From 31c701e5ed0393c84e1d9dfa6fb74ca12734e012 Mon Sep 17 00:00:00 2001 From: Jared Holgate Date: Tue, 8 Oct 2024 17:08:24 +0100 Subject: [PATCH] feat: multi input file support (#214) # Pull Request ## Description Support for multiple input files that get merged together. Docs updates for new version of complete-multi-region Terraform module. Associated PR for starter module: https://github.com/Azure/alz-terraform-accelerator/pull/175 ## License By submitting this pull request, I confirm that my contribution is made under the terms of the projects associated license. --- CONTRIBUTING.md | 19 +- ...Guide]-Quick-Start-Phase-2-Azure-DevOps.md | 6 +- ...[User-Guide]-Quick-Start-Phase-2-GitHub.md | 8 +- .../[User-Guide]-Quick-Start-Phase-2-Local.md | 6 +- docs/wiki/[User-Guide]-Quick-Start-Phase-3.md | 21 +- ...-Module-Terraform-Complete-Multi-Region.md | 55 +++-- docs/wiki/_Sidebar.md | 9 +- ...evops-terraform-complete-multi-region.yaml | 9 +- ...ithub-terraform-complete-multi-region.yaml | 9 +- ...local-terraform-complete-multi-region.yaml | 9 +- ...onfig-hub-and-spoke-vnet-multi-region.yaml | 188 ++++++++++++++++++ ...nfig-hub-and-spoke-vnet-single-region.yaml | 129 ++++++++++++ .../config-virtual-wan-multi-region.yaml | 137 +++++++++++++ .../config-virtual-wan-single-region.yaml | 107 ++++++++++ .../Convert-HCLVariablesToInputConfig.ps1 | 6 +- .../Private/Config-Helpers/Get-ALZConfig.ps1 | 15 +- .../Remove-TerraformMetaFileSet.ps1 | 4 +- .../Config-Helpers/Request-SpecialInput.ps1 | 28 ++- src/ALZ/Public/New-ALZEnvironment.ps1 | 18 +- 19 files changed, 714 insertions(+), 69 deletions(-) create mode 100644 docs/wiki/examples/starter-module-config/complete-multi-region/config-hub-and-spoke-vnet-multi-region.yaml create mode 100644 docs/wiki/examples/starter-module-config/complete-multi-region/config-hub-and-spoke-vnet-single-region.yaml create mode 100644 docs/wiki/examples/starter-module-config/complete-multi-region/config-virtual-wan-multi-region.yaml create mode 100644 docs/wiki/examples/starter-module-config/complete-multi-region/config-virtual-wan-single-region.yaml diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index a8ac77e5..25cfddd0 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -101,6 +101,13 @@ Copy-Item -Path "$exampleFolder/inputs-azure-devops-terraform-complete-multi-reg Copy-Item -Path "$exampleFolder/inputs-github-terraform-complete-multi-region.yaml" -Destination "$terraformConfigFolder/inputs-github.yaml" -Force Copy-Item -Path "$exampleFolder/inputs-local-terraform-complete-multi-region.yaml" -Destination "$terraformConfigFolder/inputs-local.yaml" -Force +$exampleFolder = "$targetFolder/code/ALZ-PowerShell-Module/docs/wiki/examples/starter-module-config/complete-multi-region" + +Copy-Item -Path "$exampleFolder/config-hub-and-spoke-vnet-multi-region.yaml" -Destination "$terraformConfigFolder/config-hub-and-spoke-vnet-multi-region.yaml" -Force +Copy-Item -Path "$exampleFolder/config-hub-and-spoke-vnet-single-region.yaml" -Destination "$terraformConfigFolder/config-hub-and-spoke-vnet-single-region.yaml" -Force +Copy-Item -Path "$exampleFolder/config-virtual-wan-multi-region.yaml" -Destination "$terraformConfigFolder/config-virtual-wan-multi-region.yaml" -Force +Copy-Item -Path "$exampleFolder/config-virtual-wan-single-region.yaml" -Destination "$terraformConfigFolder/config-virtual-wan-single-region.yaml" -Force + ``` >IMPORTANT! - Now you'll need to update the input files with your settings for VCS, etc. @@ -197,12 +204,14 @@ Deploy-Accelerator ` -bootstrapModuleOverrideFolderPath "/$targetFolder/code/accelerator-bootstrap-modules" ` -starterModuleOverrideFolderPath "/$targetFolder/code/alz-terraform-accelerator/templates" ` -output "/$targetFolder/acc/terraform/output/azuredevops" ` - -inputs "/$targetFolder/acc/terraform/config/inputs-azuredevops.yaml" ` + -inputs "/$targetFolder/acc/terraform/config/inputs-azuredevops.yaml", "/$targetFolder/acc/terraform/config/config-hub-and-spoke-vnet-multi-region.yaml" ` -verbose ` -replaceFiles # This will replace the files in the output folder with the files in the bootstrap and starter modules, so any updates are taken into account ``` +>NOTE: The `config-hub-and-spoke-vnet-multi-region.yaml` file is an example. You can use any of the other configuration files. + ### Terraform GitHub Run this from the VSCode terminal for the ALZ-PowerShell-Module repository: @@ -221,12 +230,14 @@ Deploy-Accelerator ` -bootstrapModuleOverrideFolderPath "/$targetFolder/code/accelerator-bootstrap-modules" ` -starterModuleOverrideFolderPath "/$targetFolder/code/alz-terraform-accelerator/templates" ` -output "/$targetFolder/acc/terraform/output/github" ` - -inputs "/$targetFolder/acc/terraform/config/inputs-github.yaml" ` + -inputs "/$targetFolder/acc/terraform/config/inputs-github.yaml", "/$targetFolder/acc/terraform/config/config-hub-and-spoke-vnet-multi-region.yaml" ` -verbose ` -replaceFiles # This will replace the files in the output folder with the files in the bootstrap and starter modules, so any updates are taken into account ``` +>NOTE: The `config-hub-and-spoke-vnet-multi-region.yaml` file is an example. You can use any of the other configuration files. + ### Terraform Local Run this from the VSCode terminal for the ALZ-PowerShell-Module repository: @@ -245,8 +256,10 @@ Deploy-Accelerator ` -bootstrapModuleOverrideFolderPath "/$targetFolder/code/accelerator-bootstrap-modules" ` -starterModuleOverrideFolderPath "/$targetFolder/code/alz-terraform-accelerator/templates" ` -output "/$targetFolder/acc/terraform/output/local" ` - -inputs "/$targetFolder/acc/terraform/config/inputs-local.yaml" ` + -inputs "/$targetFolder/acc/terraform/config/inputs-local.yaml", "/$targetFolder/acc/terraform/config/config-hub-and-spoke-vnet-multi-region.yaml" ` -verbose ` -replaceFiles # This will replace the files in the output folder with the files in the bootstrap and starter modules, so any updates are taken into account ``` + +>NOTE: The `config-hub-and-spoke-vnet-multi-region.yaml` file is an example. You can use any of the other configuration files. diff --git a/docs/wiki/[User-Guide]-Quick-Start-Phase-2-Azure-DevOps.md b/docs/wiki/[User-Guide]-Quick-Start-Phase-2-Azure-DevOps.md index db3131ca..2f5584ed 100644 --- a/docs/wiki/[User-Guide]-Quick-Start-Phase-2-Azure-DevOps.md +++ b/docs/wiki/[User-Guide]-Quick-Start-Phase-2-Azure-DevOps.md @@ -152,14 +152,16 @@ Although you can just run `Deploy-Accelerator` and fill out the prompted inputs, - [Terraform Complete Starter Module][wiki_starter_module_terraform_complete]: Management groups, policies, hub networking with fully custom configuration. 1. In your PowerShell Core (pwsh) terminal run the module: + >NOTE: The following examples include 2 input files. This is the recommended approach for the `complete_multi_region` starter module. However, all inputs can be combined into a single file if desired and other starter modules only require a single input file. + ```pwsh # Windows (adjust the paths to match your setup) - Deploy-Accelerator -inputs "c:\accelerator\config\inputs.yaml" -output "c:\accelerator\output" + Deploy-Accelerator -inputs "c:\accelerator\config\inputs.yaml", "c:\accelerator\config\networking.yaml" -output "c:\accelerator\output" ``` ```pwsh # Linux/Mac (adjust the paths to match your setup) - Deploy-Accelerator -inputs "/accelerator/config/inputs.yaml" -output "/accelerator/output" + Deploy-Accelerator -inputs "/accelerator/config/inputs.yaml", "/accelerator/config/networking.yaml" -output "/accelerator/output" ``` 1. You will see a Terraform `init` and `apply` happen. diff --git a/docs/wiki/[User-Guide]-Quick-Start-Phase-2-GitHub.md b/docs/wiki/[User-Guide]-Quick-Start-Phase-2-GitHub.md index 5f9b6222..63438085 100644 --- a/docs/wiki/[User-Guide]-Quick-Start-Phase-2-GitHub.md +++ b/docs/wiki/[User-Guide]-Quick-Start-Phase-2-GitHub.md @@ -139,12 +139,16 @@ Although you can just run `Deploy-Accelerator` and fill out the prompted inputs, - [Terraform Complete Starter Module][wiki_starter_module_terraform_complete]: Management groups, policies, hub networking with fully custom configuration. 