The Azure Landing Zones team is delighted to announce the general availability of our Azure Landing Zones Accelerators for Bicep and Terraform, having both reached the version 1.0 milestone. This article will provide an overview of the accelerators and dive into the common approaches for deploying them.
We'll cover:
An Azure Landing Zone serves as the cornerstone of your cloud adoption, establishing guardrails and facilitating the deployment of workloads into Azure in a secure, standardized, and scalable manner. Further details can be found in our Cloud Adoption Framework documentation under: What is an Azure landing zone?
For the purpose of this article, you can consider the landing zone to consist of the initial setup of:
See the green boxes in this diagram:
Figure: Azure Landing Zones Accelerator Scope
The Azure Landing Zones Accelerators for Bicep and Terraform serve as automation frameworks and include corresponding documentation. Their purpose is to assist our customers and partners in swiftly deploying their Azure Landing Zone architecture by utilizing our pre-existing Azure Landing Zones Bicep or Terraform modules and adhering to best practices. While these accelerators are crafted to meet the requirements of 90% of users by default, they can be tailored to accommodate the specific needs of advanced scenarios.
The Accelerators follow a three phase approach:
The Accelerators offer support for utilizing GitHub or Azure DevOps as targets for the bootstrapping automation.
The Azure Landing Zones Accelerators for Bicep and Terraform play a crucial role in minimizing the effort needed for analyzing and creating an Azure Landing Zone deployment. They offer opinionated patterns and comprehensive automation for setting up Azure Landing Zones modules, ensuring a production-ready configuration.
Before the Accelerators were available, teams invested considerable time constructing their automation for our Azure Landing Zones modules and making decisions regarding the configuration and security of Continuous Delivery. The Accelerators eliminate this overhead by offering a reusable deployment pattern.
The Accelerators wikis provide comprehensive documentation and quick start guides for using the Accelerators. These can be found here:
The Accelerators use a shared approach to the bootstrapping process with a common PowerShell module. The ALZ PowerShell module is available from the PowerShell Gallery.
The basic PowerShell to bootstrap GitHub or Azure DevOps is:
# Install the PowerShell Module
Install-Module -Name ALZ
# Deploy the Accelerator with Input Prompts
Deploy-Accelerator
What do the Accelerators deploy and configure?
The Azure Landing Zones Accelerators have many options to choose from when deploying the bootstrap. You can use variables to choose between the options shown in the table below. Our default options are shown in green text, as these provide the highest level of security and leverage best practice authentication.
Version Control System | Agents / Runners | Networking | Authentication |
GitHub | Microsoft Hosted | Public | Workload identity federation |
GitHub | Self Hosted | Public | Workload identity federation |
GitHub | Self Hosted | Private | Workload identity federation |
Azure DevOps | Microsoft Hosted | Public | Workload identity federation |
Azure DevOps | Self Hosted | Public | Workload identity federation |
Azure DevOps | Self Hosted | Private | Workload identity federation |
The Accelerator follows the 3 phase approach as described previously:
Details of what is deployed by the bootstrap can be found in our documentation, but in summary the bootstrap will deploy:
We express our heartfelt gratitude to everyone who collaborated on the Azure Landing Zones Accelerators. The tremendous support from individuals involved in testing, offering feedback, contributing code, documentation, and ideas has been invaluable. Thank you for your dedication and contributions to the success of the Accelerators.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.