diff --git a/docs/wiki/[User-Guide]-Starter-Module-Bicep-Complete.md b/docs/wiki/[User-Guide]-Starter-Module-Bicep-Complete.md index 481a533b..e738cb48 100644 --- a/docs/wiki/[User-Guide]-Starter-Module-Bicep-Complete.md +++ b/docs/wiki/[User-Guide]-Starter-Module-Bicep-Complete.md @@ -1,12 +1,6 @@ The `complete` starter module is currently the only option available for Bicep. -Example input files can be found here: - -- [inputs-azure-devops-bicep-complete.yaml][example_powershell_inputs_azure_devops_bicep_complete] -- [inputs-github-bicep-complete.yaml][example_powershell_inputs_github_bicep_complete] -- [inputs-local-bicep-complete.yaml][example_powershell_inputs_local_bicep_complete] - The following table describes the inputs required for the `complete` starter module. | Input | Placeholder | Description | @@ -17,6 +11,12 @@ The following table describes the inputs required for the `complete` starter mod | `networkType` | `hubNetworking` | The type of network configuration to deploy. Currently only `hubNetworking`, `hubNetworkingMultiRegion`, `vwanConnectivity,` `vwanConnectivityMultiRegion` or `none` are supported. | | `SecurityContact` | `` | The email address of the security contact for the landing zone. | +Example input files can be found here: + +- [inputs-azure-devops-bicep-complete.yaml][example_powershell_inputs_azure_devops_bicep_complete] +- [inputs-github-bicep-complete.yaml][example_powershell_inputs_github_bicep_complete] +- [inputs-local-bicep-complete.yaml][example_powershell_inputs_local_bicep_complete] + [//]: # (************************) [//]: # (INSERT LINK LABELS BELOW) [//]: # (************************) diff --git a/docs/wiki/[User-Guide]-Starter-Module-Terraform-Complete-Multi-Region.md b/docs/wiki/[User-Guide]-Starter-Module-Terraform-Complete-Multi-Region.md index 53ff54bb..913fb8fc 100644 --- a/docs/wiki/[User-Guide]-Starter-Module-Terraform-Complete-Multi-Region.md +++ b/docs/wiki/[User-Guide]-Starter-Module-Terraform-Complete-Multi-Region.md @@ -1,15 +1,9 @@ -The `complete_multi_region` starter module provides full customization of the Azure Landing Zone using the `config.yaml` file. The `config.yaml` file provides the ability to enable and disable modules, configure module inputs and outputs, and configure module resources. It is multi-regional by default and can support 2 or more regions. +The `complete_multi_region` starter module provides full customization of the Azure Landing Zone using a YAML or JSON configuration file. The configuration file provides the ability to enable and disable modules, configure module inputs and outputs, and configure module resources. It is multi-regional by default and can support 1 or more regions. -A custom config file can be passed to the `configuration_file_path` argument of the ALZ PowerShell Module. This allows you to firstly design your Azure Landing Zone, and then deploy it. The config file can be in `yaml` or `json` format, our examples are all `yaml`. +A custom config file can be passed to the `configuration_file_path` argument of the ALZ PowerShell Module. This allows you to firstly design your Azure Landing Zone, and then deploy it. The config file can be in YAML or JSON format, our examples are all YAML. -If not specified, the default `config-hub-and-spoke-vnet.yaml` file will be used, which can be seen [here](https://github.com/Azure/alz-terraform-accelerator/blob/main/templates/complete_multi_region/config-hub-and-spoke-vnet.yaml). - -Example input files can be found here: - -- [inputs-azure-devops-terraform-complete-multi-region.yaml][example_powershell_inputs_azure_devops_terraform_complete_multi_region] -- [inputs-github-terraform-complete-multi-region.yaml][example_powershell_inputs_github_terraform_complete_multi_region] -- [inputs-local-terraform-complete-multi-region.yaml][example_powershell_inputs_local_terraform_complete_multi_region] +If not specified, the default `config-hub-and-spoke-vnet-multi-region.yaml` file will be used, which can be seen [here][example_starter_module_complete_config_hub_spoke_multi_region]. The following table describes the inputs required for the `complete_multi_region` starter module. @@ -18,18 +12,24 @@ The following table describes the inputs required for the `complete_multi_region | `configuration_file_path` | `` | This is the absolute path to the configuration file. E.g. `c:\my-config\config.yaml` or `~/my-config/config.yaml`. For YAML on Windows you will need to escape the `\`, i.e. `c:\\my-config\\config.yaml`. | | `default_postfix` | `` | This