 134 | The first time you run the command, you will be prompted a couple of simple questions as follow: 135 | 136 | ```bash 137 | [WARNING]: No inventory was parsed, only implicit localhost is available 138 | [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all' 139 | Set the short version of your customer name with no spaces [contoso]: 140 | Set the CAF Environment value [contoso]: 141 | Set the prefix to add to all resource. [caf]: 142 | Management group prefix (value must be between 2 to 10 characters long and can only contain alphanumeric characters and hyphens). [es]: 143 | Management group name [Contoso]: 144 | Email address to send all notifications [email@address.com]: 145 | Azure regions (lowercase, short version) [{'region1': 'southeastasia', 'region2': 'eastasia'}]: 146 | Default CAF Azure region key [region1]: 147 | ``` 148 | 149 | When completed you can go the launchpad readme. 150 | 151 | ![Launchpad Getting started](getting-started.png) 152 | 153 | ## Review and customize the definition files 154 | 155 | ```bash 156 | 157 | /tf/caf/platform/definition/GETTING-STARTED.md 158 | 159 | ``` 160 | 161 | The definition files are now generated. The consist in a set of YAML files that will be easy to get you started. 162 | 163 | ## Trigger the rover ignite 164 | 165 | After this step you will have to follow the readme.md located in your repository (**/tf/caf/platform/definition/GETTING-STARTED.md**) and follow the instructions. The first step to generate the Terraform configuration files and customized readme with rover ignite: 166 | 167 | ```bash 168 | ansible-playbook /tf/caf/landingzones/templates/ansible/ansible.yaml \ 169 | --extra-vars "@/tf/caf/platform/definition/ignite.yaml" 170 | ``` 171 | 172 | The output of the ignite will start creating the target configuration folder structure and Terraform files as follow: 173 | 174 | ```bash 175 | TASK [[level0-launchpad] Clean-up directory] ************************************************************* 176 | skipping: [localhost] 177 | 178 | TASK [[level0-launchpad] Creates directory] ************************************************************** 179 | changed: [localhost] 180 | 181 | TASK [[level0-launchpad] - resources - resource_groups] ************************************************** 182 | changed: [localhost] => (item=/tf/caf/landingzones/templates/resources/resource_groups.tfvars.j2) 183 | 184 | TASK [[level0-launchpad] launchpad] ********************************************************************** 185 | changed: [localhost] => (item=dynamic_secrets) 186 | changed: [localhost] => (item=global_settings) 187 | changed: [localhost] => (item=keyvaults) 188 | changed: [localhost] => (item=landingzone) 189 | changed: [localhost] => (item=role_mappings) 190 | changed: [localhost] => (item=storage_accounts) 191 | 192 | TASK [[level0-launchpad] Clean-up identity files] ******************************************************** 193 | skipping: [localhost] => (item=azuread_api_permissions) 194 | skipping: [localhost] => (item=azuread_applications) 195 | skipping: [localhost] => (item=azuread_group_members) 196 | skipping: [localhost] => (item=azuread_groups) 197 | skipping: [localhost] => (item=azuread_roles) 198 | skipping: [localhost] => (item=keyvault_policies) 199 | skipping: [localhost] => (item=service_principals) 200 | 201 | TASK [[level0-launchpad] lauchpad - identity - service_principal] **************************************** 202 | changed: [localhost] => (item=azuread_api_permissions) 203 | changed: [localhost] => (item=azuread_applications) 204 | changed: [localhost] => (item=azuread_group_members) 205 | changed: [localhost] => (item=azuread_groups) 206 | changed: [localhost] => (item=azuread_roles) 207 | changed: [localhost] => (item=keyvault_policies) 208 | changed: [localhost] => (item=service_principals) 209 | 210 | TASK [[level0-launchpad] Deploy the launchpad] *********************************************************** 211 | skipping: [localhost] 212 | 213 | TASK [[level0-launchpad] Get tfstate account name] ******************************************************* 214 | changed: [localhost] 215 | ``` 216 | 217 | 218 | :::note 219 | On the first execution of the rover ignite command, you will notice some red errors. It is expected as nothing has been deployed yet and the rover ignite is trying to find the launchpad and the services already deployed. 220 | 221 | ```bash 222 | TASK [[level0-launchpad] Get launchpad tfstate details] ************************************************** 223 | fatal: [localhost]: FAILED! => {"changed": true, "cmd": "az storage blob download --name \"caf_launchpad.tfstate\" --account-name \"\" --container-name \"tfstate\" --auth-mode \"login\" --file \"~/.terraform.cache/launchpad/caf_launchpad.tfstate\"\n", "delta": "0:00:01.796026", "end": "2022-01-20 10:12:52.623103", "msg": "non-zero return code", "rc": 1, "start": "2022-01-20 10:12:50.827077", "stderr": "ERROR: \nMissing credentials to access storage service. The following variations are accepted:\n (1) account name and key (--account-name and --account-key options or\n set AZURE_STORAGE_ACCOUNT and AZURE_STORAGE_KEY environment variables)\n (2) account name and SAS token (--sas-token option used with either the --account-name\n option or AZURE_STORAGE_ACCOUNT environment variable)\n (3) account name (--account-name option or AZURE_STORAGE_ACCOUNT environment variable;\n this will make calls to query for a storage account key using login credentials)\n (4) connection string (--connection-string option or\n set AZURE_STORAGE_CONNECTION_STRING environment variable); some shells will require\n quoting to preserve literal character interpretation.", "stderr_lines": ["ERROR: ", "Missing credentials to access storage service. The following variations are accepted:", " (1) account name and key (--account-name and --account-key options or", " set AZURE_STORAGE_ACCOUNT and AZURE_STORAGE_KEY environment variables)", " (2) account name and SAS token (--sas-token option used with either the --account-name", " option or AZURE_STORAGE_ACCOUNT environment variable)", " (3) account name (--account-name option or AZURE_STORAGE_ACCOUNT environment variable;", " this will make calls to query for a storage account key using login credentials)", " (4) connection string (--connection-string option or", " set AZURE_STORAGE_CONNECTION_STRING environment variable); some shells will require", " quoting to preserve literal character interpretation."], "stdout": "", "stdout_lines": []} 224 | ...ignoring 225 | 226 | TASK [[level0-launchpad] Get subscription_creation_landingzones details] ********************************* 227 | skipping: [localhost] 228 | 229 | ``` 230 | 231 | ::: 232 | 233 | ## Deploy launchpad (level0) 234 | 235 | Go to the /tf/caf/configuration/contoso/platform/level0/launchpad/readme.md 236 | 237 | ![](../level0-launchpad-readme.png) 238 | 239 | ## Next steps 240 | 241 | Once launchpad is deployed, follow the next steps as indicated into the readme.md file of your configuration folder. This file has been crafted specially with the settings you entered in the YAML files, so after review. 242 | 243 | Once level 0 is completed, you can carry on with level 1: management, identity, then alz. Once level 1 is completed, level 2 azure subscription vending machine (asvm) and identity can be deployed, alongside with connectivity components stating with virtual WAN. 244 | -------------------------------------------------------------------------------- /website/docs/azure-landing-zones/landingzones/platform/vscode-new-terminal.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/docs/azure-landing-zones/landingzones/platform/vscode-new-terminal.png -------------------------------------------------------------------------------- /website/docs/azure-landing-zones/landingzones/platform/vscode-open-zsh.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/docs/azure-landing-zones/landingzones/platform/vscode-open-zsh.png -------------------------------------------------------------------------------- /website/docs/azure-landing-zones/landingzones/platform/vscode-orgs-template-folder-structure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/docs/azure-landing-zones/landingzones/platform/vscode-orgs-template-folder-structure.png -------------------------------------------------------------------------------- /website/docs/azure-landing-zones/landingzones/platform/vscode-reopen-container.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/docs/azure-landing-zones/landingzones/platform/vscode-reopen-container.png -------------------------------------------------------------------------------- /website/docs/azure-landing-zones/landingzones/platform/vscode-trust-folder.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/docs/azure-landing-zones/landingzones/platform/vscode-trust-folder.png -------------------------------------------------------------------------------- /website/docs/azure-landing-zones/landingzones/platform/vscode-zsh.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/docs/azure-landing-zones/landingzones/platform/vscode-zsh.png -------------------------------------------------------------------------------- /website/docs/azure-landing-zones/landingzones/platform/vscode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/docs/azure-landing-zones/landingzones/platform/vscode.png -------------------------------------------------------------------------------- /website/docs/azure-landing-zones/landingzones/process-alz.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/docs/azure-landing-zones/landingzones/process-alz.png -------------------------------------------------------------------------------- /website/docs/fundamentals/composition.md: -------------------------------------------------------------------------------- 1 | --- 2 | id: lz-composition 3 | sidebar_position: 3 4 | --- 5 | 6 | # Code-less composition across state files 7 | 8 | To deliver an enterprise environment, it is usually reasonable to do so across multiple state files to balance the risk, manage different lifecycle and teams. Just as for any other software project, we want to avoid a monolithic configuration and instead compose an environment calling multiple landing zones. 9 | 10 | With Terraform, you can read a state file's output and use it as input variables for another landing zone. 11 | 12 | We use this feature to compose complex architectures, but we do it automatically for you not having to write any line of code. 13 | 14 | Reading another landing zone content is implemented by a variable, vastly simplifying for you the composition and the complex configuration creation. 15 | 16 | How to compose from one landing zones to another? 17 | 18 | Each landing zones is defined by a ```configuration.tfvars``` or ```landingzones.tfvars```. 19 | 20 | As an example below, this is the file for management landing zone in level 1: 21 | 22 | ```hcl 23 | landingzone = { 24 | backend_type = "azurerm" 25 | level = "level1" 26 | key = "management" 27 | global_settings_key = "launchpad" 28 | tfstates = { 29 | launchpad = { 30 | tfstate = "caf_launchpad.tfstate" 31 | workspace = "tfstate" 32 | level = "lower" 33 | } 34 | } 35 | } 36 | ``` 37 | 38 | In the ```tfstate``` section, you can observe an object called ```launchpad```, which mentions to Terraform to load under that name, the Terraform state file ```caf_launchpad.tfstate```. That state file is stored inside the workspace (storage container) ```tfstate``` located one level lower (since current level is level1 - mentioned in the field level), then we refer to level 0. 39 | 40 | What it means that for any object inside that particular landing zones, you can refer to any object wheter it has been deployed in the same deployment or in another deployment (within the same level or one level below). 41 | 42 | For instance in your level1 - management deployment, you can deploy a resources within a resource group that has been provisioned in the level below: 43 | 44 | ```hcl 45 | automations = { 46 | account1 = { 47 | name = "automationAccount1" 48 | sku = "Basic" 49 | resource_group = { 50 | key = "auto-account" 51 | lz_key = "launchpad" 52 | } 53 | } 54 | } 55 | ``` 56 | 57 | The same concept applies throughout the components of the framework and allow you to compose virtually across any object of the model. That composition model allows you to compose with the objects without caring of the real name of the object (real name of the resource, after the naming convention applies) 58 | 59 | ### Composition outside of the CAF object model 60 | 61 | Sometimes you have to deal with objects deployed manually, via another automation. You are then able to compose with those objects referring to their resource ID or sometimes names: 62 | 63 | #### Example with name 64 | 65 | In this case you simply refer to the resource group name as it exists already in the target subscription for the deployment: 66 | 67 | ```hcl 68 | automations = { 69 | account1 = { 70 | name = "automationAccount1" 71 | sku = "Basic" 72 | resource_group = { 73 | name = "caf-auto-account-zooz-001" 74 | } 75 | } 76 | } 77 | ``` 78 | 79 | #### Example with resource ID 80 | 81 | In this case you simply refer to the resource group's resource ID as it exists already in the target subscription for the deployment: 82 | 83 | ```hcl 84 | virtual_hub_connections = { 85 | vnet_to_hub = { 86 | name = "vnet-connectivity-prod-fw-plinks-TO-vhub-prod" 87 | virtual_hub = { 88 | lz_key = "connectivity_virtual_hubs_prod" 89 | key = "prod" 90 | } 91 | vnet = { 92 | resource_id = "/subscriptions/dklsdfk/etc." 93 | } 94 | } 95 | } 96 | ``` 97 | ### Global settings 98 | 99 | A few exceptions exist to the hierarchy model, there are variables and value that are persisted across all levels and reachable from all levels: 100 | 101 | * **global settings**: everything related to the commons for a particular environment (which regions are supported for an environment, which naming convention is used, the tags inheritance settings, etc.) 102 | * **diagnostics settings**: any diagnostics repository you create at any level will be stored and will become composable from the current and above levels. 103 | -------------------------------------------------------------------------------- /website/docs/fundamentals/compute.md: -------------------------------------------------------------------------------- 1 | --- 2 | id: lz-compute 3 | sidebar_position: 2 4 | --- 5 | 6 | # Compute Nodes 7 | 8 | Since many organizations do not desire to share sensitive credentials or privileges on public running agents, most of the time, enterprises will delegate running a landing zone to dedicated compute nodes, running from their private virtual networks. Depending on your Continuous Integration and Continuous Deployment toolset, those compute capabilities could be called self-hosted agents, runners, etc. 9 | 10 | Those compute capabilities would need to run containers as the rover and could be implemented in the shape of: 11 | 12 | - An **Azure Virtual Machines** for each level in a given environment, each VM can contain a set of runners(container instances), that would be ready to be invoked and run in parallel if required. 13 | - An **Azure Azure Container Instance** for a given environment, a container group will be deployed with a set of container of container runners. Scaling up and down those runners and reliability should be planned by deploying multiple container groups in multiple zones or regions depending on your criteria. 14 | - An **Azure Kubernetes Services** for a given environment. Each level would be impersonated in a different node pool, and each node pool would use [Azure Active Directory pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity). If there is a need to increase the number of runners for a particular level, this could be achieved using AKS pod autoscaler capability. 15 | 16 | Azure Terraform SRE landing zones provide by default a set of DevOps runners for the following platforms: [GitHub Actions](https://github.com/features/actions), [Azure DevOps](https://docs.microsoft.com/azure/devops/pipelines/agents/agents), [Git Lab](https://docs.gitlab.com/runner/), [Terraform Cloud and Terraform Enterprise](https://www.terraform.io/docs/cloud/agents/index.html) and are available on [GitHub](https://github.com/aztfmod/rover/tree/master/agents) for customization. 17 | 18 | ![Example of DevOps Compute Nodes for the GitOps environment](./pictures/terraform-model-gitops.png) 19 | 20 | *Figure 1: Example of DevOps Compute Nodes for the GitOps environment* 21 | 22 | ## Authentication and authorization 23 | 24 | As default methodology, Azure Terraform SRE landing zones use [Azure Managed Identities](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview) capability for the DevOps compute nodes running on Azure. 25 | 26 | Customer can also use Service principals to be used at different levels of the hierarchy, the down-side of using Service Principal is to manage lifecycle of the attached secrets. 27 | 28 | The authorization related to either type of principals can be defined as part of the Azure Terraform SRE landing zones configuration syntax. 29 | -------------------------------------------------------------------------------- /website/docs/fundamentals/intro.md: -------------------------------------------------------------------------------- 1 | --- 2 | id: lz-intro 3 | sidebar_position: 1 4 | --- 5 | 6 | # Levels Hierarchy 7 | 8 | To address enterprise complexity, we recommend isolating and decomposing a complex environment in multiple state files. 9 | 10 | The main concern with state files is related to security, as a Terraform state file might contain credentials, security tokens, keys etc. It is reasonable that state files corresponding to different levels of privileges are stored separately. 11 | 12 | Another concern with state file, which calls for segregation, is the speed of innovation: When someone is conducting a change for a resource in a given state file, no-one else can change the state file at the same time, so having a limited number of state files can hinder the testing or integration processes in the enterprise. 13 | 14 | Finally since DevOps is building in teams, we want to unlock autonomy of teams yet delegating some functions (application teams will not re-invent the networking layers but build on it). It will mean the capability to read a state file to do rich composition but without the possibility to alter the state file from other teams. 15 | 16 | In Azure Terraform SRE landing zones, separating the Terraform state files enables you to: 17 | 18 | - **Control blast radius**: if one configuration is deficient, it only impacts one landing zone and does not compromise the whole environment. 19 | - **Enforce standard configuration**: by using different Terraform state, you can compose a complex environment very fast. 20 | - **Enable autonomy**: different landing zones can enable innovation and features at different pace from each other. 21 | - **Least privilege principles**: Each level is protected by its own identity to prevent unwanted information disclosure and modifications. 22 | 23 | ## The levels approach 24 | 25 | We categorize and store state files into *levels*. 