Skip to content

Latest commit

 

History

History
58 lines (44 loc) · 4.59 KB

README.md

File metadata and controls

58 lines (44 loc) · 4.59 KB
Raw

Configurable Azure Governance Module

This module is based on the Cloud Adoption Frameworks Enterprise Scale Landingzone. You can customize the management group layout, assigned policies and AAD groups to create and assign.

Use the archetype_lib folder in this repo to add custom archetypes, policy definitions and policy assignments.

Requirements

Name Version
azuread ~> 2.15.0
azurerm >= 2.77.0

Providers

Name Version
azuread ~> 2.15.0
azurerm >= 2.77.0

Modules

Name Source Version
governance_eslz git::https://github.com/Azure/terraform-azurerm-caf-enterprise-scale.git v2.0.1

Resources

Name Type
azuread_application.apps resource
azuread_group.groups resource
azuread_group_member.sp-assignments resource
azuread_service_principal.sp resource
azurerm_role_assignment.role_assignments resource
azurerm_client_config.current data source
azurerm_subscription.subs data source

Inputs

Name Description Type Default Required
group_assignments 
"<group_name>" = {
  service_principals = optional(list(string))    (list of service principals that should be added as members) 
  ""           = list(string)              ( must be a role_definition_name or role_definition_id from azure, every element must be a scope: "mg:<mg_id>", "sub:<subscription_id>", "root" for Tenant Root Group or a full scope ID)
}
 map(map(list(string))) {} no
library_path If specified, sets the path to a custom library folder for archetype artefacts. string "" no
management_group_policy_assignment_parameter_override 
"<mg_id>" = {
  <policy_assignment> = {
    <parameter_name> = any  (<policy_assignment> and <parameter_name> must be the same as in built-in or custom policy assignment definitions)
  }
}
 any {} no
management_groups 
"<mg_id>" = {
  display_name                 = string
  parent_management_group_id   = optional(string)       (Must be a <mg_id> of another MG)
  subscription_ids             = optional(list(string)) (List of subscription IDs that should be moved into that MG)
  archetype_id                 = optional(string)       (Name of an archetype as defined by CAF built-in or QBY archetype definitions)
 }
 
map(object({
    display_name               = string
    parent_management_group_id = optional(string)
    subscription_ids           = optional(list(string))
    archetype_id               = optional(string)
  }))
 {} no

Outputs

Name Description
ad_groups All AAD Groups that have been created
applications All AAD Applications that have been created
caf_output Passed through output of the underlying CAF module
service_principals All service principals that have been created