1. In your PowerShell Core (pwsh) terminal run the module: + >NOTE: The following examples include 2 input files. This is the recommended approach for the `complete_multi_region` starter module. However, all inputs can be combined into a single file if desired and other starter modules only require a single input file. + ```pwsh # Windows (adjust the paths to match your setup) - Deploy-Accelerator -inputs "c:\accelerator\config\inputs.yaml" -output "c:\accelerator\output" + Deploy-Accelerator -inputs "c:\accelerator\config\inputs.yaml", "c:\accelerator\config\networking.yaml" -output "c:\accelerator\output" + ``` + ```pwsh # Linux/Mac (adjust the paths to match your setup) - Deploy-Accelerator -inputs "/accelerator/config/inputs.yaml" -output "/accelerator/output" + Deploy-Accelerator -inputs "/accelerator/config/inputs.yaml", "/accelerator/config/networking.yaml" -output "/accelerator/output" ``` 1. You will see a Terraform `init` and `apply` happen. diff --git a/docs/wiki/[User-Guide]-Quick-Start-Phase-2-Local.md b/docs/wiki/[User-Guide]-Quick-Start-Phase-2-Local.md index 8d0215fd..4570d796 100644 --- a/docs/wiki/[User-Guide]-Quick-Start-Phase-2-Local.md +++ b/docs/wiki/[User-Guide]-Quick-Start-Phase-2-Local.md @@ -128,14 +128,16 @@ Although you can just run `Deploy-Accelerator` and fill out the prompted inputs, - [Terraform Complete Starter Module][wiki_starter_module_terraform_complete]: Management groups, policies, hub networking with fully custom configuration. 1. In your PowerShell Core (pwsh) terminal run the module: + >NOTE: The following examples include 2 input files. This is the recommended approach for the `complete_multi_region` starter module. However, all inputs can be combined into a single file if desired and other starter modules only require a single input file. + ```pwsh # Windows (adjust the paths to match your setup) - Deploy-Accelerator -inputs "c:\accelerator\config\inputs.yaml" -output "c:\accelerator\output" + Deploy-Accelerator -inputs "c:\accelerator\config\inputs.yaml", "c:\accelerator\config\networking.yaml" -output "c:\accelerator\output" ``` ```pwsh # Linux/Mac (adjust the paths to match your setup) - Deploy-Accelerator -inputs "/accelerator/config/inputs.yaml" -output "/accelerator/output" + Deploy-Accelerator -inputs "/accelerator/config/inputs.yaml", "/accelerator/config/networking.yaml" -output "/accelerator/output" ``` 1. You will see a Terraform `init` and `apply` happen. diff --git a/docs/wiki/[User-Guide]-Quick-Start-Phase-3.md b/docs/wiki/[User-Guide]-Quick-Start-Phase-3.md index 1137ccdf..97ecb320 100644 --- a/docs/wiki/[User-Guide]-Quick-Start-Phase-3.md +++ b/docs/wiki/[User-Guide]-Quick-Start-Phase-3.md @@ -37,6 +37,10 @@ Follow the steps below to deploy the landing zone locally. If you want to hook i #### 3.1.3.1 Bicep +The Bicep option outputs a `deploy-local.ps1` file that you can use to deploy the ALZ. + +>NOTE: If you set the `grant_permissions_to_current_user` input to `false` in the bootstrap, you will need to set permissions on your management group and subscriptions before the commands will succeed. + 1. Ensure you have the latest versions of the [AZ PowerShell Module](https://learn.microsoft.com/en-us/powershell/azure/install-azure-powershell) and [Bicep](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/install) installed. 1. Open a new PowerShell Core (pwsh) terminal or use the one you already have open. 1. Navigate to the directory shown in the `module_output_directory_path` output from the bootstrap. @@ -49,13 +53,16 @@ Follow the steps below to deploy the landing zone locally. If you want to hook i #### 3.1.3.2 Terraform +The Terraform option outputs a `deploy-local.ps1` file that you can use to deploy the ALZ. + +>NOTE: If you set the `grant_permissions_to_current_user` input to `false` in the bootstrap, you will need to set permissions on your management group, subscriptions and storage account before the commands will succeed. + 1. Open a new PowerShell Core (pwsh) terminal or use the one you already have open. 1. Navigate to the directory shown in the `module_output_directory_path` output from the bootstrap. -1. If you choose to deploy the bootstrap resources in Azure, then you will need to navigate to the Azure Portal and find you storage account. -1. Make note of the `Resource Group Name`, `Storage account name`and `Container Name` from the storage account. -1. If you did not choose to deploy the bootstrap resources in Azure, type `terraform init` and hit enter. -1. If you choose to deploy the bootstrap resources in Azure, type `terraform init -backend-config="resource_group_name=" -backend-config="storage_account_name=" -backend-config="container_name=" -backend-config="key=terraform.tfstate" -backend-config="use_azuread_auth=true"` , replacing the items in angle brackets and hit enter. -1. Type `terraform plan -out=tfplan` and hit enter. -1. Review the plan. Use `terraform show tfplan` to see the plan details. -1. If you are happy with the plan, then type `terraform apply tfplan` and hit enter. +1. (Optional) Ensure you are still logged in to Azure using `az login --tenant 00000000-0000-0000-0000-000000000000`. +1. (Optional) Connect to your target subscription using `az account set --subscription 00000000-0000-0000-0000-000000000000`. +1. (Optional) Examine the `./scripts/deploy-local.ps1` to understand what it is doing. +1. Run `./scripts/deploy-local.ps1`. +1. A plan will run and then you'll be prompted to check it and run the deploy. +1. Type `yes` and hit enter to run the deploy. 1. The ALZ will now be deployed, this may take some time. diff --git a/docs/wiki/[User-Guide]-Starter-Module-Terraform-Complete-Multi-Region.md b/docs/wiki/[User-Guide]-Starter-Module-Terraform-Complete-Multi-Region.md index 913fb8fc..baa1564d 100644 --- a/docs/wiki/[User-Guide]-Starter-Module-Terraform-Complete-Multi-Region.md +++ b/docs/wiki/[User-Guide]-Starter-Module-Terraform-Complete-Multi-Region.md @@ -1,27 +1,46 @@ -The `complete_multi_region` starter module provides full customization of the Azure Landing Zone using a YAML or JSON configuration file. The configuration file provides the ability to enable and disable modules, configure module inputs and outputs, and configure module resources. It is multi-regional by default and can support 1 or more regions. +The `complete_multi_region` starter module provides full customization of the Azure Landing Zone. It is multi-regional by default and can support 1 or more regions. -A custom config file can be passed to the `configuration_file_path` argument of the ALZ PowerShell Module. This allows you to firstly design your Azure Landing Zone, and then deploy it. The config file can be in YAML or JSON format, our examples are all YAML. +The ALZ PowerShell Module can accept multiple input files and we recommend using a separate file for the `complete_multi_region` starter module. This allows you to more easily manage and maintain your configuration files. -If not specified, the default `config-hub-and-spoke-vnet-multi-region.yaml` file will be used, which can be seen [here][example_starter_module_complete_config_hub_spoke_multi_region]. +## Inputs -The following table describes the inputs required for the `complete_multi_region` starter module. +The following tables describe the inputs required for the `complete_multi_region` starter module. Depending on you choice of networking technology, you will need to supply the relevant inputs. + +### Shared Inputs + +| Input | Placeholder | Description | +| - | -- | --- | +| `management_settings_es` | `{}` | This is the management resource configuration for the ES (Enterprise Scale) versions of the management modules. Full details of the inputs can be seen [here](https://registry.terraform.io/modules/Azure/caf-enterprise-scale/azurerm/latest) | +| `connectivity_type` | `hub_and_spoke_vnet` | This is the choice of networking technology. Allowed values are `hub_and_spoke_vnet`, `virtual_wan` or `none`. | +| `connectivity_resource_groups` | `{}` | The resource groups used by the connectivity resources must be specified here. See the example files for usage. | +| ~~`management_use_avm`~~ | `false` | [NOTE: This variable will be implemented in a future version, setting to `true` will result in an error] This input is to specify to use the AVM (Azure Verified Modules) versions of the management modules. Defaults to `false`. | +| ~~`management_settings_avm`~~ | `{}` | [NOTE: This variable will be implemented in a future version] This is the management resource configuration for the AVM (Azure Verified Modules) versions of the management modules. | + +### Hub and Spoke Virtual Network Inputs + +| Input | Placeholder | Description | +| - | -- | --- | +| `hub_and_spoke_vnet_settings` | `{}` | This is for configuring global resources, such as the DDOS protection plan. See the example files for usage. | +| `hub_and_spoke_vnet_virtual_networks` | `{}` | This is the details configuration of each region for the hub networks. There are three top level components for each region: `hub_virtual_network`, `virtual_network_gateways` and `private_dns_zones`. Detailed information for `hub_virtual_network` inputs can be found [here](https://registry.terraform.io/modules/Azure/avm-ptn-hubnetworking). Detailed information for `virtual_network_gateways` can be found [here](https://registry.terraform.io/modules/Azure/avm-ptn-vnetgateway/azurerm/latest). See the example files for usage. | + +### Virtual WAN Inputs | Input | Placeholder | Description | | - | -- | --- | -| `configuration_file_path` | `` | This is the absolute path to the configuration file. E.g. `c:\my-config\config.yaml` or `~/my-config/config.yaml`. For YAML on Windows you will need to escape the `\`, i.e. `c:\\my-config\\config.yaml`. | -| `default_postfix` | `` | This is the default postfix used for resource names. | +| `virtual_wan_settings` | `{}` | This is for configuring global resources, such as the Virtual WAN and DDOS protection plan. See the example files for usage. | +| `virtual_wan_virtual_hubs` | `{}` | This is the details configuration of each region for the virtual hubs. There are three top level components for each region: `hub`, `firewall` and `private_dns_zones`. Detailed information for `hub` and `firewall` inputs can be found [here](https://registry.terraform.io/modules/Azure/avm-ptn-virtualwan/azurerm/latest). See the example files for usage. | -Example input files can be found here: +Example ALZ PowerShell input files can be found here: - [inputs-azure-devops-terraform-complete-multi-region.yaml][example_powershell_inputs_azure_devops_terraform_complete_multi_region] - [inputs-github-terraform-complete-multi-region.yaml][example_powershell_inputs_github_terraform_complete_multi_region] - [inputs-local-terraform-complete-multi-region.yaml][example_powershell_inputs_local_terraform_complete_multi_region] -You can create a custom yaml config to tailor to your needs, for example an Azure Landing Zone with a three-region mesh. Get started with our samples: +Example network technology specific input files can be found here: -- Multi region hub and spoke virtual network: [config-hub-and-spoke-vnet.yaml][example_starter_module_complete_config_hub_spoke_multi_region] -- Multi region virtual WAN: [config-virtual-wan.yaml][example_starter_module_complete_config_vwan_multi_region] +- Multi region hub and spoke virtual network: [config-hub-and-spoke-vnet-multi-region.yaml][example_starter_module_complete_config_hub_spoke_multi_region] +- Multi region virtual WAN: [config-virtual-wan-multi-region.yaml][example_starter_module_complete_config_vwan_multi_region] - Single region hub and spoke virtual network: [config-hub-and-spoke-vnet-single-region.yaml][example_starter_module_complete_config_hub_spoke_single_region] - Single region virtual WAN: [config-virtual-wan-single-region.yaml][example_starter_module_complete_config_vwan_single_region] @@ -29,7 +48,7 @@ You can create a custom yaml config to tailor to your needs, for example an Azur The example config files have helpful templated variables such as `starter_location_##` and `root_parent_management_group_id` which get prompted for during the ALZ PowerShell Module run. Alternatively, you can opt to not use the templated variables and hard-code the values in your config file. -> **Note:** We use the `caf-enterprise-scale` module for management groups and policies, and the Azure Verified Modules for connectivity resources. +> **Note:** We currently use the `caf-enterprise-scale` module for management groups and policies, and the Azure Verified Modules for connectivity resources. ### High Level Design @@ -64,10 +83,10 @@ The `avm-ptn-network-private-link-private-dns-zones` module is used to deploy Pr [//]: # (INSERT LINK LABELS BELOW) [//]: # (************************) -[example_starter_module_complete_config_hub_spoke_single_region]: https://raw.githubusercontent.com/Azure/alz-terraform-accelerator/refs/heads/main/templates/complete_multi_region/config-hub-and-spoke-vnet-single-region.yaml "Example - Starter Module Config - Complete - Hub and Spoke VNet Single Region" -[example_starter_module_complete_config_vwan_single_region]: https://raw.githubusercontent.com/Azure/alz-terraform-accelerator/refs/heads/main/templates/complete_multi_region/config-virtual-wan-single-region.yaml "Example - Starter Module Config - Complete - Virtual WAN Single Region" -[example_starter_module_complete_config_hub_spoke_multi_region]: https://raw.githubusercontent.com/Azure/alz-terraform-accelerator/refs/heads/main/templates/complete_multi_region/config-hub-and-spoke-vnet-multi-region.yaml "Example - Starter Module Config - Complete - Hub and Spoke VNet Multi Region" -[example_starter_module_complete_config_vwan_multi_region]: https://raw.githubusercontent.com/Azure/alz-terraform-accelerator/refs/heads/main/templates/complete_multi_region/config-virtual-wan-multi-region.yaml "Example - Starter Module Config - Complete - Virtual WAN Multi Region" -[example_powershell_inputs_azure_devops_terraform_complete_multi_region]: examples/powershell-inputs/inputs-azure-devops-terraform-complete-multi-region.yaml "Example - PowerShell Inputs - Azure DevOps - Terraform - Complete Multi Region" -[example_powershell_inputs_github_terraform_complete_multi_region]: examples/powershell-inputs/inputs-github-terraform-complete-multi-region.yaml "Example - PowerShell Inputs - GitHub - Terraform - Complete Multi Region" -[example_powershell_inputs_local_terraform_complete_multi_region]: examples/powershell-inputs/inputs-local-terraform-complete-multi-region.yaml "Example - PowerShell Inputs - Local - Terraform - Complete Multi Region" +[example_starter_module_complete_config_hub_spoke_single_region]: examples/starter-module-config/complete-multi-region/config-hub-and-spoke-vnet-single-region.yaml "Example - Starter Module Config - Complete - Hub and Spoke VNet Single Region" +[example_starter_module_complete_config_vwan_single_region]: examples/starter-module-config/complete-multi-region/config-virtual-wan-single-region.yaml "Example - Starter Module Config - Complete - Virtual WAN Single Region" +[example_starter_module_complete_config_hub_spoke_multi_region]: examples/starter-module-config/complete-multi-region/config-hub-and-spoke-vnet-multi-region.yaml "Example - Starter Module Config - Complete - Hub and Spoke VNet Multi Region" +[example_starter_module_complete_config_vwan_multi_region]: examples/starter-module-config/complete-multi-region/config-virtual-wan-multi-region.yaml "Example - Starter Module Config - Complete - Virtual WAN Multi Region" +[example_powershell_inputs_azure_devops_terraform_complete_multi_region]: examples/powershell-inputs/inputs-azure-devops-terraform-complete-multi-region.yaml "Example - PowerShell Inputs - Azure DevOps - Terraform - Complete Multi Region" +[example_powershell_inputs_github_terraform_complete_multi_region]: examples/powershell-inputs/inputs-github-terraform-complete-multi-region.yaml "Example - PowerShell Inputs - GitHub - Terraform - Complete Multi Region" +[example_powershell_inputs_local_terraform_complete_multi_region]: examples/powershell-inputs/inputs-local-terraform-complete-multi-region.yaml "Example - PowerShell Inputs - Local - Terraform - Complete Multi Region" diff --git a/docs/wiki/_Sidebar.md b/docs/wiki/_Sidebar.md index 0cd25980..7215585f 100644 --- a/docs/wiki/_Sidebar.md +++ b/docs/wiki/_Sidebar.md @@ -27,7 +27,6 @@ - [Configuration YAML Schema][wiki_yaml_schema_reference] - [Example Hub and Spoke config][example_starter_module_complete_config_hub_spoke] - [Example Virtual WAN config][example_starter_module_complete_config_vwan] - - Input Files - [Azure DevOps Bicep Complete][example_powershell_inputs_azure_devops_bicep_complete] - [Azure DevOps Terraform