26 | 27 | A level groups together a set of state files that needs separation because of different **lifecycles** or **privileges**. 28 | 29 | The model can be summarized as below: 30 | 31 | ![Model for levels for Azure Terraform SRE landing zones](./pictures/terraform-model-levels.png) 32 | *Figure 1: An overview of the levels proposed by Azure Terraform SRE landing zones to structure Terraform states* 33 | 34 | The core principles are: 35 | 36 | - **One level can host multiple state files**: A level is implemented as an Azure storage account with specific permissions, you can store as many Terraform state files as necessary on a particular level. 37 | - **Rover helps you locate the right storage account**: Whether you are running CAF landing zones locally or in pipeline, rover helps you locate the right storage account for a given environment and level. Authorization to deploy at a level is granted by Azure RBAC model and enforced at runtime (with the current logged in user credentials, or via the pipeline credentials). 38 | - **You can only write in your current level**: at a given level, you can only write the Terraform state file that you are responsible for. 39 | - **Read one level down**: at any particular level, you are able to read information one level down for your composition (one AKS cluster at level 3 can read the Terraform state file at level 2 to compose). 40 | - **Codeless state reading and enterprise composition**: Azure Terraform SRE landing zones come with an object model that allow to load any landing zone (given principal accessing it has access ) in memory and compose from it. 41 | 42 | Azure Terraform SRE for Azure proposes a hierarchy of landing zones based on five levels as described below: 43 | 44 | ### Level 0: Core platform automation 45 | 46 | The different landing zones represented in different state files at level 0 would typically be: 47 | 48 | - The **launchpad** (storage accounts, Key Vault, RBAC, etc.) components related to Terraform state management. 49 | - The **subscription creation delegation** capabilities derived from the [Enterprise Agreement](https://docs.microsoft.com/azure/cost-management-billing/manage/ea-portal-get-started) or [Microsoft Customer Agreement](https://docs.microsoft.com/azure/cost-management-billing/understand/mca-overview). 50 | - The credential rotation mechanisms and role-based access control core models. 51 | 52 | ### Level 1: Core platform governance 53 | 54 | The different landing zones represented in different state files at level 1 would typically be: 55 | 56 | - The **Azure landing zone** (management groups, policies) this would include the core ALZ (formerly called enterprise-scale) capabilities with the related custom management group structures and policies configuration. You can either use the out-of-the-box settings for Azure LZ or customize the values for your organization. 57 | - The **GitOps services** for core platform automation: creating the pipelines, creating the Virtual Network and compute nodes (see below) required for the DevOps self-hosted agents. 58 | - The **platform subscription creation** for core platform (to create the core enterprise-scale subscriptions like Identify, Management, Connectivity etc.) 59 | - The **management subscription services** for core platform capabilities such as log management, Azure Monitor capabilities, etc. 60 | - The **identity subscription services** for core platform such as domain controller virtual machines, Azure Active Directory Domain Services, Azure AD Group mappings etc. 61 | 62 | ### Level 2: Core platform connectivity 63 | 64 | The different landing zones represented in different state files at level 2 would typically be: 65 | 66 | - The **connectivity subscription components**: including the virtual networking components like classic Virtual Network-based Hub and Spoke, Azure Virtual WAN, Azure Virtual WAN regional hub, site-to-site, point-to-site and ExpressRoute connectivity objects, or third parties Network Virtual Appliances. Due to their regional nature, it is likely that each of those components would live inside a different Terraform state file. 67 | - Additional **identity subscription services**: could be Azure Active Directory Domain Services (managed AD), or Virtual-machine-based domain controllers. 68 | - Additional **management subscription services**: could be System Center Configuration Manager, Shared Imaged Galleries, Monitor Alerts or third parties management tools. 69 | 70 | ### Level 3: Application landing zones vending machine 71 | 72 | A landing zone for application is split between two levels. Level 3 includes components of an application that are typically delegated to platform operations teams. 73 | 74 | Capabilities in level 3 would be: 75 | 76 | - The **application subscriptions creation**: capability to create subscriptions for various environments: Development, Test, UAT, DR, etc. 77 | - The **privileged infrastructure services**: to support the application platform. This would usually include components like virtual network blocks, virtual network peering objects to hubs, route tables and delegated identities (to deploy level4 services and whenever applicable applications deployment credentials). 78 | 79 | ### Level 4: Applications landing zone 80 | 81 | This level contains the application configuration **delegated for application teams**. 82 | 83 | It contains for example Azure Kubernetes Services Cluster, API Management services and all its dependency to deliver a service. This can be sourced from Azure landing zones solution accelerators, a custom solutions implemented using CAF module or any other Terraform code. 84 | 85 | The following pictures illustrates the split between level 3 and 4: 86 | ![Data and AI landing zones accross level 3 and 4](./pictures/terraform-model-levels3-4.png) 87 | *Figure 2: Example of Data and AI landing zone for level 3 and 4* 88 | 89 | The broader picture on the complete environment would look like that: 90 | 91 | ![Subscription Vending Machine Example](./pictures/terraform-model-levels-svm.png) 92 | *Figure 3: Subscription Vending Machine Example* 93 | 94 | ### Operating with levels 95 | 96 | A deployment will typically contain: 97 | 98 | - A couple of level 0 landing zones. 99 | - Few level 1 and 2 landing zones. 100 | - Many level 3 landing zones. 101 | - Many level 4 applications will exist in an environment. 102 | 103 | For a given level in the environment, each compute node (see below) will be assigned an identity (see below) that will be used to authenticate and authorize operations on: 104 | 105 | - The target Azure Subscription 106 | - The Terraform state file: will be Read and Write permissions for the current level, will be Read only permissions for a "lower" level type of landing zone, avoiding alterations on more privileged environments. 107 | 108 | In the example above, each pipeline will have its lifecycle management: 109 | 110 | - Level 0 and 1 will be called when updating the core platform. 111 | - Level 2 will be triggered when you are opening a new regional hub, or adding connectivity capabilities. 112 | - Level 3 will be triggered when you deploy a new service (Application Gateway, App Service Environment, Azure Kubernetes Services, etc.) 113 | - Level 4 can be initiated as many times a day as you deploy code in your application environment. 114 | 115 | An enterprise environment will consist of a series of pipelines enforcing the different types of environments in different subscriptions. 116 | 117 | -------------------------------------------------------------------------------- /website/docs/fundamentals/pictures/terraform-model-gitops.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/docs/fundamentals/pictures/terraform-model-gitops.png -------------------------------------------------------------------------------- /website/docs/fundamentals/pictures/terraform-model-levels-svm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/docs/fundamentals/pictures/terraform-model-levels-svm.png -------------------------------------------------------------------------------- /website/docs/fundamentals/pictures/terraform-model-levels.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/docs/fundamentals/pictures/terraform-model-levels.png -------------------------------------------------------------------------------- /website/docs/fundamentals/pictures/terraform-model-levels3-4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/docs/fundamentals/pictures/terraform-model-levels3-4.png -------------------------------------------------------------------------------- /website/docs/intro.mdx: -------------------------------------------------------------------------------- 1 | --- 2 | id: intro 3 | sidebar_position: 1 4 | --- 5 | import ReactPlayer from 'react-player' 6 | 7 | # Welcome to Azure Terraform SRE 8 | 9 | Azure Terraform SRE is a framework to run complex Infrastructure-as-Code projects on Microsoft Azure. 10 | We provide public open-source artifacts where the community can build on GitHub. All components are curated by our experts and the community and are published and verified on the Hashicorp registry. 11 | 12 | Those components are here to help you to put DevOps to work and evolve the operating model of your organization towards Site Reliability Engineering (SRE) model. 13 | 14 | The Azure Terraform SRE framework has been designed to minimize the Terraform code you need write in favour of writing an object model that describes your infrastructure services. This data model or configuration is processed by a heavy tested Terraform module to deploy those services. 15 | The main goal of the Azure Terraform SRE framework is to leverage Infrastructure-as-Data (IaD) instead of Infrastructure-as-Code (IaC) in order to help our enterprise customers to lower their adoption to automation as code by using an open-source, community-driven tested framework they can use by only writing configuration files in yaml or tfvars. 16 | 17 | As an open source framework, we welcome PR from Terraform contributor to augment the depth and breath of the CAF module to build richer infrastructure solutions as code. 18 | 19 | The following video is a good introduction of what Azure Terraform SRE landing zones are, and what are the main components it defines or uses: 20 | 21 | 22 | 23 | ## Empowering the Site Reliability Engineer 24 | 25 | Azure Terraform SRE for Azure offers an approach for complex organizations to deploy architecture design and implement best practices of enterprise-scale with either default values or high degree of customization. 26 | 27 | Azure Terraform SRE landing zones don't define Azure architecture concepts, they are coming from Azure Landing zones (formerly called enterprise-scale), but enable them in the DevOps/GitOps context, empowering the Site Reliability Engineering functions. 28 | 29 | In order for the components to be robust enough, we decomposed the following features for Site Reliability Engineering: 30 | 31 | ![Site Reliability Engineering Functions](./terraform-sre-functions.png) 32 | *Figure 1: An overview of the Site Reliability Engineering Functions covered by Azure Terraform SRE* 33 | 34 | ## Leverage battlefield-tested artifacts 35 | 36 | As part of the framework, the different functions explained above are split across multiple components. That level of decomposition and de-correlation might be confusing at the beginning, but actually allows a maximum of flexibility and reusability of the components whether you're using the complete Azure Terraform SRE landing zones, or you want to use the battlefield-tested CAF module in your own pipelines or Terraform Cloud, or benefit from the CAF naming provider inside your own enterprise-grew modules. 37 | 38 | ![Foundational landing zone using Terraform](./terraform-sre-components.png) 39 | *Figure 2: An overview of the Site Reliability Engineering Components provided by Azure Terraform SRE* -------------------------------------------------------------------------------- /website/docs/module/intro.md: -------------------------------------------------------------------------------- 1 | --- 2 | id: module-intro 3 | sidebar_position: 2 4 | --- 5 | 6 | # Introduction to the CAF super-module 7 | 8 | ## What is CAF module? 9 | 10 | We have seen numerous customers spending much time creating their own Terraform modules in their own private repositories, and while it's hard to find the right balance of what components should be inside a single module, it is a very time consuming task. As part of our engagements with customers we took an approach enabled by Terraform 0.13 to develop the concept of a super-module, similar to the concept of superapp, allowing you to create configurations files for any Azure components while focusing on one tested logic. The advantage of having one module is to be able to easily compose across all components inside the module: i.e., you can describe a virtual machine, how it is linked to a virtual network, a Key Vault etc. 11 | 12 | The core concept of the module is to compose an environment based on Terraform configuration files instead of writing ad-hoc code for each component. 13 | 14 | We want to promote "**infrastructure-as-data**" in favor of ad-hoc "infrastructure-as-code", in order to make composition more accessible and rely on a strong community to write code. 15 | 16 | ## Why using CAF module? 17 | 18 | * Accelerate innovation with the community: many users use and contribute to the module across the world, have tested it and are using it in production, enabling your DevOps teams to focus on delivering value instead of coding and testing a module. 19 | * Composition across all Azure components enables you to create new architectures with unprecendented speed. 20 | 21 | ## Where to find CAF module? 22 | 23 | The Azure Terraform SRE module is verified by Hashicorp and is present in the [Hashicorp Terraform registry here](https://registry.terraform.io/modules/aztfmod) and you can contribute to the module [on GitHub.](https://github.com/aztfmod/terraform-azurerm-caf) 24 | 25 | ## How to use CAF module? 26 | 27 | It is important to note that although the module is part of the CAF landing zones solution, it can be used similarly to any other standalone module, directly from the Terraform registry or from pipelines. This is demonstrated in the [Hashicorp blog post](https://www.hashicorp.com/blog/go-big-or-go-small-building-in-azure-caf-with-terraform-cloud). 28 | 29 | Just invoke the module using the following call: 30 | 31 | ```terraform 32 | module "caf" { 33 | source = "aztfmod/caf/azurerm" 34 | version = "~>5.5.0" 35 | 36 | #feed me with variables! 37 | } 38 | ``` 39 | 40 |

41 | -------------------------------------------------------------------------------- /website/docs/provider/intro.md: -------------------------------------------------------------------------------- 1 | --- 2 | id: provider-intro 3 | sidebar_position: 4 4 | --- 5 | 6 | # Introduction to Azure Terraform SRE provider 7 | 8 | ## What is CAF provider? 9 | 10 | Naming convention is important, the CAF provider helps you manage naming convention (either relying on CAF recommended naming convention or using your own). 11 | 12 | ## Why using CAF provider? 13 | 14 | The naming convention provider allows you to: 15 | 16 | 1. Clean user inputs before sending to Terraform provider, verify names format, enforces prefixes/suffixes. 17 | 2. Go faster from integration to production: while you are running it testing mode, it will generate names randomly (useful to test resources which names need to be unique in the world). Once you are done and ready to deploy for production, you select pass-through mode to use your own name (after cleaning the name based on the allowed character set for each Azure resources). 18 | 19 | 20 | ## Where to find CAF provider? 21 | 22 | The Azure Terraform SRE provider is verified by Hashicorp and is present in the [Hashicorp Terraform registry here](https://registry.terraform.io/providers/aztfmod/azurecaf/latest) and you can contribute to it [on GitHub.](https://github.com/aztfmod/terraform-azurerm-caf) 23 | 24 | ## How to use the CAF provider? 25 | 26 | To use the provider, simply add: 27 | 28 | ```terraform 29 | terraform { 30 | required_providers { 31 | azurecaf = { 32 | source = "aztfmod/azurecaf" 33 | version = "~> 1.2.0" 34 | } 35 | } 36 | } 37 | ``` 38 | 39 | ### Names as resources 40 | 41 | Initially the Azure Terraform SRE provider was used to implement name and categorize them as resources, you can leverage it using the following syntax: 42 | 43 | ```terraform 44 | resource "azurecaf_name" "rg_example" { 45 | name = "demogroup" 46 | resource_type = "azurerm_resource_group" 47 | prefixes = ["a", "b"] 48 | suffixes = ["y", "z"] 49 | random_length = 5 50 | clean_input = true 51 | } 52 | 53 | resource "azurerm_resource_group" "demo" { 54 | name = azurecaf_name.rg_example.result 55 | location = "southeastasia" 56 | } 57 | 58 | ``` 59 | 60 | It will generate the following outputs plan: 61 | 62 | ``` 63 | Terraform will perform the following actions: 64 | 65 | # azurecaf_name.rg_example will be created 66 | + resource "azurecaf_name" "rg_example" { 67 | + clean_input = true 68 | + id = (known after apply) 69 | + name = "demogroup" 70 | + passthrough = false 71 | + prefixes = [ 72 | + "a", 73 | + "b", 74 | ] 75 | + random_length = 5 76 | + resource_type = "azurerm_resource_group" 77 | + result = (known after apply) 78 | + results = (known after apply) 79 | + separator = "-" 80 | + suffixes = [ 81 | + "y", 82 | + "z", 83 | ] 84 | + use_slug = true 85 | } 86 | 87 | # azurerm_resource_group.demo will be created 88 | + resource "azurerm_resource_group" "demo" { 89 | + id = (known after apply) 90 | + location = "southeastasia" 91 | + name = (known after apply) 92 | } 93 | 94 | Plan: 2 to add, 0 to change, 0 to destroy. 95 | ``` 96 | 97 | ### Names as data sources 98 | 99 | Starting in the CAF provider version 1.2.22, a new feature allows you to use the provider with ```data``` source instead of ```resource```. 100 | This allows compacter Terraform plans and state files and computes the name at plan time. 101 | 102 | Example usage: 103 | 104 | ```terraform 105 | terraform { 106 | required_providers { 107 | azurecaf = { 108 | source = "aztfmod/azurecaf" 109 | version = "~> 1.2.22" 110 | } 111 | } 112 | } 113 | 114 | provider "azurerm" { 115 | features { 116 | } 117 | } 118 | 119 | data "azurecaf_name" "rg_example" { 120 | name = "demogroup" 121 | resource_type = "azurerm_resource_group" 122 | prefixes = ["a", "b"] 123 | suffixes = ["y", "z"] 124 | random_length = 5 125 | clean_input = true 126 | } 127 | 128 | resource "azurerm_resource_group" "demo" { 129 | name = data.azurecaf_name.rg_example.result 130 | location = "southeastasia" 131 | } 132 | 133 | 134 | ``` 135 | 136 | It will generate the following output plans: 137 | 138 | ``` 139 | data.azurecaf_name.rg_example: Reading... 140 | data.azurecaf_name.rg_example: Read complete after 0s [id=a-b-rg-demogroup-aygcu-y-z] 141 | 142 | Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: 143 | + create 144 | 145 | Terraform will perform the following actions: 146 | 147 | # azurerm_resource_group.demo will be created 148 | + resource "azurerm_resource_group" "demo" { 149 | + id = (known after apply) 150 | + location = "southeastasia" 151 | + name = "a-b-rg-demogroup-aygcu-y-z" 152 | } 153 | 154 | Plan: 1 to add, 0 to change, 0 to destroy. 155 | ``` 156 | 157 | Going forward we recommend the usage of the provider as``` data source``` instead of ```resource```. -------------------------------------------------------------------------------- /website/docs/rover/ignite.md: -------------------------------------------------------------------------------- 1 | --- 2 | id: rover-ignite 3 | sidebar_position: 5 4 | --- 5 | 6 | # Rover Ignite 7 | 8 | ## Introduction to rover ignite 9 | 10 | We know that creating a coherent stack of configuration files for an organization can be error-prone. Rover ignite is an iterative tool to get you started with various configurations and creates for you the set of files needed to deploy a complete environment. 11 | 12 | ### Overview 13 | 14 | Rover ignite commands will take the templated configuration files, and will generate for you the different elements according to your settings, including the readme files. 15 | 16 | ![Overview of rover ignite](./rover-ignite.png) 17 | 18 | ### Languages 19 | 20 | Rover ignite is ingesting YAML files as templates that will generate both the tfvars files, readme and soon pipelines. 21 | 22 | ### Command reference 23 | 24 | Typical rover ignite command looks like this (however, generally speaking across CAF, we will give you specific instructions on how to use it best): 25 | 26 | ```bash 27 | rover ignite \ 28 | --playbook /tf/caf/landingzones/templates/platform/ansible.yaml \ 29 | -e base_templates_folder=/tf/caf/landingzones/templates/platform \ 30 | -e resource_template_folder=/tf/caf/landingzones/templates/resources \ 31 | -e config_folder=/tf/caf/definitions/single_reuse/platform \ 32 | -e landingzones_folder=/tf/caf/landingzones 33 | ``` 34 | 35 | Reference arguments: 36 | 37 | | Argument | Required | Description | 38 | |-----------------------------|----------|---------------------------------------------------------------------------------------------------------------------------------------------------| 39 | | -playbook | yes | Path to the root configuration Ansible playbook. | 40 | | -e base_templates_folder | yes | Path to the set of Ansible templates for the platform Terraform landing zone. | 41 | | -e resource_template_folder | yes | Path to the set of Jinja templates used for Azure resources instantiation. | 42 | | -e config_folder | yes | Path to the set of functional templates for landing zones - depending on the scenario you pick from the templates directory inside landing zones. | 43 | | -e landingzones_folder | yes | Path to root of landing zones logic folder. | -------------------------------------------------------------------------------- /website/docs/rover/init.md: -------------------------------------------------------------------------------- 1 | --- 2 | id: rover-init 3 | sidebar_position: 4 4 | --- 5 | 6 | # Rover Init 7 | 8 | ## Introduction to rover init 9 | 10 | Rover ```init``` allows you to deploy a mini launchpad to support a development environment with remote state on Azure storage accounts. 11 | 12 | This includes: 13 | 14 | - A keyvault to store secrets and variables. 15 | - A ```level 0``` storage account to store state files. 16 | 17 | This is not meant for production use and should be used for development environments only. It allows you to test simple cross landing-zones state files composition. 18 | 19 | To run ```rover init```, you can use your interactive login principal or a service principal. Rover init does not require owner permissions on the subscription. 20 | 21 | ## Minimal version of rover 22 | 23 | Rover init has been released in rover version 2211, you can get it: 24 | 25 | ```bash 26 | docker pull aztfmod/rover:1.3.4-2211.0822 27 | ``` 28 | 29 | ## Syntax 30 | 31 | The following arguments and commands are available with ```rover init```: 32 | 33 | | Argument | Required | Default value | Description |ß Example | 34 | |---|---|---|---|---| 35 | | -env | yes | N/A | Name of the development environment. | ```-env contoso-sandpit``` | 36 | | -location | no | australiaeast | Azure region where to deploy the mini launchpad. | ```-location southeastasia``` | 37 | | --clean | no | N/A | The command purges the resources related to the specified environment. | ```-env contoso-sandpit --clean``` | 38 | 39 | 40 | ## Examples 41 | 42 | 1. Login to rover 43 | 44 | ```bash 45 | rover login 46 | ``` 47 | 48 | 2. Create the mini launchpad 49 | 50 | ```bash 51 | rover init -env mydeenv -location southeastasia 52 | ``` 53 | 54 | A typical output will look like: 55 | 56 | ```bash 57 | @calling process_actions 58 | Creating resource group: mydeenv-launchpad 59 | /subscriptions/a-b-c-d-e/resourceGroups/mydeenv-launchpad 60 | ...created 61 | Creating storage account: stmydeenv4bcbeaa59ecfbb7 62 | /subscriptions/a-b-c-d-e/resourceGroups/mydeenv-launchpad/providers/Microsoft.Storage/storageAccounts/stmydeenv4bcbeaa59ecfbb7 63 | stg created 64 | "/subscriptions/a-b-c-d-e/resourceGroups/mydeenv-launchpad/providers/Microsoft.Storage/storageAccounts/stmydeenv4bcbeaa59ecfbb7/providers/Microsoft.Authorization/roleAssignments/358edcb8-02da-4217-b5d0-e78256fd9e61" 65 | role 66 | true 67 | Creating keyvault: kvmydeenv0b7dd4b74870e27 68 | "/subscriptions/a-b-c-d-e/resourceGroups/mydeenv-launchpad/providers/Microsoft.KeyVault/vaults/kvmydeenv0b7dd4b74870e27" 69 | "https://kvmydeenv0b7dd4b74870e27.vault.azure.net/secrets/subscription-id/4a959bb9b35b4b9a912a3dc253999d30" 70 | "https://kvmydeenv0b7dd4b74870e27.vault.azure.net/secrets/tenant-id/84862b8c1c6f46dab3e74d13cb1746f4" 71 | ...created 72 | 73 | You can deploy a landingzone with the rover by running: 74 | rover -lz [landingzone_folder_name] -a [plan|apply|destroy|validate|refresh|graph|import|output|taint|untaint|'state list'|'state rm'|'state show'] 75 | ``` 76 | 77 | 3. Use the mini launchpad to deploy your test resources 78 | 79 | ```bash 80 | rover -lz /tf/caf/landingzones/caf_solution -level level0 \ 81 | -var-folder /tf/caf/configuration/hub \ 82 | -env mydeenv \ 83 | -tfstate mydeenv-test1.tfstate \ 84 | -a plan 85 | ``` 86 | 87 | 4. Cleanup the dev environment (optional) 88 | 89 | You can cleanup your development environment after use or keep it running. 90 | 91 | ```bash 92 | rover init -env mydeenv --clean 93 | ``` 94 | 95 | You can verify that an environment has been correctly deleted by reviewing: 96 | 97 | ```bash 98 | @calling process_actions 99 | Deleting launchpad caf_environment=mydeenv and caf_tfstate=level0 in /subscriptions/a-b-c-d-e/resourceGroups/mydeenv-launchpad 100 | Launchpad caf_environment=mydeenv and caf_tfstate=level0 in mydeenv-launchpad destroyed. 101 | ➜ caf git:(main) 102 | ``` 103 | -------------------------------------------------------------------------------- /website/docs/rover/intro.mdx: -------------------------------------------------------------------------------- 1 | --- 2 | id: rover-intro 3 | sidebar_position: 1 4 | --- 5 | import ReactPlayer from 'react-player' 6 | 7 | # Introduction to the CAF rover 8 | 9 | 10 | 11 | ## What is CAF rover? 12 | 13 | Although as a first approach it might seem more natural and simple to use Terraform on your laptop, the CAF **rover** is helping you managing your Terraform deployments on Microsoft Azure and has two dimensions: 14 | 15 | * **A container** 16 | 17 | * Allows consistent developer experience on PC, Mac, Linux, including the right tools, git hooks and DevOps tools. 18 | * Native integration with [Visual Studio Code](https://code.visualstudio.com/docs/remote/containers), [GitHub Codespaces](https://github.com/features/codespaces). 19 | * Contains the versioned tool set you need to apply landing zones. 20 | * Helps you switching components versions fast by separating the run environment and the configuration environment. 21 | * Ensure pipeline ubiquity and abstraction run the rover everywhere, whichever pipeline technology. 22 | 23 | * **A Terraform wrapper** 24 | 25 | * Helps you store and retrieve Terraform state files transparently on Azure storage account. 26 | * Facilitates the transition to CI/CD. 27 | * Enables seamless experience (state connection, execution traces, etc.) locally and inside pipelines. 28 | 29 | ## Why using CAF rover? 30 | 31 | * Greatly simplifies secure state management on Azure storage accounts. 32 | * Helps testing different versions of binaries (new version of Terraform, Azure CLI, jq, tflint etc.) 33 | * Ubiquitous development environment: everyone works with the same versions of the DevOps toolchain, always up-to-date, running on laptop, pipelines, GitHub Codespaces, etc. 34 | * Facilitates the identity transition to any CI/CD: namely all CI/CD have container capabilities. 35 | * Allows easy transition from one DevOps environment to another (GitHub Actions, Azure DevOps, Jenkins, CircleCI etc.) 36 | * It's open-source and leveraging open-source projects that you often need with Terraform. 37 | 38 | ## Where to find CAF rover? 39 | 40 | It's an open-source project and you can find stable or preview builds directly from [Docker Hub](https://hub.docker.com/search?q=aztfmod&type=image), or create your own, to match your organization's own DevOps toolkit. You can find the [rover project here](https://github.com/aztfmod/rover). 41 | 42 | ## Do I have to use rover? 43 | 44 | Nope, you can use all the tools here separately, but it means you will have to do manually everything rover does :) 45 | 46 | ## How to use CAF rover? 47 | 48 | Rover is already included in development environment for Azure Terraform SRE (the ```.devcontainer``` folder in the various projects). 49 | 50 | [![asciicast](https://asciinema.org/a/413478.svg)](https://asciinema.org/a/413478) -------------------------------------------------------------------------------- /website/docs/rover/rover-ignite.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/docs/rover/rover-ignite.png -------------------------------------------------------------------------------- /website/docs/rover/terraform-dev-rover.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/docs/rover/terraform-dev-rover.png -------------------------------------------------------------------------------- /website/docs/rover/tfc.md: -------------------------------------------------------------------------------- 1 | --- 2 | id: rover-tfc 3 | sidebar_position: 6 4 | --- 5 | 6 | # Using Terraform Cloud for state management 7 | 8 | ## Workspace configuration 9 | 10 | You can use Terraform Cloud or Terraform Enterprise to support Azure Terraform SRE landing zones state files. 11 | 12 | Current support is for levels 3 and 4 (composition must be done with a launchpad stored on CAF Azure Storage Account). 13 | 14 | For a landing zone in a given level, we can read and compose from Terraform state files on CAF Azure Storage account for the lower level. We are planning to support composition from lower levels stored on TFC/TFE storage in a future update. 15 | 16 | ## Workspace Execution Mode 17 | 18 | Please make you select the Execution Mode to be ```local``` in Terraform Cloud or Terraform Enterprise Configuration, this is currently the only supported method. 19 | 20 | ## Steps to enable configuration 21 | 22 | 1. Login to Terraform Cloud/Enterprise 23 | 24 | ```bash 25 | terraform login 26 | ``` 27 | 28 | 2. Export the token and environment information 29 | 30 | The following commands allow you to define the configuration for your TFC organization, hostname and the name of the workspace where to store the Terraform state files 31 | 32 | ```bash 33 | export TERRAFORM_CONFIG="$HOME/.terraform.d/credentials.tfrc.json" 34 | export TFC_organization="contoso" #name of your TFC/TFE organization. 35 | export TFC_hostname="tfc.contoso.local" #optional, only for TFE. 36 | export TF_VAR_workspace"networking-virtualwan-vwan-level2" #name of the workspace where to store the state file. 37 | ``` 38 | 39 | 3. Run your ```rover``` command 40 | 41 | For any particular rover command you are using, add the ```-tfc``` parameter to switch to TFC/TFE storage instead of CAF Azure Storage hierarchy. 42 | 43 | ```bash 44 | rover ... -tfc 45 | ``` 46 | 47 | ## Workspace Creation 48 | 49 | You can create your Terraform Cloud organization and workspaces manually, or if you are looking after an automated way to create them, you can use the [Azure Terraform SRE TFC/TFE Addon](https://github.com/Azure/caf-terraform-landingzones/tree/master/caf_solution/add-ons/terraform_cloud). -------------------------------------------------------------------------------- /website/docs/rover/tools.md: -------------------------------------------------------------------------------- 1 | --- 2 | id: rover-tools 3 | sidebar_position: 2 4 | --- 5 | 6 | # Rover versions and tools 7 | 8 | ## What is inside rover 9 | 10 | Rover is based on a standard Linux distribution (currently Ubuntu), rover.sh (our Terraform wrapper) and a set of commonly-used tools with their extensions when applicable. The best is to review by yourself in the [Dockerfile](https://github.com/aztfmod/rover/blob/main/Dockerfile). 11 | 12 | ## Rover channels 13 | 14 | We typically maintain rovers with the last 2 major versions of Terraform. 15 | 16 | These are the following channels for rover releases [on our Docker Hub](https://hub.docker.com/search?q=aztfmod&type=image): 17 | 18 | | Release channel | Description | 19 | |-----------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| 20 | | [rover stable](https://hub.docker.com/r/aztfmod/rover) | Stable, tested and validated versions of the tools. | 21 | | [rover preview](https://hub.docker.com/r/aztfmod/rover-preview) | New features being tested and stabilized. | 22 | | [rover alpha](https://hub.docker.com/r/aztfmod/rover-alpha) | Hot off-the-oven features, used under a professional's supervision. | 23 | | [rover-agent](https://hub.docker.com/r/aztfmod/rover-agent) | Releases that are aligned with above channels but include the CI/CD agents/runners for the following products: [GitHub Actions](https://github.com/features/actions), [Azure DevOps](https://azure.microsoft.com/en-us/services/devops/), [Terraform Cloud/Enterprise](https://www.terraform.io/cloud-docs/agents), [Git Labs](https://docs.gitlab.com/ee/user/clusters/agent/install/) | 24 | 25 | ## Components in current version 26 | 27 | After a long time of using version-specific builds for every components, we moved to use mostly latest versions of the components unless integration tests show incompatibilities. 28 | 29 | Components currently in rover: 30 | 31 | | Category | Components | 32 | |-----------------|---------------------------------------------------------------------------------------------------| 33 | | Utilities | [powershell](https://github.com/PowerShell/PowerShell), [mssql-tools](https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-setup-tools?view=sql-server-ver15), [az](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli), [jq](https://stedolan.github.io/jq/download/), [yq](https://github.com/mikefarah/yq), [python](https://www.python.org/), [pywinrm](https://github.com/diyan/pywinrm), [golang](https://go.dev/), [kubectl](https://kubernetes.io/docs/tasks/tools/), [helm](https://helm.sh/docs/intro/install/), [github shell](https://github.com/cli/cli), [openvpn](https://openvpn.net/) | 34 | | IaC tools | [terraform](https://www.terraform.io/), [terraform-docs](https://github.com/terraform-docs/terraform-docs), [vault](https://www.vaultproject.io/), [packer](https://www.packer.io/), [ansible](https://www.ansible.com/) | 35 | | DevSecOps | [checkov](https://www.checkov.io/), [tfsec](https://aquasecurity.github.io/tfsec) | 36 | | Code excellence | [tflint](https://github.com/terraform-linters/tflint), [tflint with azure ruleset](https://github.com/terraform-linters/tflint-ruleset-azurerm), [caflint](https://github.com/aztfmod/caflint), [pre-commit](https://pre-commit.com/), [pre-commit hooks for Terraform](https://github.com/antonbabenko/pre-commit-terraform), [shellspec](https://github.com/shellspec/shellspec) | 37 | -------------------------------------------------------------------------------- /website/docs/terraform-sre-components.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/docs/terraform-sre-components.png -------------------------------------------------------------------------------- /website/docs/terraform-sre-functions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/docs/terraform-sre-functions.png -------------------------------------------------------------------------------- /website/docusaurus.config.js: -------------------------------------------------------------------------------- 1 | // @ts-check 2 | // Note: type annotations allow type checking and IDEs autocompletion 3 | 4 | const lightCodeTheme = require('prism-react-renderer/themes/github'); 5 | const darkCodeTheme = require('prism-react-renderer/themes/dracula'); 6 | 7 | /** @type {import('@docusaurus/types').Config} */ 8 | const config = { 9 | title: 'Azure Terraform SRE', 10 | tagline: 'Everything-As-Code. Opinionated.', 11 | url: 'https://aztfmod.github.io', 12 | baseUrl: '/documentation/', 13 | onBrokenLinks: 'throw', 14 | onBrokenMarkdownLinks: 'warn', 15 | favicon: 'img/landingzones.ico', 16 | organizationName: 'aztfmod', // Usually your GitHub org/user name. 17 | projectName: 'documentation', // Usually your repo name. 18 | 19 | presets: [ 20 | [ 21 | 'classic', 22 | /** @type {import('@docusaurus/preset-classic').Options} */ 23 | ({ 24 | docs: { 25 | sidebarPath: require.resolve('./sidebars.js'), 26 | // Please change this to your repo. 27 | editUrl: 'https://github.com/aztfmod/documentation/tree/main/website/', 28 | }, 29 | blog: { 30 | showReadingTime: true, 31 | // Please change this to your repo. 32 | editUrl: 'https://github.com/aztfmod/documentation/tree/main/website/', 33 | }, 34 | theme: { 35 | customCss: require.resolve('./src/css/custom.css'), 36 | }, 37 | gtag: { 38 | trackingID: 'G-GCM5PJNDCN', 39 | anonymizeIP: true, 40 | }, 41 | googleAnalytics: { 42 | trackingID: 'G-GCM5PJNDCN', 43 | anonymizeIP: true, 44 | }, 45 | }), 46 | ], 47 | ], 48 | 49 | themeConfig: 50 | /** @type {import('@docusaurus/preset-classic').ThemeConfig} */ 51 | ({ 52 | navbar: { 53 | title: 'Azure Terraform SRE', 54 | logo: { 55 | alt: 'Azure Terraform SRE', 56 | src: 'img/logo_landingzone.png', 57 | }, 58 | items: [ 59 | { 60 | type: 'doc', 61 | docId: 'intro', 62 | position: 'left', 63 | label: 'Introduction', 64 | }, 65 | { 66 | type: 'doc', 67 | docId: 'fundamentals/lz-intro', 68 | position: 'left', 69 | label: 'Fundamentals', 70 | }, 71 | { 72 | type: 'doc', 73 | docId: 'module/module-intro', 74 | position: 'left', 75 | label: 'Module', 76 | }, 77 | { 78 | type: 'doc', 79 | docId: 'rover/rover-intro', 80 | position: 'left', 81 | label: 'Rover', 82 | }, 83 | { 84 | type: 'doc', 85 | docId: 'provider/provider-intro', 86 | position: 'left', 87 | label: 'Provider', 88 | }, 89 | { 90 | type: 'doc', 91 | docId: 'azure-landing-zones/landingzones/alz-intro', 92 | position: 'left', 93 | label: 'Azure landing zones', 94 | }, 95 | // {to: '/blog', label: 'Blog', position: 'left'}, 96 | { 97 | type: 'docsVersionDropdown', 98 | position: 'right', 99 | }, 100 | { 101 | href: 'https://github.com/aztfmod/documentation', 102 | label: 'GitHub', 103 | position: 'right', 104 | }, 105 | ], 106 | }, 107 | footer: { 108 | style: 'dark', 109 | links: [ 110 | { 111 | title: 'Docs', 112 | items: [ 113 | { 114 | label: 'Tutorial', 115 | to: '/docs/intro', 116 | }, 117 | ], 118 | }, 119 | { 120 | title: 'Community', 121 | items: [ 122 | { 123 | label: 'Arnauds blog', 124 | href: 'https://aka.ms/arnaud', 125 | }, 126 | { 127 | label: 'Gitter', 128 | href: 'https://gitter.im/aztfmod/community', 129 | }, 130 | ], 131 | }, 132 | { 133 | title: 'More', 134 | items: [ 135 | // { 136 | // label: 'Blog', 137 | // to: '/blog', 138 | // }, 139 | { 140 | label: 'GitHub', 141 | href: 'https://github.com/azure/caf-terraform-landingzones', 142 | }, 143 | ], 144 | }, 145 | ], 146 | copyright: `Copyright © ${new Date().getFullYear()} Azure Terraform SRE`, 147 | }, 148 | prism: { 149 | theme: darkCodeTheme, 150 | darkTheme: darkCodeTheme, 151 | }, 152 | }) 153 | }; 154 | 155 | module.exports = config; 156 | -------------------------------------------------------------------------------- /website/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "website", 3 | "version": "0.0.0", 4 | "private": true, 5 | "scripts": { 6 | "docusaurus": "docusaurus", 7 | "start": "docusaurus start", 8 | "build": "docusaurus build", 9 | "swizzle": "docusaurus swizzle", 10 | "deploy": "docusaurus deploy", 11 | "clear": "docusaurus clear", 12 | "serve": "docusaurus serve", 13 | "write-translations": "docusaurus write-translations", 14 | "write-heading-ids": "docusaurus write-heading-ids" 15 | }, 16 | "dependencies": { 17 | "@algolia/autocomplete-core": "1.6.3", 18 | "@algolia/autocomplete-shared": "1.6.3", 19 | "@algolia/cache-browser-local-storage": "4.13.1", 20 | "@algolia/cache-in-memory": "4.13.1", 21 | "@algolia/client-account": "4.13.1", 22 | "@algolia/client-analytics": "4.13.1", 23 | "@algolia/client-personalization": "4.13.1", 24 | "@algolia/logger-console": "4.13.1", 25 | "@algolia/requester-browser-xhr": "4.13.1", 26 | "@algolia/requester-node-http": "4.13.1", 27 | "@ampproject/remapping": "2.2.0", 28 | "@babel/core": "7.18.5", 29 | "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": "7.17.12", 30 | "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining": "7.17.12", 31 | "@babel/plugin-proposal-async-generator-functions": "7.20.7", 32 | "@babel/plugin-proposal-class-properties": "7.17.12", 33 | "@babel/plugin-proposal-class-static-block": "7.18.0", 34 | "@babel/plugin-proposal-export-namespace-from": "7.17.12", 35 | "@babel/plugin-proposal-json-strings": "7.17.12", 36 | "@babel/plugin-proposal-logical-assignment-operators": "7.17.12", 37 | "@babel/plugin-proposal-nullish-coalescing-operator": "7.17.12", 38 | "@babel/plugin-proposal-object-rest-spread": "7.18.0", 39 | "@babel/plugin-proposal-private-methods": "7.17.12", 40 | "@babel/plugin-proposal-private-property-in-object": "7.17.12", 41 | "@babel/plugin-syntax-import-assertions": "7.17.12", 42 | "@babel/plugin-syntax-typescript": "7.17.12", 43 | "@babel/plugin-transform-arrow-functions": "7.17.12", 44 | "@babel/plugin-transform-async-to-generator": "7.17.12", 45 | "@babel/plugin-transform-block-scoping": "7.18.4", 46 | "@babel/plugin-transform-classes": "7.18.4", 47 | "@babel/plugin-transform-computed-properties": "7.17.12", 48 | "@babel/plugin-transform-destructuring": "7.18.0", 49 | "@babel/plugin-transform-duplicate-keys": "7.17.12", 50 | "@babel/plugin-transform-for-of": "7.18.1", 51 | "@babel/plugin-transform-literals": "7.24.6", 52 | "@babel/plugin-transform-modules-amd": "7.18.0", 53 | "@babel/plugin-transform-modules-commonjs": "7.18.2", 54 | "@babel/plugin-transform-modules-systemjs": "7.24.6", 55 | "@babel/plugin-transform-modules-umd": "7.18.0", 56 | "@babel/plugin-transform-named-capturing-groups-regex": "7.17.12", 57 | "@babel/plugin-transform-new-target": "7.24.6", 58 | "@babel/plugin-transform-regenerator": "7.18.0", 59 | "@babel/plugin-transform-reserved-words": "7.17.12", 60 | "@babel/plugin-transform-runtime": "7.18.5", 61 | "@babel/plugin-transform-spread": "7.17.12", 62 | "@babel/plugin-transform-template-literals": "7.18.2", 63 | "@babel/plugin-transform-typeof-symbol": "7.17.12", 64 | "@babel/plugin-transform-typescript": "7.18.4", 65 | "@babel/preset-env": "7.18.2", 66 | "@babel/preset-react": "7.17.12", 67 | "@babel/preset-typescript": "7.17.12", 68 | "@babel/runtime-corejs3": "7.18.3", 69 | "@colors/colors": "1.5.0", 70 | "@docsearch/css": "3.1.0", 71 | "@docsearch/react": "3.1.0", 72 | "@docusaurus/core": "^2.4.3", 73 | "@docusaurus/cssnano-preset": "^2.4.3", 74 | "@docusaurus/module-type-aliases": "^2.4.3", 75 | "@docusaurus/plugin-debug": "^2.4.3", 76 | "@docusaurus/plugin-google-analytics": "^2.4.3", 77 | "@docusaurus/plugin-google-gtag": "^2.4.3", 78 | "@docusaurus/plugin-sitemap": "^2.4.3", 79 | "@docusaurus/preset-classic": "^2.4.3", 80 | "@docusaurus/theme-classic": "^2.4.3", 81 | "@docusaurus/theme-search-algolia": "^2.4.3", 82 | "@docusaurus/types": "^2.4.3", 83 | "@jridgewell/gen-mapping": "0.3.2", 84 | "@jridgewell/resolve-uri": "3.0.8", 85 | "@jridgewell/set-array": "1.1.2", 86 | "@leichtgewicht/ip-codec": "2.0.5", 87 | "@mdx-js/mdx": "1.6.22", 88 | "@mdx-js/react": "^1.6.21", 89 | "@slorber/static-site-generator-webpack-plugin": "4.0.7", 90 | "@svgr/core": "6.2.1", 91 | "@svgr/hast-util-to-babel-ast": "6.2.1", 92 | "@types/eslint-scope": "3.7.3", 93 | "@types/http-proxy": "1.17.9", 94 | "@types/react-router-config": "5.0.6", 95 | "@types/react-router-dom": "5.3.3", 96 | "@types/ws": "8.5.3", 97 | "algoliasearch": "4.13.1", 98 | "algoliasearch-helper": "3.9.0", 99 | "autoprefixer": "10.4.7", 100 | "axios": "0.28.0", 101 | "babel-loader": "8.2.5", 102 | "body-parser": "1.20.3", 103 | "bonjour-service": "1.0.13", 104 | "boxen": "6.2.1", 105 | "cheerio": "1.0.0-rc.12", 106 | "cheerio-select": "2.1.0", 107 | "clean-css": "5.3.0", 108 | "cli-boxes": "3.0.0", 109 | "cli-table3": "0.6.2", 110 | "clsx": "^1.1.1", 111 | "cookie": "0.7.0", 112 | "copy-webpack-plugin": "11.0.0", 113 | "core-js": "3.23.3", 114 | "css-declaration-sorter": "6.3.0", 115 | "css-loader": "7.1.2", 116 | "css-minimizer-webpack-plugin": "4.0.0", 117 | "cssnano": "5.1.12", 118 | "cssnano-preset-advanced": "5.3.8", 119 | "del": "6.1.1", 120 | "dns-packet": "5.4.0", 121 | "eastasianwidth": "0.3.0", 122 | "enhanced-resolve": "5.9.3", 123 | "eval": "0.1.8", 124 | "express": "4.20.0", 125 | "finalhandler": "1.2.0", 126 | "follow-redirects": "1.15.6", 127 | "fraction.js": "4.2.0", 128 | "got": "11.8.5", 129 | "html-tags": "3.2.0", 130 | "html-webpack-plugin": "5.5.0", 131 | "htmlparser2": "8.0.1", 132 | "http-proxy-middleware": "2.0.7", 133 | "infima": "0.2.0-alpha.39", 134 | "invariant": "2.2.4", 135 | "jest-worker": "27.5.1", 136 | "mini-css-extract-plugin": "2.6.1", 137 | "multicast-dns": "7.2.5", 138 | "nanoid": "3.3.8", 139 | "node-forge": "1.3.1", 140 | "object-inspect": "1.12.2", 141 | "parse5-htmlparser2-tree-adapter": "7.0.0", 142 | "postcss-calc": "8.2.4", 143 | "postcss-colormin": "5.3.0", 144 | "postcss-convert-values": "5.1.2", 145 | "postcss-discard-comments": "5.1.2", 146 | "postcss-discard-duplicates": "5.1.0", 147 | "postcss-discard-empty": "5.1.1", 148 | "postcss-discard-overridden": "5.1.0", 149 | "postcss-discard-unused": "7.0.0", 150 | "postcss-loader": "7.0.0", 151 | "postcss-merge-idents": "5.1.1", 152 | "postcss-merge-longhand": "5.1.6", 153 | "postcss-merge-rules": "5.1.2", 154 | "postcss-minify-font-values": "5.1.0", 155 | "postcss-minify-gradients": "5.1.1", 156 | "postcss-minify-params": "5.1.3", 157 | "postcss-minify-selectors": "5.2.1", 158 | "postcss-normalize-charset": "5.1.0", 159 | "postcss-normalize-display-values": "5.1.0", 160 | "postcss-normalize-positions": "5.1.1", 161 | "postcss-normalize-repeat-style": "5.1.1", 162 | "postcss-normalize-string": "5.1.0", 163 | "postcss-normalize-timing-functions": "5.1.0", 164 | "postcss-normalize-unicode": "5.1.0", 165 | "postcss-normalize-url": "7.0.0", 166 | "postcss-normalize-whitespace": "5.1.1", 167 | "postcss-ordered-values": "5.1.3", 168 | "postcss-reduce-idents": "5.2.0", 169 | "postcss-reduce-initial": "5.1.0", 170 | "postcss-reduce-transforms": "5.1.0", 171 | "postcss-sort-media-queries": "4.2.1", 172 | "postcss-svgo": "5.1.0", 173 | "postcss-unique-selectors": "5.1.1", 174 | "postcss-zindex": "5.1.0", 175 | "prism-react-renderer": "^1.2.1", 176 | "prismjs": "1.28.0", 177 | "raw-body": "2.5.1", 178 | "react": "^17.0.1", 179 | "react-dev-utils": "12.0.1", 180 | "react-dom": "^17.0.1", 181 | "react-error-overlay": "6.0.11", 182 | "react-player": "^2.9.0", 183 | "react-router": "5.3.3", 184 | "regenerator-transform": "0.15.0", 185 | "remark-emoji": "2.2.0", 186 | "rtlcss": "3.5.0", 187 | "rxjs": "7.5.5", 188 | "selfsigned": "2.0.1", 189 | "serve-static": "1.16.0", 190 | "shallowequal": "1.1.0", 191 | "side-channel": "1.0.4", 192 | "sitemap": "7.1.1", 193 | "sockjs": "0.3.24", 194 | "source-map-js": "1.0.2", 195 | "stylehacks": "5.1.0", 196 | "terser-webpack-plugin": "5.3.3", 197 | "trim": "0.0.3", 198 | "type-fest": "2.14.0", 199 | "wait-on": "6.0.1", 200 | "webpack-bundle-analyzer": "4.5.0", 201 | "webpack-dev-middleware": "5.3.4", 202 | "webpack-dev-server": "4.9.2", 203 | "widest-line": "4.0.1", 204 | "wrap-ansi": "8.0.1" 205 | }, 206 | "browserslist": { 207 | "production": [ 208 | ">0.5%", 209 | "not dead", 210 | "not op_mini all" 211 | ], 212 | "development": [ 213 | "last 1 chrome version", 214 | "last 1 firefox version", 215 | "last 1 safari version" 216 | ] 217 | } 218 | } 219 | -------------------------------------------------------------------------------- /website/sidebars.js: -------------------------------------------------------------------------------- 1 | /** 2 | * Creating a sidebar enables you to: 3 | - create an ordered group of docs 4 | - render a sidebar for each doc of that group 5 | - provide next/previous navigation 6 | 7 | The sidebars can be generated from the filesystem, or explicitly defined here. 8 | 9 | Create as many sidebars as you want. 10 | */ 11 | 12 | // @ts-check 13 | 14 | /** @type {import('@docusaurus/plugin-content-docs').SidebarsConfig} */ 15 | const sidebars = { 16 | // By default, Docusaurus generates a sidebar from the docs folder structure 17 | cafSidebar: [{type: 'autogenerated', dirName: '.'}], 18 | 19 | // But you can create a sidebar manually 20 | 21 | // docs: [ 22 | // 'intro', 23 | // { 24 | // type: 'category', 25 | // label: 'landing zones intro', 26 | // link: { 27 | // type: 'generated-index', 28 | // }, 29 | // collapsed: false, 30 | // items: [ 31 | // 'landingzones/lz-intro' 32 | // ] 33 | // }, 34 | // { 35 | // type: 'category', 36 | // label: 'module', 37 | // link: { 38 | // type: 'generated-index', 39 | // }, 40 | // collapsed: false, 41 | // items: [ 42 | // 'module/module-intro' 43 | // ] 44 | // }, 45 | // { 46 | // type: 'category', 47 | // label: 'rover', 48 | // link: { 49 | // type: 'generated-index', 50 | // }, 51 | // collapsed: false, 52 | // items: [ 53 | // 'rover/rover-intro' 54 | // ] 55 | // }, 56 | // { 57 | // type: 'category', 58 | // label: 'provider', 59 | // link: { 60 | // type: 'generated-index', 61 | // }, 62 | // collapsed: false, 63 | // items: [ 64 | // 'provider/provider-intro' 65 | // ] 66 | // }, 67 | // { 68 | // type: 'category', 69 | // label: 'enterprise-scale', 70 | // link: { 71 | // type: 'autogenerated', 72 | // slug: '/enterprise-scale/landingzones', 73 | // }, 74 | // collapsed: false, 75 | // items: [ 76 | // 'enterprise-scale/landingzones/eslz-intro', 77 | // 'enterprise-scale/landingzones/platform/elsz-level0', 78 | // 'enterprise-scale/landingzones/platform/org-setup', 79 | // ] 80 | // }, 81 | 82 | // ] 83 | 84 | }; 85 | 86 | module.exports = sidebars; 87 | -------------------------------------------------------------------------------- /website/src/components/HomepageFeatures.js: -------------------------------------------------------------------------------- 1 | import React from 'react'; 2 | import clsx from 'clsx'; 3 | import styles from './HomepageFeatures.module.css'; 4 | 5 | const FeatureList = [ 6 | { 7 | title: 'Configuration-driven IaC', 8 | Svg: require('../../static/img/undraw_docusaurus_mountain.svg').default, 9 | description: ( 10 | <> 11 | Spend your time deploying what you need on Azure, not writing IaC modules. 12 | 13 | ), 14 | }, 15 | { 16 | title: 'Empowering the SRE on Azure', 17 | Svg: require('../../static/img/undraw_docusaurus_tree.svg').default, 18 | description: ( 19 | <> 20 | We equip the Site Reliability Engineering on Azure providing community-driven and built artifacts. 21 | 22 | ), 23 | }, 24 | { 25 | title: 'DevOps by nature', 26 | Svg: require('../../static/img/undraw_docusaurus_react.svg').default, 27 | description: ( 28 | <> 29 | Whichever DevOps tools you are using, we have you covered. 30 | 31 | ), 32 | }, 33 | ]; 34 | 35 | function Feature({Svg, title, description}) { 36 | return ( 37 |
38 |
39 | 40 |
41 |
42 |

{title}

43 |

{description}

44 |
45 |
46 | ); 47 | } 48 | 49 | export default function HomepageFeatures() { 50 | return ( 51 |
52 |
53 |
54 | {FeatureList.map((props, idx) => ( 55 | 56 | ))} 57 |
58 |
59 |
60 | ); 61 | } 62 | -------------------------------------------------------------------------------- /website/src/components/HomepageFeatures.module.css: -------------------------------------------------------------------------------- 1 | .features { 2 | display: flex; 3 | align-items: center; 4 | padding: 2rem 0; 5 | width: 100%; 6 | } 7 | 8 | .featureSvg { 9 | height: 200px; 10 | width: 200px; 11 | } 12 | -------------------------------------------------------------------------------- /website/src/css/custom.css: -------------------------------------------------------------------------------- 1 | /** 2 | * Any CSS included here will be global. The classic template 3 | * bundles Infima by default. Infima is a CSS framework designed to 4 | * work well for content-centric websites. 5 | */ 6 | 7 | /* You can override the default Infima variables here. */ 8 | :root { 9 | --ifm-color-primary: #256cc2; 10 | --ifm-color-primary-dark: rgb(33, 97, 175); 11 | --ifm-color-primary-darker: rgb(31, 80, 165); 12 | --ifm-color-primary-darkest: rgb(26, 52, 136); 13 | --ifm-color-primary-light: rgb(70, 134, 203); 14 | --ifm-color-primary-lighter: rgb(102, 133, 212); 15 | --ifm-color-primary-lightest: rgb(146, 181, 224); 16 | --ifm-code-font-size: 95%; 17 | } 18 | 19 | .docusaurus-highlight-code-line { 20 | background-color: rgba(0, 0, 0, 0.1); 21 | display: block; 22 | margin: 0 calc(-1 * var(--ifm-pre-padding)); 23 | padding: 0 var(--ifm-pre-padding); 24 | } 25 | 26 | html[data-theme='dark'] .docusaurus-highlight-code-line { 27 | background-color: rgba(0, 0, 0, 0.3); 28 | } 29 | -------------------------------------------------------------------------------- /website/src/pages/index.js: -------------------------------------------------------------------------------- 1 | import React from 'react'; 2 | import clsx from 'clsx'; 3 | import Layout from '@theme/Layout'; 4 | import Link from '@docusaurus/Link'; 5 | import useDocusaurusContext from '@docusaurus/useDocusaurusContext'; 6 | import styles from './index.module.css'; 7 | import HomepageFeatures from '../components/HomepageFeatures'; 8 | 9 | function HomepageHeader() { 10 | const {siteConfig} = useDocusaurusContext(); 11 | return ( 12 |
13 |
14 |

{siteConfig.title}

15 |

{siteConfig.tagline}

16 |
17 | 20 | Let's start deploying! 21 | 22 |
23 |
24 |
25 | ); 26 | } 27 | 28 | export default function Home() { 29 | const {siteConfig} = useDocusaurusContext(); 30 | return ( 31 | 34 | 35 |
36 | 37 |
38 | 39 | ); 40 | } 41 | -------------------------------------------------------------------------------- /website/src/pages/index.module.css: -------------------------------------------------------------------------------- 1 | /** 2 | * CSS files with the .module.css suffix will be treated as CSS modules 3 | * and scoped locally. 4 | */ 5 | 6 | .heroBanner { 7 | padding: 4rem 0; 8 | text-align: center; 9 | position: relative; 10 | overflow: hidden; 11 | } 12 | 13 | @media screen and (max-width: 966px) { 14 | .heroBanner { 15 | padding: 2rem; 16 | } 17 | } 18 | 19 | .buttons { 20 | display: flex; 21 | align-items: center; 22 | justify-content: center; 23 | } 24 | -------------------------------------------------------------------------------- /website/src/pages/markdown-page.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Markdown page example 3 | --- 4 | 5 | # Markdown page example 6 | 7 | You don't need React to write simple standalone pages. 8 | -------------------------------------------------------------------------------- /website/staging-docs/contributors/architecture/intro.md: -------------------------------------------------------------------------------- 1 | --- 2 | sidebar_position: 1 3 | --- 4 | 5 | # Tutorial Introduction 6 | 7 | Let's discover **Docusaurus in less than 5 minutes**. 8 | 9 | ## Getting Started 10 | 11 | Get started by **creating a new site**. 12 | 13 | Or **try Docusaurus immediately** with **[docusaurus.new](https://docusaurus.new)**. 14 | 15 | ## Generate a new site 16 | 17 | Generate a new Docusaurus site using the **classic template**: 18 | 19 | ```shell 20 | npm init docusaurus@latest my-website classic 21 | ``` 22 | 23 | ## Start your site 24 | 25 | Run the development server: 26 | 27 | ```shell 28 | cd my-website 29 | 30 | npx docusaurus start 31 | ``` 32 | 33 | Your site starts at `http://localhost:3000`. 34 | 35 | Open `docs/intro.md` and edit some lines: the site **reloads automatically** and displays your changes. 36 | -------------------------------------------------------------------------------- /website/staging-docs/contributors/community/intro.md: -------------------------------------------------------------------------------- 1 | --- 2 | sidebar_position: 1 3 | --- 4 | 5 | # Tutorial Introduction 6 | 7 | Let's discover **Docusaurus in less than 5 minutes**. 8 | 9 | ## Getting Started 10 | 11 | Get started by **creating a new site**. 12 | 13 | Or **try Docusaurus immediately** with **[docusaurus.new](https://docusaurus.new)**. 14 | 15 | ## Generate a new site 16 | 17 | Generate a new Docusaurus site using the **classic template**: 18 | 19 | ```shell 20 | npm init docusaurus@latest my-website classic 21 | ``` 22 | 23 | ## Start your site 24 | 25 | Run the development server: 26 | 27 | ```shell 28 | cd my-website 29 | 30 | npx docusaurus start 31 | ``` 32 | 33 | Your site starts at `http://localhost:3000`. 34 | 35 | Open `docs/intro.md` and edit some lines: the site **reloads automatically** and displays your changes. 36 | -------------------------------------------------------------------------------- /website/staging-docs/contributors/conventions/intro.md: -------------------------------------------------------------------------------- 1 | --- 2 | sidebar_position: 1 3 | --- 4 | 5 | # Tutorial Introduction 6 | 7 | Let's discover **Docusaurus in less than 5 minutes**. 8 | 9 | ## Getting Started 10 | 11 | Get started by **creating a new site**. 12 | 13 | Or **try Docusaurus immediately** with **[docusaurus.new](https://docusaurus.new)**. 