avm-ptn-alz

Azure/avm-ptn-alz/azurerm

Terraform Module HCL AZURERM ✓ Verified

Terraform Azure Verified Pattern Module for Azure Landing Zone

Install

module "avm-ptn-alz" {

source = "Azure/avm-ptn-alz/azurerm"

version = "0.19.0"

}

⭐ Source on GitHub 📦 Registry page

README

![OpenSSF Scorecard](https://scorecard.dev/viewer/?uri=github.com/Azure/terraform-azurerm-avm-ptn-alz) ALZ Terraform Module - This repository contains a Terraform module for deploying Azure Landing Zones (ALZs). - Make sure to review the examples. > [!IMPORTANT] > Make sure to add .alzlib to your .gitignore file to avoid committing the downloaded ALZ library to your repository. Features - Deploy management groups according to the supplied architecture (default is ALZ) - Deploy policy assets (definitions, assignments, and initiatives) according to the supplied architecture ands associated archetypes - Modify policy assignments: - Enforcement mode - Identity - Non-compliance messages - Overrides - Parameters - Resource selectors - Create the required role assignments for Azure Policy, includ

Inputs (26)

Name	Type	Description	Default
architecture_name	string	The name of the architecture to create. This needs to be of the `*.alz_architect	required
location	string	The default location for resources in this management group. Used for policy man	required
parent_resource_id	string	The resource name of the parent management group. Use the tenant id to create a	required
management_groups_dependencies	any	Place dependent values into this variable to ensure that management groups are c	`null`
override_policy_definition_parameter_assign_permissions_set	set(object({ definition_na	This list of objects allows you to set the [`assignPermissions` metadata propert	`[ { "definition_name": "04754ef9-9`
policy_assignments_dependencies	any	Place dependent values into this variable to ensure that policy assignments are	`null`
policy_assignments_to_modify	map(object({ policy_assign	A map of policy assignment objects to modify the ALZ architecture with. You only	`{}`
delays	object({ after_management_	DEPRECATED: Please use the new `retries` variable instead to allow the provider	`{}`
role_assignment_name_use_random_uuid	bool	A control to use a random UUID for the role assignment name. If set to false, th	`false`
parent_id_overrides	object({ policy_assignment	A map of parent_id overrides for resources that have inconsistent casing in Azur	`{}`
policy_assignment_non_compliance_message_settings	object({ fallback_message_	Settings for the non-compliance messages of policy assignments. This is used to	`{}`
policy_default_values	map(string)	A map of default values to apply to policy assignments. The key is the default n	`null`
policy_role_assignments_dependencies	any	Place dependent values into this variable to ensure that policy role assignments	`null`
subscription_placement_destroy_behavior	string	The behavior to apply when destroying a subscription placement. Possible values	`"default"`
telemetry_additional_content	map(string)	Additional content to add to the telemetry tags. This can be used to add custom	`null`
override_policy_definition_parameter_assign_permissions_unset	set(object({ definition_na	This list of objects allows you to unset the [`assignPermissions` metadata prope	`null`
role_assignment_definition_lookup_enabled	bool	A control to disable the lookup of role definitions when creating role assignmen	`true`
management_group_hierarchy_settings	object({ default_managemen	Set this value to configure the hierarchy settings. Options are: - `default_man	`null`
retries	object({ management_groups	The retry settings to apply to the CRUD operations. Value is a nested object, th	`{}`
resource_api_versions	object({ policy_assignment	EXPERIMENTAL: Modify this to change the API versions used for each resource type	`{}`
schema_validation_enabled	object({ hierarchy_setting	Enable or disable schema validation for each resource type. Defaults to `true` f	`{}`
subscription_placement	map(object({ subscription_	A map of subscriptions to place into management groups. The key is deliberately	`{}`
subscription_placement_destroy_custom_target_management_group_id	string	The target management group name to move subscriptions to when the `subscription	`null`

Outputs (7)

management_group_resource_ids — A map of management group names to their resource ids.

policy_assignment_identity_ids — A map of policy assignment names to their identity ids.

policy_assignment_resource_ids — A map of policy assignment names to their resource ids.

policy_definition_resource_ids — A map of policy definition names to their resource ids.

policy_role_assignment_resource_ids — A map of policy role assignments to their resource ids.

policy_set_definition_resource_ids — A map of policy set definition names to their resource ids.

role_definition_resource_ids — A map of role definition names to their resource ids.

Resources (7)

azapi_resourceazapi_resource_actionazapi_update_resourcemodtm_telemetryrandom_uuidterraform_datatime_sleep

Topics & Tags

terraform-module terraform-provider-alz azure-landing-zones

Details

FrameworkTerraform Module

LanguageHCL

Version0.19.0

Cloud AZURERM

★ Stars122

Forks40

Total downloads310.3k

Inputs26

Outputs7

Resources7

Examples8

LicenseMIT

NamespaceAzure

Updated