We're excited to announce the release of the subscription vending IaC Modules! These modules are designed to help you streamline and automate the process of provisioning Azure subscriptions, making it easier than ever to get started with Azure.
We heard loud and clear feedback from our customers & partners that we did a great job helping them accelerate their Cloud Platforms with Azure Landing Zones. And that we also helped accelerate the deployment of complex workloads like Azure Virtual Desktop, Azure VMware Solution, and more via our Application Landing Zones Accelerators. But, we didn’t help customers easily achieve the design principle of Subscription Democratization. Until now!
The Subscription Vending IaC Modules are available for use with two popular infrastructure-as-code (IaC) tools: Bicep and Terraform. These modules have been created by the Customer Architecture & Engineering (CAE) team within Microsoft’s Global Customer Success (GCS) organization (the same team behind Azure Landing Zones) and are designed to help you implement the best practices for subscription provisioning.
Using these modules, you can quickly and easily provision new Azure subscriptions that are pre-configured to meet your organization's specific needs and help your application teams get access to the Azure subscriptions they need, faster. The modules include parameters/variables for Role-Based Access Control, Networking, Tags and much more.
You can use the new Subscription Vending IaC Modules with or without Azure Landing Zones. If you already have Azure Landing Zones set up, the modules can help you automate the subscription provisioning process for application landing zones and ensure that all subscriptions are aligned with your organization's requirements and allow you to place them in the desired Management Group to enforce your compliance and governance requirements with Azure Policy.
However, if you don't have Azure Landing Zones set up, you can still use the modules to quickly create new subscriptions to meet your application teams requirements using the same flexibility provided in the modules.
TIP! You can also use the modules with existing Azure Subscriptions!
Here are some of the key features and benefits of the Subscription Vending IaC Modules:
To get started with the subscription vending IaC modules, head over to the GitHub repositories, below, for the Bicep and Terraform modules and check out their wikis:
Or you can now see our recent Azure Enablement Show video below:
An example of creating a new subscription and peering to a hub Virtual Network using the Bicep module is show below:
targetScope = 'managementGroup'
@description('Specifies the location for resources.')
param location string = 'uksouth'
module sub001 'br/public:lz/sub-vending:1.2.2' = {
name: 'sub-bicep-lz-vending-example-001'
params: {
subscriptionAliasEnabled: true
subscriptionBillingScope: '/providers/Microsoft.Billing/billingAccounts/1234567/enrollmentAccounts/123456'
subscriptionAliasName: 'sub-bicep-lz-vending-example-001'
subscriptionDisplayName: 'sub-bicep-lz-vending-example-001'
subscriptionTags: {
test: 'true'
}
subscriptionWorkload: 'Production'
subscriptionManagementGroupAssociationEnabled: true
subscriptionManagementGroupId: 'alz-landingzones-corp'
virtualNetworkEnabled: true
virtualNetworkLocation: location
virtualNetworkResourceGroupName: 'rsg-${location}-net-001'
virtualNetworkName: 'vnet-${location}-001'
virtualNetworkAddressSpace: [
'10.0.0.0/16'
]
virtualNetworkResourceGroupLockEnabled: false
virtualNetworkPeeringEnabled: true
hubNetworkResourceId: '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rsg-uks-net-hub-001/providers/Microsoft.Network/virtualNetworks/vnet-uks-hub-001'
}
}
Further examples are available for the Bicep module.
The Bicep module is also available on the Bicep Public Module Registry
An example of creating a new subscription and peering to a hub Virtual Network using the Terraform module is show below:
module "lz_vending" {
source = "Azure/lz-vending/azurerm"
version = "<version>" # change this to your desired version, https://www.terraform.io/language/expressions/version-constraints
location = "northeurope"
# subscription variables
subscription_alias_enabled = true
subscription_billing_scope = "/providers/Microsoft.Billing/billingAccounts/1234567/enrollmentAccounts/123456"
subscription_display_name = "mysub"
subscription_alias_name = "mysub"
subscription_workload = "DevTest"
# virtual network variables
virtual_network_enabled = true
virtual_networks = {
vnet1 = {
name = "spoke"
address_space = ["192.168.1.0/24"]
resource_group_name = "rg-networking"
hub_peering_enabled = true
hub_network_resource_id = azurerm_virtual_network.example.id
}
}
}
Further examples are available for the Terraform module.
The Terraform module is also available on the Terraform Registry
For more information on subscription vending and using the modules in a process, check out the following resources:
We hope you find the subscription vending IaC modules useful in streamlining and automating your Azure subscription provisioning process!
And if you find a feature missing or have a question, please raise a GitHub issue on the respective repository above.
We also published guidance on “Should we create a new Azure Subscription every time or should we reuse Azure Subscriptions?” in the ALZ FAQ which we advise reviewing if you are planning to have a large number of subscriptions (thousands, not hundreds).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.