15 - Implement Sovereign Landing Zone (SLZ) controls
The Sovereign Landing Zone (SLZ) is a compliance-focused implementation designed for regulated industries that demand high data sovereignty. It incorporates specific controls and configurations to meet stringent regulatory requirements. The SLZ policies can be reviewd here:
- Sovereignty Baseline - Global Policies
- Applied at the root management group level
- Sovereignty Baseline - Confidential Policies
- Applied at the Confidential Corp and Confidential Online management group levels
The steps to follow are:
Copy the SLZ
libfiles over the top of your existinglibfolder. This will add the necessary configuration files to enable the SLZ management groups and policies.$tempFolderName = "~/accelerator/temp" New-Item -ItemType "directory" $tempFolderName $tempFolder = Resolve-Path -Path $tempFolderName git clone -n --depth=1 --filter=tree:0 "https://github.com/Azure/alz-terraform-accelerator" "$tempFolder" cd $tempFolder $libFolderPath = "templates/platform_landing_zone/examples/slz/lib" git sparse-checkout set --no-cone $libFolderPath git checkout cd ~ Copy-Item -Path "$tempFolder/$libFolderPath" -Destination "~/accelerator/config" -Recurse -Force Remove-Item -Path $tempFolder -Recurse -ForceOpen your
platform-landing-zone.tfvarsfile in Visual Studio Code (or your preferred editor) and update the following inputs:Setting Type Parent block(s) Key Action Count Notes block management_group_settings>policy_default_valuesallowed_locationsUncomment the block and add any extra locations you want to allow into the array 1