forked from Azure/terraform-azurerm-caf-enterprise-scale
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
87 lines (76 loc) · 5.21 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# The following module is used to generate the configuration
# data used to deploy all archetype resources at the
# Management Group scope. Future plans include repeating this
# for Subscription scope configuration so we can improve
# coverage for archetype patterns which deploy specific
# groups of Resources within a Subscription.
module "management_group_archetypes" {
for_each = local.es_landing_zones_map
source = "./modules/archetypes"
root_id = "${local.provider_path.management_groups}${local.root_id}"
scope_id = each.key
archetype_id = each.value.archetype_config.archetype_id
parameters = each.value.archetype_config.parameters
access_control = each.value.archetype_config.access_control
library_path = local.library_path
template_file_variables = local.template_file_variables
default_location = local.default_location
enforcement_mode = each.value.archetype_config.enforcement_mode
}
# The following module is used to generate the configuration
# data used to deploy platform resources based on the
# "management" landing zone archetype.
module "management_resources" {
source = "./modules/management"
# Mandatory input variables
enabled = local.deploy_management_resources
root_id = local.root_id
subscription_id = local.subscription_id_management
settings = local.configure_management_resources.settings
# Optional input variables (basic configuration)
location = coalesce(local.configure_management_resources.location, local.default_location)
tags = local.management_resources_tags
# Optional input variables (advanced configuration)
resource_prefix = lookup(local.management_resources_advanced, "resource_prefix", local.empty_string)
resource_suffix = lookup(local.management_resources_advanced, "resource_suffix", local.empty_string)
existing_resource_group_name = lookup(local.management_resources_advanced, "existing_resource_group_name", local.empty_string)
existing_log_analytics_workspace_resource_id = lookup(local.management_resources_advanced, "existing_log_analytics_workspace_resource_id", local.empty_string)
existing_automation_account_resource_id = lookup(local.management_resources_advanced, "existing_automation_account_resource_id", local.empty_string)
link_log_analytics_to_automation_account = lookup(local.management_resources_advanced, "link_log_analytics_to_automation_account", true)
custom_settings_by_resource_type = lookup(local.management_resources_advanced, "custom_settings_by_resource_type", local.empty_map)
asc_export_resource_group_name = lookup(local.management_resources_advanced, "asc_export_resource_group_name", local.empty_string)
}
# The following module is used to generate the configuration
# data used to deploy platform resources based on the
# "identity" landing zone archetype.
module "identity_resources" {
source = "./modules/identity"
# Mandatory input variables
enabled = local.deploy_identity_resources
root_id = local.root_id
settings = local.configure_identity_resources.settings
}
# The following module is used to generate the configuration
# data used to deploy platform resources based on the
# "connectivity" landing zone archetype.
module "connectivity_resources" {
source = "./modules/connectivity"
# Mandatory input variables
enabled = local.deploy_connectivity_resources
root_id = local.root_id
subscription_id = local.subscription_id_connectivity
settings = local.configure_connectivity_resources.settings
# Optional input variables (basic configuration)
location = coalesce(local.configure_connectivity_resources.location, local.default_location)
tags = local.connectivity_resources_tags
# Optional input variables (advanced configuration)
resource_prefix = lookup(local.connectivity_resources_advanced, "resource_prefix", local.empty_string)
resource_suffix = lookup(local.connectivity_resources_advanced, "resource_suffix", local.empty_string)
existing_ddos_protection_plan_resource_id = lookup(local.connectivity_resources_advanced, "existing_ddos_protection_plan_resource_id", local.empty_string)
existing_virtual_wan_resource_id = lookup(local.connectivity_resources_advanced, "existing_virtual_wan_resource_id", local.empty_string)
existing_virtual_wan_resource_group_name = lookup(local.connectivity_resources_advanced, "existing_virtual_wan_resource_group_name", local.empty_string)
resource_group_per_virtual_hub_location = lookup(local.connectivity_resources_advanced, "resource_group_per_virtual_hub_location", false)
custom_azure_backup_geo_codes = lookup(local.connectivity_resources_advanced, "custom_azure_backup_geo_codes", local.empty_map)
custom_privatelink_azurestaticapps_partitionids = lookup(local.connectivity_resources_advanced, "custom_privatelink_azurestaticapps_partitionids", null)
custom_settings_by_resource_type = lookup(local.connectivity_resources_advanced, "custom_settings_by_resource_type", local.empty_map)
}