-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.alz.tf
91 lines (78 loc) · 2.26 KB
/
main.alz.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
data "azurerm_client_config" "core" {
provider = azurerm
}
data "azurerm_client_config" "management" {
provider = azurerm.management
}
data "azurerm_client_config" "connectivity" {
provider = azurerm.connectivity
}
module "alz" {
source = "Azure/caf-enterprise-scale/azurerm"
#source = "github.com/Azure/terraform-azurerm-caf-enterprise-scale?ref=main"
version = "= 3.3.0"
providers = {
azurerm = azurerm
azurerm.connectivity = azurerm.connectivity
azurerm.management = azurerm.management
}
root_parent_id = data.azurerm_client_config.core.tenant_id
root_id = var.root_id
root_name = var.root_name
deploy_corp_landing_zones = true
deploy_online_landing_zones = true
deploy_diagnostics_for_mg = true
default_location = "northeurope"
disable_telemetry = true
// Set subscription IDs for placement of platform subs
subscription_id_management = data.azurerm_client_config.management.subscription_id
subscription_id_connectivity = data.azurerm_client_config.connectivity.subscription_id
subscription_id_identity = "2e4e0f6e-2391-498f-8f0f-ae54960cb44f"
// Use management group association instead of having to be explicit about MG membership
strict_subscription_association = false
// Management resources
deploy_management_resources = true
configure_management_resources = {
settings = {
log_analytics = {
enabled = true
}
security_center = {
config = {
email_security_contact = "[email protected]"
}
enabled = true
}
}
tags = null
}
// Connectivity (hub network) configuration
deploy_connectivity_resources = true
configure_connectivity_resources = {
settings = {
ddos_protection_plan = {
enabled = false
}
dns = {
enabled = false
}
hub_networks = [{
config = {
address_space = ["10.0.0.0/23"]
azure_firewall = {
enabled = false
}
subnets = [{
address_prefixes = ["10.0.0.0/24"]
name = "default"
}]
virtual_network_gateway = {
enabled = false
}
}
enabled = true
}]
}
tags = null
}
}