lz-vending
Azure/lz-vending/azurerm
Terraform Module
HCL
AZURERM
✓ Verified
Terraform module to deploy landing zone subscriptions (and much more) in Azure
Install
module "lz-vending" {
source = "Azure/lz-vending/azurerm"
version = "7.0.3"
}
README
Terraform landing zone vending module for Azure > [!IMPORTANT] > THIS MODULE IS NOW ARCHIVED > Migration is seamless to v0.1.0 of the AVM module > PLEASE SEE Overview The landing zone Terraform module is designed to accelerate deployment of individual landing zones within an Azure tenant. We use the AzAPI provider to create the subscription and deploy the resources in a single terraform apply step. The module is designed to be instantiated many times, once for each desired landing zone. This is currently split logically into the following capabilities: - Subscription creation and management group placement - Networking - deploy multiple vnets with: - Hub & spoke connectivity (peering to a hub network) - vWAN connectivity - Mesh peering (peering between spokes) - Role assignments - Resource
Inputs (29)
| Name | Type | Description | Default |
|---|---|---|---|
| location | string | The default location of resources created by this module. Virtual networks will | |
| network_security_groups | map(object({ name | A map of the network security groups to create. The map key must be known at the | {} |
| route_table_enabled | bool | Whether to create route tables and routes in the target subscription. Requires ` | false |
| wait_for_subscription_before_subscription_operations | object({ create = optiona | The duration to wait after vending a subscription before performing subscription | {} |
| user_managed_identities | map(object({ name | A map of user-managed identities to create. The map key must be known at the pla | {} |
| subscription_register_resource_providers_and_features | map(set(string)) | The map of resource providers to register. The map keys are the resource provide | {
"Microsoft.AVS": [],
"Microsoft.Ap |
| route_tables | map(object({ name | A map defining route tables and their associated routes to be created: - `name` | {} |
| subscription_management_group_id | string | The destination management group ID for the new subscription. **Note:** Do no | null |
| subscription_tags | map(string) | A map of tags to assign to the newly created subscription. Only valid when `subs | {} |
| budgets | map(object({ name | Map of budgets to create for the subscription. - `name` - The name of the budge | {} |
| resource_group_creation_enabled | bool | Whether to create additional resource groups in the target subscription. Require | false |
| role_assignment_enabled | bool | Whether to create role assignments. If enabled, supply the list of role assignme | false |
| role_assignments | map(object({ principal_id | Supply a map of objects containing the details of the role assignments to create | {} |
| subscription_display_name | string | The display name of the subscription alias. The string must be comprised of a-z | null |
| budget_enabled | bool | Whether to create budgets. If enabled, supply the list of budgets in `var.budget | false |
| resource_groups | map(object({ name | A map of the resource groups to create. The value is an object with the followin | {} |
| subscription_workload | string | The billing scope for the new subscription alias. The workload type can be eith | null |
| subscription_update_existing | bool | Whether to update an existing subscription with the supplied tags and display na | false |
| virtual_network_enabled | bool | Enables and disables the virtual network submodule. | false |
| subscription_management_group_association_enabled | bool | Whether to create the management group association resource. If enabled, the `s | false |
| subscription_billing_scope | string | The billing scope for the new subscription alias. A valid billing scope starts | null |
Outputs (11)
umi_resource_ids — The Azure resource id of the user managed identity.
Value will be null if `var.umi_enabled` is falsemanagement_group_subscription_association_id — The management_group_subscription_association_id output is the ID of the management group subscriptiumi_client_ids — The client id of the user managed identity.
Value will be null if `var.umi_enabled` is false.
umi_principal_ids — The principal id of the user managed identity, sometimes known as the object id.
Value will be null umi_tenant_ids — The tenant id of the user managed identity.
Value will be null if `var.umi_enabled` is false.
virtual_network_resource_ids — A map of virtual network resource ids, keyed by the var.virtual_networks input map. Only populated ibudget_resource_id — The created budget resource IDs, expressed as a map.resource_group_resource_ids — The created resource group IDs, expressed as a map.route_table_resource_ids — The created route table resource IDs, expressed as a map.subscription_id — The subscription_id is the Azure subscription id that resources have been deployed into.subscription_resource_id — The subscription_resource_id is the Azure subscription resource id that resources have been deployedResources (1)
azapi_resource
Details
FrameworkTerraform Module
LanguageHCL
Version7.0.3
Cloud AZURERM
★ Stars210
Forks102
Total downloads1.0M
Inputs29
Outputs11
Resources1
Examples1
Submodules9
LicenseMIT
NamespaceAzure
Updated