forked from Azure/terraform-azurerm-caf-enterprise-scale
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
85 lines (74 loc) · 4.64 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
# The following module is used to generate the configuration
# data used to deploy all archetype resources at the
# Management Group scope. Future plans include repeating this
# for Subscription scope configuration so we can improve
# coverage for archetype patterns which deploy specific
# groups of Resources within a Subscription.
module "management_group_archetypes" {
for_each = local.es_landing_zones_map
source = "./modules/archetypes"
root_id = "${local.provider_path.management_groups}${local.root_id}"
scope_id = each.key
archetype_id = each.value.archetype_config.archetype_id
parameters = each.value.archetype_config.parameters
access_control = each.value.archetype_config.access_control
library_path = local.library_path
template_file_variables = local.template_file_variables
default_location = local.default_location
enforcement_mode = merge(
try(module.connectivity_resources.configuration.archetype_config_overrides[basename(each.key)].enforcement_mode, null),
try(module.identity_resources.configuration.archetype_config_overrides[basename(each.key)].enforcement_mode, null),
try(module.management_resources.configuration.archetype_config_overrides[basename(each.key)].enforcement_mode, null),
)
}
# The following module is used to generate the configuration
# data used to deploy platform resources based on the
# "management" landing zone archetype.
module "management_resources" {
source = "./modules/management"
# Mandatory input variables
enabled = local.deploy_management_resources
root_id = local.root_id
subscription_id = local.subscription_id_management
settings = local.configure_management_resources.settings
# Optional input variables (basic configuration)
location = coalesce(local.configure_management_resources.location, local.default_location)
tags = local.management_resources_tags
# Optional input variables (advanced configuration)
resource_prefix = try(local.configure_management_resources.advanced.resource_prefix, local.empty_string)
resource_suffix = try(local.configure_management_resources.advanced.resource_suffix, local.empty_string)
existing_resource_group_name = try(local.configure_management_resources.advanced.existing_resource_group_name, local.empty_string)
existing_log_analytics_workspace_resource_id = try(local.configure_management_resources.advanced.existing_log_analytics_workspace_resource_id, local.empty_string)
existing_automation_account_resource_id = try(local.configure_management_resources.advanced.existing_automation_account_resource_id, local.empty_string)
link_log_analytics_to_automation_account = try(local.configure_management_resources.advanced.link_log_analytics_to_automation_account, true)
custom_settings_by_resource_type = try(local.configure_management_resources.advanced.custom_settings_by_resource_type, local.empty_map)
}
# The following module is used to generate the configuration
# data used to deploy platform resources based on the
# "identity" landing zone archetype.
module "identity_resources" {
source = "./modules/identity"
# Mandatory input variables
enabled = local.deploy_identity_resources
root_id = local.root_id
settings = local.configure_identity_resources.settings
}
# The following module is used to generate the configuration
# data used to deploy platform resources based on the
# "connectivity" landing zone archetype.
module "connectivity_resources" {
source = "./modules/connectivity"
# Mandatory input variables
enabled = local.deploy_connectivity_resources
root_id = local.root_id
subscription_id = local.subscription_id_connectivity
settings = local.configure_connectivity_resources.settings
# Optional input variables (basic configuration)
location = coalesce(local.configure_connectivity_resources.location, local.default_location)
tags = local.connectivity_resources_tags
# Optional input variables (advanced configuration)
resource_prefix = try(local.configure_connectivity_resources.advanced.resource_prefix, local.empty_string)
resource_suffix = try(local.configure_connectivity_resources.advanced.resource_suffix, local.empty_string)
existing_ddos_protection_plan_resource_id = try(local.configure_connectivity_resources.advanced.existing_resource_group_name, local.empty_string)
custom_settings_by_resource_type = try(local.configure_connectivity_resources.advanced.custom_settings_by_resource_type, local.empty_map)
}