# This file contains templated variables to avoid repeating the same hard-coded values. # Templated variables are denoted by the dollar curly braces token (e.g. ${starter_location_01}). The following details each templated variable that you can use: # `starter_location_01`: This the primary an Azure location sourced from the `starter_locations` variable. This can be used to set the location of resources. # `starter_location_02` to `starter_location_10`: These are the secondary Azure locations sourced from the `starter_locations` variable. This can be used to set the location of resources. # `starter_location_01_availability_zones` to `starter_location_10_availability_zones`: These are the availability zones for the Azure locations sourced from the `starter_locations` variable. This can be used to set the availability zones of resources. # `starter_location_01_virtual_network_gateway_sku_express_route` to `starter_location_10_virtual_network_gateway_sku_express_route`: These are the default SKUs for the Express Route virtual network gateways based on the Azure locations sourced from the `starter_locations` variable. This can be used to set the SKU of the virtual network gateways. # `starter_location_01_virtual_network_gateway_sku_vpn` to `starter_location_10_virtual_network_gateway_sku_vpn`: These are the default SKUs for the VPN virtual network gateways based on the Azure locations sourced from the `starter_locations` variable. This can be used to set the SKU of the virtual network gateways. # `root_parent_management_group_id`: This is the id of the management group that the ALZ hierarchy will be nested under. # `subscription_id_identity`: The subscription ID of the subscription to deploy the identity resources to, sourced from the variable `subscription_id_identity`. # `subscription_id_connectivity`: The subscription ID of the subscription to deploy the connectivity resources to, sourced from the variable `subscription_id_connectivity`. # `subscription_id_management`: The subscription ID of the subscription to deploy the management resources to, sourced from the variable `subscription_id_management`. --- connectivity_resource_groups: ddos: location: ${starter_location_01} name: rg-hub-ddos-${starter_location_01} dns: location: ${starter_location_01} name: rg-hub-dns-${starter_location_01} vnet_primary: location: ${starter_location_01} name: rg-hub-${starter_location_01} vnet_secondary: location: ${starter_location_02} name: rg-hub-${starter_location_02} connectivity_type: hub_and_spoke_vnet hub_and_spoke_vnet_settings: ddos_protection_plan: location: ${starter_location_01} name: ddos-hub-${starter_location_01} resource_group_name: ${connectivity_resource_group_ddos} hub_and_spoke_vnet_virtual_networks: primary: hub_virtual_network: address_space: - 10.0.0.0/16 firewall: default_ip_configuration: public_ip_config: ip_version: IPv4 name: pip-fw-hub-${starter_location_01} zones: ${starter_location_01_availability_zones} firewall_policy: dns: proxy_enabled: true name: fwp-hub-${starter_location_01} name: fw-hub-${starter_location_01} sku_name: AZFW_VNet sku_tier: Standard subnet_address_prefix: 10.0.0.0/24 zones: ${starter_location_01_availability_zones} location: ${starter_location_01} name: vnet-hub-${starter_location_01} resource_group_creation_enabled: false resource_group_name: ${connectivity_resource_group_vnet_primary} subnets: virtual_network_gateway: address_prefixes: - 10.0.1.0/24 assign_generated_route_table: false name: GatewaySubnet tags: deployment: terraform source: Azure Landing Zones Accelerator private_dns_zones: is_primary: true resource_group_name: ${connectivity_resource_group_dns} virtual_network_gateways: express_route: ip_configurations: default: name: ipconfig-vgw-hub-expressroute-${starter_location_01} public_ip: name: pip-vgw-hub-expressroute-${starter_location_01} zones: ${starter_location_01_availability_zones} location: ${starter_location_01} name: vgw-hub-expressroute-${starter_location_01} sku: ${starter_location_01_virtual_network_gateway_sku_express_route} type: ExpressRoute vpn: ip_configurations: default: name: ipconfig-vgw-hub-vpn-${starter_location_01} public_ip: name: pip-vgw-hub-vpn-${starter_location_01} zones: ${starter_location_01_availability_zones} location: ${starter_location_01} name: vgw-hub-vpn-${starter_location_01} sku: ${starter_location_01_virtual_network_gateway_sku_vpn} type: Vpn secondary: hub_virtual_network: address_space: - 10.1.0.0/16 firewall: default_ip_configuration: public_ip_config: ip_version: IPv4 name: pip-fw-hub-${starter_location_02} zones: ${starter_location_02_availability_zones} firewall_policy: dns: proxy_enabled: true name: fwp-hub-${starter_location_01} name: fw-hub-${starter_location_02} sku_name: AZFW_VNet sku_tier: Standard subnet_address_prefix: 10.1.0.0/24 zones: ${starter_location_02_availability_zones} location: ${starter_location_02} name: vnet-hub-${starter_location_02} resource_group_creation_enabled: false resource_group_name: ${connectivity_resource_group_vnet_secondary} subnets: virtual_network_gateway: address_prefixes: - 10.1.1.0/24 assign_generated_route_table: false name: GatewaySubnet tags: deployment: terraform source: Azure Landing Zones Accelerator private_dns_zones: is_primary: false resource_group_name: ${connectivity_resource_group_dns} virtual_network_gateways: express_route: ip_configurations: default: name: ipconfig-vgw-hub-expressroute-${starter_location_02} public_ip: name: pip-vgw-hub-expressroute-${starter_location_02} zones: ${starter_location_02_availability_zones} location: ${starter_location_02} name: vgw-hub-expressroute-${starter_location_02} sku: ${starter_location_02_virtual_network_gateway_sku_express_route} type: ExpressRoute vpn: ip_configurations: default: name: ipconfig-vgw-hub-vpn-${starter_location_02} public_ip: name: pip-vgw-hub-vpn-${starter_location_02} zones: ${starter_location_02_availability_zones} location: ${starter_location_02} name: vgw-hub-vpn-${starter_location_02} sku: ${starter_location_02_virtual_network_gateway_sku_vpn} type: Vpn management_settings_es: configure_connectivity_resources: advanced: custom_settings_by_resource_type: azurerm_network_ddos_protection_plan: ddos: ${starter_location_01}: name: ddos-hub-${starter_location_01} azurerm_resource_group: ddos: ${starter_location_01}: name: ${connectivity_resource_group_ddos} dns: ${starter_location_01}: name: ${connectivity_resource_group_dns} settings: ddos_protection_plan: config: location: ${starter_location_01} dns: config: location: ${starter_location_01} configure_management_resources: advanced: asc_export_resource_group_name: rg-management-asc-export-${starter_location_01} azurerm_automation_account: management: name: aa-management-${starter_location_01} azurerm_log_analytics_workspace: management: name: law-management-${starter_location_01} custom_settings_by_resource_type: azurerm_resource_group: management: name: rg-management-${starter_location_01} location: ${starter_location_01} default_location: ${starter_location_01} deploy_connectivity_resources: false deploy_management_resources: true deploy_core_landing_zones: true deploy_corp_landing_zones: true deploy_online_landing_zones: true root_id: alz root_name: Azure-Landing-Zones root_parent_id: ${root_parent_management_group_id} subscription_id_connectivity: ${subscription_id_connectivity} subscription_id_identity: ${subscription_id_identity} subscription_id_management: ${subscription_id_management}