aztfmod / terraform-azurerm-caf Goto Github PK
View Code? Open in Web Editor NEWTerraform supermodule for the Terraform platform engineering for Azure
Home Page: http://aka.ms/caf/terraform
License: MIT License
Terraform supermodule for the Terraform platform engineering for Azure
Home Page: http://aka.ms/caf/terraform
License: MIT License
Create module for express_route_circuit.
Express Route Circuit
Express Route Circuit Peering
Express Route Circuit Gateway
Express Route Circuit Authorization
Currently the app service deployment slots configuration (such as site_config
, app_settings
) is following what we created at the parent app service. These slots need to have option to either go with the parent app service configuration or have their own dedicated configurations.
Reference: https://github.com/aztfmod/terraform-azurerm-caf/blob/0.4/modules/webapps/appservice/slot.tf
Initial support for shared services:
Review existing modules and make sure it is now implementing the updated attributes
Identify the new modules to create in the backlog
https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/CHANGELOG-v2.md#2280-september-17-2020
When opening the cloned repo on VSCode on Windows, git shows ass files to be modified.
This should be fixed with adding a .gitattributes
file as per https://code.visualstudio.com/docs/remote/troubleshooting#_resolving-git-line-ending-issues-in-containers-resulting-in-many-modified-files
Virtual hubs
Feature flags have been introduced to provide additional modularity during the deployment of a landing zone or a solution.
Instead of removing from the configuration file the services you do not want to deploy, you can keep the configuration unchanged and use the feature flag attribute to disable the deployment. The scenarios we are targeting are CI and demo environments.
The initial implementation target the bastion hosts and the virtual machines.
The upcoming version of the caf_landingzone scenario 200 will implement it.
enable = {
bastion_hosts = false
virtual_machines = false
}
Tell us what you think and it is something to extend further
To increase the Keyvault delete timeout to 60 minutes.
Ref : https://github.com/aztfmod/terraform-azurerm-caf/runs/1440175347?check_suite_focus=true
["logged_in_aad_app"].azurerm_key_vault_access_policy.policy: Still destroying... [id=/subscriptions/a062cd59-71e9-4dae-92b3-...d/b792cc3c-b21f-4dd0-9d12-8f9aaa824ac5, 30m0s elapsed]
Error: Error updating Access Policy (Object ID "b792cc3c-b21f-4dd0-9d12-8f9aaa824ac5" / Application ID "") for Key Vault "ppnk-kv-secrets" (Resource Group "ppnk-rg-databricks-re1"): keyvault.VaultsClient#UpdateAccessPolicy: Failure sending request: StatusCode=0 -- Original Error: context deadline exceeded
Error: failed waiting for Key Vault Access Policy (Object ID: "b792cc3c-b21f-4dd0-9d12-8f9aaa824ac5") to apply: timeout while waiting for state to become 'notfound' (last state: 'found', timeout: 30m0s)
Releasing state lock. This may take a few moments...
Error on or near line 543; exiting with status 1
Add initial support in the module for:
Referring to issue here, the connection string should be like this instead.
APPLICATIONINSIGHTS_CONNECTION_STRING = azurerm_application_insights.appinsight.connection_string
Support for Terraform Cloud/Enterprise:
Initial implementation: https://github.com/Azure/caf-terraform-landingzones/tree/0.4-tfc
Overnight, the module disappeared from terraform registry
This URL now returns 404:
https://registry.terraform.io/modules/aztfmod/caf-enterprise-scale/azurerm/
module "launchpad" {
source = "aztfmod/caf-enterprise-scale/azurerm"
version = "~>0.3"
Add support for deploying Virtual Machine Extensions
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_extension
Monitoring Extension agent
InVM Diagnostics settings on storage account
InVM Diagnostics settings with Azure Monitor
InVM Diagnostics settings with one or multiple event hubs
InVM Diagnostics settings with Application Insights
The current Shared Image Gallery code (#140) lets Packer authenticate through an Azure AD Service Principal. Would like to add the option of using Managed Identity as well.
To include:
Ref :https://www.packer.io/docs/builders/azure#azure-managed-identity
Add module for Data Factory
Add enterprise-scale foundations features:
Provided by ES module:
Included in CAF module:
These resource type need to be added in list
azurerm_synapse_workspace
azurerm_synapse_firewall_rule
azurerm_synapse_spark_pool
azurerm_synapse_sql_pool
Azure Bastion can take more than 30 minutes to provision, propose to extend the bastion timeout to 60 minutes?
