## Description This highly available and resilient Azure architecture is designed to ensure business continuity by leveraging Azure Chaos Studio for proactive failure testing and resilience validation. The architecture is spread across two regions, East US (EUS) and West Europe (WEU), using redundant infrastructure, load balancing, and firewall protection to minimize downtime and enhance security. **N.B:** - The Terraform code is automatically generated with best practices and contains variables that you can customize to fir your needs. - You have full control to change, add, delete resources or their configuration. The newly generated code will reflect these changes. - You can replace some resources with Terraform modules. > terraform apply status: successful > ## Architecture components | **Component** | **Type** | **Description** | |------------------------------------|----------------------------------------------|----------------------------------------------------------| | **Resource Groups (EUS & WEU)** | `azurerm_resource_group` | Logical grouping for managing resources. | | **Virtual Networks (VNets)** | `azurerm_virtual_network` | Isolated networking environments per region. | | **Subnets** | `azurerm_subnet` | Separate address spaces for Load Balancers, VMs, and Firewalls. | | **Azure Firewall (EUS & WEU)** | `azurerm_firewall` | Central security enforcement with NAT and network rules. | | **Firewall NAT Rules** | `azurerm_firewall_nat_rule_collection` | Controls inbound traffic redirections. | | **Firewall Network Rules** | `azurerm_firewall_network_rule_collection` | Manages outbound traffic restrictions. | | **Load Balancer (EUS & WEU)** | `azurerm_lb` | Distributes traffic to backend VMs in each region. | | **Traffic Manager** | `azurerm_traffic_manager_profile` | Routes requests based on region health and priority. | | **Public IPs (EUS & WEU)** | `azurerm_public_ip` | Provides internet connectivity for Load Balancers & Firewalls. | | **Availability Sets** | `azurerm_availability_set` | Ensures VM redundancy and fault tolerance. | | **Virtual Machines (Windows VMs)** | `azurerm_windows_virtual_machine` | Compute instances running workloads in EUS & WEU. | | **Network Interfaces (NICs)** | `azurerm_network_interface` | Connects VMs to virtual networks. | | **Backend Address Pools** | `azurerm_lb_backend_address_pool` | Groups VM NICs behind the load balancer. | | **Load Balancer Rules** | `azurerm_lb_rule` | Defines traffic distribution rules for the LB. | | **Chaos Engineering (Azure Chaos Studio)** | `azurerm_chaos_studio_target` | Simulates failures to test system resilience. | | **Managed Identity (EUS)** | `azurerm_user_assigned_identity` | Identity service for role-based access control (RBAC). | ## Requirements | **Requirement** | **Configuration** | |----------------------------|-----------------------------------------------------------------| | **Terraform Version** | `>= 1.3.0` | | **Provider** | `AzureRM` | | **Provider Version** | `>= 3.88.0` | | **Access Permissions** | Service Principal with **Contributor** role | | **Regions Used** | East US (`EUS`), West Europe (`WEU`) | | **Networking** | VNet Peering, Private Subnets, Network Security Groups (NSG) | | **Security** | Azure Firewall, Managed Identities, Role-Based Access Control (RBAC) | | **Traffic Management** | Azure Load Balancer, Traffic Manager, Firewall NAT Rules | | **Compute** | Windows Virtual Machines, Availability Sets | | **Resilience & Scaling** | Load Balancers, Availability Sets, Chaos Engineering (Azure Chaos Studio) | | **Monitoring & Health** | Load Balancer Probes, Traffic Manager Failover Mechanisms | | **Public Access Control** | Restricted with **Private Networking** and **Azure Firewall** | | **Identity & Authentication** | Managed Identity, Role Assignments (RBAC) | | **Storage & Availability** | Standard_LRS OS Disks for VMs | ## How to use the architecture Clone the architecture and modify the following variables according to your needs: ### **🌍 General Configuration** | **Variable** | **Default Value** | **Description** | |--------------------------|-------------------------------------------------------|-----------------------------------------------------| | `projet_name` | `"chaos"` | Project Name | | `env` | `"prod"` | Deployment Environment | | `tags` | `{ archuuid = "758958ab-cc96-43e9-98c3-44937dc3b638", env = "Development" }` | Resource Tags | ### **📍 Regions & Locations** | **Variable** | **Default Value** | **Description** | |--------------------------|-------------------------------------------------------|-----------------------------------------------------| | `location_eus` | `"East US"` | Primary Azure Region | | `region_eus_name` | `"eastus"` | East US Region Short Name | | `location_weu` | `"West Europe"` | Secondary Azure Region | | `region_weu_name` | `"westeurope"` | West Europe Region Short Name | ### **🌐 Networking** | **Variable** | **Default Value** | **Description** | |--------------------------|-------------------------------------------------------|-----------------------------------------------------| | `vnet_eus_addr_space` | `"10.1.0.0/16"` | Virtual Network Address Space for East US | | `vnet_weu_addr_space` | `"10.2.0.0/16"` | Virtual Network Address Space for West Europe | | `snet_eus_addr_space` | `"10.1.1.0/24"` | Subnet Address Space for East US | | `snet_weu_addr_space` | `"10.2.1.0/24"` | Subnet Address Space for West Europe | | `snet_lb_eus_addr_space` | `"10.1.4.0/24"` | Load Balancer Subnet for East US | | `snet_lb_weu_addr_space` | `"10.2.4.0/24"` | Load Balancer Subnet for West Europe | ### **🔥 Firewall Configuration** | **Variable** | **Default Value** | **Description** | |--------------------------|-------------------------------------------------------|-----------------------------------------------------| | `fw_sku_name` | `"AZFW_VNet"` | Azure Firewall SKU Name | | `fw_sku_tier` | `"Standard"` | Azure Firewall SKU Tier | | `fw-ipconf-name` | `"fw-ipconfig"` | Firewall IP Configuration Name | | `fw-nat-rule-action` | `"Dnat"` | Firewall NAT Rule Action | | `fw-nat-rule-priority` | `100` | Priority of Firewall NAT Rule | | `fw-nat-rule-eus_name` | `"fw-nat-rule-eus"` | Firewall NAT Rule Name for East US | | `fw-nat-rule-weu_name` | `"fw-nat-rule-weu"` | Firewall NAT Rule Name for West Europe | | `snet_fw_name` | `"AzureFirewallSubnet"` | Firewall Subnet Name | | `snet_fw_eus_addr_space` | `"10.1.2.0/24"` | Firewall Subnet for East US | | `snet_fw_weu_addr_space` | `"10.2.2.0/24"` | Firewall Subnet for West Europe | | `snet_fw_mngt_name` | `"AzureFirewallManagementSubnet"` | Firewall Management Subnet Name | | `snet_fwmngt_eus_addr_space` | `"10.1.3.0/24"` | Firewall Management Subnet for East US | | `snet_fwmngt_weu_addr_space` | `"10.2.3.0/24"` | Firewall Management Subnet for West Europe | ### **🚦 Load Balancer & Traffic Management** | **Variable** | **Default Value** | **Description** | |--------------------------|-------------------------------------------------------|-----------------------------------------------------| | `lb_frontend_name` | `"frontend"` | Load Balancer Frontend Name | | `traffic_manager_name` | `"chaos-traffic-manager"` | Traffic Manager Profile Name | | `dns_config_name` | `"chaos-app"` | DNS Configuration Name | | `dns_config_tll` | `30` | DNS TTL (Time to Live) in seconds | ### **📡 Monitoring & Health Checks** | **Variable** | **Default Value** | **Description** | |--------------------------|-------------------------------------------------------|-----------------------------------------------------| | `monitor_interval_sc` | `30` | Monitoring Interval in seconds | | `monitor_number_failures`| `3` | Allowed Failures Before Switching Traffic | | `monitor_path` | `"/"` | Monitoring Path for Traffic Manager | | `monitor_port` | `80` | Monitoring Port | | `monitor_protocol` | `"HTTP"` | Monitoring Protocol | | `monitor_timeout` | `10` | Monitoring Timeout in seconds | ### **🖥 Virtual Machine Configuration** | **Variable** | **Default Value** | **Description** | |--------------------------|-------------------------------------------------------|-----------------------------------------------------| | `vm_admin_username` | `"adminuser"` | Virtual Machine Administrator Username | | `vm_size` | `"Standard_D2_v2"` | Virtual Machine Size | | `vm_storage_account_type` | `"Standard_LRS"` | VM Storage Account Type | ### **🖼 Virtual Machine Image Configuration** | **Variable** | **Default Value** | **Description** | |--------------------------|-------------------------------------------------------|-----------------------------------------------------| | `src_img_ref_offer` | `"UbuntuServer"` | Virtual Machine Image Offer | | `src_img_ref_publisher` | `"Canonical"` | Virtual Machine Image Publisher | | `src_img_ref_sku` | `"18.04-LTS"` | Virtual Machine Image SKU | | `src_img_ref_version` | `"latest"` | Virtual Machine Image Version | ### **🖧 Network Security & Access** | **Variable** | **Default Value** | **Description** | |--------------------------|-------------------------------------------------------|-----------------------------------------------------| | `servercounta` | `1` | Number of Virtual Machines in Group A | | `servercountb` | `1` | Number of Virtual Machines in Group B | | `pip_sku` | `"Dynamic"` | Public IP SKU Type | **N.B:** - Feel free to remove the resources that are not relevant to your use-case. - Some variables have default values, please change it if it doesn't fit your deployment. ## Maintainer(s) You can reach out to these maintainers if you need help or assistance: - [Brainboard team](mailto:support@brainboard.co)