is the default postfix used for resource names. | -You can create a custom yaml config to tailor to your needs, for example an Azure Landing Zone with a three-region mesh. Get started with our two region samples: +Example input files can be found here: -- Example config file for hub and spoke virtual network: [config-hub-and-spoke-vnet.yaml][example_starter_module_complete_config_hub_spoke_multi_region] -- Example config file for virtual WAN: [config-virtual-wan.yaml][example_starter_module_complete_config_vwan_multi_region] +- [inputs-azure-devops-terraform-complete-multi-region.yaml][example_powershell_inputs_azure_devops_terraform_complete_multi_region] +- [inputs-github-terraform-complete-multi-region.yaml][example_powershell_inputs_github_terraform_complete_multi_region] +- [inputs-local-terraform-complete-multi-region.yaml][example_powershell_inputs_local_terraform_complete_multi_region] -## Further details on the Complete Starter Module and config file +You can create a custom yaml config to tailor to your needs, for example an Azure Landing Zone with a three-region mesh. Get started with our samples: -The example config files have helpful templated variables such as `starter_location_##` and `root_parent_management_group_id` which get prompted for during the ALZ PowerShell Module run. Alternatively, you can opt to not use the templated variables and hard-code the values in your config file. +- Multi region hub and spoke virtual network: [config-hub-and-spoke-vnet.yaml][example_starter_module_complete_config_hub_spoke_multi_region] +- Multi region virtual WAN: [config-virtual-wan.yaml][example_starter_module_complete_config_vwan_multi_region] +- Single region hub and spoke virtual network: [config-hub-and-spoke-vnet-single-region.yaml][example_starter_module_complete_config_hub_spoke_single_region] +- Single region virtual WAN: [config-virtual-wan-single-region.yaml][example_starter_module_complete_config_vwan_single_region] + +## Further details on the Complete Multi Region Starter Module and config file -> **Note:** We recommend that you use the `caf-enterprise-scale` module for management groups and policies, and the `hubnetworking` module for connectivity resources. However, connectivity resources can be deployed using the `caf-enterprise-scale` module if you desire. +The example config files have helpful templated variables such as `starter_location_##` and `root_parent_management_group_id` which get prompted for during the ALZ PowerShell Module run. Alternatively, you can opt to not use the templated variables and hard-code the values in your config file. -The schema for the `config.yaml` is documented here - [Configuration YAML Schema][wiki_yaml_schema_reference]. +> **Note:** We use the `caf-enterprise-scale` module for management groups and policies, and the Azure Verified Modules for connectivity resources. ### High Level Design @@ -64,9 +64,10 @@ The `avm-ptn-network-private-link-private-dns-zones` module is used to deploy Pr [//]: # (INSERT LINK LABELS BELOW) [//]: # (************************) -[wiki_yaml_schema_reference]: %5BUser-Guide%5D-YAML-Schema-Reference "Wiki - YAML Schema Reference" -[example_starter_module_complete_config_hub_spoke_multi_region]: examples/starter-module-config/complete-multi-region/config-hub-and-spoke-vnet.yaml "Example - Starter Module Config - Complete - Hub and Spoke VNet Multi Region" -[example_starter_module_complete_config_vwan_multi_region]: examples/starter-module-config/complete-multi-region/config-virtual-wan.yaml "Example - Starter Module Config - Complete - Virtual WAN Multi Region" +[example_starter_module_complete_config_hub_spoke_single_region]: https://raw.githubusercontent.com/Azure/alz-terraform-accelerator/refs/heads/main/templates/complete_multi_region/config-hub-and-spoke-vnet-single-region.yaml "Example - Starter Module Config - Complete - Hub and Spoke VNet Single Region" +[example_starter_module_complete_config_vwan_single_region]: https://raw.githubusercontent.com/Azure/alz-terraform-accelerator/refs/heads/main/templates/complete_multi_region/config-virtual-wan-single-region.yaml "Example - Starter Module Config - Complete - Virtual WAN Single Region" +[example_starter_module_complete_config_hub_spoke_multi_region]: https://raw.githubusercontent.com/Azure/alz-terraform-accelerator/refs/heads/main/templates/complete_multi_region/config-hub-and-spoke-vnet-multi-region.yaml "Example - Starter Module Config - Complete - Hub and Spoke