14 | 15 | ## Generate a new site 16 | 17 | Generate a new Docusaurus site using the **classic template**: 18 | 19 | ```shell 20 | npm init docusaurus@latest my-website classic 21 | ``` 22 | 23 | ## Start your site 24 | 25 | Run the development server: 26 | 27 | ```shell 28 | cd my-website 29 | 30 | npx docusaurus start 31 | ``` 32 | 33 | Your site starts at `http://localhost:3000`. 34 | 35 | Open `docs/intro.md` and edit some lines: the site **reloads automatically** and displays your changes. 36 | -------------------------------------------------------------------------------- /website/staging-docs/gitops/intro.md: -------------------------------------------------------------------------------- 1 | --- 2 | id: gitops-intro 3 | sidebar_position: 6 4 | --- 5 | 6 | ## GitOps for Azure landing zones 7 | 8 | Changes in the different environments introduced and promoted following GitOps concepts, principles and mechanisms: 9 | 10 | - Configuration changes are described in a declarative language (here using Terraform). 11 | - Operations are promoted from one environment to another via Git operations (Git commit, push, pull request). 12 | - Changes are promoted only once they have reached quality gates (provided by automation, CI mechanisms and test suites executions) to promote higher quality changes. 13 | - Changes are promoted only once they also have been validated by service owners in the environment (that can be declared in the DevOps configuration of the platform). 14 | 15 | ## Code and configuration repositories 16 | 17 | GitOps leverages Git as a single source of truth for declarative infrastructure and applications. Having a common code structure and naming convention is critical to maintain code quality and enhance the developer experience (especially for new team members). 18 | 19 | When we deal with Infra as Code and landing zone deployments, we must also make sure that the structure of our repository will support the workflow of the different teams involved and enforce the segregation of concerns with the multiple environments. *Should the code / variables be organized by environments or by teams involved in the deployment 20 | process*? Is a legitimate question. Code structure and organization is always a hot topic, and while one size fits all is rarely the norm, we tend to recommend starting with either of the following extending's on Terraform (unclear) documentation. 21 | 22 | For a given environment, ideally the code should remain identical and only the variables should evolve. The following example illustrates the two repository we recommend: one for the configuration and one for the code of deployment. 23 | 24 | Looking closer at the configuration repository, we can see that each environment is represented in a folder and each environment enforces the following structure: 25 | 26 | | **directory name** | **purpose and content** | 27 | | -------------------| ------------------------| 28 | | devops | Contains the DevOps environment variables to configure the Azure DevOps variable groups, and pipeline definitions | 29 | | landingzones | Contains a directory for each landing zone. Each directory will include its own pipeline definition for apply, destroy, etc. Each directory must also contain the landing zones variable definitions files. 30 | | launchpad | Contains the configuration files for the launchpad environment. | 31 | 32 | ### Empowering the developers 33 | 34 | It is often more productive to have developers equipped with their own subscriptions in order to accelerate the engineering time. Those subscriptions can be part of [Azure Dev/Test](https://azure.microsoft.com/pricing/dev-test/), can be part of [Visual Studio Subscription](https://azure.microsoft.com/pricing/member-offers/credit-for-visual-studio-subscribers/), or can be sourced via the usual enterprise or partners. 35 | 36 | We very often observe that a dedicated engineering sandpit which includes autonomous identity tenant (Azure Active Directory tenant), although it might appear more difficult to maintain, but will enable faster composition and innovation, especially to iterate on the reduction of privilege engineering as it will save round-trips with corporate identity teams. This will enable a frictionless collaboration and better collaboration when the new service is going through security validation. 37 | -------------------------------------------------------------------------------- /website/static/.nojekyll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/static/.nojekyll -------------------------------------------------------------------------------- /website/static/img/docusaurus.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/static/img/docusaurus.png -------------------------------------------------------------------------------- /website/static/img/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/static/img/favicon.ico -------------------------------------------------------------------------------- /website/static/img/homepage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/static/img/homepage.png -------------------------------------------------------------------------------- /website/static/img/landingzones.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/static/img/landingzones.ico -------------------------------------------------------------------------------- /website/static/img/logo_landingzone.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/static/img/logo_landingzone.png -------------------------------------------------------------------------------- /website/static/img/undraw_docusaurus_tree.svg: -------------------------------------------------------------------------------- 1 | docu_tree -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/intro.md: -------------------------------------------------------------------------------- 1 | --- 2 | id: alz-intro 3 | sidebar_position: 1 4 | --- 5 | 6 | # Getting started 7 | 8 | ## Deploy your first platform landing zones 9 | 10 | In this tutorial you are going to learn how to build the Azure Platform Landing zones with the Azure Terraform SRE (CAF) for Azure Terraform landing zones. It is a framework that requires to have both **advanced knowledge of Terraform and Azure services**. 11 | 12 | It is assumed the reader has already deep knowledge of the CAF (https://aka.ms/caf). 13 | It is recommended to be certified to the Azure Architecture track. 14 | 15 | This tutorial will guide you on how to deploy the Platform landing zones and includes: 16 | 17 | - Azure Remote State management (launchpad) 18 | - Azure landing zones (formerly called Enterprise-Scale) for management groups, policy definitions, policy assignments and RBAC 19 | - Identity services (Azure Active Directory Services, extend your on-premise Active Directory Domain Services...) 20 | - Monitoring services 21 | - Connectivity services (virtual WAN, private DNS zones, egress firewall...) 22 | 23 | The steps in the tutorial will guide you through the following process: 24 | 25 | ![Creation of Azure landing zones environment](./process-alz.png) -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/choice.md: -------------------------------------------------------------------------------- 1 | --- 2 | id: eslz-choices 3 | sidebar_position: 2 4 | --- 5 | 6 | # Choose your deployment mode 7 | 8 | 9 | Based on your configuration you can select the following deployment guide: 10 | 11 | | Scenario | Prerequisites | Link | 12 | |--------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------| 13 | | Single subscription lab | - **Azure Active Directory**: Global administrator.
- **Subscription**: 1 pre-created subscription, with owner privileges
- **Management groups**: "Management Group Contributor" permissions on a branch or root management group. | [Getting started](./single%20reuse/intro.md) | 14 | | Multi subscriptions (reuse existing subscriptions) | - **Azure Active Directory**: User.
- **Subscription**: 4 pre-created subscriptions, with owner privileges
- **Management groups**: "management group contributor" permissions on a branch or root management group. | [Documentation to be published](./choice.md) | 15 | | Multi subscriptions (creating new subscriptions with EA/MCA) | - **Azure Enterprise Agreement or MCA**: User with department permissions to create.
- **Azure Active Directory**: User.
- **Subscription**: 1 pre-created subscription, with owner privileges
- **Management groups**: "management group contributor" permissions on a branch or root management group. | [Documentation to be published](./choice.md) | 16 | -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/codespace1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/codespace1.png -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/codespace2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/codespace2.png -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/codespace3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/codespace3.png -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/create-repo-from-template.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/create-repo-from-template.png -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/extension-remote-containers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/extension-remote-containers.png -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/find-replace.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/find-replace.png -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/level0-launchpad-readme.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/level0-launchpad-readme.png -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/org-setup.mdx: -------------------------------------------------------------------------------- 1 | --- 2 | id: org-setup 3 | sidebar_position: 1 4 | --- 5 | import ReactPlayer from 'react-player' 6 | import Tabs from '@theme/Tabs'; 7 | import TabItem from '@theme/TabItem'; 8 | 9 | 10 | # Setup your organization 11 | 12 | 13 | ## Organize your private repository 14 | 15 | The first step is create a private repository in your current organization. It has to be a git repository. 16 | 17 | The video below shows you how to setup a private GitHub repository you are going to use to store the configuration of your platform landing zones. 18 | 19 | 20 | 21 | ### Clone the platform starter repository 22 | 23 | The platform starter project is an empty environment that get you started with your initial configuration files and create a coherent stack. 24 | 25 | The [platform starter project is here](https://github.com/Azure/caf-terraform-landingzones-platform-starter). 26 | 27 | If you are using it from GitHub, you can directly select "Use this template", once created you can clone it locally or open it in GitHub Codespace (use the tabs in the following section to get the steps for the desired method.) 28 | 29 | 30 | 31 | 32 | ```bash 33 | # Adjust the name of your organization and repository 34 | git clone git://github.com// contoso && cd contoso 35 | ``` 36 | 37 | You should observe: 38 | 39 | ```bash 40 | Cloning into 'contoso'... 41 | remote: Enumerating objects: 429, done. 42 | remote: Counting objects: 100% (429/429), done. 43 | remote: Compressing objects: 100% (320/320), done. 44 | remote: Total 429 (delta 110), reused 307 (delta 77), pack-reused 0 45 | Receiving objects: 100% (429/429), 2.93 MiB | 1.52 MiB/s, done. 46 | Resolving deltas: 100% (110/110), done. 47 | ``` 48 | 49 | Open Visual Studio Code from the contoso folder 50 | 51 | ```bash 52 | code . 53 | ``` 54 | 55 | Trust the repository 56 | 57 | ![](vscode-trust-folder.png) 58 | 59 | ### Visual Studio code 60 | 61 | Visual Studio code should open your cloned repository and display the following structure. 62 | 63 | ![](vscode.png) 64 | 65 | ### Add remote development extension 66 | 67 | Select the **Remote - Containers** extension and click Install. 68 | 69 | ![](extension-remote-containers.png) 70 | 71 | ### Re-open vscode in the dev container 72 | 73 | Click on the green bottom left button 74 | From the menu select the option 75 | 76 | ![](vscode-reopen-container.png) 77 | 78 | 79 | 80 | 81 | Once you have created your repo, create the Codespace: 82 | 83 | ![](codespace1.png) 84 | 85 | The Codespace is being instantiated: 86 | 87 | ![](codespace2.png) 88 | 89 | And you are ready to go: 90 | 91 | ![](codespace3.png) 92 | 93 | 94 | 95 | 96 | 97 | You should now see the following terminal. This terminal is where you will run all terminal commands described in this on-boarding tutorial. 98 | 99 | ![](vscode-zsh.png) 100 | 101 | 102 | ### Clone the Azure Terraform SRE landingzones code 103 | 104 | Now that you have the configuration folder ready to use, let's clone the logic of landing zones (the Terraform code) that we will use to run the commands. 105 | 106 | :::note 107 | The Azure Terraform SRE landingzones framework assumes the landingzones Terraform code is cloned in a repository called landingzones. 108 | ::: 109 | 110 | :::caution 111 | Do not use another name as **landingzones**. It is a convention used to drive consistency. 112 | ::: 113 | 114 | ```bash 115 | git clone https://github.com/Azure/caf-terraform-landingzones.git landingzones 116 | ``` 117 | 118 | ```bash 119 | Cloning into 'landingzones'... 120 | remote: Enumerating objects: 9067, done. 121 | remote: Counting objects: 100% (393/393), done. 122 | remote: Compressing objects: 100% (281/281), done. 123 | remote: Total 9067 (delta 161), reused 295 (delta 108), pack-reused 8674 124 | Receiving objects: 100% (9067/9067), 11.65 MiB | 6.83 MiB/s, done. 125 | Resolving deltas: 100% (5792/5792), done. 126 | Updating files: 100% (406/406), done. 127 | ``` 128 | 129 | ```bash 130 | # Go to the landingzones folder 131 | ➜ caf git:(main) ✗ cd landingzones 132 | 133 | # Note all folders are starting with /tf/caf in the devcontainers. 134 | ➜ landingzones git:(main) ✗ pwd 135 | /tf/caf/landingzones 136 | ➜ landingzones git:(main) ✗ 137 | ``` 138 | 139 | ### Switch to the selected landingzones tag 140 | 141 | Latest features on Azure Terraform SRE landingzones repository are released on regular basis. In order to align the deployment instructions, you need to make sure the Terraform code is also using the correct branch or tag.Please check the latest tag from the landingzones repo at https://github.com/Azure/caf-terraform-landingzones/releases . 142 | 143 | ![](repo-tag.png) 144 | 145 | From the terminal, run the following command to checkout to the latest tag: 146 | 147 | As, when we are updating the doc, latest tag available is 2203.1 as shown above. 148 | 149 | ```bash 150 | git checkout 2203.1 151 | 152 | Note: switching to '2203.1'. 153 | 154 | You are in 'detached HEAD' state. You can look around, make experimental 155 | changes and commit them, and you can discard any commits you make in this 156 | state without impacting any branches by switching back to a branch. 157 | ``` 158 | 159 | :::note 160 | The detached head is expected as your are getting to a tag (release version) and not into a branch. 161 | ::: 162 | 163 | Go to the next step to choose your scenario! 164 | -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/replace.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/replace.png -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/repo-tag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/repo-tag.png -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/single reuse/getting-started.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/single reuse/getting-started.png -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/single reuse/intro.md: -------------------------------------------------------------------------------- 1 | --- 2 | id: elsz-single-reuse 3 | sidebar_position: 1 4 | --- 5 | 6 | # Single subscription deployment lab 7 | 8 | ## Objectives 9 | 10 | Purpose of this lab is to get you started with a mono-subscription environment which will deploy full features and will allow you to experiment landing zones mechanisms and cross-state composition. It will create a platform definition you can then customize to your needs showing you a single Azure region with a production and non_production environment. 11 | 12 | ![image](https://user-images.githubusercontent.com/4702224/158935809-d1360dd6-a447-4e35-a6f8-7c8ac2966033.png) 13 | 14 | 15 | ## Required privileges 16 | 17 | :::note 18 | To deploy the platform landing zones, you need the following privileges 19 | 20 | Azure Active Directory: 21 | 22 | - Global Administrator 23 | 24 | Azure subscriptions: 25 | 26 | - 1 subscription with owner privileges. 27 | 28 | Management groups: 29 | 30 | - "management group contributor" permissions on a branch or root management group. 31 | 32 | ::: 33 | 34 | ## Login to Azure 35 | 36 | First step is to login to your Azure environment, you can simply run 37 | 38 | ```bash 39 | ➜ rover login 40 | 41 | /$$$$$$ /$$$$$$ /$$$$$$$$ /$$$$$$$ 42 | /$$__ $$ /$$__ $$| $$_____/ | $$__ $$ 43 | | $$ \__/| $$ \ $$| $$ | $$ \ $$ /$$$$$$ /$$ /$$/$$$$$$ /$$$$$$ 44 | | $$ | $$$$$$$$| $$$$$ | $$$$$$$/ /$$__ $$| $$ /$$/$$__ $$ /$$__ $$ 45 | | $$ | $$__ $$| $$__/ | $$__ $$| $$ \ $$ \ $$/$$/ $$$$$$$$| $$ \__/ 46 | | $$ $$| $$ | $$| $$ | $$ \ $$| $$ | $$ \ $$$/| $$_____/| $$ 47 | | $$$$$$/| $$ | $$| $$ | $$ | $$| $$$$$$/ \ $/ | $$$$$$$| $$ 48 | \______/ |__/ |__/|__/ |__/ |__/ \______/ \_/ \_______/|__/ 49 | 50 | 51 | version: aztfmod/rover:1.1.6-2202.2503 52 | 53 | @calling verify_azure_session 54 | 55 | Checking existing Azure session 56 | Login to azure with tenant terraformdev.onmicrosoft.com 57 | WARNING: To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code D9SPMXLU4 to authenticate. 58 | 59 | ``` 60 | 61 | Click on the URL [https://microsoft.com/devicelogin](https://microsoft.com/devicelogin), set the code and authenticate with your Azure Account. 62 | 63 | When the login is successful, you see the rover displaying the context of your Azure environment. Verify everything is correct. 64 | 65 | ```bash 66 | Set default subscription to 558a029f-aba1-47ff-b620-1d01350e2dd5 67 | Checking existing Azure session 68 | @calling process_target_subscription 69 | Set TF_VAR_tfstate_subscription_id variable to current session's subscription. 70 | caf_command login 71 | target_subscription_id 558a029f-aba1-47ff-b620-1d01350e2dd5 72 | TF_VAR_tfstate_subscription_id 558a029f-aba1-47ff-b620-1d01350e2dd5 73 | Resources from this landing zone are going to be deployed in the following subscription: 74 | { 75 | "environmentName": "AzureCloud", 76 | "homeTenantId": "6700cd11-1a2f-42e9-9ef4-1a919dd66613", 77 | "id": "558a029f-aba1-47ff-b620-1d01350e2dd5", 78 | "isDefault": true, 79 | "managedByTenants": [], 80 | "name": "contoso-management", 81 | "state": "Enabled", 82 | "tenantId": "6700cd11-1a2f-42e9-9ef4-1a919dd66613", 83 | "user": { 84 | "name": "user@terraformdev.onmicrosoft.com", 85 | "type": "user" 86 | } 87 | } 88 | debug: 558a029f-aba1-47ff-b620-1d01350e2dd5 89 | Tfstates subscription set to 558a029f-aba1-47ff-b620-1d01350e2dd5 (contoso-management) 90 | 91 | 92 | mode : 'login' 93 | terraform command output file : '' 94 | terraform plan output file : '' 95 | directory cache : '/home/vscode/.terraform.cache' 96 | tf_action : '' 97 | command and parameters : '' 98 | 99 | level (current) : 'level0' 100 | environment : 'sandpit' 101 | workspace : 'tfstate' 102 | terraform backend type : 'azurerm' 103 | tfstate : '' 104 | tfstate subscription id : '558a029f-aba1-47ff-b620-1d01350e2dd5' 105 | target subscription : 'contoso-management' 106 | CI/CD enabled : 'false' 107 | Symphony Yaml file path : '' 108 | Run all tasks : 'true' 109 | TF_IN_AUTOMATION : 'true' 110 | 111 | @calling process_actions 112 | 113 | You can deploy a landingzone with the rover by running: 114 | rover -lz [landingzone_folder_name] -a [plan|apply|destroy|validate|refresh|graph|import|output|taint|untaint|'state list'|'state rm'|'state show'] 115 | 116 | @calling clean_up_variables 117 | cleanup variables 118 | clean_up backend_files 119 | ➜ caf git:(main) ✗ 120 | ``` 121 | 122 | You can review rover output confirming the authenticated context for AAD and for subscription, as well as the possible next commands. 