Azure Connect
Source code & Installation
The source code of this kit module can be found here
Run the following command to install the kit module:
collie kit import azure/buildingblocks/connectivity
This documentation is intended as a reference documentation for cloud foundation or platform engineers using this module.
Permissions
This is a complex building block backplane that requires permission across the central network hub as well as into the target subscription for creating a spoke network. This backplane thus needs to work with multiple azurerm terraform providers.
We establish a clear shared responsibility boundary in the target subscription by deploying a connectivity resource group to target subscription. This resource group is exclusively owned by the connectivity building block backplane SPN.
An Azure Policy confines the access of the SPN to that resource group.
Requirements
| Name | Version |
|---|---|
| terraform | >= 1.0 |
| azurerm | ~> 3.71.0 |
Modules
No modules.
Resources
| Name | Type |
|---|---|
| azurerm_role_assignment.buildingblock_deploy_hub | resource |
| azurerm_role_definition.buildingblock_deploy_hub | resource |
| azurerm_subscription.current | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| name | name of the building block, used for naming resources | string | n/a | yes |
| principal_ids | set of principal ids that will be granted permissions to deploy the building block | set(string) | n/a | yes |
| scope | Scope where the building block should be deployable, typically the parent of all Landing Zones. | string | n/a | yes |
Outputs
| Name | Description |
|---|---|
| documentation_md | Markdown documentation with information about the Connectivity building block backplane |
| role_assignment_ids | The IDs of the role assignments for the service principals. |
| role_assignment_principal_ids | The principal IDs of the service principals that have been assigned the role. |
| role_definition_id | The ID of the role definition that enables deployment of the Connectivity building block to the hub. |
| role_definition_name | The name of the role definition that enables deployment of the Connectivity building block to the hub. |
| scope | The scope where the role definition and role assignments are applied. |