Home

The Azure landing zones Terraform module provides an opinionated approach for deploying and managing the core platform capabilities of Azure landing zones architecture using Terraform, with a focus on the central resource hierarchy:

Depending on selected options, this module can deploy different sets of resources based on the following capabilities:

• Core Resources
• Management Resources
• Connectivity Resources
• Identity Resources

Please click on each of the above links for more details.

Design areas

The module provides a consistent approach for deploying and managing resources relating to the following design areas:

• Resource organization
  • Create the Management Group resource hierarchy
  • Assign Subscriptions to Management Groups
  • Create custom Policy Assignments, Policy Definitions and Policy Set Definitions (Initiatives)
• Identity and access management
  • Secure the identity subscription using Azure Policy
  • Create custom Role Assignments and Role Definitions
• Management
  • Create a central Log Analytics workspace and Automation Account
  • Link Log Analytics workspace to the Automation Account
  • Deploy recommended Log Analytics Solutions
  • Enable Microsoft Defender for Cloud
• Network topology and connectivity
  • Create a centralized hub network
    • Traditional Azure networking topology (hub and spoke)
    • Virtual WAN network topology (Microsoft-managed)
  • Secure network design
    • Azure Firewall
    • DDoS Network Protection
  • Hybrid connectivity
    • Azure Virtual Network Gateway
    • Azure ExpressRoute Gateway
  • Centrally managed DNS zones

Next steps

Check out the User Guide, or go straight to our Examples.