123 | 124 | ## Create the definition template on your work environment 125 | 126 | Let's now pick the right configuration files example from the landing zones and put it in our configuration repository. 127 | 128 | Just run the following command: 129 | 130 | ```bash 131 | '/tf/caf/landingzones/templates/platform/deploy_platform.sh' 132 | ``` 133 | 134 | The first time you run the command, you will be prompted a couple of simple questions as follow: 135 | 136 | ```bash 137 | [WARNING]: No inventory was parsed, only implicit localhost is available 138 | [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all' 139 | Set the short version of your customer name with no spaces [contoso]: 140 | Set the CAF Environment value [contoso]: 141 | Set the prefix to add to all resource. [caf]: 142 | Management group prefix (value must be between 2 to 10 characters long and can only contain alphanumeric characters and hyphens). [es]: 143 | Management group name [Contoso]: 144 | Email address to send all notifications [email@address.com]: 145 | Azure regions (lowercase, short version) [{'region1': 'southeastasia', 'region2': 'eastasia'}]: 146 | Default CAF Azure region key [region1]: 147 | ``` 148 | 149 | When completed you can go the launchpad readme. 150 | 151 | ![Launchpad Getting started](getting-started.png) 152 | 153 | ## Review and customize the definition files 154 | 155 | ```bash 156 | 157 | /tf/caf/platform/definition/GETTING-STARTED.md 158 | 159 | ``` 160 | 161 | The definition files are now generated. They consist of a set of YAML files that will make it easy for you to get started. 162 | 163 | ## Trigger the rover ignite 164 | 165 | After this step you will have to follow the readme.md located in your repository (**/tf/caf/platform/definition/GETTING-STARTED.md**) and follow the instructions. The first step to generate the Terraform configuration files and customized readme with rover ignite: 166 | 167 | ```bash 168 | ansible-playbook /tf/caf/landingzones/templates/ansible/ansible.yaml \ 169 | --extra-vars "@/tf/caf/platform/definition/ignite.yaml" 170 | ``` 171 | 172 | The output of the ignite will start creating the target configuration folder structure and Terraform files as follow: 173 | 174 | ```bash 175 | TASK [[level0-launchpad] Clean-up directory] ************************************************************* 176 | skipping: [localhost] 177 | 178 | TASK [[level0-launchpad] Creates directory] ************************************************************** 179 | changed: [localhost] 180 | 181 | TASK [[level0-launchpad] - resources - resource_groups] ************************************************** 182 | changed: [localhost] => (item=/tf/caf/landingzones/templates/resources/resource_groups.tfvars.j2) 183 | 184 | TASK [[level0-launchpad] launchpad] ********************************************************************** 185 | changed: [localhost] => (item=dynamic_secrets) 186 | changed: [localhost] => (item=global_settings) 187 | changed: [localhost] => (item=keyvaults) 188 | changed: [localhost] => (item=landingzone) 189 | changed: [localhost] => (item=role_mappings) 190 | changed: [localhost] => (item=storage_accounts) 191 | 192 | TASK [[level0-launchpad] Clean-up identity files] ******************************************************** 193 | skipping: [localhost] => (item=azuread_api_permissions) 194 | skipping: [localhost] => (item=azuread_applications) 195 | skipping: [localhost] => (item=azuread_group_members) 196 | skipping: [localhost] => (item=azuread_groups) 197 | skipping: [localhost] => (item=azuread_roles) 198 | skipping: [localhost] => (item=keyvault_policies) 199 | skipping: [localhost] => (item=service_principals) 200 | 201 | TASK [[level0-launchpad] lauchpad - identity - service_principal] **************************************** 202 | changed: [localhost] => (item=azuread_api_permissions) 203 | changed: [localhost] => (item=azuread_applications) 204 | changed: [localhost] => (item=azuread_group_members) 205 | changed: [localhost] => (item=azuread_groups) 206 | changed: [localhost] => (item=azuread_roles) 207 | changed: [localhost] => (item=keyvault_policies) 208 | changed: [localhost] => (item=service_principals) 209 | 210 | TASK [[level0-launchpad] Deploy the launchpad] *********************************************************** 211 | skipping: [localhost] 212 | 213 | TASK [[level0-launchpad] Get tfstate account name] ******************************************************* 214 | changed: [localhost] 215 | ``` 216 | 217 | 218 | :::note 219 | On the first execution of the rover ignite command, you will notice some red errors. It is expected as nothing has been deployed yet and the rover ignite is trying to find the launchpad and the services already deployed. 220 | 221 | ```bash 222 | TASK [[level0-launchpad] Get launchpad tfstate details] ************************************************** 223 | fatal: [localhost]: FAILED! => {"changed": true, "cmd": "az storage blob download --name \"caf_launchpad.tfstate\" --account-name \"\" --container-name \"tfstate\" --auth-mode \"login\" --file \"~/.terraform.cache/launchpad/caf_launchpad.tfstate\"\n", "delta": "0:00:01.796026", "end": "2022-01-20 10:12:52.623103", "msg": "non-zero return code", "rc": 1, "start": "2022-01-20 10:12:50.827077", "stderr": "ERROR: \nMissing credentials to access storage service. The following variations are accepted:\n (1) account name and key (--account-name and --account-key options or\n set AZURE_STORAGE_ACCOUNT and AZURE_STORAGE_KEY environment variables)\n (2) account name and SAS token (--sas-token option used with either the --account-name\n option or AZURE_STORAGE_ACCOUNT environment variable)\n (3) account name (--account-name option or AZURE_STORAGE_ACCOUNT environment variable;\n this will make calls to query for a storage account key using login credentials)\n (4) connection string (--connection-string option or\n set AZURE_STORAGE_CONNECTION_STRING environment variable); some shells will require\n quoting to preserve literal character interpretation.", "stderr_lines": ["ERROR: ", "Missing credentials to access storage service. The following variations are accepted:", " (1) account name and key (--account-name and --account-key options or", " set AZURE_STORAGE_ACCOUNT and AZURE_STORAGE_KEY environment variables)", " (2) account name and SAS token (--sas-token option used with either the --account-name", " option or AZURE_STORAGE_ACCOUNT environment variable)", " (3) account name (--account-name option or AZURE_STORAGE_ACCOUNT environment variable;", " this will make calls to query for a storage account key using login credentials)", " (4) connection string (--connection-string option or", " set AZURE_STORAGE_CONNECTION_STRING environment variable); some shells will require", " quoting to preserve literal character interpretation."], "stdout": "", "stdout_lines": []} 224 | ...ignoring 225 | 226 | TASK [[level0-launchpad] Get subscription_creation_landingzones details] ********************************* 227 | skipping: [localhost] 228 | 229 | ``` 230 | 231 | ::: 232 | 233 | ## Deploy launchpad (level0) 234 | 235 | Go to the /tf/caf/configuration/contoso/platform/level0/launchpad/readme.md 236 | 237 | ![](../level0-launchpad-readme.png) 238 | 239 | ## Next steps 240 | 241 | Once launchpad is deployed, follow the next steps as indicated into the readme.md file of your configuration folder. This file has been crafted specially with the settings you entered in the YAML files, so after review. 242 | 243 | Once level 0 is completed, you can carry on with level 1: management, identity, then alz. Once level 1 is completed, level 2 azure subscription vending machine (asvm) and identity can be deployed, alongside with connectivity components stating with virtual WAN. 244 | -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/vscode-new-terminal.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/vscode-new-terminal.png -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/vscode-open-zsh.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/vscode-open-zsh.png -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/vscode-orgs-template-folder-structure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/vscode-orgs-template-folder-structure.png -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/vscode-reopen-container.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/vscode-reopen-container.png -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/vscode-trust-folder.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/vscode-trust-folder.png -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/vscode-zsh.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/vscode-zsh.png -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/vscode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/platform/vscode.png -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/process-alz.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/versioned_docs/version-2203.1/azure-landing-zones/landingzones/process-alz.png -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/fundamentals/composition.md: -------------------------------------------------------------------------------- 1 | --- 2 | id: lz-composition 3 | sidebar_position: 3 4 | --- 5 | 6 | # Code-less composition across state files 7 | 8 | To deliver an enterprise environment, it is usually reasonable to do so across multiple state files to balance the risk, manage different lifecycle and teams. Just as for any other software project, we want to avoid a monolithic configuration and instead compose an environment calling multiple landing zones. 9 | 10 | With Terraform, you can read a state file's output and use it as input variables for another landing zone. 11 | 12 | We use this feature to compose complex architectures, but we do it automatically for you not having to write any line of code. 13 | 14 | Reading another landing zone content is implemented by a variable, vastly simplifying for you the composition and the complex configuration creation. 15 | 16 | How to compose from one landing zones to another? 17 | 18 | Each landing zones is defined by a ```configuration.tfvars``` or ```landingzones.tfvars```. 19 | 20 | As an example below, this is the file for management landing zone in level 1: 21 | 22 | ```hcl 23 | landingzone = { 24 | backend_type = "azurerm" 25 | level = "level1" 26 | key = "management" 27 | global_settings_key = "launchpad" 28 | tfstates = { 29 | launchpad = { 30 | tfstate = "caf_launchpad.tfstate" 31 | workspace = "tfstate" 32 | level = "lower" 33 | } 34 | } 35 | } 36 | ``` 37 | 38 | In the ```tfstate``` section, you can observe an object called ```launchpad```, which mentions to Terraform to load under that name, the Terraform state file ```caf_launchpad.tfstate```. That state file is stored inside the workspace (storage container) ```tfstate``` located one level lower (since current level is level1 - mentioned in the field level), then we refer to level 0. 39 | 40 | What it means that for any object inside that particular landing zones, you can refer to any object whether it has been deployed in the same deployment or in another deployment (within the same level or one level below). 41 | 42 | For instance in your level1 - management deployment, you can deploy a resources within a resource group that has been provisioned in the level below: 43 | 44 | ```hcl 45 | automations = { 46 | account1 = { 47 | name = "automationAccount1" 48 | sku = "Basic" 49 | resource_group = { 50 | key = "auto-account" 51 | lz_key = "launchpad" 52 | } 53 | } 54 | } 55 | ``` 56 | 57 | The same concept applies throughout the components of the framework and allow you to compose virtually across any object of the model. That composition model allows you to compose with the objects without caring of the real name of the object (real name of the resource, after the naming convention applies) 58 | 59 | ### Composition outside of the CAF object model 60 | 61 | Sometimes you have to deal with objects deployed manually, via another automation. You are then able to compose with those objects referring to their resource ID or sometimes names: 62 | 63 | #### Example with name 64 | 65 | In this case you simply refer to the resource group name as it exists already in the target subscription for the deployment: 66 | 67 | ```hcl 68 | automations = { 69 | account1 = { 70 | name = "automationAccount1" 71 | sku = "Basic" 72 | resource_group = { 73 | name = "caf-auto-account-zooz-001" 74 | } 75 | } 76 | } 77 | ``` 78 | 79 | #### Example with resource ID 80 | 81 | In this case you simply refer to the resource group's resource ID as it exists already in the target subscription for the deployment: 82 | 83 | ```hcl 84 | virtual_hub_connections = { 85 | vnet_to_hub = { 86 | name = "vnet-connectivity-prod-fw-plinks-TO-vhub-prod" 87 | virtual_hub = { 88 | lz_key = "connectivity_virtual_hubs_prod" 89 | key = "prod" 90 | } 91 | vnet = { 92 | resource_id = "/subscriptions/dklsdfk/etc." 93 | } 94 | } 95 | } 96 | ``` 97 | ### Global settings 98 | 99 | A few exceptions exist to the hierarchy model, there are variables and value that are persisted across all levels and reachable from all levels: 100 | 101 | * **global settings**: everything related to the commons for a particular environment (which regions are supported for an environment, which naming convention is used, the tags inheritance settings, etc.) 102 | * **diagnostics settings**: any diagnostics repository you create at any level will be stored and will become composable from the current and above levels. 103 | -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/fundamentals/compute.md: -------------------------------------------------------------------------------- 1 | --- 2 | id: lz-compute 3 | sidebar_position: 2 4 | --- 5 | 6 | # Compute Nodes 7 | 8 | Since many organizations do not desire to share sensitive credentials or privileges on public running agents, most of the time, enterprises will delegate running a landing zone to dedicated compute nodes, running from their private virtual networks. Depending on your Continuous Integration and Continuous Deployment toolset, those compute capabilities could be called self-hosted agents, runners, etc. 9 | 10 | Those compute capabilities would need to run containers as the rover and could be implemented in the shape of: 11 | 12 | - An **Azure Virtual Machines** for each level in a given environment, each VM can contain a set of runners(container instances), that would be ready to be invoked and run in parallel if required. 13 | - An **Azure Azure Container Instance** for a given environment, a container group will be deployed with a set of container of container runners. Scaling up and down those runners and reliability should be planned by deploying multiple container groups in multiple zones or regions depending on your criteria. 14 | - An **Azure Kubernetes Services** for a given environment. Each level would be impersonated in a different node pool, and each node pool would use [Azure Active Directory pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity). If there is a need to increase the number of runners for a particular level, this could be achieved using AKS pod autoscaler capability. 15 | 16 | Azure Terraform SRE landing zones provide by default a set of DevOps runners for the following platforms: [GitHub Actions](https://github.com/features/actions), [Azure DevOps](https://docs.microsoft.com/azure/devops/pipelines/agents/agents), [Git Lab](https://docs.gitlab.com/runner/), [Terraform Cloud and Terraform Enterprise](https://www.terraform.io/docs/cloud/agents/index.html) and are available on [GitHub](https://github.com/aztfmod/rover/tree/master/agents) for customization. 17 | 18 | ![Example of DevOps Compute Nodes for the GitOps environment](./pictures/terraform-model-gitops.png) 19 | 20 | *Figure 1: Example of DevOps Compute Nodes for the GitOps environment* 21 | 22 | ## Authentication and authorization 23 | 24 | As default methodology, Azure Terraform SRE landing zones use [Azure Managed Identities](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview) capability for the DevOps compute nodes running on Azure. 25 | 26 | Customer can also use Service principals to be used at different levels of the hierarchy, the down-side of using Service Principal is to manage lifecycle of the attached secrets. 27 | 28 | The authorization related to either type of principals can be defined as part of the Azure Terraform SRE landing zones configuration syntax. 29 | -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/fundamentals/intro.md: -------------------------------------------------------------------------------- 1 | --- 2 | id: lz-intro 3 | sidebar_position: 1 4 | --- 5 | 6 | # Levels Hierarchy 7 | 8 | To address enterprise complexity, we recommend isolating and decomposing a complex environment in multiple state files. 9 | 10 | The main concern with state files is related to security, as a Terraform state file might contain credentials, security tokens, keys etc. It is reasonable that state files corresponding to different levels of privileges are stored separately. 11 | 12 | Another concern with state file, which calls for segregation, is the speed of innovation: When someone is conducting a change for a resource in a given state file, no-one else can change the state file at the same time, so having a limited number of state files can hinder the testing or integration processes in the enterprise. 13 | 14 | Finally since DevOps is building in teams, we want to unlock autonomy of teams yet delegating some functions (application teams will not re-invent the networking layers but build on it). It will mean the capability to read a state file to do rich composition but without the possibility to alter the state file from other teams. 15 | 16 | In Azure Terraform SRE landing zones, separating the Terraform state files enables you to: 17 | 18 | - **Control blast radius**: if one configuration is deficient, it only impacts one landing zone and does not compromise the whole environment. 19 | - **Enforce standard configuration**: by using different Terraform state, you can compose a complex environment very fast. 20 | - **Enable autonomy**: different landing zones can enable innovation and features at different pace from each other. 21 | - **Least privilege principles**: Each level is protected by its own identity to prevent unwanted information disclosure and modifications. 22 | 23 | ## The levels approach 24 | 25 | We categorize and store state files into *levels*. 