VNet Multi Region" +[example_starter_module_complete_config_vwan_multi_region]: https://raw.githubusercontent.com/Azure/alz-terraform-accelerator/refs/heads/main/templates/complete_multi_region/config-virtual-wan-multi-region.yaml "Example - Starter Module Config - Complete - Virtual WAN Multi Region" [example_powershell_inputs_azure_devops_terraform_complete_multi_region]: examples/powershell-inputs/inputs-azure-devops-terraform-complete-multi-region.yaml "Example - PowerShell Inputs - Azure DevOps - Terraform - Complete Multi Region" [example_powershell_inputs_github_terraform_complete_multi_region]: examples/powershell-inputs/inputs-github-terraform-complete-multi-region.yaml "Example - PowerShell Inputs - GitHub - Terraform - Complete Multi Region" [example_powershell_inputs_local_terraform_complete_multi_region]: examples/powershell-inputs/inputs-local-terraform-complete-multi-region.yaml "Example - PowerShell Inputs - Local - Terraform - Complete Multi Region" diff --git a/docs/wiki/_Sidebar.md b/docs/wiki/_Sidebar.md index 9a5448d8..0cd25980 100644 --- a/docs/wiki/_Sidebar.md +++ b/docs/wiki/_Sidebar.md @@ -16,15 +16,18 @@ - [Phase 3 - Run][wiki_quick_start_phase_3] - [Starter Modules][wiki_starter_modules] - [Bicep - Complete][wiki_starter_module_bicep_complete] + - [Terraform - Complete Multi Region][wiki_starter_module_terraform_complete_multi_region] + - [Example Multi Region Hub and Spoke config][example_starter_module_complete_config_hub_spoke_multi_region] + - [Example Multi Region Virtual WAN config][example_starter_module_complete_config_vwan_multi_region] + - [Example Single Region Hub and Spoke config][example_starter_module_complete_config_hub_spoke_single_region] + - [Example Single Region Virtual WAN config][example_starter_module_complete_config_vwan_single_region] - [Terraform - Basic][wiki_starter_module_terraform_basic] - [Terraform - Hub Networking][wiki_starter_module_terraform_hubnetworking] - [Terraform - Complete][wiki_starter_module_terraform_complete] - [Configuration YAML Schema][wiki_yaml_schema_reference] - [Example Hub and Spoke config][example_starter_module_complete_config_hub_spoke] - [Example Virtual WAN config][example_starter_module_complete_config_vwan] - - [Terraform - Complete Multi Region][wiki_starter_module_terraform_complete_multi_region] - - [Example Multi Region Hub and Spoke config][example_starter_module_complete_config_hub_spoke_multi_region] - - [Example Multi Region Virtual WAN config][example_starter_module_complete_config_vwan_multi_region] + - Input Files - [Azure DevOps Bicep Complete][example_powershell_inputs_azure_devops_bicep_complete] - [Azure DevOps Terraform Basic][example_powershell_inputs_azure_devops_terraform_basic] @@ -99,5 +102,7 @@ [example_powershell_inputs_local_terraform_complete_multi_region]: examples/powershell-inputs/inputs-local-terraform-complete-multi-region.yaml "Example - PowerShell Inputs - Local - Terraform - Complete Multi Region" [example_starter_module_complete_config_hub_spoke]: examples/starter-module-config/complete/config-hub-spoke.yaml "Example - Starter Module Config - Complete - Hub and Spoke" [example_starter_module_complete_config_vwan]: examples/starter-module-config/complete/config-vwan.yaml "Example - Starter Module Config - Complete - Virtual WAN" -[example_starter_module_complete_config_hub_spoke_multi_region]: examples/starter-module-config/complete-multi-region/config-hub-and-spoke-vnet.yaml "Example - Starter Module Config - Complete - Hub and Spoke VNet Multi Region" -[example_starter_module_complete_config_vwan_multi_region]: examples/starter-module-config/complete-multi-region/config-virtual-wan.yaml "Example - Starter Module Config - Complete - Virtual WAN Multi Region" +[example_starter_module_complete_config_hub_spoke_single_region]: https://raw.githubusercontent.com/Azure/alz-terraform-accelerator/refs/heads/main/templates/complete_multi_region/config-hub-and-spoke-vnet-single-region.yaml "Example - Starter Module Config - Complete - Hub and Spoke VNet Single Region" +[example_starter_module_complete_config_vwan_single_region]: https://raw.githubusercontent.com/Azure/alz-terraform-accelerator/refs/heads/main/templates/complete_multi_region/config-virtual-wan-single-region.yaml "Example - Starter Module Config - Complete - Virtual WAN Single Region" +[example_starter_module_complete_config_hub_spoke_multi_region]: https://raw.githubusercontent.com/Azure/alz-terraform-accelerator/refs/heads/main/templates/complete_multi_region/config-hub-and-spoke-vnet-multi-region.yaml "Example - Starter Module Config - Complete - Hub and Spoke VNet Multi Region" +[example_starter_module_complete_config_vwan_multi_region]: https://raw.githubusercontent.com/Azure/alz-terraform-accelerator/refs/heads/main/templates/complete_multi_region/config-virtual-wan-multi-region.yaml "Example - Starter Module Config - Complete - Virtual WAN Multi Region" diff --git a/docs/wiki/examples/starter-module-config/complete-multi-region/config-hub-and-spoke-vnet.yaml b/docs/wiki/examples/starter-module-config/complete-multi-region/config-hub-and-spoke-vnet.yaml deleted file mode 100644 index e36e1b12..00000000 --- a/docs/wiki/examples/starter-module-config/complete-multi-region/config-hub-and-spoke-vnet.yaml +++ /dev/null @@ -1,164 +0,0 @@ -# This file contains templated variables to avoid repeating the same hard-coded values. -# Templated variables are denoted by the dollar curly braces token. The following details each templated variable that you can use: -# `starter_location_01`: This the primary an Azure location sourced from the `starter_locations` variable. This can be used to set the location of resources. -# `starter_location_02` to `starter_location_10`: These are the secondary Azure locations sourced from the `starter_locations` variable. This can be used to set the location of resources. -# `starter_location_01_availability_zones` to `starter_location_10_availability_zones`: These are the availability zones for the Azure locations sourced from the `starter_locations` variable. This can be used to set the availability zones of resources. -# `default_postfix`: This is a string sourced from the variable `default_postfix`. This can be used to append to resource names for consistency. -# `root_parent_management_group_id`: This is the id of the management group that the ALZ hierarchy will be nested under. -# `subscription_id_identity`: The subscription ID of the subscription to deploy the identity resources to, sourced from the variable `subscription_id_identity`. -# `subscription_id_connectivity`: The subscription ID of the subscription to deploy the connectivity resources to, sourced from the variable `subscription_id_connectivity`. -# `subscription_id_management`: The subscription ID of the subscription to deploy the management resources to, sourced from the variable `subscription_id_management`. ---- -management_groups: # `caf-enterprise-scale` module, add inputs as listed on the module registry where necessary. - - # Base variables - root_name: alz - root_id: Azure-Landing-Zones - default_location: ${starter_location_01} - subscription_id_connectivity: ${subscription_id_connectivity} - subscription_id_identity: ${subscription_id_identity} - subscription_id_management: ${subscription_id_management} - root_parent_id: ${root_parent_management_group_id} - deploy_core_landing_zones: true - deploy_corp_landing_zones: true - deploy_online_landing_zones: true - deploy_management_resources: true - deploy_connectivity_resources: false # We are using the AVM patterns for connectivity - deploy_identity_resources: true - - # Management resource settings - configure_management_resources: - location: ${starter_location_01} - settings: - log_analytics: - enabled: true - config: - retention_in_days: 50 - enable_monitoring_for_vm: true - enable_monitoring_for_vmss: true - enabled_sentinel: true - enable_solution_for_change_tracking: true - enable_solution_for_vm_insights: true - enable_solution_for_container_insights: true - enable_sentinel: true - security_center: - config: - email_security_contact: "security_contact@replace_me" - enable_defender_for_app_services: true - enable_defender_for_arm: true - enable_defender_for_containers: true - enable_defender_for_cosmosdbs: true - enable_defender_for_cspm: true - enable_defender_for_key_vault: true - enable_defender_for_oss_databases: true - enable_defender_for_servers: true - enable_defender_for_servers_vulnerability_assessments: true - enable_defender_for_sql_servers: true - enable_defender_for_sql_server_vms: true - enable_defender_for_storage: true - advanced: - asc_export_resource_group_name: rg-asc-export-${starter_location_01} - custom_settings_by_resource_type: - azurerm_resource_group: - management: - name: rg-management-${starter_location_01} - azurerm_log_analytics_workspace: - management: - name: law-management-${starter_location_01} - azurerm_automation_account: - management: - name: aa-management-${starter_location_01} - - # Configure