As per: https://github.com/Azure/caf-terraform-landingzones/runs/1437552575?check_suite_focus=true
module.networking.azurerm_bastion_host.host["bastion_hub_rg2"]: Still creating... [29m30s elapsed]
module.networking.azurerm_bastion_host.host["bastion_hub_rg2"]: Still creating... [29m40s elapsed]
module.networking.azurerm_bastion_host.host["bastion_hub_rg2"]: Still creating... [29m50s elapsed]
Releasing state lock. This may take a few moments...
Terraform apply return code: 0
Terraform returned errors:
Error on or near line 470: Error running terraform apply; exiting with status 2001
Error: Error waiting for creation/update of Bastion Host "g376885469-bast-bastion-rg2-brotq" (Resource Group "g376885469-rg-vnet-hub-rg2-kykaf"): Future#WaitForCompletion: context has been cancelled: StatusCode=200 -- Original Error: context deadline exceeded
on /home/vscode/.terraform.cache/modules/networking/bastion_service.tf line 18, in resource "azurerm_bastion_host" "host":
18: resource "azurerm_bastion_host" "host" {
Review existing modules and make sure it is now implementing the updated attributes
Identify the new modules to create in the backlog
https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/CHANGELOG-v2.md#2290-september-24-2020
Initial Stream Analytics module
Adding networking features:
You can propose additional scenario my adding your comment
Initial support for Cosmos DB into CAF module, as per https://www.terraform.io/docs/providers/azurerm/r/cosmosdb_account.html
Account (Rahul)
SQL (Rahul)
Cassandra (Ben)
Mongo (Ben) - Still pending hashicorp/terraform-provider-azurerm#8660 to be resolved
Gremlin (Ben)
Table (Ben)
Add diagnostics capabilities
Extend the current keyvault module to support the external certificate issuer
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_certificate_issuer
Include an option to inherit or not the tags from RG when creating resources.
Add module for Eventhub
I'm owner of an AIRS subscription
rover -lz /tf/caf/public/landingzones/caf_launchpad -launchpad -var-file /tf/caf/public/landingzones/caf_launchpad/scenario/100/configuration.tfvars -a apply
Error: Error checking for existence of existing Container "tfstate" (Account "zjzustlevel0yodgp" / Resource Group "zjzu-rg-launchpad-tfstates-yodgp"): containers.Client#GetProperties: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationPermissionMismatch" Message="This request is not authorized to perform this operation using this permission.\nRequestId:0fbfd5ee-701e-006f-26f7-8c9f48000000\nTime:2020-09-17T13:34:47.5133915Z"
on ../../modules/storage_account/container/container.tf line 1, in resource "azurerm_storage_container" "stg":
1: resource "azurerm_storage_container" "stg" {
When you try to deploy networking scenario: Azure Virtual WAN with Azure Firewall not enabled, you are unable to deploy when the configuration:
hubs = {
hub_re1 = {
hub_name = "hub-re1"
region = "region1"
hub_address_prefix = "10.0.3.0/24"
deploy_firewall = false
firewall_name = "hub-fw-re1"
firewall_resource_group_key = "hub_re1"
deploy_p2s = false
p2s_config = {
name = "caf-sea-vpn-p2s"
...
It gives you the following error:
Error: Invalid index
on /home/vscode/.terraform.cache/modules/networking/modules/networking/virtual_wan/virtual_hub/azure_firewall.tf line 35, in resource "null_resource" "arm_template_vhub_firewall":
35: resource_id = lookup(azurerm_template_deployment.arm_template_vhub_firewall.0.outputs, "resourceID")
|----------------
| azurerm_template_deployment.arm_template_vhub_firewall is empty tuple
The given key does not identify an element in this collection value.
Error on or near line 446: Error running terraform plan; exiting with status 2000
This issue to track the ability to run the examples to consume the submodules without using rover.
Review existing modules and make sure it is now implementing the updated attributes
Identify the new modules to create in the backlog
https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/CHANGELOG-v2.md#2300-october-01-2020
Add support for azurerm_proximity_placement_group
azurerm_proximity_placement_group
for Windows and Linux Virtual MachinesAdd the capability to link a VM to a backup vault and policy:
virtual_machines = {
vm_example = {
resource_group_key = "vm_region1"
provision_vm_agent = true
boot_diagnostics_storage_account_key = "bootdiag_region1"
backup_policy_key = "prod_daily"
site_recovery_vault_key = "corp_asr"
shared_services_lz = "shared_services" #optional, should use the default L2 "shared services"
...
}
Add support for availability set:
availability_set_id
for Windows and Linux Virtual MachinesReview existing modules and make sure it is now implementing the updated attributes
Identify the new modules to create in the backlog
https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/CHANGELOG-v2.md#2270-september-10-2020
Would like to add the Shared Image Gallery components to the codebase; it would fall under the Shared Services Landing Zone.
The module will include the options to create:
Initial release of vnext landing zones module.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.