26 | 27 | A level groups together a set of state files that needs separation because of different **lifecycles** or **privileges**. 28 | 29 | The model can be summarized as below: 30 | 31 | ![Model for levels for Azure Terraform SRE landing zones](./pictures/terraform-model-levels.png) 32 | *Figure 1: An overview of the levels proposed by Azure Terraform SRE landing zones to structure Terraform states* 33 | 34 | The core principles are: 35 | 36 | - **One level can host multiple state files**: A level is implemented as an Azure storage account with specific permissions, you can store as many Terraform state files as necessary on a particular level. 37 | - **Rover helps you locate the right storage account**: Whether you are running CAF landing zones locally or in pipeline, rover helps you locate the right storage account for a given environment and level. Authorization to deploy at a level is granted by Azure RBAC model and enforced at runtime (with the current logged in user credentials, or via the pipeline credentials). 38 | - **You can only write in your current level**: at a given level, you can only write the Terraform state file that you are responsible for. 39 | - **Read one level down**: at any particular level, you are able to read information one level down for your composition (one AKS cluster at level 3 can read the Terraform state file at level 2 to compose). 40 | - **Codeless state reading and enterprise composition**: Azure Terraform SRE landing zones come with an object model that allow to load any landing zone (given principal accessing it has access ) in memory and compose from it. 41 | 42 | Azure Terraform SRE for Azure proposes a hierarchy of landing zones based on five levels as described below: 43 | 44 | ### Level 0: Core platform automation 45 | 46 | The different landing zones represented in different state files at level 0 would typically be: 47 | 48 | - The **launchpad** (storage accounts, Key Vault, RBAC, etc.) components related to Terraform state management. 49 | - The **subscription creation delegation** capabilities derived from the [Enterprise Agreement](https://docs.microsoft.com/azure/cost-management-billing/manage/ea-portal-get-started) or [Microsoft Customer Agreement](https://docs.microsoft.com/azure/cost-management-billing/understand/mca-overview). 50 | - The credential rotation mechanisms and role-based access control core models. 51 | 52 | ### Level 1: Core platform governance 53 | 54 | The different landing zones represented in different state files at level 1 would typically be: 55 | 56 | - The **Azure landing zone** (management groups, policies) this would include the core ALZ (formerly called enterprise-scale) capabilities with the related custom management group structures and policies configuration. You can either use the out-of-the-box settings for Azure LZ or customize the values for your organization. 57 | - The **GitOps services** for core platform automation: creating the pipelines, creating the Virtual Network and compute nodes (see below) required for the DevOps self-hosted agents. 58 | - The **platform subscription creation** for core platform (to create the core enterprise-scale subscriptions like Identify, Management, Connectivity etc.) 59 | - The **management subscription services** for core platform capabilities such as log management, Azure Monitor capabilities, etc. 60 | - The **identity subscription services** for core platform such as domain controller virtual machines, Azure Active Directory Domain Services, Azure AD Group mappings etc. 61 | 62 | ### Level 2: Core platform connectivity 63 | 64 | The different landing zones represented in different state files at level 2 would typically be: 65 | 66 | - The **connectivity subscription components**: including the virtual networking components like classic Virtual Network-based Hub and Spoke, Azure Virtual WAN, Azure Virtual WAN regional hub, site-to-site, point-to-site and ExpressRoute connectivity objects, or third parties Network Virtual Appliances. Due to their regional nature, it is likely that each of those components would live inside a different Terraform state file. 67 | - Additional **identity subscription services**: could be Azure Active Directory Domain Services (managed AD), or Virtual-machine-based domain controllers. 68 | - Additional **management subscription services**: could be System Center Configuration Manager, Shared Imaged Galleries, Monitor Alerts or third parties management tools. 69 | 70 | ### Level 3: Application landing zones vending machine 71 | 72 | A landing zone for application is split between two levels. Level 3 includes components of an application that are typically delegated to platform operations teams. 73 | 74 | Capabilities in level 3 would be: 75 | 76 | - The **application subscriptions creation**: capability to create subscriptions for various environments: Development, Test, UAT, DR, etc. 77 | - The **privileged infrastructure services**: to support the application platform. This would usually include components like virtual network blocks, virtual network peering objects to hubs, route tables and delegated identities (to deploy level4 services and whenever applicable applications deployment credentials). 78 | 79 | ### Level 4: Applications landing zone 80 | 81 | This level contains the application configuration **delegated for application teams**. 82 | 83 | It contains for example Azure Kubernetes Services Cluster, API Management services and all its dependency to deliver a service. This can be sourced from Azure landing zones solution accelerators, a custom solutions implemented using CAF module or any other Terraform code. 84 | 85 | The following pictures illustrates the split between level 3 and 4: 86 | ![Data and AI landing zones accross level 3 and 4](./pictures/terraform-model-levels3-4.png) 87 | *Figure 2: Example of Data and AI landing zone for level 3 and 4* 88 | 89 | The broader picture on the complete environment would look like that: 90 | 91 | ![Subscription Vending Machine Example](./pictures/terraform-model-levels-svm.png) 92 | *Figure 3: Subscription Vending Machine Example* 93 | 94 | ### Operating with levels 95 | 96 | A deployment will typically contain: 97 | 98 | - A couple of level 0 landing zones. 99 | - Few level 1 and 2 landing zones. 100 | - Many level 3 landing zones. 101 | - Many level 4 applications will exist in an environment. 102 | 103 | For a given level in the environment, each compute node (see below) will be assigned an identity (see below) that will be used to authenticate and authorize operations on: 104 | 105 | - The target Azure Subscription 106 | - The Terraform state file: will be Read and Write permissions for the current level, will be Read only permissions for a "lower" level type of landing zone, avoiding alterations on more privileged environments. 107 | 108 | In the example above, each pipeline will have its lifecycle management: 109 | 110 | - Level 0 and 1 will be called when updating the core platform. 111 | - Level 2 will be triggered when you are opening a new regional hub, or adding connectivity capabilities. 112 | - Level 3 will be triggered when you deploy a new service (Application Gateway, App Service Environment, Azure Kubernetes Services, etc.) 113 | - Level 4 can be initiated as many times a day as you deploy code in your application environment. 114 | 115 | An enterprise environment will consist of a series of pipelines enforcing the different types of environments in different subscriptions. 116 | 117 | -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/fundamentals/pictures/terraform-model-gitops.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/versioned_docs/version-2203.1/fundamentals/pictures/terraform-model-gitops.png -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/fundamentals/pictures/terraform-model-levels-svm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/versioned_docs/version-2203.1/fundamentals/pictures/terraform-model-levels-svm.png -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/fundamentals/pictures/terraform-model-levels.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/versioned_docs/version-2203.1/fundamentals/pictures/terraform-model-levels.png -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/fundamentals/pictures/terraform-model-levels3-4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/versioned_docs/version-2203.1/fundamentals/pictures/terraform-model-levels3-4.png -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/intro.mdx: -------------------------------------------------------------------------------- 1 | --- 2 | id: intro 3 | sidebar_position: 1 4 | --- 5 | import ReactPlayer from 'react-player' 6 | 7 | # Welcome to Azure Terraform SRE Landing zones for Terraform 8 | 9 | Azure Terraform SRE landing zones is a framework to run complex Infrastructure-as-Code projects on Microsoft Azure. 10 | We provide public open-source artifacts where the community can build on GitHub. All components are curated by our experts and the community and are published and verified on the Hashicorp registry. 11 | 12 | Those components are here to help you to put DevOps to work and evolve the operating model of your organization towards Site Reliability Engineering (SRE) model. 13 | 14 | The Azure Terraform SRE framework has been designed to minimize the Terraform code you need write in favour of writing an object model that describes your infrastructure services. This data model or configuration is processed by a heavy tested Terraform module to deploy those services. 15 | The main goal of the Azure Terraform SRE framework is to leverage Infrastructure-as-Data (IaD) instead of Infrastructure-as-Code (IaC) in order to help our enterprise customers to lower their adoption to automation as code by using an open-source, community-driven tested framework they can use by only writing configuration files in yaml or tfvars. 16 | 17 | As an open source framework, we welcome PR from Terraform contributor to augment the depth and breath of the CAF module to build richer infrastructure solutions as code. 18 | 19 | The following video is a good introduction of what Azure Terraform SRE landing zones are, and what are the main components it defines or uses: 20 | 21 | 22 | 23 | ## Empowering the Site Reliability Engineer 24 | 25 | Azure Terraform SRE for Azure - Terraform landing zones offer an approach for complex organizations to deploy architecture design and implement best practices of enterprise-scale with either default values or high degree of customization. 26 | 27 | Azure Terraform SRE landing zones don't define Azure architecture concepts, they are coming from Azure Landing zones (formerly called enterprise-scale), but enable them in the DevOps/GitOps context, empowering the Site Reliability Engineering functions. 28 | 29 | In order for the components to be robust enough, we decomposed the following features for Site Reliability Engineering: 30 | 31 | ![Site Reliability Engineering Functions](./terraform-sre-functions.png) 32 | *Figure 1: An overview of the Site Reliability Engineering Functions covered by Azure Terraform SRE* 33 | 34 | ## Leverage battlefield-tested artifacts 35 | 36 | As part of CAF, the different functions explained above are split across multiple components. That level of decomposition and de-correlation might be confusing at the beginning, but actually allows a maximum of flexibility and reusability of the components whether you're using the complete Azure Terraform SRE landing zones, or you want to use the battlefield-tested CAF module in your own pipelines or Terraform Cloud, or benefit from the CAF naming provider inside your own enterprise-grew modules. 37 | 38 | ![Foundational landing zone using Terraform](./terraform-sre-components.png) 39 | *Figure 2: An overview of the Site Reliability Engineering Components provided by Azure Terraform SRE* -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/module/intro.md: -------------------------------------------------------------------------------- 1 | --- 2 | id: module-intro 3 | sidebar_position: 2 4 | --- 5 | 6 | # Introduction to the CAF super-module 7 | 8 | ## What is CAF module? 9 | 10 | We have seen numerous customers spending much time creating their own Terraform modules in their own private repositories, and while it's hard to find the right balance of what components should be inside a single module, it is a very time consuming task. As part of our engagements with customers we took an approach enabled by Terraform 0.13 to develop the concept of a super-module, similar to the concept of superapp, allowing you to create configurations files for any Azure components while focusing on one tested logic. The advantage of having one module is to be able to easily compose across all components inside the module: i.e., you can describe a virtual machine, how it is linked to a virtual network, a Key Vault etc. 11 | 12 | The core concept of the module is to compose an environment based on Terraform configuration files instead of writing ad-hoc code for each component. 13 | 14 | We want to promote "**infrastructure-as-data**" in favor of ad-hoc "infrastructure-as-code", in order to make composition more accessible and rely on a strong community to write code. 15 | 16 | ## Why using CAF module? 17 | 18 | * Accelerate innovation with the community: many users use and contribute to the module across the world, have tested it and are using it in production, enabling your DevOps teams to focus on delivering value instead of coding and testing a module. 19 | * Composition across all Azure components enables you to create new architectures with unprecendented speed. 20 | 21 | ## Where to find CAF module? 22 | 23 | The Azure Terraform SRE module is verified by Hashicorp and is present in the [Hashicorp Terraform registry here](https://registry.terraform.io/modules/aztfmod) and you can contribute to the module [on GitHub.](https://github.com/aztfmod/terraform-azurerm-caf) 24 | 25 | ## How to use CAF module? 26 | 27 | It is important to note that although the module is part of the CAF landing zones solution, it can be used similarly to any other standalone module, directly from the Terraform registry or from pipelines. This is demonstrated in the [Hashicorp blog post](https://www.hashicorp.com/blog/go-big-or-go-small-building-in-azure-caf-with-terraform-cloud). 28 | 29 | Just invoke the module using the following call: 30 | 31 | ```terraform 32 | module "caf" { 33 | source = "aztfmod/caf/azurerm" 34 | version = "~>5.5.0" 35 | 36 | #feed me with variables! 37 | } 38 | ``` 39 | 40 |

41 | -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/provider/intro.md: -------------------------------------------------------------------------------- 1 | --- 2 | id: provider-intro 3 | sidebar_position: 4 4 | --- 5 | 6 | # Introduction to Azure Terraform SRE provider 7 | 8 | ## What is CAF provider? 9 | 10 | Naming convention is important, the CAF provider helps you manage naming convention (either relying on CAF recommended naming convention or using your own). 11 | 12 | ## Why using CAF provider? 13 | 14 | The naming convention provider allows you to go faster from integration to production: while you are running it testing mode, it will generate names randomly (useful to test resources which names need to be unique in the world). Once you are done and ready to deploy for production, you select pass-through mode to use your own name (after cleaning the name based on the allowed character set for each Azure resources). 15 | 16 | ## Where to find CAF provider? 17 | 18 | The Azure Terraform SRE provider is verified by Hashicorp and is present in the [Hashicorp Terraform registry here](https://registry.terraform.io/providers/aztfmod/azurecaf/latest) and you can contribute to it [on GitHub.](https://github.com/aztfmod/terraform-azurerm-caf) 19 | 20 | ## How to use the CAF provider? 21 | 22 | To use the provider, simply add: 23 | 24 | ```terraform 25 | terraform { 26 | required_providers { 27 | azurecaf = { 28 | source = "aztfmod/azurecaf" 29 | version = "1.2.11" 30 | } 31 | } 32 | } 33 | ``` 34 | 35 | Example usage: 36 | 37 | ```terraform 38 | resource "azurecaf_name" "rg_example" { 39 | name = "demogroup" 40 | resource_type = "azurerm_resource_group" 41 | prefixes = ["a", "b"] 42 | suffixes = ["y", "z"] 43 | random_length = 5 44 | clean_input = true 45 | } 46 | 47 | resource "azurerm_resource_group" "demo" { 48 | name = azurecaf_name.rg_example.result 49 | location = "southeastasia" 50 | } 51 | 52 | ``` 53 | -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/rover/commands.md: -------------------------------------------------------------------------------- 1 | --- 2 | id: rover-commands 3 | sidebar_position: 3 4 | --- 5 | 6 | # Rover commands 7 | 8 | ## Commonly used commands 9 | 10 | Beyond a container, rover is your one-stop tool to help on landing zone and landing zones state management. 11 | 12 | What people love about rover is the ubiquity it gives them and seamless transition from local development environment with pipelines. In this articles, you will find the most commonly used commands for rover and some details on the state locator process. 13 | 14 | Rover is by nature multi-subscription, and in landing zones worlds, the subscription where you want to deploy your resource is just another parameter of rover, just as the subscription where to store the state files and locate the launchpad. 