diff --git a/README.md b/README.md index 95e916e..41ee7e2 100644 --- a/README.md +++ b/README.md @@ -7,10 +7,18 @@ ${REPO_DESCRIPTION} # Prérequis -Vous avez besoin d'une installation docker fonctionnelle. +Vous avez besoin d'une installation terraform fonctionnelle. https://developer.hashicorp.com/terraform/install?product_intent=terraform +Vous avec besoin d'avoir Powershell 7 + +https://learn.microsoft.com/fr-fr/powershell/scripting/install/installing-powershell-on-windows?view=powershell-7.4 + +Vous avec besoin d'avoir Azure CLI + +https://learn.microsoft.com/fr-fr/cli/azure/install-azure-cli-windows?tabs=azure-cli + # Démarrage manuel ~~~bash @@ -18,6 +26,30 @@ https://developer.hashicorp.com/terraform/install?product_intent=terraform cd ${TEMPLATE_NAME} ~~~ +~~~bash +pwsh +~~~ + +Depuis l'interface on contrôle la présent du module Powershell pour Azure +~~~bash +Get-InstalledModule -Name ALZ +~~~ + +S'il n'est pas présent on l'installe +~~~bash +Install-Module -Name ALZ +~~~ + +On s'authentifie +~~~bash +az login +~~~ + +On s'authentifie +~~~bash +Deploy-Accelerator -inputs "./config/inputs-local-terraform-complete-multi-region.yaml", "./config/config-hub-and-spoke-vnet-multi-region.yaml" -output "./output" -i "terraform" -b "alz_local" +~~~ + # Utilisation du repository init diff --git a/config/config-hub-and-spoke-vnet-multi-region.yaml b/config/config-hub-and-spoke-vnet-multi-region.yaml new file mode 100644 index 0000000..03b825d --- /dev/null +++ b/config/config-hub-and-spoke-vnet-multi-region.yaml @@ -0,0 +1,198 @@ +# This file contains templated variables to avoid repeating the same hard-coded values. +# Templated variables are denoted by the dollar curly braces token (e.g. ${starter_location_01}). The following details each templated variable that you can use: +# `starter_location_01`: This the primary an Azure location sourced from the `starter_locations` variable. This can be used to set the location of resources. +# `starter_location_02` to `starter_location_10`: These are the secondary Azure locations sourced from the `starter_locations` variable. This can be used to set the location of resources. +# `starter_location_01_availability_zones` to `starter_location_10_availability_zones`: These are the availability zones for the Azure locations sourced from the `starter_locations` variable. This can be used to set the availability zones of resources. +# `starter_location_01_virtual_network_gateway_sku_express_route` to `starter_location_10_virtual_network_gateway_sku_express_route`: These are the default SKUs for the Express Route virtual network gateways based on the Azure locations sourced from the `starter_locations` variable. This can be used to set the SKU of the virtual network gateways. +# `starter_location_01_virtual_network_gateway_sku_vpn` to `starter_location_10_virtual_network_gateway_sku_vpn`: These are the default SKUs for the VPN virtual network gateways based on the Azure locations sourced from the `starter_locations` variable. This can be used to set the SKU of the virtual network gateways. +# `root_parent_management_group_id`: This is the id of the management group that the ALZ hierarchy will be nested under. +# `subscription_id_identity`: The subscription ID of the subscription to deploy the identity resources to, sourced from the variable `subscription_id_identity`. +# `subscription_id_connectivity`: The subscription ID of the subscription to deploy the connectivity resources to, sourced from the variable `subscription_id_connectivity`. +# `subscription_id_management`: The subscription ID of the subscription to deploy the management resources to, sourced from the variable `subscription_id_management`. + +--- +connectivity_resource_groups: + ddos: + location: ${starter_location_01} + name: rg-hub-ddos-${starter_location_01} + dns: + location: ${starter_location_01} + name: rg-hub-dns-${starter_location_01} + vnet_primary: + location: ${starter_location_01} + name: rg-hub-${starter_location_01} + vnet_secondary: + location: ${starter_location_02} + name: rg-hub-${starter_location_02} +connectivity_type: hub_and_spoke_vnet +hub_and_spoke_vnet_settings: + ddos_protection_plan: + location: ${starter_location_01} + name: ddos-hub-${starter_location_01} + resource_group_name: ${connectivity_resource_group_ddos} +hub_and_spoke_vnet_virtual_networks: + primary: + hub_virtual_network: + address_space: + - 10.0.0.0/16 + firewall: + default_ip_configuration: + public_ip_config: + ip_version: IPv4 + name: pip-fw-hub-${starter_location_01} + zones: ${starter_location_01_availability_zones} + firewall_policy: + dns: + proxy_enabled: true + name: fwp-hub-${starter_location_01} + name: fw-hub-${starter_location_01} + sku_name: AZFW_VNet + sku_tier: Premium + subnet_address_prefix: 10.0.0.0/24 + zones: ${starter_location_01_availability_zones} + location: ${starter_location_01} + name: vnet-hub-${starter_location_01} + resource_group_creation_enabled: false + resource_group_name: ${connectivity_resource_group_vnet_primary} + subnets: + virtual_network_gateway: + address_prefixes: + - 10.0.1.0/24 + assign_generated_route_table: false + name: GatewaySubnet + tags: + deployment: terraform + source: Azure Landing Zones Accelerator + private_dns_zones: + is_primary: true + resource_group_name: ${connectivity_resource_group_dns} + virtual_network_gateways: + express_route: + ip_configurations: + default: + name: ipconfig-vgw-hub-expressroute-${starter_location_01} + public_ip: + name: pip-vgw-hub-expressroute-${starter_location_01} + zones: ${starter_location_01_availability_zones} + location: ${starter_location_01} + name: vgw-hub-expressroute-${starter_location_01} + sku: ${starter_location_01_virtual_network_gateway_sku_express_route} + type: ExpressRoute + vpn: + ip_configurations: + default: + name: ipconfig-vgw-hub-vpn-${starter_location_01} + public_ip: + name: pip-vgw-hub-vpn-${starter_location_01} + zones: ${starter_location_01_availability_zones} + location: ${starter_location_01} + name: vgw-hub-vpn-${starter_location_01} + sku: ${starter_location_01_virtual_network_gateway_sku_vpn} + type: Vpn + secondary: + hub_virtual_network: + address_space: + - 10.1.0.0/16 + firewall: + default_ip_configuration: + public_ip_config: + ip_version: IPv4 + name: pip-fw-hub-${starter_location_02} + zones: ${starter_location_02_availability_zones} + firewall_policy: + dns: + proxy_enabled: true + name: fwp-hub-${starter_location_01} + name: fw-hub-${starter_location_02} + sku_name: AZFW_VNet + sku_tier: Premium + subnet_address_prefix: 10.1.0.0/24 + zones: ${starter_location_02_availability_zones} + location: ${starter_location_02} + name: vnet-hub-${starter_location_02} + resource_group_creation_enabled: false + resource_group_name: ${connectivity_resource_group_vnet_secondary} + subnets: + virtual_network_gateway: + address_prefixes: + - 10.1.1.0/24 + assign_generated_route_table: false + name: GatewaySubnet + tags: + deployment: terraform + source: Azure Landing Zones Accelerator + private_dns_zones: + is_primary: false + resource_group_name: ${connectivity_resource_group_dns} + virtual_network_gateways: + express_route: + ip_configurations: + default: + name: ipconfig-vgw-hub-expressroute-${starter_location_02} + public_ip: + name: pip-vgw-hub-expressroute-${starter_location_02} + zones: ${starter_location_02_availability_zones} + location: ${starter_location_02} + name: vgw-hub-expressroute-${starter_location_02} + sku: ${starter_location_02_virtual_network_gateway_sku_express_route} + type: ExpressRoute + vpn: + ip_configurations: + default: + name: ipconfig-vgw-hub-vpn-${starter_location_02} + public_ip: + name: pip-vgw-hub-vpn-${starter_location_02} + zones: ${starter_location_02_availability_zones} + location: ${starter_location_02} + name: vgw-hub-vpn-${starter_location_02} + sku: ${starter_location_02_virtual_network_gateway_sku_vpn} + type: Vpn +management_settings_es: + configure_connectivity_resources: + advanced: + custom_settings_by_resource_type: + azurerm_network_ddos_protection_plan: + ddos: + ${starter_location_01}: + name: ddos-hub-${starter_location_01} + azurerm_resource_group: + ddos: + ${starter_location_01}: + name: ${connectivity_resource_group_ddos} + dns: + ${starter_location_01}: + name: ${connectivity_resource_group_dns} + settings: + ddos_protection_plan: + config: + location: ${starter_location_01} + dns: + config: + location: ${starter_location_01} + configure_management_resources: + advanced: + asc_export_resource_group_name: rg-management-asc-export-${starter_location_01} + azurerm_automation_account: + management: + name: aa-management-${starter_location_01} + azurerm_log_analytics_workspace: + management: + name: law-management-${starter_location_01} + custom_settings_by_resource_type: + azurerm_resource_group: + management: + name: rg-management-${starter_location_01} + location: ${starter_location_01} + default_location: ${starter_location_01} + # put this to false because avm module is used + deploy_connectivity_resources: false + deploy_management_resources: true + deploy_core_landing_zones: true + deploy_corp_landing_zones: true + deploy_online_landing_zones: true + root_id: alz + root_name: Azure-Landing-Zones + root_parent_id: ${root_parent_management_group_id} + subscription_id_connectivity: ${subscription_id_connectivity} + subscription_id_identity: ${subscription_id_identity} + subscription_id_management: ${subscription_id_management} \ No newline at end of file diff --git a/config/inputs-local-terraform-complete-multi-region.yaml b/config/inputs-local-terraform-complete-multi-region.yaml new file mode 100644 index 0000000..29070d3 --- /dev/null +++ b/config/inputs-local-terraform-complete-multi-region.yaml @@ -0,0 +1,38 @@ +--- +# For detailed instructions on using this file, visit: +# https://github.com/Azure/ALZ-PowerShell-Module/wiki/%5BUser-Guide%5D-Quick-Start-Phase-2-Local#2232-local-file-system-with-terraform + +# Basic Inputs +iac_type: "terraform" +bootstrap_module_name: "alz_local" +starter_module_name: "complete_multi_region" + +# Shared Interface Inputs +bootstrap_location: "francecentral" +starter_locations: ["francecentral", "francesouth"] +root_parent_management_group_id: "************" +subscription_id_management: "*************" +subscription_id_identity: "******" +subscription_id_connectivity: "1******" + +# Bootstrap Inputs +target_directory: "alz-local-001" +create_bootstrap_resources_in_azure: false +bootstrap_subscription_id: "e32dabfc-1904-4ae7-a543-1db013b3c60c" +service_name: "alz" +environment_name: "mgmt" +postfix_number: 1 +grant_permissions_to_current_user: true + +# Complete Multi Region Starter Module Specific Variables +# (Details: https://github.com/Azure/ALZ-PowerShell-Module/wiki/%5BUser-Guide%5D-Starter-Module-Terraform-Complete-Multi-Region) +# The detailed configuration can be supplied in a separate file or combined in this file. Examples can be seen here: +# Hub and Spoke Virtual Network Multi Region: https://raw.githubusercontent.com/wiki/Azure/ALZ-PowerShell-Module/examples/starter-module-config/complete-multi-region/config-hub-and-spoke-vnet-multi-region.yaml +# Virtual WAN Multi Region: https://raw.githubusercontent.com/wiki/Azure/ALZ-PowerShell-Module/examples/starter-module-config/complete-multi-region/config-virtual-wan-multi-region.yaml +# Hub and Spoke Virtual Network Single Region: https://raw.githubusercontent.com/wiki/Azure/ALZ-PowerShell-Module/examples/starter-module-config/complete-multi-region/config-hub-and-spoke-vnet-single-region.yaml +# Virtual WAN Single Region: https://raw.githubusercontent.com/wiki/Azure/ALZ-PowerShell-Module/examples/starter-module-config/complete-multi-region/config-virtual-wan-single-region.yaml + +# Advanced Inputs +bootstrap_module_version: "4.1.7" +starter_module_version: "4.5.8" +#output_folder_path: "/accelerator/output" \ No newline at end of file