/caf-terraform-landingzones

Cloud Adoption Framework for Azure - Terraform landing zones

Primary LanguageHCLMIT LicenseMIT

landingzones VScodespaces Gitter

Cloud Adoption Framework for Azure landing zones on Terraform

Microsoft Cloud Adoption Framework for Azure provides you with guidance and best practices to adopt Azure.

A landing zone is a segment of a cloud environment, that has been pre-provisioned through code, and is dedicated to the support of one or more workloads. Landing zones provide access to foundational tools and controls to establish a compliant place to innovate and build new workloads in the cloud, or to migrate existing workloads to the cloud. Landing zones use defined sets of cloud services and best practices to set you up for success.

Components parts of the Cloud Adoption Framework for Azure Terraform landing zones:

caf_elements

Goals

Cloud Adoption Framework for Azure Terraform landing zones is an Open Source project with the following objectives:

  • Enable the community with a set of sample reusable landing zones.
  • Standardize deployments using battlefield-proven components.
  • Accelerate the setup of complex environments on Azure.
  • Propose an enterprise-grade approach to adopting Terraform on Microsoft Azure using Cloud Adoption Framework.
  • Propose a prescriptive guidance on how to enable DevOps for infrastructure as code on Microsoft Azure.
  • Foster a community of Azure Terraformers using a common set of practices and sharing best practices.

What's new in this release

This release is relying extensively on Terraform 0.13 capabilities (module iterations, conditional modules, variables validation, etc.).

Those new features allow more complex and more dynamic code composition. The following concepts are used:

  • Multi-subscription deployment: initial support to deploy landing zones in any subscription from the launchpad subscription.
  • Autonomous module consumption: consumption of the CAF module outside of landing zones.
  • Starter kit extension: added new scenarios for sandpit environment, added support for AKS.
  • Verified by Hashicorp status: status achieved for new CAF module and provider.
  • No-code environment composition: a landing zone environment can be composed customizing variable files and code must be robust enough to accommodate combinations and composition.
  • Flexible foundations to meet customer needs: everything is customizable at all layers.
  • Key-based configuration and customization: all configuration objects will call each other based on the object keys.
  • Iteration-based objects deployment: a landing zone calls all its modules, iterating on complex objects for technical resources deployment.
  • Enterprise-scale support: added support for foundations landing zones to optionally leverage Azure Enterprise-scale module.
  • Terraform Cloud/Enterprise bootstrap: added initial support for Hashicorp Terraform Cloud/Enterprise to support environment bootstrap.

Getting started

See our Getting Started on your laptop, or on the web with Getting Started on VSCodespaces.

See our Getting Started Video

Sample configuration repository

When starting an enterprise deployment, we recommend you start creating a configuration repository where you craft the configuration files for your environments.

You can find the starter repository here and our sample configuration onboarding video here

Documentation

More details on how to develop, deploy and operate with landing zones can be found in the reference section here

Sample landing zones

Currently we provide you with the following core sample landing zones:

Name Level Purpose
caf_launchpad 0 provides the state management capabilities and security features leveraging Azure storage for the backend, provides secret management and modular approach to support plugin for Azure DevOps automated pipeline creation (and others)
caf_foundations 1 setup all the fundamentals for a subscription (logging, accounting, security.). You can find all details of the caf_foundations landing zone Here
caf_shared_services 2 provides shared services like monitoring, Azure Backup, Azure Site Recovery etc.
caf_networking 2 enables creation of any Azure networking combination of Virtual Networks-based hub-and-spoke topologies or Azure Virtual WAN based topologies.
caf_solutions 3 "universal" landing zone that allow you to compose with any object from the CAF module and beyond.

Repositories

Repo Description
caf-terraform-landingzones (You are here!) landing zones repo with sample and core documentations
rover devops toolset for operating landing zones
azure_caf_provider custom provider for naming conventions
modules set of curated modules available in the Terraform registry

Community

Feel free to open an issue for feature or bug, or to submit a PR.

In case you have any question, you can reach out to tf-landingzones at microsoft dot com.

You can also reach us on Gitter

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

Code of conduct

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.