Basic][example_powershell_inputs_azure_devops_terraform_basic] @@ -102,7 +101,7 @@ [example_powershell_inputs_local_terraform_complete_multi_region]: examples/powershell-inputs/inputs-local-terraform-complete-multi-region.yaml "Example - PowerShell Inputs - Local - Terraform - Complete Multi Region" [example_starter_module_complete_config_hub_spoke]: examples/starter-module-config/complete/config-hub-spoke.yaml "Example - Starter Module Config - Complete - Hub and Spoke" [example_starter_module_complete_config_vwan]: examples/starter-module-config/complete/config-vwan.yaml "Example - Starter Module Config - Complete - Virtual WAN" -[example_starter_module_complete_config_hub_spoke_single_region]: https://raw.githubusercontent.com/Azure/alz-terraform-accelerator/refs/heads/main/templates/complete_multi_region/config-hub-and-spoke-vnet-single-region.yaml "Example - Starter Module Config - Complete - Hub and Spoke VNet Single Region" -[example_starter_module_complete_config_vwan_single_region]: https://raw.githubusercontent.com/Azure/alz-terraform-accelerator/refs/heads/main/templates/complete_multi_region/config-virtual-wan-single-region.yaml "Example - Starter Module Config - Complete - Virtual WAN Single Region" -[example_starter_module_complete_config_hub_spoke_multi_region]: https://raw.githubusercontent.com/Azure/alz-terraform-accelerator/refs/heads/main/templates/complete_multi_region/config-hub-and-spoke-vnet-multi-region.yaml "Example - Starter Module Config - Complete - Hub and Spoke VNet Multi Region" -[example_starter_module_complete_config_vwan_multi_region]: https://raw.githubusercontent.com/Azure/alz-terraform-accelerator/refs/heads/main/templates/complete_multi_region/config-virtual-wan-multi-region.yaml "Example - Starter Module Config - Complete - Virtual WAN Multi Region" +[example_starter_module_complete_config_hub_spoke_single_region]: examples/starter-module-config/complete-multi-region/config-hub-and-spoke-vnet-single-region.yaml "Example - Starter Module Config - Complete - Hub and Spoke VNet Single Region" +[example_starter_module_complete_config_vwan_single_region]: examples/starter-module-config/complete-multi-region/config-virtual-wan-single-region.yaml "Example - Starter Module Config - Complete - Virtual WAN Single Region" +[example_starter_module_complete_config_hub_spoke_multi_region]: examples/starter-module-config/complete-multi-region/config-hub-and-spoke-vnet-multi-region.yaml "Example - Starter Module Config - Complete - Hub and Spoke VNet Multi Region" +[example_starter_module_complete_config_vwan_multi_region]: examples/starter-module-config/complete-multi-region/config-virtual-wan-multi-region.yaml "Example - Starter Module Config - Complete - Virtual WAN Multi Region" diff --git a/docs/wiki/examples/powershell-inputs/inputs-azure-devops-terraform-complete-multi-region.yaml b/docs/wiki/examples/powershell-inputs/inputs-azure-devops-terraform-complete-multi-region.yaml index 607ae556..5a3fbc7f 100644 --- a/docs/wiki/examples/powershell-inputs/inputs-azure-devops-terraform-complete-multi-region.yaml +++ b/docs/wiki/examples/powershell-inputs/inputs-azure-devops-terraform-complete-multi-region.yaml @@ -33,10 +33,13 @@ allow_storage_access_from_my_ip: false apply_approvers: [""] create_branch_policies: true -# Complete Starter Module Specific Variables +# Complete Multi Region Starter Module Specific Variables # (Details: https://github.com/Azure/ALZ-PowerShell-Module/wiki/%5BUser-Guide%5D-Starter-Module-Terraform-Complete-Multi-Region) -configuration_file_path: "" # Only required for the `complete` starter module. NOTE: This must be an absolute path. -default_postfix: "" +# The detailed configuration can be supplied in a separate file or combined in this file. Examples can be seen here: +# Hub and Spoke Virtual Network Multi Region: https://raw.githubusercontent.com/wiki/Azure/ALZ-PowerShell-Module/examples/starter-module-config/complete-multi-region/config-hub-and-spoke-vnet-multi-region.yaml +# Virtual WAN Multi Region: https://raw.githubusercontent.com/wiki/Azure/ALZ-PowerShell-Module/examples/starter-module-config/complete-multi-region/config-virtual-wan-multi-region.yaml +# Hub and Spoke Virtual Network Single Region: https://raw.githubusercontent.com/wiki/Azure/ALZ-PowerShell-Module/examples/starter-module-config/complete-multi-region/config-hub-and-spoke-vnet-single-region.yaml +# Virtual WAN Single Region: https://raw.githubusercontent.com/wiki/Azure/ALZ-PowerShell-Module/examples/starter-module-config/complete-multi-region/config-virtual-wan-single-region.yaml # Advanced Inputs bootstrap_module_version: "latest" diff --git a/docs/wiki/examples/powershell-inputs/inputs-github-terraform-complete-multi-region.yaml b/docs/wiki/examples/powershell-inputs/inputs-github-terraform-complete-multi-region.yaml index a1878430..cd1b4f24 100644 --- a/docs/wiki/examples/powershell-inputs/inputs-github-terraform-complete-multi-region.yaml +++ b/docs/wiki/examples/powershell-inputs/inputs-github-terraform-complete-multi-region.yaml @@ -30,10 +30,13 @@ allow_storage_access_from_my_ip: false apply_approvers: [""] create_branch_policies: true -# Complete Starter Module Specific Variables +# Complete Multi Region Starter Module Specific Variables # (Details: https://github.com/Azure/ALZ-PowerShell-Module/wiki/%5BUser-Guide%5D-Starter-Module-Terraform-Complete-Multi-Region) -configuration_file_path: "" # Only required for the `complete` starter module. NOTE: This must be an absolute path. -default_postfix: "" +# The detailed configuration can be supplied in a separate file or combined in this file. Examples can be seen here: +# Hub and Spoke Virtual Network Multi Region: https://raw.githubusercontent.com/wiki/Azure/ALZ-PowerShell-Module/examples/starter-module-config/complete-multi-region/config-hub-and-spoke-vnet-multi-region.yaml +# Virtual WAN Multi Region: https://raw.githubusercontent.com/wiki/Azure/ALZ-PowerShell-Module/examples/starter-module-config/complete-multi-region/config-virtual-wan-multi-region.yaml +# Hub and Spoke Virtual Network Single Region: https://raw.githubusercontent.com/wiki/Azure/ALZ-PowerShell-Module/examples/starter-module-config/complete-multi-region/config-hub-and-spoke-vnet-single-region.yaml +# Virtual WAN Single Region: https://raw.githubusercontent.com/wiki/Azure/ALZ-PowerShell-Module/examples/starter-module-config/complete-multi-region/config-virtual-wan-single-region.yaml # Advanced Inputs bootstrap_module_version: "latest" diff --git a/docs/wiki/examples/powershell-inputs/inputs-local-terraform-complete-multi-region.yaml b/docs/wiki/examples/powershell-inputs/inputs-local-terraform-complete-multi-region.yaml index 77a658cd..470baf56 100644 --- a/docs/wiki/examples/powershell-inputs/inputs-local-terraform-complete-multi-region.yaml +++ b/docs/wiki/examples/powershell-inputs/inputs-local-terraform-complete-multi-region.yaml @@ -24,10 +24,13 @@ environment_name: "mgmt" postfix_number: 1 grant_permissions_to_current_user: true -# Complete Starter Module Specific Variables +# Complete Multi Region Starter Module Specific Variables # (Details: https://github.com/Azure/ALZ-PowerShell-Module/wiki/%5BUser-Guide%5D-Starter-Module-Terraform-Complete-Multi-Region) -configuration_file_path: "" # Only required for the `complete` starter module. NOTE: This must be an absolute path. -default_postfix: "" +# The detailed configuration can be supplied in a separate file or combined in this file. Examples can be seen here: +# Hub and Spoke Virtual Network Multi Region: https://raw.githubusercontent.com/wiki/Azure/ALZ-PowerShell-Module/examples/starter-module-config/complete-multi-region/config-hub-and-spoke-vnet-multi-region.yaml +# Virtual WAN Multi Region: https://raw.githubusercontent.com/wiki/Azure/ALZ-PowerShell-Module/examples/starter-module-config/complete-multi-region/config-virtual-wan-multi-region.yaml +# Hub and Spoke Virtual Network Single Region: https://raw.githubusercontent.com/wiki/Azure/ALZ-PowerShell-Module/examples/starter-module-config/complete-multi-region/config-hub-and-spoke-vnet-single-region.yaml +# Virtual WAN Single Region: https://raw.githubusercontent.com/wiki/Azure/ALZ-PowerShell-Module/examples/starter-module-config/complete-multi-region/config-virtual-wan-single-region.yaml # Advanced Inputs bootstrap_module_version: "latest" diff --git a/docs/wiki/examples/starter-module-config/complete-multi-region/config-hub-and-spoke-vnet-multi-region.yaml b/docs/wiki/examples/starter-module-config/complete-multi-region/config-hub-and-spoke-vnet-multi-region.yaml new file mode 100644 index 00000000..ecd181ba --- /dev/null +++ b/docs/wiki/examples/starter-module-config/complete-multi-region/config-hub-and-spoke-vnet-multi-region.yaml @@ -0,0 +1,188 @@ +# This file contains templated variables to avoid repeating the same hard-coded values. +# Templated variables are denoted by the dollar curly braces token (e.g. ${starter_location_01}). The following details each templated variable that you can use: +# `starter_location_01`: This the primary an Azure location sourced from the `starter_locations` variable. This can be used to set the location of resources. +# `starter_location_02` to `starter_location_10`: These are the secondary Azure locations sourced from the `starter_locations` variable. This can be used to set the location of resources. +# `starter_location_01_availability_zones` to `starter_location_10_availability_zones`: These are the availability zones for the Azure locations sourced from the `starter_locations` variable. This can be used to set the availability zones of resources. +# `starter_location_01_virtual_network_gateway_sku_express_route` to `starter_location_10_virtual_network_gateway_sku_express_route`: These are the default SKUs for the Express Route virtual network gateways based on the Azure locations sourced from the `starter_locations` variable. This can be used to set the SKU of the virtual network gateways. +# `starter_location_01_virtual_network_gateway_sku_vpn` to `starter_location_10_virtual_network_gateway_sku_vpn`: These are the default SKUs for the VPN virtual network gateways based on the Azure locations sourced from the `starter_locations` variable. This can be used to set the SKU of the virtual network gateways. +# `root_parent_management_group_id`: This is the id of the management group that the ALZ hierarchy will be nested under. +# `subscription_id_identity`: The subscription ID of the subscription to deploy the identity resources to, sourced from the variable `subscription_id_identity`. +# `subscription_id_connectivity`: The subscription ID of the subscription to deploy the connectivity resources to, sourced from the variable `subscription_id_connectivity`. +# `subscription_id_management`: The subscription ID of the subscription to deploy the management resources to, sourced from the variable `subscription_id_management`. + +--- +connectivity_resource_groups: + ddos: + location: ${starter_location_01} + name: rg-hub-ddos-${starter_location_01} + dns: + location: ${starter_location_01} + name: rg-hub-dns-${starter_location_01} + vnet_primary: + location: ${starter_location_01} + name: rg-hub-${starter_location_01} + vnet_secondary: + location: ${starter_location_02} + name: rg-hub-${starter_location_02} +connectivity_type: hub_and_spoke_vnet +hub_and_spoke_vnet_settings: + ddos_protection_plan: + location: ${starter_location_01} + name: ddos-hub-${starter_location_01} + resource_group_name: rg-hub-ddos-${starter_location_01} +hub_and_spoke_vnet_virtual_networks: + primary: + hub_virtual_network: + address_space: + - 10.0.0.0/16 + firewall: + default_ip_configuration: + public_ip_config: + ip_version: IPv4 + name: pip-fw-hub-${starter_location_01} + zones: ${starter_location_01_availability_zones} + firewall_policy: + dns: + proxy_enabled: true + name: fwp-hub-${starter_location_01} + name: fw-hub-${starter_location_01} + sku_name: AZFW_VNet + sku_tier: Standard + subnet_address_prefix: 10.0.0.0/24 + zones: ${starter_location_01_availability_zones} + location: ${starter_location_01} + name: vnet-hub-${starter_location_01} + resource_group_creation_enabled: false + resource_group_name: rg-hub-${starter_location_01} + subnets: + virtual_network_gateway: + address_prefixes: + - 10.0.1.0/24 + assign_generated_route_table: false + name: GatewaySubnet + private_dns_zones: + is_primary: true + resource_group_name: rg-hub-dns-${starter_location_01} + virtual_network_gateways: + express_route: + ip_configurations: + default: + name: ipconfig-vgw-hub-expressroute-${starter_location_01} + public_ip: + name: pip-vgw-hub-expressroute-${starter_location_01} + zones: ${starter_location_01_availability_zones} + location: ${starter_location_01} + name: vgw-hub-expressroute-${starter_location_01} + sku: ${starter_location_01_virtual_network_gateway_sku_express_route} + type: ExpressRoute + vpn: + ip_configurations: + default: + name: ipconfig-vgw-hub-vpn-${starter_location_01} + public_ip: + name: pip-vgw-hub-vpn-${starter_location_01} + zones: ${starter_location_01_availability_zones} + location: ${starter_location_01} + name: vgw-hub-vpn-${starter_location_01} + sku: ${starter_location_01_virtual_network_gateway_sku_vpn} + type: Vpn + secondary: + hub_virtual_network: + address_space: + - 10.1.0.0/16 + firewall: + default_ip_configuration: + public_ip_config: + ip_version: IPv4 + name: pip-fw-hub-${starter_location_02} + zones: ${starter_location_02_availability_zones} + firewall_policy: + dns: + proxy_enabled: true + name: fwp-hub-${starter_location_01} + name: fw-hub-${starter_location_02} + sku_name: AZFW_VNet + sku_tier: Standard + subnet_address_prefix: 10.1.0.0/24 + zones: ${starter_location_02_availability_zones} + location: ${starter_location_02} + name: vnet-hub-${starter_location_02} + resource_group_creation_enabled: false + resource_group_name: rg-hub-${starter_location_02} + subnets: + virtual_network_gateway: + address_prefixes: + - 10.1.1.0/24 + assign_generated_route_table: false + name: GatewaySubnet + private_dns_zones: + is_primary: false + resource_group_name: rg-hub-dns-${starter_location_01} + virtual_network_gateways: + express_route: + ip_configurations: + default: + name: ipconfig-vgw-hub-expressroute-${starter_location_02} + public_ip: + name: pip-vgw-hub-expressroute-${starter_location_02} + zones: ${starter_location_02_availability_zones} + location: ${starter_location_02} + name: vgw-hub-expressroute-${starter_location_02} + sku: ${starter_location_02_virtual_network_gateway_sku_express_route} + type: ExpressRoute + vpn: + ip_configurations: + default: + name: ipconfig-vgw-hub-vpn-${starter_location_02} + public_ip: + name: pip-vgw-hub-vpn-${starter_location_02} + zones: ${starter_location_02_availability_zones} + location: ${starter_location_02} + name: vgw-hub-vpn-${starter_location_02} + sku: ${starter_location_02_virtual_network_gateway_sku_vpn} + type: Vpn +management_settings_es: + configure_connectivity_resources: + advanced: + custom_settings_by_resource_type: + azurerm_network_ddos_protection_plan: + ddos: + ${starter_location_01}: + name: ddos-hub-${starter_location_01} + azurerm_resource_group: + ddos: + ${starter_location_01}: + name: rg-hub-ddos-${starter_location_01} + dns: + ${starter_location_01}: + name: rg-hub-dns-${starter_location_01} + settings: + ddos_protection_plan: + config: + location: ${starter_location_01} + dns: + config: + location: ${starter_location_01} + configure_management_resources: + advanced: + asc_export_resource_group_name: rg-management-asc-export-${starter_location_01} + azurerm_automation_account: + management: + name: aa-management-${starter_location_01} + azurerm_log_analytics_workspace: + management: + name: law-management-${starter_location_01} + custom_settings_by_resource_type: + azurerm_resource_group: + management: + name: rg-management-${starter_location_01} + location: ${starter_location_01} + default_location: ${starter_location_01} + deploy_connectivity_resources: false + root_id: alz + root_name: Azure-Landing-Zones + root_parent_id: ${root_parent_management_group_id} + subscription_id_connectivity: ${subscription_id_connectivity} + subscription_id_identity: ${subscription_id_identity} + subscription_id_management: ${subscription_id_management} +management_use_avm: false diff --git a/docs/wiki/examples/starter-module-config/complete-multi-region/config-hub-and-spoke-vnet-single-region.yaml b/docs/wiki/examples/starter-module-config/complete-multi-region/config-hub-and-spoke-vnet-single-region.yaml new file mode 100644 index 00000000..dd1b8cb6 --- /dev/null +++ b/docs/wiki/examples/starter-module-config/complete-multi-region/config-hub-and-spoke-vnet-single-region.yaml @@ -0,0 +1,129 @@ +# This file contains templated variables to avoid repeating the same hard-coded values. +# Templated variables are denoted by the dollar curly braces token (e.g. ${starter_location_01}). The following details each templated variable that you can use: +# `starter_location_01`: This the primary an Azure location sourced from the `starter_locations` variable. This can be used to set the location of resources. +# `starter_location_02` to `starter_location_10`: These are the secondary Azure locations sourced from the `starter_locations` variable. This can be used to set the location of resources. +# `starter_location_01_availability_zones` to `starter_location_10_availability_zones`: These are the availability zones for the Azure locations sourced from the `starter_locations` variable. This can be used to set the availability zones of resources. +# `starter_location_01_virtual_network_gateway_sku_express_route` to `starter_location_10_virtual_network_gateway_sku_express_route`: These are the default SKUs for the Express Route virtual network gateways based on the Azure locations sourced from the `starter_locations` variable. This can be used to set the SKU of the virtual network gateways. +# `starter_location_01_virtual_network_gateway_sku_vpn` to `starter_location_10_virtual_network_gateway_sku_vpn`: These are the default SKUs for the VPN virtual network gateways based on the Azure locations sourced from the `starter_locations` variable. This can be used to set the SKU of the virtual network gateways. +# `root_parent_management_group_id`: This is the id of the management group that the ALZ hierarchy will be nested under. +# `subscription_id_identity`: The subscription ID of the subscription to deploy the identity resources to, sourced from the variable `subscription_id_identity`. +# `subscription_id_connectivity`: The subscription ID of the subscription to deploy the connectivity resources to, sourced from the variable `subscription_id_connectivity`. +# `subscription_id_management`: The subscription ID of the subscription to deploy the management resources to, sourced from the variable `subscription_id_management`. + +connectivity_resource_groups: + ddos: + location: ${starter_location_01} + name: rg-hub-ddos-${starter_location_01} + dns: + location: ${starter_location_01} + name: rg-hub-dns-${starter_location_01} + vnet_primary: + location: ${starter_location_01} + name: rg-hub-${starter_location_01} +connectivity_type: hub_and_spoke_vnet +hub_and_spoke_vnet_settings: + ddos_protection_plan: + location: ${starter_location_01} + name: ddos-hub-${starter_location_01} + resource_group_name: rg-hub-ddos-${starter_location_01} +hub_and_spoke_vnet_virtual_networks: + primary: + hub_virtual_network: + address_space: + - 10.0.0.0/16 + firewall: + default_ip_configuration: + public_ip_config: + ip_version: IPv4 + name: pip-fw-hub-${starter_location_01} + zones: ${starter_location_01_availability_zones} + firewall_policy: + dns: + proxy_enabled: true + name: fwp-hub-${starter_location_01} + name: fw-hub-${starter_location_01} + sku_name: AZFW_VNet + sku_tier: Standard + subnet_address_prefix: 10.0.0.0/24 + zones: ${starter_location_01_availability_zones} + location: ${starter_location_01} + name: vnet-hub-${starter_location_01} + resource_group_creation_enabled: false + resource_group_name: rg-hub-${starter_location_01} + subnets: + virtual_network_gateway: + address_prefixes: + - 10.0.1.0/24 + assign_generated_route_table: false + name: GatewaySubnet + private_dns_zones: + is_primary: true + resource_group_name: rg-hub-dns-${starter_location_01} + virtual_network_gateways: + express_route: + ip_configurations: + default: + name: ipconfig-vgw-hub-expressroute-${starter_location_01} + public_ip: + name: pip-vgw-hub-expressroute-${starter_location_01} + zones: ${starter_location_01_availability_zones} + location: ${starter_location_01} + name: vgw-hub-expressroute-${starter_location_01} + sku: ${starter_location_01_virtual_network_gateway_sku_express_route} + type: ExpressRoute + vpn: + ip_configurations: + default: + name: ipconfig-vgw-hub-vpn-${starter_location_01} + public_ip: + name: pip-vgw-hub-vpn-${starter_location_01} + zones: ${starter_location_01_availability_zones} + location: ${starter_location_01} + name: vgw-hub-vpn-${starter_location_01} + sku: ${starter_location_01_virtual_network_gateway_sku_vpn} + type: Vpn +management_settings_es: + configure_connectivity_resources: + advanced: + custom_settings_by_resource_type: + azurerm_network_ddos_protection_plan: + ddos: + ${starter_location_01}: + name: ddos-hub-${starter_location_01} + azurerm_resource_group: + ddos: + ${starter_location_01}: + name: rg-hub-ddos-${starter_location_01} + dns: + ${starter_location_01}: + name: rg-hub-dns-${starter_location_01} + settings: + ddos_protection_plan: + config: + location: ${starter_location_01} + dns: + config: + location: ${starter_location_01} + configure_management_resources: + advanced: + asc_export_resource_group_name: rg-management-asc-export-${starter_location_01} + azurerm_automation_account: + management: + name: aa-management-${starter_location_01} + azurerm_log_analytics_workspace: + management: + name: law-management-${starter_location_01} + custom_settings_by_resource_type: + azurerm_resource_group: + management: + name: rg-management-${starter_location_01} + location: ${starter_location_01} + default_location: ${starter_location_01} + deploy_connectivity_resources: false + root_id: alz + root_name: Azure-Landing-Zones + root_parent_id: ${root_parent_management_group_id} + subscription_id_connectivity: ${subscription_id_connectivity} + subscription_id_identity: ${subscription_id_identity} + subscription_id_management: ${subscription_id_management} +management_use_avm: false diff --git a/docs/wiki/examples/starter-module-config/complete-multi-region/config-virtual-wan-multi-region.yaml b/docs/wiki/examples/starter-module-config/complete-multi-region/config-virtual-wan-multi-region.yaml new file mode 100644 index 00000000..559c92bd --- /dev/null +++ b/docs/wiki/examples/starter-module-config/complete-multi-region/config-virtual-wan-multi-region.yaml @@ -0,0 +1,137 @@ +# This file contains templated variables to avoid repeating the same hard-coded values. +# Templated variables are denoted by the dollar curly braces token (e.g. ${starter_location_01}). The following details each templated variable that you can use: +# `starter_location_01`: This the primary an Azure location sourced from the `starter_locations` variable. This can be used to set the location of resources. +# `starter_location_02` to `starter_location_10`: These are the secondary Azure locations sourced from the `starter_locations` variable. This can be used to set the location of resources. +# `starter_location_01_availability_zones` to `starter_location_10_availability_zones`: These are the availability zones for the Azure locations sourced from the `starter_locations` variable. This can be used to set the availability zones of resources. +# `starter_location_01_virtual_network_gateway_sku_express_route` to `starter_location_10_virtual_network_gateway_sku_express_route`: These are the default SKUs for the Express Route virtual network gateways based on the Azure locations sourced from the `starter_locations` variable. This can be used to set the SKU of the virtual network gateways. +# `starter_location_01_virtual_network_gateway_sku_vpn` to `starter_location_10_virtual_network_gateway_sku_vpn`: These are the default SKUs for the VPN virtual network gateways based on the Azure locations sourced from the `starter_locations` variable. This can be used to set the SKU of the virtual network gateways. +# `root_parent_management_group_id`: This is the id of the management group that the ALZ hierarchy will be nested under. +# `subscription_id_identity`: The subscription ID of the subscription to deploy the identity resources to, sourced from the variable `subscription_id_identity`. +# `subscription_id_connectivity`: The subscription ID of the subscription to deploy the connectivity resources to, sourced from the variable `subscription_id_connectivity`. +# `subscription_id_management`: The subscription ID of the subscription to deploy