Azure landing zone Documentation
Home GitHub Issue Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Azure landing zone Documentation
  2. /
  3. IaC accelerator
  4. /
  5. Terraform
  6. /
  7. Options
  8. /
  9. 15 - Implement Sovereign Landing Zone (SLZ) controls
Edit page

15 - Implement Sovereign Landing Zone (SLZ) controls

The Sovereign Landing Zone (SLZ) is a compliance-focused implementation designed for regulated industries that demand high data sovereignty. It incorporates specific controls and configurations to meet stringent regulatory requirements. The SLZ policies can be reviewd here:

The steps to follow are:

  1. Copy the SLZ lib files over the top of your existing lib folder. This will add the necessary configuration files to enable the SLZ management groups and policies.

    $tempFolderName = "~/accelerator/temp"
New-Item -ItemType "directory" $tempFolderName
$tempFolder = Resolve-Path -Path $tempFolderName
git clone -n --depth=1 --filter=tree:0 "https://github.com/Azure/alz-terraform-accelerator" "$tempFolder"
cd $tempFolder

$libFolderPath = "templates/platform_landing_zone/examples/slz/lib"
git sparse-checkout set --no-cone $libFolderPath
git checkout

cd ~
Copy-Item -Path "$tempFolder/$libFolderPath" -Destination "~/accelerator/config" -Recurse -Force
Remove-Item -Path $tempFolder -Recurse -Force

  2. Open your platform-landing-zone.tfvars file in Visual Studio Code (or your preferred editor) and update the following inputs:

    Setting TypeParent block(s)KeyActionCountNotes
    blockmanagement_group_settings > policy_default_valuesallowed_locationsUncomment the block and add any extra locations you want to allow into the array1
Warning

By default we name the SLZ architecture file lib/architecture_definitions/alz_custom.alz_architecture_definition.yaml. We recommend you do not update the name of this file as it will result in duplicate architecture files that you may want to clean up. However, if you must rename it, then you must also set the terraform_architecture_file_path variable to point to the new file name and path in your bootstrap configuration file (inputs.yaml). For example:

terraform_architecture_file_path: "lib/architecture_definitions/my_custom.alz_architecture_definition.yaml"
gdoc_arrow_left_alt 14 - Zero Trust Networking 16 - Create and assign custom policies gdoc_arrow_right_alt