[User Guide] Starter Module Terraform Complete Multi Region
The complete_multi_region starter module provides full customization of the Azure Landing Zone. It is multi-regional by default and can support 1 or more regions.
The ALZ PowerShell Module can accept multiple input files and we recommend using a separate file for the complete_multi_region starter module. This allows you to more easily manage and maintain your configuration files.
The following tables describe the inputs required for the complete_multi_region starter module. Depending on you choice of networking technology, you will need to supply the relevant inputs.
| Input | Placeholder | Description |
|---|---|---|
management_settings_es |
{} |
This is the management resource configuration for the ES (Enterprise Scale) versions of the management modules. Full details of the inputs can be seen here |
connectivity_type |
hub_and_spoke_vnet |
This is the choice of networking technology. Allowed values are hub_and_spoke_vnet, virtual_wan or none. |
connectivity_resource_groups |
{} |
The resource groups used by the connectivity resources must be specified here. See the example files for usage. |
management_use_avm |
false |
[NOTE: This variable will be implemented in a future version, setting to true will result in an error] This input is to specify to use the AVM (Azure Verified Modules) versions of the management modules. Defaults to false. |
management_settings_avm |
{} |
[NOTE: This variable will be implemented in a future version] This is the management resource configuration for the AVM (Azure Verified Modules) versions of the management modules. |
| Input | Placeholder | Description |
|---|---|---|
hub_and_spoke_vnet_settings |
{} |
This is for configuring global resources, such as the DDOS protection plan. See the example files for usage. |
hub_and_spoke_vnet_virtual_networks |
{} |
This is the details configuration of each region for the hub networks. There are three top level components for each region: hub_virtual_network, virtual_network_gateways and private_dns_zones. Detailed information for hub_virtual_network inputs can be found here. Detailed information for virtual_network_gateways can be found here. See the example files for usage. |
| Input | Placeholder | Description |
|---|---|---|
virtual_wan_settings |
{} |
This is for configuring global resources, such as the Virtual WAN and DDOS protection plan. See the example files for usage. |
virtual_wan_virtual_hubs |
{} |
This is the details configuration of each region for the virtual hubs. There are three top level components for each region: hub, firewall and private_dns_zones. Detailed information for hub and firewall inputs can be found here. See the example files for usage. |
Example ALZ PowerShell input files can be found here:
- inputs-azure-devops-terraform-complete-multi-region.yaml
- inputs-github-terraform-complete-multi-region.yaml
- inputs-local-terraform-complete-multi-region.yaml
Example network technology specific input files can be found here:
- Multi region hub and spoke virtual network: config-hub-and-spoke-vnet-multi-region.yaml
- Multi region virtual WAN: config-virtual-wan-multi-region.yaml
- Single region hub and spoke virtual network: config-hub-and-spoke-vnet-single-region.yaml
- Single region virtual WAN: config-virtual-wan-single-region.yaml
The example config files have helpful templated variables such as starter_location_## and root_parent_management_group_id which get prompted for during the ALZ PowerShell Module run. Alternatively, you can opt to not use the templated variables and hard-code the values in your config file.
Note: We currently use the
caf-enterprise-scalemodule for management groups and policies, and the Azure Verified Modules for connectivity resources.
The following modules are composed together in the complete_multi_region starter module.
The caf-enterprise-scale module is used to deploy the management group hierarchy, policy assignments and management resources. For more information on the module itself see here.
The avm-ptn-hubnetworking module is used to deploy connectivity resources such as Virtual Networks and Firewalls.
This module can be extended to deploy multiple Virtual Networks at scale, Route Tables, and Resource Locks. For more information on the module itself see here.
The avm-ptn-vnetgateway module is used to deploy a Virtual Network Gateway inside your Virtual Network. Further configuration can be added (depending on requirements) to deploy Local Network Gateways, configure Virtual Network Gateway Connections, deploy ExpressRoute Gateways, and more. Additional information on the module can be found here.
The avm-ptn-vwan module is used to deploy a Virtual WAN. Further configuration can be added (depending on requirements) to deploy VPN Sites, configure VPN Connections, and more. Additional information on the module can be found here.
The avm-ptn-network-private-link-private-dns-zones module is used to deploy Private DNS Zones for Private Link Services. Further configuration can be added depending on requirements. Additional information on the module can be found here.
- Home
-
User guide
- Getting started
- Quick Start
- Starter Modules
- Input Files
- Azure DevOps Bicep Complete
- Azure DevOps Terraform Complete Multi Region
- Azure DevOps Terraform Financial Services Industry Landing Zone
- Azure DevOps Terraform Sovereign Landing Zone
- Azure DevOps Terraform Basic
- Azure DevOps Terraform Hub Networking
- Azure DevOps Terraform Complete
- GitHub Bicep Complete
- GitHub Terraform Complete Multi Region
- GitHub Terraform Financial Services Industry Landing Zone
- GitHub Terraform Sovereign Landing Zone
- GitHub Terraform Basic
- GitHub Terraform Hub Networking
- GitHub Terraform Complete
- Local Bicep Complete
- Local Terraform Complete Multi Region
- Local Terraform Financial Services Industry Landing Zone
- Local Terraform Sovereign Landing Zone
- Local Terraform Basic
- Local Terraform Hub Networking
- Local Terraform Complete
- Frequently Asked Questions
- Upgrade Guide
- Advanced Scenarios
- Troubleshooting
- Contributing