Deploy with Terraform

On this page

Example of deploying AMBA-ALZ
Example of deploying a Custom Architecture
Example of deploying with Custom Policy Assignments
Data Collection
Next Steps

Choose one of the examples

  • Example of deploying AMBA-ALZ: This example demonstrates how to deploy the AMBA-ALZ pattern using an existing management group hierarchy with default naming as used in the ALZ Architecture Definition.
  • Example of deploying a Custom Architecture: This example demonstrates how to deploy the AMBA-ALZ pattern using an existing custom management group hierarchy.
  • Example of deploying with Custom Policy Assignments: It is possible to tailor the Policy Definitions that are deployed and assigned by developing custom archetypes. This example demonstrates a situation where only Service Health is deployed, but can be applied to other policy assignments as well.

Example of deploying AMBA-ALZ

This example demonstrates how to deploy the AMBA-ALZ pattern using an existing management group hierarchy with default naming as used in the ALZ Architecture Definition.

  1. Create a new directory, for example tf-amba-alz.

  2. Open Visual Studio Code or another preferred tool.

  3. Select Open Folder... from the File menu (or Ctrl+K Ctrl+O) and open tf-amba-alz

  4. Open a Terminal (PowerShell).

    Note

    Depending on the tool being used, it may be necessary to change the terminal to the tf-amba-alz directory.

  5. Download terraform.tf

    Invoke-WebRequest -Uri https://raw.githubusercontent.com/Azure/terraform-azurerm-avm-ptn-monitoring-amba-alz/refs/heads/main/examples/complete/terraform.tf -OutFile terraform.tf

  6. Download main.tf

    Invoke-WebRequest -Uri https://raw.githubusercontent.com/Azure/terraform-azurerm-avm-ptn-monitoring-amba-alz/refs/heads/main/examples/complete/main.tf -OutFile main.tf

  7. Download variables.tf

    Invoke-WebRequest -Uri https://raw.githubusercontent.com/Azure/terraform-azurerm-avm-ptn-monitoring-amba-alz/refs/heads/main/examples/complete/variables.tf -OutFile variables.tf

  8. The source and version of the module need to be updated in main.tf. Find module "amba_alz" and replace

    source = "../../"

    With:

    source  = "Azure/avm-ptn-monitoring-amba-alz/azurerm"
version = "0.1.1"

  9. Review the variables in variables.tf and update default values as needed.

  10. Log in to Azure: az login

  11. Run: terraform init

  12. Run: terraform apply

Note

This feature is only available for Management Group scenario. Subscription deployment scenario is not available yet.

Example of deploying a Custom Architecture

This example demonstrates how to deploy the AMBA-ALZ pattern using an existing custom management group hierarchy.

  1. Create a new directory, for example tf-amba-alz.

  2. Open Visual Studio Code or another preferred tool.

  3. Select Open Folder... from the File menu (or Ctrl+K Ctrl+O) and open tf-amba-alz

  4. Open a Terminal (PowerShell).

    Note

    Depending on the tool being used, it may be necessary to change the terminal to the tf-amba-alz directory.

  5. Download terraform.tf

    Invoke-WebRequest -Uri https://raw.githubusercontent.com/Azure/terraform-azurerm-avm-ptn-monitoring-amba-alz/refs/heads/main/examples/custom-architecture-definition/terraform.tf -OutFile terraform.tf

  6. Download main.tf

    Invoke-WebRequest -Uri https://raw.githubusercontent.com/Azure/terraform-azurerm-avm-ptn-monitoring-amba-alz/refs/heads/main/examples/custom-architecture-definition/main.tf -OutFile main.tf

  7. Download variables.tf

    Invoke-WebRequest -Uri https://raw.githubusercontent.com/Azure/terraform-azurerm-avm-ptn-monitoring-amba-alz/refs/heads/main/examples/custom-architecture-definition/variables.tf -OutFile variables.tf

  8. The source and version of the module need to be updated in main.tf. Find module "amba_alz" and replace

    source = "../../"

    With:

    source  = "Azure/avm-ptn-monitoring-amba-alz/azurerm"
version = "0.1.1"

