-
Notifications
You must be signed in to change notification settings - Fork 51
Expand file tree
/
Copy pathinputs-azure-devops-terraform-financial-services-landing-zone.yaml
More file actions
86 lines (82 loc) · 2.66 KB
/
inputs-azure-devops-terraform-financial-services-landing-zone.yaml
File metadata and controls
86 lines (82 loc) · 2.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
---
# Basic Inputs
iac: "terraform"
bootstrap: "alz_azuredevops"
starter: "financial_services_landing_zone"
# Shared Interface Inputs
bootstrap_location: "<region-1>"
starter_locations: ["<region-1>"] # NOTE: FSI only support a single region by design
root_parent_management_group_id: ""
subscription_id_management: "<management-subscription-id>"
subscription_id_identity: "<identity-subscription-id>"
subscription_id_connectivity: "<connectivity-subscription-id>"
# Bootstrap Inputs
azure_devops_personal_access_token: "<token-1>"
azure_devops_agents_personal_access_token: "<token-2>"
azure_devops_organization_name: "<azure-devops-organization>"
use_separate_repository_for_templates: true
bootstrap_subscription_id: ""
service_name: "fsi"
environment_name: "mgmt"
postfix_number: 1
azure_devops_use_organisation_legacy_url: false
azure_devops_create_project: true
azure_devops_project_name: "<azure-devops-project-name>"
use_self_hosted_agents: true
use_private_networking: true
allow_storage_access_from_my_ip: false
apply_approvers: ["<email-address>"]
create_branch_policies: true
architecture_definition_name: "fsi"
apply_alz_archetypes_via_architecture_definition_template: true
# Starter Module Specific Variables
allowed_locations: []
allowed_locations_for_confidential_computing: []
az_firewall_policies_enabled: true
bastion_outbound_ssh_rdp_ports: ["22", "3389"]
custom_subnets: {
AzureBastionSubnet: {
address_prefixes: "10.20.15.0/24",
name: "AzureBastionSubnet",
networkSecurityGroupId: "",
routeTableId: ""
},
AzureFirewallSubnet: {
address_prefixes: "10.20.254.0/24",
name: "AzureFirewallSubnet",
networkSecurityGroupId: "",
routeTableId: ""
},
GatewaySubnet: {
address_prefixes: "10.20.252.0/24",
name: "GatewaySubnet",
networkSecurityGroupId: "",
routeTableId: ""
}
}
customer: "Country/Region"
customer_policy_sets: {}
default_postfix: ""
default_prefix: "fsi"
deploy_bastion: true
deploy_ddos_protection: true
deploy_hub_network: true
deploy_log_analytics_workspace: true
enable_firewall: true
enable_telemetry: true
express_route_gateway_config: {name: "noconfigEr"}
hub_network_address_prefix: "10.20.0.0/16"
landing_zone_management_group_children: {}
log_analytics_workspace_retention_in_days: "365"
ms_defender_for_cloud_email_security_contact: "security_contact@replaceme.com"
policy_assignment_enforcement_mode: "Default"
policy_effect: "Deny"
policy_exemptions: {}
subscription_billing_scope: ""
tags: {}
top_level_management_group_name: "Financial Services Landing Zone"
use_premium_firewall: true
vpn_gateway_config: {name: "noconfigVpn"}
# Advanced Inputs
bootstrap_module_version: "v4.1.8"
starter_module_version: "latest"