Azure Bootstrap
Source code & Installation
The source code of this kit module can be found here
Run the following command to install the kit module:
collie kit import azure/bootstrap
This documentation is intended as a reference documentation for cloud foundation or platform engineers using this module.
Terraform State Storage
This module includes configuration to set up a state backend using Azure blob storage. You can activate this by configuring the terraform_state_storage variable.
Like all bootstrap modules published on collie hub, you will need to deploy this module twice to complete the bootstrap process. To migrate the state, it may be necessary to logout once from the Azure CLI az logout and then login again az login to obtain the newly created permissions for the storage container. Please see the bootstrap tutorial for more info.
If you're not using
terraform_state_storage, please configure your own backend inplatform.hcl
Platform Engineers Group
This module sets up an AAD group for managing platform engineers. This is required in conjunction with enabling access to terraform state storage but can also be used to grant administrative access to Azure resources.
UPN handling for AAD Guest users
Useful if you need to translate emails into UPNs (User Principal Names) as necessary, especially for guest users. You can add this code block to your terragrunt.hcl file instead of using inputs."
locals {
upn_domain = "#EXT#@devmeshithesheep.onmicrosoft.com"
platform_engineers_emails = [
"meshi@meshithesheep.io" # #TODO change, enter PLATFORM ENGINEERS here
]
# change the upn_domain value above
platform_engineers_members = [
for x in local.platform_engineers_emails : {
email = x
upn = "${replace(x, "@", "_")}${local.upn_domain}"
}
]
}
2
3
4
5
6
7
8
9
10
11
12
13
14
Remove Bootstrap (Unbootstraping)
The following sequence must be followed in order to remove the boostrap
Delete the tfstates-config file. The platform.hcl is using the local backend
rm foundations/<foundationname>/platforms/<platformname>/tfstates-config.yml
Migrate the state from the Storage account back to your local machine
collie foundation deploy --bootstrap -- init -migrate-state
Destroy the bootsrap
collie foundation deploy --bootstrap -- destroy
Requirements
| Name | Version |
|---|---|
| terraform | >= 1.0 |
| azuread | 2.53.1 |
| azurerm | 3.116.0 |
Modules
| Name | Source | Version |
|---|---|---|
| terraform_state | ./terraform-state | n/a |
Resources
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| documentation_uami | read-only UAMI with access to terraform states to generate documentation in CI pipelines | object({ | null | no |
| key_vault | This object contains configuration details for setting up a key vault. | object({ | { | no |
| parent_management_group_name | Name of the management group you want to use as parent for your foundation. | string | n/a | yes |
| platform_engineers_group | the name of the cloud foundation platform engineers group | string | n/a | yes |
| platform_engineers_members | Set up a group of platform engineers. If enabled, this group will receive access to terraform_state_storage | list(object({ | n/a | yes |
| terraform_state_storage | Configure this object to enable setting up a terraform state store in Azure Storage. | object({ | n/a | yes |
| validation_uami | read-only UAMI with access to terraform states and read-only access on the landingzone architecture for validation of the deployment in CI pipelines | object({ | null | no |