15 | 16 | ## Login 17 | 18 | The first command you will have to run is ```rover login```: 19 | 20 | You can run a plain rover login: 21 | 22 | ```bash 23 | rover login 24 | ``` 25 | 26 | You can specify additional context to restrict the token, like the tenant name and subscription to use: 27 | 28 | ```bash 29 | rover login --tenant [tenant_name.onmicrosoft.com or tenant_guid (optional)] --subscription [subscription_id_to_target(optional)] 30 | ``` 31 | 32 | You can log out running the following command: 33 | 34 | ```bash 35 | rover logout 36 | ``` 37 | 38 | ## Landing zones commands 39 | 40 | Once authentication is completed, a typical rover command looks like: 41 | 42 | ```bash 43 | rover \ 44 | -lz /tf/caf/landingzones/caf_launchpad \ 45 | -var-folder /tf/caf/configuration/contoso/platform/level0/launchpad \ 46 | -tfstate_subscription_id a-b-c-d-e \ 47 | -target_subscription f-g-h-i \ 48 | -tfstate caf_launchpad.tfstate \ 49 | -log-severity ERROR \ 50 | -launchpad \ 51 | -env contoso \ 52 | -level level0 \ 53 | -p ${TF_DATA_DIR}/caf_launchpad.tfstate.tfplan \ 54 | -a plan 55 | ``` 56 | 57 | The following table summarizes the most common parameters and their default values: 58 | 59 | | argument | required | default value | Description | Example | 60 | |-----------------------------------|----------|----------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------| 61 | | -lz | yes | N/A | Path to landing zone (```.tf``` files) to be executed. This is typically ```/tf/caf/landingzones/caf_launchpad``` , ```/tf/caf/landingzones/caf_solution``` or any add-ons from ```/tf/caf/landingzones/caf_solution/add-ons```. This could also be your own custom written Terraform files. | /tf/caf/landingzones/caf_launchpad | 62 | | -var-folder | yes | N/A | Path to the set of configuration files. All ```.tfvars``` files in directory will be expanded. | /tf/caf/configuration/contoso/platform/level0/launchpad | 63 | | -env | yes | N/A | String that defines a name for an environment to use. This is defined as (used in the state locator function as described below.) | ```contoso``` | 64 | | -level | yes | N/A | Specifies the level in the CAF hierarchy where to deploy the resources (possible value are level1-level4) | ```level1``` | 65 | | -a | yes | N/A | Action to take with the current parameters, possible values are ```plan```, ```apply```, ```destroy```, ```validate```, ```refresh```, ```graph```, ```import```, ```output```, ```taint```, ```untaint```, ```'state list'```, ```'state rm'```, ```'state show'``` | ```plan``` | 66 | | -log-severity | no | ERROR | Specifies the Terraform log verbosity this sets the ```TF_IN_AUTOMATION``` parameters, possible options are: ```TRACE```, ```DEBUG```, ```INFO```, ```WARN``` or ```ERROR``` | ```ERROR``` | 67 | | -tfstate_subscription_id | no | If no value specified, rover is assuming the currently logged-in subscription from az cli context. | GUID of the subscription containing the tfstate (launchpad). This will be used to locate and store the tfstate files. | ```a-b-c-d-e ``` | 68 | | -target_subscription | no | If no value specified, rover is assuming the currently logged-in subscription from az cli context. | GUID of the subscription where to deploy the resources. | ```a-b-c-d-e``` | 69 | | -workspace | no | ```tfstate``` | Specifies the storage account container where to store the tfstate for this landing zone. This could be used to isolate landing zones from each others by specifying Azure AD RBAC entries on the specific container withing the storage account. | ```my_container``` | 70 | | -p | no | N/A | Specifies the location where to store the plan file, if not specified a plan file will be automatically created for you when you specify ```-a apply ``` and will be stored ```in ${TF_DATA_DIR}``` | ${TF_DATA_DIR}/caf_launchpad.tfstate.tfplan | 71 | | -launchpad | no | N/A | Flag that indicates that the current deployment is a launchpad. | ```-launchpad ``` | 72 | | -tfc | no | N/A | Flag that indicates that the current deployment will use the TFC configured settings to store the state (refer to the Use TFC section of this guide) | ```-tfc ``` | 73 | | -skip-permission-check | no | N/A | Flag to skip the check that the currently logged-in principal is owner of the target subscription (only checked for launchpad) | ```-skip-permission-check ``` | 74 | | -impersonate-sp-from-keyvault-url | no | N/A | Flag that indicates rover to use impersonate the Service Principal and use the credentials stored in the Azure Key Vault which URL is specified as parameter. Requires launchpad_credentials landing zone to be setup (more details to be published soon.) | ```-impersonate-sp-from-keyvault-url https://myakv.vault.azure.net/``` | 75 | 76 | ## Examples 77 | 78 | ### untaint 79 | 80 | When a resource has been marked as tainted and you want to untaint it. 81 | 82 | ```shell 83 | # module.solution.module.storage_containers["storageWorkspace_di001"].azurerm_storage_container.stg is tainted, so must be replaced 84 | +/- resource "azurerm_storage_container" "stg" { 85 | ~ has_immutability_policy = false -> (known after apply) 86 | ~ has_legal_hold = false -> (known after apply) 87 | ~ id = "https://xxxxxxxxxxxxxxxx.blob.core.windows.net/di001" -> (known after apply) 88 | ~ metadata = {} -> (known after apply) 89 | name = "di001" 90 | ~ resource_manager_id = "/subscriptions/000000000-0000-0000-0000-000000000000/resourceGroups/cont-rg-data-landing-zone-storage-lqi/providers/Microsoft.Storage/storageAccounts/xxxxxxxxxxxxxxx/blobServices/default/containers/di001" -> (known after apply) 91 | # (2 unchanged attributes hidden) 92 | } 93 | ``` 94 | 95 | You need to extract the terraform resource. In our example: 96 | 97 | ```shell 98 | module.solution.module.storage_containers["storageWorkspace_di001"].azurerm_storage_container.stg 99 | ``` 100 | 101 | and run the following rover command. You need to wrap the resource under double quotes and escape the quotes in the square brakets. 102 | 103 | ```bash 104 | rover \ 105 | --impersonate-sp-from-keyvault-url https://cont-kv-scl-xxx.vault.azure.net/ \ // Remove this line if you are not using service principals 106 | -lz /tf/caf/landingzones/caf_solution \ 107 | -tfstate_subscription_id 000000000-0000-0000-0000-000000000000 \ 108 | -target_subscription 000000000-0000-00000-00000000 \ 109 | -tfstate data-landing-zone_prod_level3.tfstate \ 110 | -env contoso \ 111 | -level level3 \ 112 | -w data-landing-zone-prod `\ 113 | -p ${TF_DATA_DIR}/data-landing-zone_prod_level3.tfstate.tfplan \ 114 | -a untaint 'module.solution.module.storage_containers["storageWorkspace_di001"].azurerm_storage_container.stg' 115 | ``` 116 | 117 | When executed the rover will display a similar output. 118 | 119 | ```shell 120 | Terraform has been successfully initialized! 121 | Terraform init return code 0 122 | @calling other 123 | running terraform untaint -state=/home/vscode/.terraform.cache/contoso/rover_jobs/20220316003626962686570/tfstates/level3/data-landing-zone-prod/data-landing-zone_prod_level3.tfstate module.solution.module.storage_containers["storageWorkspace_di001"].azurerm_storage_container.stg 124 | Resource instance module.solution.module.storage_containers["storageWorkspace_di001"].azurerm_storage_container.stg has been successfully untainted. 125 | Terraform untaint return code: 0 126 | ``` 127 | 128 | ## Workspace management 129 | 130 | In the previous section, workspace is used as a argument to specify where to place the tfstate (in-lieu of the default ```tfstate``` container inside the storage account), rover workspace can be used as a command to manage workspaces: 131 | 132 | Create a workspace: 133 | 134 | ```bash 135 | rover workspace create application-workspace -level level1 -env contoso-sandpit 136 | ``` 137 | 138 | Delete a workspace: 139 | 140 | ```bash 141 | rover workspace delete application-workspace -level level1 -env contoso-sandpit 142 | ``` 143 | 144 | List all workspaces for a level in an environment: 145 | 146 | ```bash 147 | rover workspace list -level level1 -env contoso-sandpit 148 | ``` 149 | 150 | :::note 151 | Although this is possible to create the workspace containers with rover, we recommend you create and manage them via Terraform code. 152 | ::: 153 | 154 | 159 | -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/rover/ignite.md: -------------------------------------------------------------------------------- 1 | --- 2 | id: rover-ignite 3 | sidebar_position: 4 4 | --- 5 | 6 | # Rover Ignite 7 | 8 | ## Introduction to rover ignite 9 | 10 | We know that creating a coherent stack of configuration files for an organization can be error-prone. Rover ignite is an iterative tool to get you started with various configurations and creates for you the set of files needed to deploy a complete environment. 11 | 12 | ### Overview 13 | 14 | Rover ignite commands will take the templated configuration files, and will generate for you the different elements according to your settings, including the readme files. 15 | 16 | ![Overview of rover ignite](./rover-ignite.png) 17 | 18 | ### Languages 19 | 20 | Rover ignite is ingesting YAML files as templates that will generate both the tfvars files, readme and soon pipelines. 21 | 22 | ### Command reference 23 | 24 | Typical rover ignite command looks like this (however, generally speaking across CAF, we will give you specific instructions on how to use it best): 25 | 26 | ```bash 27 | rover ignite \ 28 | --playbook /tf/caf/landingzones/templates/platform/ansible.yaml \ 29 | -e base_templates_folder=/tf/caf/landingzones/templates/platform \ 30 | -e resource_template_folder=/tf/caf/landingzones/templates/resources \ 31 | -e config_folder=/tf/caf/definitions/single_reuse/platform \ 32 | -e landingzones_folder=/tf/caf/landingzones 33 | ``` 34 | 35 | Reference arguments: 36 | 37 | | Argument | Required | Description | 38 | |-----------------------------|----------|---------------------------------------------------------------------------------------------------------------------------------------------------| 39 | | -playbook | yes | Path to the root configuration Ansible playbook. | 40 | | -e base_templates_folder | yes | Path to the set of Ansible templates for the platform Terraform landing zone. | 41 | | -e resource_template_folder | yes | Path to the set of Jinja templates used for Azure resources instantiation. | 42 | | -e config_folder | yes | Path to the set of functional templates for landing zones - depending on the scenario you pick from the templates directory inside landing zones. | 43 | | -e landingzones_folder | yes | Path to root of landing zones logic folder. | -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/rover/intro.mdx: -------------------------------------------------------------------------------- 1 | --- 2 | id: rover-intro 3 | sidebar_position: 1 4 | --- 5 | import ReactPlayer from 'react-player' 6 | 7 | # Introduction to the CAF rover 8 | 9 | 10 | 11 | ## What is CAF rover? 12 | 13 | Although as a first approach it might seem more natural and simple to use Terraform on your laptop, the CAF **rover** is helping you managing your Terraform deployments on Microsoft Azure and has two dimensions: 14 | 15 | * **A container** 16 | 17 | * Allows consistent developer experience on PC, Mac, Linux, including the right tools, git hooks and DevOps tools. 18 | * Native integration with [Visual Studio Code](https://code.visualstudio.com/docs/remote/containers), [GitHub Codespaces](https://github.com/features/codespaces). 19 | * Contains the versioned tool set you need to apply landing zones. 20 | * Helps you switching components versions fast by separating the run environment and the configuration environment. 21 | * Ensure pipeline ubiquity and abstraction run the rover everywhere, whichever pipeline technology. 22 | 23 | * **A Terraform wrapper** 24 | 25 | * Helps you store and retrieve Terraform state files transparently on Azure storage account. 26 | * Facilitates the transition to CI/CD. 27 | * Enables seamless experience (state connection, execution traces, etc.) locally and inside pipelines. 28 | 29 | ## Why using CAF rover? 30 | 31 | * Greatly simplifies secure state management on Azure storage accounts. 32 | * Helps testing different versions of binaries (new version of Terraform, Azure CLI, jq, tflint etc.) 33 | * Ubiquitous development environment: everyone works with the same versions of the DevOps toolchain, always up-to-date, running on laptop, pipelines, GitHub Codespaces, etc. 34 | * Facilitates the identity transition to any CI/CD: namely all CI/CD have container capabilities. 35 | * Allows easy transition from one DevOps environment to another (GitHub Actions, Azure DevOps, Jenkins, CircleCI etc.) 36 | * It's open-source and leveraging open-source projects that you often need with Terraform. 37 | 38 | ## Where to find CAF rover? 39 | 40 | It's an open-source project and you can find stable or preview builds directly from [Docker Hub](https://hub.docker.com/search?q=aztfmod&type=image), or create your own, to match your organization's own DevOps toolkit. You can find the [rover project here](https://github.com/aztfmod/rover). 41 | 42 | ## Do I have to use rover? 43 | 44 | Nope, you can use all the tools here separately, but it means you will have to do manually everything rover does :) 45 | 46 | ## How to use CAF rover? 47 | 48 | Rover is already included in development environment for Azure Terraform SRE (the ```.devcontainer``` folder in the various projects). 49 | 50 | [![asciicast](https://asciinema.org/a/413478.svg)](https://asciinema.org/a/413478) -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/rover/rover-ignite.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/versioned_docs/version-2203.1/rover/rover-ignite.png -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/rover/terraform-dev-rover.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/versioned_docs/version-2203.1/rover/terraform-dev-rover.png -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/rover/tfc.md: -------------------------------------------------------------------------------- 1 | --- 2 | id: rover-tfc 3 | sidebar_position: 5 4 | --- 5 | 6 | # Using Terraform Cloud for state management 7 | 8 | ## Workspace configuration 9 | 10 | You can use Terraform Cloud or Terraform Enterprise to support Azure Terraform SRE landing zones state files. 11 | 12 | Current support is for levels 3 and 4 (composition must be done with a launchpad stored on CAF Azure Storage Account). 13 | 14 | For a landing zone in a given level, we can read and compose from Terraform state files on CAF Azure Storage account for the lower level. We are planning to support composition from lower levels stored on TFC/TFE storage in a future update. 15 | 16 | ## Workspace Execution Mode 17 | 18 | Please make you select the Execution Mode to be ```local``` in Terraform Cloud or Terraform Enterprise Configuration, this is currently the only supported method. 19 | 20 | ## Steps to enable configuration 21 | 22 | 1. Login to Terraform Cloud/Enterprise 23 | 24 | ```bash 25 | terraform login 26 | ``` 27 | 28 | 2. Export the token and environment information 29 | 30 | The following commands allow you to define the configuration for your TFC organization, hostname and the name of the workspace where to store the Terraform state files 31 | 32 | ```bash 33 | export TERRAFORM_CONFIG="$HOME/.terraform.d/credentials.tfrc.json" 34 | export TFC_organization="contoso" #name of your TFC/TFE organization. 35 | export TFC_hostname="tfc.contoso.local" #optional, only for TFE. 36 | export TF_VAR_workspace"networking-virtualwan-vwan-level2" #name of the workspace where to store the state file. 37 | ``` 38 | 39 | 3. Run your ```rover``` command 40 | 41 | For any particular rover command you are using, add the ```-tfc``` parameter to switch to TFC/TFE storage instead of CAF Azure Storage hierarchy. 42 | 43 | ```bash 44 | rover ... -tfc 45 | ``` 46 | 47 | ## Workspace Creation 48 | 49 | You can create your Terraform Cloud organization and workspaces manually, or if you are looking after an automated way to create them, you can use the [Azure Terraform SRE TFC/TFE Addon](https://github.com/Azure/caf-terraform-landingzones/tree/master/caf_solution/add-ons/terraform_cloud). -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/rover/tools.md: -------------------------------------------------------------------------------- 1 | --- 2 | id: rover-tools 3 | sidebar_position: 2 4 | --- 5 | 6 | # Rover versions and tools 7 | 8 | ## What is inside rover 9 | 10 | Rover is based on a standard Linux distribution (currently Ubuntu), rover.sh (our Terraform wrapper) and a set of commonly-used tools with their extensions when applicable. The best is to review by yourself in the [Dockerfile](https://github.com/aztfmod/rover/blob/main/Dockerfile). 11 | 12 | ## Rover channels 13 | 14 | We typically maintain rovers with the last 2 major versions of Terraform. 15 | 16 | These are the following channels for rover releases [on our Docker Hub](https://hub.docker.com/search?q=aztfmod&type=image): 17 | 18 | | Release channel | Description | 19 | |-----------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| 20 | | [rover stable](https://hub.docker.com/r/aztfmod/rover) | Stable, tested and validated versions of the tools. | 21 | | [rover preview](https://hub.docker.com/r/aztfmod/rover-preview) | New features being tested and stabilized. | 22 | | [rover alpha](https://hub.docker.com/r/aztfmod/rover-alpha) | Hot off-the-oven features, used under a professional's supervision. | 23 | | [rover-agent](https://hub.docker.com/r/aztfmod/rover-agent) | Releases that are aligned with above channels but include the CI/CD agents/runners for the following products: [GitHub Actions](https://github.com/features/actions), [Azure DevOps](https://azure.microsoft.com/en-us/services/devops/), [Terraform Cloud/Enterprise](https://www.terraform.io/cloud-docs/agents), [Git Labs](https://docs.gitlab.com/ee/user/clusters/agent/install/) | 24 | 25 | ## Components in current version 26 | 27 | After a long time of using version-specific builds for every components, we moved to use mostly latest versions of the components unless integration tests show incompatibilities. 28 | 29 | Components currently in rover: 30 | 31 | | Category | Components | 32 | |-----------------|---------------------------------------------------------------------------------------------------| 33 | | Utilities | [powershell](https://github.com/PowerShell/PowerShell), [mssql-tools](https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-setup-tools?view=sql-server-ver15), [az](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli), [jq](https://stedolan.github.io/jq/download/), [yq](https://github.com/mikefarah/yq), [python](https://www.python.org/), [pywinrm](https://github.com/diyan/pywinrm), [golang](https://go.dev/), [kubectl](https://kubernetes.io/docs/tasks/tools/), [helm](https://helm.sh/docs/intro/install/), [github shell](https://github.com/cli/cli), [openvpn](https://openvpn.net/) | 34 | | IaC tools | [terraform](https://www.terraform.io/), [terraform-docs](https://github.com/terraform-docs/terraform-docs), [vault](https://www.vaultproject.io/), [packer](https://www.packer.io/), [ansible](https://www.ansible.com/) | 35 | | DevSecOps | [checkov](https://www.checkov.io/), [tfsec](https://aquasecurity.github.io/tfsec) | 36 | | Code excellence | [tflint](https://github.com/terraform-linters/tflint), [tflint with azure ruleset](https://github.com/terraform-linters/tflint-ruleset-azurerm), [caflint](https://github.com/aztfmod/caflint), [pre-commit](https://pre-commit.com/), [pre-commit hooks for Terraform](https://github.com/antonbabenko/pre-commit-terraform), [shellspec](https://github.com/shellspec/shellspec) | 37 | -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/terraform-sre-components.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/versioned_docs/version-2203.1/terraform-sre-components.png -------------------------------------------------------------------------------- /website/versioned_docs/version-2203.1/terraform-sre-functions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aztfmod/documentation/24967a821d37573a4c9cd90b5afb6804f3ebeab8/website/versioned_docs/version-2203.1/terraform-sre-functions.png -------------------------------------------------------------------------------- /website/versioned_sidebars/version-2203.1-sidebars.json: -------------------------------------------------------------------------------- 1 | { 2 | "cafSidebar": [ 3 | { 4 | "type": "autogenerated", 5 | "dirName": "." 6 | } 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /website/versions.json: -------------------------------------------------------------------------------- 1 | [ 2 | "2203.1" 3 | ] 4 | -------------------------------------------------------------------------------- /yarn.lock: -------------------------------------------------------------------------------- 1 | # THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. 2 | # yarn lockfile v1 3 | 4 | 5 | --------------------------------------------------------------------------------