  9. Review the variables in variables.tf and update default values as needed.

  10. Set up a directory to store the custom library assets:

    New-Item -name lib -ItemType directory

  11. Download the custom.alz_architecture_definition.json file to the lib directory.

    cd .\lib\
    Invoke-WebRequest -Uri https://raw.githubusercontent.com/Azure/terraform-azurerm-avm-ptn-monitoring-amba-alz/refs/heads/main/examples/custom-architecture-definition/lib/custom.alz_architecture_definition.json -OutFile custom.alz_architecture_definition.json

  12. Adjust the management group display name, id and parent id in custom.alz_architecture_definition.json.

  13. Return to the tf-amba-alz directory in the terminal. cd..

  14. Log in to Azure: az login

  15. Run: terraform init

  16. Run: terraform apply

Note

This feature is only available for Management Group scenario. Subscription deployment scenario is not available yet.

Example of deploying with Custom Policy Assignments

It is possible to tailor the Policy Definitions that are deployed and assigned by developing custom archetypes. This example demonstrates a situation where only Service Health is deployed, but can be applied to other policy assignments as well:

  • Deploy using a custom management group hierarchy defined by architecture definition file in the local library.
  • Use a custom root archetype to ensure that the Service Health policy definitions and assignments are deployed.

Deployment:

  1. Create a new directory, for example tf-amba-alz.

  2. Open Visual Studio Code or another preferred tool.

  3. Select Open Folder... from the File menu (or Ctrl+K Ctrl+O) and open tf-amba-alz

  4. Open a Terminal (PowerShell).

    Note

    Depending on the tool being used, it may be necessary to change the terminal to the tf-amba-alz directory.

  5. Download terraform.tf

    Invoke-WebRequest -Uri https://raw.githubusercontent.com/Azure/terraform-azurerm-avm-ptn-monitoring-amba-alz/refs/heads/main/examples/custom-policy-assignment/terraform.tf -OutFile terraform.tf

  6. Download main.tf

    Invoke-WebRequest -Uri https://raw.githubusercontent.com/Azure/terraform-azurerm-avm-ptn-monitoring-amba-alz/refs/heads/main/examples/custom-policy-assignment/main.tf -OutFile main.tf

  7. Download variables.tf

    Invoke-WebRequest -Uri https://raw.githubusercontent.com/Azure/terraform-azurerm-avm-ptn-monitoring-amba-alz/refs/heads/main/examples/custom-policy-assignment/variables.tf -OutFile variables.tf

  8. The source and version of the module need to be updated in main.tf. Find module "amba_alz" and replace

    source = "../../"

    With:

    source  = "Azure/avm-ptn-monitoring-amba-alz/azurerm"
version = "0.1.1"

  9. Review the variables in variables.tf and update default values as needed.

  10. Set up a directory to store the custom library assets:

    New-Item -name lib -ItemType directory

  11. Download the custom.alz_architecture_definition.json file to the lib directory.

    cd .\lib\
    Invoke-WebRequest -Uri https://raw.githubusercontent.com/Azure/terraform-azurerm-avm-ptn-monitoring-amba-alz/refs/heads/main/examples/custom-policy-assignment/lib/custom.alz_architecture_definition.json -OutFile custom.alz_architecture_definition.json

  12. Adjust the management group display name, id and parent id in custom.alz_architecture_definition.json.

  13. Download the root.alz_archetype_definition.json file to the lib directory.

    Invoke-WebRequest -Uri https://raw.githubusercontent.com/Azure/terraform-azurerm-avm-ptn-monitoring-amba-alz/refs/heads/main/examples/custom-policy-assignment/lib/root.alz_archetype_definition.json -OutFile root.alz_archetype_definition.json

  14. Return to the tf-amba-alz directory in the terminal. cd..

  15. Log in to Azure: az login

  16. Run: terraform init

  17. Run: terraform apply

Note

This feature is only available for Management Group scenario. Subscription deployment scenario is not available yet.

Data Collection

The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at https://go.microsoft.com/fwlink/?LinkID=824704. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.

Next Steps

To remediate non-compliant policies, continue with Policy Remediation.