Demonstration of various infrastructure as code and pipeline components to deploy Azure Landing Zones.
The conceptual architecture is greatly simplified compared to the official one, as we empower DevOps teams to build and run their own thing.
We do not want to manage network from a centralized perspective. All applications will be deployed as islands with no inter-network connectivity.
These are the most important landing zones - all newer applications should be deployed here - even if data resides on-premises.
Connection to on-premises resources should be managed using zero-trust approaches with resources like:
Corp landing zones should exclusively be used for lift-and-shift scenarios (and avoided all together if possible). This is reserved for applications which do not support modern authentication and relies on Kerberos (Windows Active Directory).
The primary focus is on Policy-driven governance.
.
├───.github
│ ├───linters
│ └───workflows
├───docs
├───environments # Parameters and variables
│ ├───canary
│ └───prod
└───modules
├───management # Deploy management subscription resources
├───management-groups # Deploy management group structure
├───policies # Deploy policies
│ ├───assignments
│ ├───initiatives
│ ├───policies
│ └───scripts
└───shared # Shared bicep modulesLanding zones are deployed using GitHub Actions.
To lint repository locally run:
docker run -e DEFAULT_BRANCH=main -e RUN_LOCAL=true -e VALIDATE_JSCPD=false -e FIX_YAML_PRETTIER=true -e FIX_JSON_PRETTIER=true -e FIX_MARKDOWN_PRETTIER=true -v .:/tmp/lint --rm ghcr.io/super-linter/super-linter:latest