Private DNS Zone Resource Ids for Policy Assignments - configure_connectivity_resources: - settings: - dns: - config: - location: ${starter_location_01} - advanced: - custom_settings_by_resource_type: - azurerm_resource_group: - dns: - ${starter_location_01}: - name: rg-private-dns-${starter_location_01} - -# Connectivity settings -connectivity: - hub_and_spoke_vnet: # `avm-ptn-hubnetworking` module, add inputs as listed on the module registry where necessary. - hub_virtual_networks: - # Primary hub - primary: - name: vnet-hub-${starter_location_01} - resource_group_name: rg-connectivity-${starter_location_01} - location: ${starter_location_01} - address_space: - - 10.0.0.0/16 - firewall: - name: fw-hub-${starter_location_01} - sku_name: AZFW_VNet - sku_tier: Standard - subnet_address_prefix: 10.0.1.0/24 - zones: ${starter_location_01_availability_zones} - firewall_policy: - name: fwp-hub-${starter_location_01} - dns: - proxy_enabled: true - default_ip_configuration: - public_ip_config: - zones: ${starter_location_01_availability_zones} - name: pip-hub-fw-${starter_location_01} - ip_version: "IPv4" - virtual_network_gateway: # `avm-ptn-vnetgateway` module, add inputs as listed on the module registry where necessary. - name: vgw-hub-${starter_location_01} - subnet_address_prefix: 10.0.2.0/24 - ip_configurations: - default: - name: default - public_ip: - name: pip-hub-vgw-${starter_location_01} - zones: ${starter_location_01_availability_zones} - - # Secondary hub - secondary: - name: vnet-hub-${starter_location_02} - resource_group_name: rg-connectivity-${starter_location_02} - location: ${starter_location_02} - address_space: - - 10.1.0.0/16 - firewall: - name: fw-hub-${starter_location_02} - sku_name: AZFW_VNet - sku_tier: Standard - subnet_address_prefix: 10.1.1.0/24 - zones: ${starter_location_02_availability_zones} - firewall_policy: - name: fwp-hub-${starter_location_02} - dns: - proxy_enabled: true - default_ip_configuration: - public_ip_config: - zones: ${starter_location_02_availability_zones} - name: pip-hub-fw-${starter_location_02} - ip_version: "IPv4" - virtual_network_gateway: # `avm-ptn-vnetgateway` module, add inputs as listed on the module registry where necessary. - name: vgw-hub-${starter_location_02} - subnet_address_prefix: 10.1.2.0/24 - ip_configurations: - ipconfig1: - name: ipconfig1 - public_ip: - name: pip-hub-vgw-${starter_location_02} - zones: ${starter_location_02_availability_zones} - - private_dns: - resource_group_name: rg-private-dns-${starter_location_01} - locations: - primary: - location: ${starter_location_01} - is_primary: true # Deploys all zones - secondary: - location: ${starter_location_02} - is_primary: false # Only deploys regional zones - -# Configure root module settings -enable_telemetry: true diff --git a/docs/wiki/examples/starter-module-config/complete-multi-region/config-virtual-wan.yaml b/docs/wiki/examples/starter-module-config/complete-multi-region/config-virtual-wan.yaml deleted file mode 100644 index 1e4360cc..00000000 --- a/docs/wiki/examples/starter-module-config/complete-multi-region/config-virtual-wan.yaml +++ /dev/null @@ -1,140 +0,0 @@ -# This file contains templated variables to avoid repeating the same hard-coded values. -# Templated variables are denoted by the dollar curly braces token. The following details each templated variable that you can use: -# `starter_location_01`: This the primary an Azure location sourced from the `starter_locations` variable. This can be used to set the location of resources. -# `starter_location_02` to `starter_location_10`: These are the secondary Azure locations sourced from the `starter_locations` variable. This can be used to set the location of resources. -# `starter_location_01_availability_zones` to `starter_location_10_availability_zones`: These are the availability zones for the Azure locations sourced from the `starter_locations` variable. This can be used to set the availability zones of resources. -# `default_postfix`: This is a string sourced from the variable `default_postfix`. This can be used to append to resource names for consistency. -# `root_parent_management_group_id`: This is the id of the management group that the ALZ hierarchy will be nested under. -# `subscription_id_identity`: The subscription ID of the subscription to deploy the identity resources to, sourced from the variable `subscription_id_identity`. -# `subscription_id_connectivity`: The subscription ID of the subscription to deploy the connectivity resources