Skip to content
This repository has been archived by the owner on Feb 23, 2022. It is now read-only.
/ azuregovernance Public archive

Implement Azure Governance using Terraform

License

MIT license
20 stars 9 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rjfmachado/azuregovernance

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

277 Commits
.github/workflows
.github/workflows
 
 
docs
docs
 
 
pipelines
pipelines
 
 
src
src
 
 
.artifactignore
.artifactignore
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Azure Governance with Terraform

Build Status

This repo contains samples for using Terraform 0.13 to deploy and manage Azure Governance related resources using GitHub/Azure Devops and is configured to:

  • Support multiple Azure AD Tenants in a multistage pipeline - Currently dev and prod, but designed to support easy addition of more stages.
  • Azure Pipelines YAML templates for common tasks.
  • Use of containers to support required tooling version pinning.
    • Extend usage of container for dev scenarios with Visual Studio Code
  • Implement Azure Governance Resources
    • Subscription assignment to Management Groups
    • Support for external management of Subscription Assignment via lifecycle/ignore_changes
    • Custom Role Based Access Control definitons scoped to Management Groups, Subscriptions and Resource Groups #4847.
    • Role Based Access Control assignments with builtin and custom roles to Management Groups, Subscriptions and Resource Groups.
    • Azure Policy definitions scoped to Management Groups
    • Azure Policy assignments to Management Groups #3762
    • Add a scenario with Tags
    • Add a scenario for DeployIfNotExists and Managed Service Identities.
    • Add Blueprints definitions/assignments
  • Add Azure DevOps custom dashboard with relevant visuals
  • Add azure dashboard azurerm_dashboard
  • Improve deployment safety
    • Added Scheduled plan pipeline
    • Notify on pipeline failure
    • Add pull request pipeline
    • Add tflint, investigate terratest
    • Add tests to pull request pipeline
    • Add Environments, approvals and checks
    • Monitor secret age and alert.
  • Add Security Center configuration
  • Cost Management
  • Documentation
  • Add Azure AD custom roles
  • Custom Roles for App registration
  • Operations scenarios
    • Connect Activity Log to Workspace
    • Connect Azure AD Logs
    • Add Azure Monitor
    • Action Groups & Alerts
  • Terraform
    • Maintain Terraform state with the azurerm storage account backend.
    • Add Terraform graph and GraphViz support, review terraform-docs
    • Add a provisioners/connections scenario
    • Verify usage of dynamic block
  • Enterprise Scale

Setup

Setup guidance is work in progress and most steps are capable of automation with az cli and the azure-devops extension.

Note: the Repo contains IDs for tenants/subscriptions related to my test/demo infrastructure.

About

Implement Azure Governance using Terraform

Topics

azure terraform azure-devops

Resources

Readme

License

MIT license
Activity

Stars

20 stars

Watchers

5 watching

Forks

9 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages