Azure Tenant Configuration

Source code & Installation

The source code of this kit module can be found here

Run the following command to install the kit module:

collie kit import azure/admin/tenant

In Azure, the AAD tenant is its own concept.

TIP

Keep in mind that every tenant has a "root management group", sitting at the top of the management group hierarchy. The id of this management group is equal to the AAD tenant id.

Requirements

Name	Version
terraform	>= 1.0
azurerm	~> 3.71.0

Modules

Name	Source	Version
billing_admins	./billing-admins	n/a

Resources

Name	Type
azurerm_management_group.admin	resource
azurerm_management_group.landingzones	resource
azurerm_management_group.platform	resource
azurerm_management_group_policy_assignment.allowed_locations	resource
azurerm_management_group_policy_assignment.allowed_locations_resource_groups	resource
azurerm_management_group.root	data source
azurerm_policy_definition.allowed_locations	data source
azurerm_policy_definition.allowed_locations_resource_groups	data source

Inputs

Name	Description	Type	Default	Required
aad_tenant_id	Id of the AAD Tenant. This is also the simultaneously the id of the root management group.	string	n/a	yes
allowed_locations	Allowed Azure regions.	list(string)	n/a	yes
billing_users	The list of users identified by their UPN that shall be granted billing access	list(object({ email = string, upn = string, }))	[]	no
platform_management_group_name	Create a management group of the specified name and treat it as the root of all resources managed as part of this kit. This managment group will sit directly below the root management group (AAD Tenant). This is good for separationg, in particular if you don't have exclusive control over the AAD Tenant because it is supporting non-cloudfoundation workloads as well.	string	n/a	yes

Outputs

Name	Description
admin_management_group_id	id of the admin management group
documentation_md	n/a
landingzones_management_group_id	id of the landingzones management group