Home
The Azure landing zones Terraform module provides an opinionated approach for deploying and managing the core platform capabilities of Azure landing zones architecture using Terraform, with a focus on the central resource hierarchy:
Depending on selected options, this module can deploy different groups of resources as needed.
This is currently split logically into the following capabilities:
Please click on each of the above links for more details.
The module provides a consistent approach for deploying and managing resources relating to the following Enterprise-scale critical design areas:
-
Management Group and Subscription organisation
- Create the Management Group resource hierarchy
- Assign Subscriptions to Management Groups
- Create custom Policy Assignments, Policy Definitions and Policy Set Definitions (Initiatives)
-
Identity and access management
- Create custom Role Assignments and Role Definitions
-
Management and monitoring
- Create a central Log Analytics workspace and Automation Account
- Link Log Analytics workspace to the Automation Account
- Deploy recommended Log Analytics Solutions
- Enable Azure Defender
-
Network topology and connectivity
- Create a centralised hub for hybrid connectivity
- Secure network using Azure Firewall
- Centrally managed DNS zones
Check out the User Guide, or go straight to our Examples.
- Home
- User guide
- Video guides
-
Examples
- Level 100
- Level 200
-
Level 300
- Deploy multi region networking with custom settings (Hub and Spoke)
- Deploy multi region networking with custom settings (Virtual WAN)
- Deploy with Zero Trust network principles (Hub and Spoke)
- Deploy identity resources with custom settings
- Deploy management resources with custom settings
- Expand built-in archetype definitions
- Create custom policies, initiatives and assignments
- Override module role assignments
- Control policy enforcement mode
- Policy assignments with user assigned managed identities
- Level 400
- Frequently Asked Questions
- Troubleshooting
- Contributing