Skip to content
/ terraform-azurerm-governance-eslz Public

This module is an extension for Micorsoft CAF modules. It offers the possibility to implement your own management group structure and RBAC model with groups and permissions.

License

MIT license
0 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

qbeyond/terraform-azurerm-governance-eslz

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
.github/workflows
.github/workflows
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
locals.tf
locals.tf
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 

Repository files navigation

Configurable Azure Governance Module

This module is based on the Cloud Adoption Frameworks Enterprise Scale Landingzone. You can customize the management group layout, assigned policies and AAD groups to create and assign.

Use the archetype_lib folder in this repo to add custom archetypes, policy definitions and policy assignments.

Requirements

Name Version
azuread ~> 2.15.0
azurerm >= 2.77.0

Providers

Name Version
azuread ~> 2.15.0
azurerm >= 2.77.0

Modules

Name Source Version
governance_eslz git::https://github.com/Azure/terraform-azurerm-caf-enterprise-scale.git v2.0.1

Resources

Name Type
azuread_application.apps resource
azuread_group.groups resource
azuread_group_member.sp-assignments resource
azuread_service_principal.sp resource
azurerm_role_assignment.role_assignments resource
azurerm_client_config.current data source
azurerm_subscription.subs data source

Inputs

Name Description Type Default Required
group_assignments 
"<group_name>" = {
  service_principals = optional(list(string))    (list of service principals that should be added as members) 
  ""           = list(string)              ( must be a role_definition_name or role_definition_id from azure, every element must be a scope: "mg:<mg_id>", "sub:<subscription_id>", "root" for Tenant Root Group or a full scope ID)
}
 map(map(list(string))) {} no
library_path If specified, sets the path to a custom library folder for archetype artefacts. string "" no
management_group_policy_assignment_parameter_override 
"<mg_id>" = {
  <policy_assignment> = {
    <parameter_name> = any  (<policy_assignment> and <parameter_name> must be the same as in built-in or custom policy assignment definitions)
  }
}
 any {} no
management_groups 
"<mg_id>" = {
  display_name                 = string
  parent_management_group_id   = optional(string)       (Must be a <mg_id> of another MG)
  subscription_ids             = optional(list(string)) (List of subscription IDs that should be moved into that MG)
  archetype_id                 = optional(string)       (Name of an archetype as defined by CAF built-in or QBY archetype definitions)
 }
 
map(object({
    display_name               = string
    parent_management_group_id = optional(string)
    subscription_ids           = optional(list(string))
    archetype_id               = optional(string)
  }))
 {} no

Outputs

Name Description
ad_groups All AAD Groups that have been created
applications All AAD Applications that have been created
caf_output Passed through output of the underlying CAF module
service_principals All service principals that have been created

About

This module is an extension for Micorsoft CAF modules. It offers the possibility to implement your own management group structure and RBAC model with groups and permissions.

Topics

enterprise-scale-landingzone

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

4 forks
Report repository

Releases 11

Upgraded CAF dependency to v5 Latest
Jan 9, 2024
+ 10 releases

Packages

No packages published

Contributors 5

Languages