说明: 使用可重用Terraform模块将基础架构作为代码部署到Azure中心和分支模型。部署和管理...
(Deployment of Infrastructure as Code with Azure Hub and Spoke model using reusable Terraform Modules. Deploy and Manage using Azure DevOps or Deploy and Destroy)
main-aks-example.tf (11229, 2023-09-05)
main-app-aks-example.tf (26111, 2023-09-05)
main-app-mysql-example.tf (10568, 2023-09-05)
main-aws-example.tf (7836, 2023-09-05)
main-kafka-example.tf (6570, 2023-09-05)
main.tf (22274, 2023-09-05)
modules (0, 2023-09-05)
modules\applicationgateway (0, 2023-09-05)
modules\applicationgateway\main.tf (2840, 2023-09-05)
modules\applicationgateway\outputs.tf (0, 2023-09-05)
modules\applicationgateway\variables.tf (830, 2023-09-05)
modules\appservice-linux (0, 2023-09-05)
modules\appservice-linux\main.tf (1031, 2023-09-05)
modules\appservice-linux\outputs.tf (0, 2023-09-05)
modules\appservice-linux\variables.tf (959, 2023-09-05)
modules\appservice (0, 2023-09-05)
modules\appservice\main.tf (348, 2023-09-05)
modules\appservice\outputs.tf (144, 2023-09-05)
modules\appservice\variables.tf (583, 2023-09-05)
modules\aws-ec2 (0, 2023-09-05)
modules\aws-ec2\main.tf (789, 2023-09-05)
modules\aws-ec2\outputs.tf (68, 2023-09-05)
modules\aws-ec2\variables.tf (1263, 2023-09-05)
modules\aws-sg (0, 2023-09-05)
modules\aws-sg\main.tf (101, 2023-09-05)
modules\aws-sg\outputs.tf (66, 2023-09-05)
modules\aws-sg\variables.tf (148, 2023-09-05)
modules\aws-vpc (0, 2023-09-05)
modules\aws-vpc\main.tf (356, 2023-09-05)
modules\aws-vpc\outputs.tf (221, 2023-09-05)
modules\aws-vpc\variables.tf (398, 2023-09-05)
modules\azurefirewall (0, 2023-09-05)
... ...
# Azure Hub and Spoke Network using reusable Terraform modules - Azure365Pro.com
Blog Reference for Azure Hub and Spoke - https://www.azure365pro.com/azure-hub-and-spoke-network-using-reusable-terraform-modules/
Blog Reference for Apache Kafka on HDInsight - https://www.azure365pro.com/deploy-apache-kafka-in-azure-hdinsight-using-reusable-terraform-modules/
Blog Reference for Azure App Service and MySQL Private Access - https://www.azure365pro.com/deploy-azure-app-service-and-mysql-with-private-dns-zone-using-reusable-terraform-modules/
Blog Reference for AWS Architecture Implementation - https://www.azure365pro.com/aws-architecture-implementation-using-terraform/
Support - Support@Azure365Pro.com
# Introduction
We will deploy the resources below using Terraform reusable modules utilizing the Azure landing zone concept, part of the Cloud Adoption Framework (CAF). In this setup, we are talking about only infra resources; if you are new to terraform, the same concept has been explained using the Azure Portal; I have spoken about Azure Management Groups and Subscription Planning in this link - Azure Management Groups and Subscriptions Design
Azure landing zone design that accounts for scale, security governance, networking, and identity, which enables seamless application migration, modernization, and innovation at the enterprise scale in Azure. This approach considers all platform resources like infrastructure (Iaas) or platform as a service.
Benefits of Azure Landing Zones -
Good Governance
Like you can place a policy in the overall environment that no internet-exposing storage accounts can be provisioned
Security
Improved Security controls, Network segmentation, Identity management, Service Principals, Managed Identities
Scalability
Multi Datacenter or Improving the design with Virtual WAN should be seamless
Cost Savings
Segregated billing with subscriptions - Overall Control or like can apply Hybrid benefit using policies
We will be deploying the below resources using Terraform reusable modules.
Virtual Networks (Hub - 10.50.0.0/16 - Spoke - 10.51.0.0/16)
VPN Gateway (10.50.1.0/24) - Not Provisioned by Default
Azure Firewall (10.50.2.0/24)
Application Gateway (10.50.3.0/24) - Not Provisioned by Default
Azure Bastion (10.50.4.0/24)
Jump Box (Windows 11) (10.50.5.0/24)
Windows Server 2019 Web Server (10.51.1.0/24)
Linux RHEL Server (10.51.2.0/24)
Public IP Addresses
Recovery Services Vault
Azure Key Vault - Not Provisioned by Default
Route Tables
Azure Firewall Policies
Apache Kafka on HDInsight - Not Provisioned by Default
Modules are convenient to place into folders and reuse resource configurations with Terraform for multiple deployments.
Also, changing / upgrading specific resource configurations becomes easier
# Getting Started
1. Terraform latest version is installed
2. Az cli is installed / az login is completed (az login)
3. git is installed to clone repo (git clone)
# Deploy using Terraform
terraform init
Initialize prepares the working directory so Terraform can run the configuration.
terraform plan
lets you preview any changes before you apply them
terraform apply
Executes the changes defined by your Terraform configuration to create, update, or destroy resources.
Blog Reference for Azure Hub and Spoke - https://www.azure365pro.com/azure-hub-and-spoke-network-using-reusable-terraform-modules/
Blog Reference for Apache Kafka on HDInsight - https://www.azure365pro.com/deploy-apache-kafka-in-azure-hdinsight-using-reusable-terraform-modules/
Blog Reference for Azure App Service and MySQL Private Access - https://www.azure365pro.com/deploy-azure-app-service-and-mysql-with-private-dns-zone-using-reusable-terraform-modules/
Support - Support@Azure365Pro.com