the management resources to, sourced from the variable `subscription_id_management`. + +connectivity_resource_groups: + ddos: + location: ${starter_location_01} + name: rg-hub-ddos-${starter_location_01} + dns: + location: ${starter_location_01} + name: rg-hub-dns-${starter_location_01} + vnet_primary: + location: ${starter_location_01} + name: rg-vwan-hub-${starter_location_01} + vnet_secondary: + location: ${starter_location_02} + name: rg-vwan-hub-${starter_location_02} + vwan: + location: ${starter_location_01} + name: rg-vwan-${starter_location_01} +connectivity_type: virtual_wan +management_settings_es: + configure_connectivity_resources: + advanced: + custom_settings_by_resource_type: + azurerm_network_ddos_protection_plan: + ddos: + ${starter_location_01}: + name: ddos-${starter_location_01} + azurerm_resource_group: + ddos: + ${starter_location_01}: + name: rg-ddos-${starter_location_01} + dns: + ${starter_location_01}: + name: rg-dns-${starter_location_01} + settings: + ddos_protection_plan: + config: + location: ${starter_location_01} + dns: + config: + location: ${starter_location_01} + configure_management_resources: + advanced: + asc_export_resource_group_name: rg-management-asc-export-${starter_location_01} + azurerm_automation_account: + management: + name: aa-management-${starter_location_01} + azurerm_log_analytics_workspace: + management: + name: law-management-${starter_location_01} + custom_settings_by_resource_type: + azurerm_resource_group: + management: + name: rg-management-${starter_location_01} + location: ${starter_location_01} + default_location: ${starter_location_01} + deploy_connectivity_resources: false + root_id: alz + root_name: Azure-Landing-Zones + root_parent_id: ${root_parent_management_group_id} + subscription_id_connectivity: ${subscription_id_connectivity} + subscription_id_identity: ${subscription_id_identity} + subscription_id_management: ${subscription_id_management} +management_use_avm: false +virtual_wan_settings: + ddos_protection_plan: + location: ${starter_location_01} + name: ddos-hub-${starter_location_01} + resource_group_name: rg-hub-ddos-${starter_location_01} + location: ${starter_location_01} + name: vwan-hub-${starter_location_01} + resource_group_name: rg-vwan-${starter_location_01} +virtual_wan_virtual_hubs: + primary: + firewall: + firewall_policy: + name: fwp-hub-${starter_location_01} + name: fw-hub-${starter_location_01} + sku_name: AZFW_Hub + sku_tier: Standard + zones: ${starter_location_01_availability_zones} + hub: + address_prefix: 10.0.0.0/16 + location: ${starter_location_01} + name: vwan-hub-${starter_location_01} + resource_group_name: rg-vwan-hub-${starter_location_01} + private_dns_zones: + is_primary: true + networking: + private_dns_resolver: + name: pdr-hub-dns-${starter_location_01} + resource_group_name: rg-vwan-hub-${starter_location_01} + virtual_network: + address_space: 10.10.0.0/24 + name: vnet-hub-dns-${starter_location_01} + private_dns_resolver_subnet: + address_prefix: 10.10.0.0/28 + name: subnet-hub-dns-${starter_location_01} + resource_group_name: rg-vwan-hub-${starter_location_01} + resource_group_name: rg-hub-dns-${starter_location_01} + secondary: + firewall: + firewall_policy: + name: fwp-hub-${starter_location_02} + name: fw-hub-${starter_location_02} + sku_name: AZFW_Hub + sku_tier: Standard + zones: ${starter_location_02_availability_zones} + hub: + address_prefix: 10.1.0.0/16 + location: ${starter_location_02} + name: vwan-hub-${starter_location_02} + resource_group_name: rg-vwan-hub-${starter_location_02} + private_dns_zones: + is_primary: false + networking: + private_dns_resolver: + name: pdr-hub-dns-${starter_location_02} + resource_group_name: rg-vwan-hub-${starter_location_02} + virtual_network: + address_space: 10.11.0.0/24 + name: vnet-hub-dns-${starter_location_02} + private_dns_resolver_subnet: + address_prefix: 10.11.0.0/28 + name: subnet-hub-dns-${starter_location_02} + resource_group_name: rg-vwan-hub-${starter_location_02} + resource_group_name: rg-hub-dns-${starter_location_01} diff --git a/docs/wiki/examples/starter-module-config/complete-multi-region/config-virtual-wan-single-region.yaml b/docs/wiki/examples/starter-module-config/complete-multi-region/config-virtual-wan-single-region.yaml new file mode 100644 index 00000000..af751b08 --- /dev/null +++ b/docs/wiki/examples/starter-module-config/complete-multi-region/config-virtual-wan-single-region.yaml @@ -0,0 +1,107 @@ +# This file contains templated variables to avoid repeating the same hard-coded values. +# Templated variables are denoted by the dollar curly braces token (e.g. ${starter_location_01}). The following details each templated variable that you can use: +# `starter_location_01`: This the primary an Azure location sourced from the `starter_locations` variable. This can be used to set the location of resources. +# `starter_location_02` to `starter_location_10`: These are the secondary Azure locations sourced from the `starter_locations` variable. This can be used to set the location of resources. +# `starter_location_01_availability_zones` to `starter_location_10_availability_zones`: These are the availability zones for the Azure locations sourced from the `starter_locations` variable. This can be used to set the availability zones of resources. +# `starter_location_01_virtual_network_gateway_sku_express_route` to `starter_location_10_virtual_network_gateway_sku_express_route`: These are the default SKUs for the Express Route virtual network gateways based on the Azure locations sourced from the `starter_locations` variable. This can be used to set the SKU of the virtual network gateways. +# `starter_location_01_virtual_network_gateway_sku_vpn` to `starter_location_10_virtual_network_gateway_sku_vpn`: These are the default SKUs for the VPN virtual network gateways based on the Azure locations sourced from the `starter_locations` variable. This can be used to set the SKU of the virtual network gateways. +# `root_parent_management_group_id`: This is the id of the management group that the ALZ hierarchy will be nested under. +# `subscription_id_identity`: The subscription ID of the subscription to deploy the identity resources to, sourced from the variable `subscription_id_identity`. +# `subscription_id_connectivity`: The subscription ID of the subscription to deploy the connectivity resources to, sourced from the variable `subscription_id_connectivity`. +# `subscription_id_management`: The subscription ID of the subscription to deploy the management resources to, sourced from the variable `subscription_id_management`. + +connectivity_resource_groups: + ddos: + location: ${starter_location_01} + name: rg-hub-ddos-${starter_location_01} + dns: + location: ${starter_location_01} + name: rg-hub-dns-${starter_location_01} + vnet_primary: + location: ${starter_location_01} + name: rg-vwan-hub-${starter_location_01} + vwan: + location: ${starter_location_01} + name: rg-vwan-${starter_location_01} +connectivity_type: virtual_wan +management_settings_es: + configure_connectivity_resources: + advanced: + custom_settings_by_resource_type: + azurerm_network_ddos_protection_plan: + ddos: + ${starter_location_01}: + name: ddos-${starter_location_01} + azurerm_resource_group: + ddos: + ${starter_location_01}: + name: rg-ddos-${starter_location_01} + dns: + ${starter_location_01}: + name: rg-dns-${starter_location_01} + settings: + ddos_protection_plan: + config: + location: ${starter_location_01} + dns: + config: + location: ${starter_location_01} + configure_management_resources: + advanced: + asc_export_resource_group_name: rg-management-asc-export-${starter_location_01} + azurerm_automation_account: + management: + name: aa-management-${starter_location_01} + azurerm_log_analytics_workspace: + management: + name: law-management-${starter_location_01} + custom_settings_by_resource_type: + azurerm_resource_group: + management: + name: rg-management-${starter_location_01} + location: ${starter_location_01} + default_location: ${starter_location_01} + deploy_connectivity_resources: false + root_id: alz + root_name: Azure-Landing-Zones + root_parent_id: ${root_parent_management_group_id} + subscription_id_connectivity: ${subscription_id_connectivity} + subscription_id_identity: ${subscription_id_identity} + subscription_id_management: ${subscription_id_management} +management_use_avm: false +virtual_wan_settings: + ddos_protection_plan: + location: ${starter_location_01} + name: ddos-hub-${starter_location_01} + resource_group_name: rg-hub-ddos-${starter_location_01} + location: ${starter_location_01} + name: vwan-hub-${starter_location_01} + resource_group_name: rg-vwan-${starter_location_01} +virtual_wan_virtual_hubs: + primary: + firewall: + firewall_policy: + name: fwp-hub-${starter_location_01} + name: fw-hub-${starter_location_01} + sku_name: AZFW_Hub + sku_tier: Standard + zones: ${starter_location_01_availability_zones} + hub: + address_prefix: 10.0.0.0/16 + location: ${starter_location_01} + name: vwan-hub-${starter_location_01} + resource_group_name: rg-vwan-hub-${starter_location_01} + private_dns_zones: + is_primary: true + networking: + private_dns_resolver: + name: pdr-hub-dns-${starter_location_01} + resource_group_name: rg-vwan-hub-${starter_location_01} + virtual_network: + address_space: 10.10.0.0/24 + name: vnet-hub-dns-${starter_location_01} + private_dns_resolver_subnet: + address_prefix: 10.10.0.0/28 + name: subnet-hub-dns-${starter_location_01} + resource_group_name: rg-vwan-hub-${starter_location_01} + resource_group_name: rg-hub-dns-${starter_location_01} diff --git a/src/ALZ/Private/Config-Helpers/Convert-HCLVariablesToInputConfig.ps1 b/src/ALZ/Private/Config-Helpers/Convert-HCLVariablesToInputConfig.ps1 index f3e3be6b..dfd3e424 100644 --- a/src/ALZ/Private/Config-Helpers/Convert-HCLVariablesToInputConfig.ps1 +++ b/src/ALZ/Private/Config-Helpers/Convert-HCLVariablesToInputConfig.ps1 @@ -19,9 +19,11 @@ function Convert-HCLVariablesToInputConfig { if($terraformVariables.PSObject.Properties.Name -notcontains "variable") { Write-Verbose "No variables found in $targetVariableFile, skipping..." - return + return $appendToObject } + Write-Verbose "Variables found in $targetVariableFile, processing..." + $configItems = [PSCustomObject]@{} if($appendToObject -ne $null) { $configItems = $appendToObject @@ -54,7 +56,6 @@ function Convert-HCLVariablesToInputConfig { } if($hasValidation) { - Write-Verbose "Validation: $hasValidation - $validationType" $validator = $validators.PSObject.Properties[$validationType].Value $description = "$description ($($validator.Description))" if($validator.Type -eq "AllowedValues"){ @@ -68,6 +69,7 @@ function Convert-HCLVariablesToInputConfig { $configItem | Add-Member -NotePropertyName "Description" -NotePropertyValue $description + Write-Verbose "Adding variable $($variable.Name) to the configuration..." $configItems | Add-Member -NotePropertyName $variable.Name -NotePropertyValue $configItem } } diff --git a/src/ALZ/Private/Config-Helpers/Get-ALZConfig.ps1 b/src/ALZ/Private/Config-Helpers/Get-ALZConfig.ps1 index 24b672d6..a3c5e41a 100644 --- a/src/ALZ/Private/Config-Helpers/Get-ALZConfig.ps1 +++ b/src/ALZ/Private/Config-Helpers/Get-ALZConfig.ps1 @@ -1,7 +1,9 @@ function Get-ALZConfig { param( [Parameter(Mandatory = $false)] - [string] $configFilePath = "" + [string] $configFilePath = "", + [Parameter(Mandatory = $false)] + [PSCustomObject] $inputConfig = $null ) if(!(Test-Path $configFilePath)) { @@ -9,6 +11,10 @@ function Get-ALZConfig { throw "The config file does not exist at $configFilePath" } + if($null -eq $inputConfig) { + $inputConfig = [PSCustomObject]@{} + } + # Import the config and transform it to a PowerShell object $extension = (Get-Item -Path $configFilePath).Extension.ToLower() $config = $null @@ -38,5 +44,10 @@ function Get-ALZConfig { } Write-Verbose "Config file loaded from $configFilePath with $($config.PSObject.Properties.Name.Count) properties." - return $config + + foreach($property in $config.PSObject.Properties) { + $inputConfig | Add-Member -NotePropertyName $property.Name -NotePropertyValue $property.Value + } + + return $inputConfig } \ No newline at end of file diff --git a/src/ALZ/Private/Config-Helpers/Remove-TerraformMetaFileSet.ps1 b/src/ALZ/Private/Config-Helpers/Remove-TerraformMetaFileSet.ps1 index fc6a5436..0bc14988 100644 --- a/src/ALZ/Private/Config-Helpers/Remove-TerraformMetaFileSet.ps1 +++ b/src/ALZ/Private/Config-Helpers/Remove-TerraformMetaFileSet.ps1 @@ -9,7 +9,9 @@ function Remove-TerraformMetaFileSet { "terraform.tfstate.backup", ".terraform", "terraform.tfvars", - ".terraform.lock.hcl" + ".terraform.lock.hcl", + "examples", + "yaml.tf" ), [Parameter(Mandatory = $false)] [switch]$writeVerboseLogs diff --git a/src/ALZ/Private/Config-Helpers/Request-SpecialInput.ps1 b/src/ALZ/Private/Config-Helpers/Request-SpecialInput.ps1 index 8c10aec1..13957b94 100644 --- a/src/ALZ/Private/Config-Helpers/Request-SpecialInput.ps1 +++ b/src/ALZ/Private/Config-Helpers/Request-SpecialInput.ps1 @@ -57,18 +57,18 @@ function Request-SpecialInput { $maxRetryCount = 3 if($IsWindows) { - $filePath = "" - - while($filePath -ne "OK" -and $retryCount -lt $maxRetryCount) { + while($retryCount -lt $maxRetryCount) { Add-Type -AssemblyName System.Windows.Forms $FileBrowser = New-Object System.Windows.Forms.OpenFileDialog -Property @{ InitialDirectory = [Environment]::GetFolderPath("MyComputer") Filter = "YAML or JSON (*.yml;*.yaml;*.json)|*.yml;*.yaml;*.json" Title = "Select your input configuration file..." + MultiSelect = $true } - $filePath = $FileBrowser.ShowDialog() - if($filePath -eq "OK") { - $result = $FileBrowser.FileName + + if($FileBrowser.ShowDialog() -eq "OK") { + $result = $FileBrowser.FileNames + Write-Verbose "Selected file(s): $result" return $result } else { $retryCount++ @@ -76,15 +76,21 @@ function Request-SpecialInput { } } } else { - $validPath = $false + $validPaths = $false while(-not $validPath -and $retryCount -lt $maxRetryCount) { - $result = Read-Host "Please enter the path to your input configuration file..." - if(Test-Path $result) { - $validPath = $true + $paths = Read-Host "Please enter the paths to your input configuration file. Separate multiple files with a comma..." + $result = $paths -split "," | ForEach-Object { $_.Trim() } + $validPaths = $true + foreach($file in $result) { + if(-not (Test-Path $file)) { + $validPaths = $false + Write-InformationColored "The path '$result' that you have entered does not exist. Please try again with a valid path..." -ForegroundColor Red -InformationAction Continue + } + } + if($validPaths) { return $result } else { $retryCount++ - Write-InformationColored "The path '$result' that you have entered does not exist. Please try again with a valid path..." -ForegroundColor Red -InformationAction Continue } } } diff --git a/src/ALZ/Public/New-ALZEnvironment.ps1 b/src/ALZ/Public/New-ALZEnvironment.ps1 index 00357f6b..deb7ff1f 100644 --- a/src/ALZ/Public/New-ALZEnvironment.ps1 +++ b/src/ALZ/Public/New-ALZEnvironment.ps1 @@ -17,7 +17,8 @@ function New-ALZEnvironment { )] [Alias("inputs")] [Alias("c")] - [string] $inputConfigFilePath = $env:ALZ_input_config_path ?? "", + [Alias("inputConfigFilePath")] + [string[]] $inputConfigFilePaths = @(), [Parameter( Mandatory = $false, @@ -163,11 +164,18 @@ function New-ALZEnvironment { # Get User Inputs from the input config file $inputConfig = $null - if ($inputConfigFilePath -eq "") { - Write-InformationColored "No input configuration file path has been provided. Please provide the path to your configuration file..." -ForegroundColor Yellow -InformationAction Continue - $inputConfigFilePath = Request-SpecialInput -type "inputConfigFilePath" + if ($inputConfigFilePaths.Length -eq 0) { + $envInputConfigPaths = $env:ALZ_input_config_path + if($null -ne $envInputConfigPaths -and $envInputConfigPaths -ne "") { + $inputConfigFilePaths = $envInputConfigPaths -split "," + } else { + Write-InformationColored "No input configuration file path has been provided. Please provide the path(s) to your configuration file(s)..." -ForegroundColor Yellow -InformationAction Continue + $inputConfigFilePaths = @(Request-SpecialInput -type "inputConfigFilePath") + } + } + foreach($inputConfigFilePath in $inputConfigFilePaths) { + $inputConfig = Get-ALZConfig -configFilePath $inputConfigFilePath -inputConfig $inputConfig } - $inputConfig = Get-ALZConfig -configFilePath $inputConfigFilePath Write-Verbose "Initial Input config: $(ConvertTo-Json $inputConfig -Depth 100)" # Set accelerator input config from input file, environment variables or parameters