Use this template
Cloud architecture templates
Azure Multi-subscription landing zone

Azure Multi-subscription landing zone

    DescriptionComponentsRequirementsHow to useMantainers
    # Azure Multi-subscription Landing Zone ## Description 📝 A Terraform multi-subscription Azure landing zone is a deployment architecture in which multiple Azure subscriptions are used to organize and manage cloud resources in a centralized manner. The main goal of this architecture is to provide a centralized management platform to create, configure and manage Azure resources while ensuring consistency and compliance across multiple subscriptions. To implement the multi-subscription Azure landing zone, the following steps were followed: - Create Azure subscriptions: Create two Azure subscriptions, one for the hub and one for the spoke. - Configure the providers with the credentials of the tenant and main subscription. - Configure the provider configuration and add the second subscription as a second provider using an alias. - Define Azure Resource Groups and Virtual networks: Create an Azure resource group for each subscription and virtual networks. - Add a provider block on each resource of the second subscription. - Add vnet peerings and security policies. - Deploy Azure resources using CI/CD pipeline # Architecture components 🏛️ 1. Resource Group 2. Virtual Network 3. Subnets 4. Firewall 5. Firewall policy 6. Firewall rules 7. Virtual network gateway 8. Virtual Machine 9. Network interface 10. Kubernetes 11. Log Analytics workspace 12. Monitor diagnostic settings 13. Storage account 14. Network security rule 15. Network security group 16. Route table 17. Route table association 18. Mssql managed instance # Requirements | Name | Configuration | | --- | --- | | Terraform | all versions | | Provider | Azurerm | | Provider version | 3.37 | ## How to use the architecture To use this architecture, clone it within your project and change the following components: Change the provider configuration and add the subscription id. | Variable | Description | | --- | --- | | hostname | hostname for your specific application | | location_hub | Location for the main subscription | | location_spoke | Location for second subscription | | public_cert | Certification | | public_key | Public key | | snet_firewall | Subnet for firewall | | snet_jumphost | Subnet for jumphost | | snet_kubernetes | Subnet for kubernetes | | snet_mi | Subnet for managed instance | | snet_monitoring | Subnet for monitoring| | snet_vpn | Subnet for VPN | | vnet_application | Virtual network for application | | vnet_database | Virtual network for database | | vnet_hub | Virtual network for hub | # Maintainer(s) - [Marsela Abdi](mailto:marsela@brainboard.co) - [Brainboard team](mailto:support@brainboard.co)