Day 3 Challenge

Automate the Azure Barista's Azure Landing Zones deployment with either Bicep or Terraform.

Introduction

Today’s hacking is about getting hands on with some of the automation artifacts provided to help you deploy Azure Landing Zones quickly and consistently.

It does not matter which tooling is used to implement Azure Landing Zone. It is far more important that the end result matches the architecture, adheres to the five principles and covers the eight critical design areas than how you get there, and most organisations will already have their own preferred automation tools.

Choice

Today hacking give you the choice of paths to explore:

Official Bicep modules
Official Terraform module

Day 3 Challenge

The primary objective is to build out the architecture using the Infrastructure as Code (IaC) and (optionally) CI/CD tool of your choice.

Use a different management group tree for this exercise (use a different top level name, e.g AZBIaC)

Implement the reference Azure Landing Zones architecture using the IaC tool of your choice
Customise the existing management groups to meet the Azure Baristas requirements
Add additional management groups and policy assignments (custom landing zones) to meet the Azure Baristas requirements

Stretch goals

You do not have to do these challenges in order, pick whichever ones are most appealing!

Implement a canary management group branch
- You can combine this with the primary objective if you want to retain the manually deployed system for comparison
Implement a branch protection strategy to control changes to production
Implement a subscription vending machine
- You can mock up the subscription creation rather than using the real APIs

Contents

Day 3 Challenge

Introduction

Choice

Day 3 Challenge

Stretch goals

Links

Official ARM resources

Official Bicep resources

Official Terraform module

Additional Terraform resources

Help us improve