to, sourced from the variable `subscription_id_connectivity`. -# `subscription_id_management`: The subscription ID of the subscription to deploy the management resources to, sourced from the variable `subscription_id_management`. ---- -management_groups: # `caf-enterprise-scale` module, add inputs as listed on the module registry where necessary. - - # Base variables - root_name: alz - root_id: Azure-Landing-Zones - default_location: ${starter_location_01} - subscription_id_connectivity: ${subscription_id_connectivity} - subscription_id_identity: ${subscription_id_identity} - subscription_id_management: ${subscription_id_management} - root_parent_id: ${root_parent_management_group_id} - deploy_core_landing_zones: true - deploy_corp_landing_zones: true - deploy_online_landing_zones: true - deploy_management_resources: true - deploy_connectivity_resources: false # We are using the AVM patterns for connectivity - deploy_identity_resources: true - - # Management resource settings - configure_management_resources: - location: ${starter_location_01} - settings: - log_analytics: - enabled: true - config: - retention_in_days: 50 - enable_monitoring_for_vm: true - enable_monitoring_for_vmss: true - enabled_sentinel: true - enable_solution_for_change_tracking: true - enable_solution_for_vm_insights: true - enable_solution_for_container_insights: true - enable_sentinel: true - security_center: - config: - email_security_contact: "security_contact@replace_me" - enable_defender_for_app_services: true - enable_defender_for_arm: true - enable_defender_for_containers: true - enable_defender_for_cosmosdbs: true - enable_defender_for_cspm: true - enable_defender_for_key_vault: true - enable_defender_for_oss_databases: true - enable_defender_for_servers: true - enable_defender_for_servers_vulnerability_assessments: true - enable_defender_for_sql_servers: true - enable_defender_for_sql_server_vms: true - enable_defender_for_storage: true - advanced: - asc_export_resource_group_name: rg-asc-export-${starter_location_01} - custom_settings_by_resource_type: - azurerm_resource_group: - management: - name: rg-management-${starter_location_01} - azurerm_log_analytics_workspace: - management: - name: law-management-${starter_location_01} - azurerm_automation_account: - management: - name: aa-management-${starter_location_01} - - # Configure Private DNS Zone Resource Ids for Policy Assignments - configure_connectivity_resources: - settings: - dns: - config: - location: ${starter_location_01} - advanced: - custom_settings_by_resource_type: - azurerm_resource_group: - dns: - ${starter_location_01}: - name: rg-private-dns-${starter_location_01} - -# Connectivity settings -connectivity: - virtual_wan: # `avm-ptn-vwan` module, add inputs as listed on the module registry where necessary. - virtual_wan_name: vwan-hub-${starter_location_01} - resource_group_name: rg-connectivity-${starter_location_01} - location: ${starter_location_01} - - virtual_hubs: - primary: - name: vnet-hub-${starter_location_01} - location: ${starter_location_01} - address_prefix: 10.0.0.0/16 - private_dns_virtual_network_name: vnet-hub-private-dns-${starter_location_01} - private_dns_virtual_network_address_space: 10.2.0.0/24 - private_dns_virtual_network_subnet_address_space: 10.2.0.0/28 - dns_resolver_name: dpr-hub-${starter_location_01} - secondary: - name: vnet-hub-${starter_location_02} - location: ${starter_location_02} - address_prefix: 10.1.0.0/16 - private_dns_virtual_network_name: vnet-hub-private-dns-${starter_location_02} - private_dns_virtual_network_address_space: 10.3.0.0/24 - private_dns_virtual_network_subnet_address_space: 10.3.0.0/28 - dns_resolver_name: dpr-hub-${starter_location_02} - - firewalls: - primary: - virtual_hub_key: primary - name: fw-hub-${starter_location_01} - sku_name: AZFW_Hub - sku_tier: Standard - zones: ${starter_location_01_availability_zones} - firewall_policy: - name: fwp-hub-${starter_location_01} - - secondary: - virtual_hub_key: secondary - name: fw-hub-${starter_location_02} - sku_name: AZFW_Hub - sku_tier: Standard - zones: ${starter_location_02_availability_zones} - firewall_policy: - name: fwp-hub-${starter_location_02} - - private_dns: - resource_group_name: rg-private-dns-${starter_location_01} - locations: - primary: - location: ${starter_location_01} - is_primary: true # Deploys all zones - secondary: - location: ${starter_location_02} - is_primary: false # Only deploys regional zones - -# Configure root module settings -enable_telemetry: true