Azure Connect

Source code & Installation

The source code of this kit module can be found hereopen in new window

Run the following command to install the kit module:

collie kit import azure/buildingblocks/connectivity
1

This documentation is intended as a reference documentation for cloud foundation or platform engineers using this module.

Permissions

This is a complex building block backplane that requires permission across the central network hub as well as into the target subscription for creating a spoke network. This backplane thus needs to work with multiple azurerm terraform providers.

We establish a clear shared responsibility boundary in the target subscription by deploying a connectivity resource group to target subscription. This resource group is exclusively owned by the connectivity building block backplane SPN.

An Azure Policy confines the access of the SPN to that resource group.

Requirements

NameVersion
terraform>= 1.0
azurerm~> 3.71.0

Modules

No modules.

Resources

NameType
azurerm_role_assignment.buildingblock_deploy_hubopen in new windowresource
azurerm_role_definition.buildingblock_deploy_hubopen in new windowresource
azurerm_subscription.currentopen in new windowdata source

Inputs

NameDescriptionTypeDefaultRequired
namename of the building block, used for naming resourcesstringn/ayes
principal_idsset of principal ids that will be granted permissions to deploy the building blockset(string)n/ayes
scopeScope where the building block should be deployable, typically the parent of all Landing Zones.stringn/ayes

Outputs

NameDescription
documentation_mdMarkdown documentation with information about the Connectivity building block backplane
role_assignment_idsThe IDs of the role assignments for the service principals.
role_assignment_principal_idsThe principal IDs of the service principals that have been assigned the role.
role_definition_idThe ID of the role definition that enables deployment of the Connectivity building block to the hub.
role_definition_nameThe name of the role definition that enables deployment of the Connectivity building block to the hub.
scopeThe scope where the role definition and role assignments are applied.