Azure Landing Zones Accelerators for Bicep and Terraform. Announcing General Availability!
Published Jan 25 2024 04:08 AM 26.6K Views
Microsoft

The Azure Landing Zones team is delighted to announce the general availability of our Azure Landing Zones Accelerators for Bicep and Terraform, having both reached the version 1.0 milestone. This article will provide an overview of the accelerators and dive into the common approaches for deploying them.

 

We'll cover:

  • What is an Azure Landing Zone?
  • What are the Azure Landing Zones Accelerators?
  • Why should you use an Accelerator?
  • How do you use the Accelerator?
  • What does the Accelerator deploy and configure?
  • Where can you learn more?
  • Thank you to our collaborators!

 

What is an Azure Landing Zone?

An Azure Landing Zone serves as the cornerstone of your cloud adoption, establishing guardrails and facilitating the deployment of workloads into Azure in a secure, standardized, and scalable manner. Further details can be found in our Cloud Adoption Framework documentation under: What is an Azure landing zone?

 

For the purpose of this article, you can consider the landing zone to consist of the initial setup of:

  • Management groups
  • Azure RBAC Roles
  • Azure Policy
  • Management resources, such as centralized logging and automation accounts
  • Hub networking, Azure DNS, and other connectivity resources

See the green boxes in this diagram:

enterprise-scale-architecture-highlighted.png

Figure: Azure Landing Zones Accelerator Scope

 

What are the Azure Landing Zones Accelerators?

The Azure Landing Zones Accelerators for Bicep and Terraform serve as automation frameworks and include corresponding documentation. Their purpose is to assist our customers and partners in swiftly deploying their Azure Landing Zone architecture by utilizing our pre-existing Azure Landing Zones Bicep or Terraform modules and adhering to best practices. While these accelerators are crafted to meet the requirements of 90% of users by default, they can be tailored to accommodate the specific needs of advanced scenarios.

 

The Accelerators follow a three phase approach:

  1. Pre-requisites: Instructions to configure credentials and subscriptions.
  2. Bootstrap: Automation or instructions to bootstrap managed IaC modules into Continuous Integration and Continuous Delivery Pipelines.
  3. Run: Trigger the pipelines to deploy the Azure Landing Zone architecture.

The Accelerators offer support for utilizing GitHub or Azure DevOps as targets for the bootstrapping automation.

 

Why should you use an Accelerator?

The Azure Landing Zones Accelerators for Bicep and Terraform play a crucial role in minimizing the effort needed for analyzing and creating an Azure Landing Zone deployment. They offer opinionated patterns and comprehensive automation for setting up Azure Landing Zones modules, ensuring a production-ready configuration.

 

Before the Accelerators were available, teams invested considerable time constructing their automation for our Azure Landing Zones modules and making decisions regarding the configuration and security of Continuous Delivery. The Accelerators eliminate this overhead by offering a reusable deployment pattern.

 

How do you use the Accelerator?

The Accelerators wikis provide comprehensive documentation and quick start guides for using the Accelerators. These can be found here:

The Accelerators use a shared approach to the bootstrapping process with a common PowerShell module. The ALZ PowerShell module is available from the PowerShell Gallery.

 

The basic PowerShell to bootstrap GitHub or Azure DevOps is:

 

# Install the PowerShell Module
Install-Module -Name ALZ

# Deploy the Accelerator with Input Prompts
Deploy-Accelerator

 

What do the Accelerators deploy and configure?

The Azure Landing Zones Accelerators have many options to choose from when deploying the bootstrap.  You can use variables to choose between the options shown in the table below. Our default options are shown in green text, as these provide the highest level of security and leverage best practice authentication.

 

Version Control System Agents / Runners Networking Authentication
GitHub Microsoft Hosted Public Workload identity federation
GitHub Self Hosted Public Workload identity federation
GitHub Self Hosted Private Workload identity federation
Azure DevOps Microsoft Hosted Public Workload identity federation
Azure DevOps Self Hosted Public Workload identity federation
Azure DevOps Self Hosted Private Workload identity federation

 

The Accelerator follows the 3 phase approach as described previously:

alz-terraform-acclerator.png

Details of what is deployed by the bootstrap can be found in our documentation, but in summary the bootstrap will deploy:

  •  Microsoft Azure
    • Storage
    • Identity
    • Networking
    • Self-hosted Agents / Runners
  • Version Control System (GitHub or Azure DevOps)
    • Repositories and files
    • Pipelines / Actions
    • Environments
    • Approvals
    • Branch Policies
    • Variables

components.png

Where can you learn more?

The best starting point for information on the Accelerators is the documentation for Bicep and Terraform.

If you encounter a question that isn't addressed there or come across an issue not covered in our FAQ or Troubleshooting guides, feel free to raise the issue in the relevant repository.

 

 

Thank you to our collaborators

We express our heartfelt gratitude to everyone who collaborated on the Azure Landing Zones Accelerators. The tremendous support from individuals involved in testing, offering feedback, contributing code, documentation, and ideas has been invaluable. Thank you for your dedication and contributions to the success of the Accelerators.

4 Comments
Version history
Last update:
‎Jul 18 2024 02:11 PM
Updated by: