Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable deployment of landing zones from Rover to multiple subscriptions #36

Closed
Masahigo opened this issue May 4, 2020 · 2 comments
Closed

Enable deployment of landing zones from Rover to multiple subscriptions #36

Masahigo opened this issue May 4, 2020 · 2 comments
Labels
enhancement New feature or request

Comments

@Masahigo
Copy link

Masahigo commented May 4, 2020

Is your feature request related to a problem? Please describe.
It seems that the Launchpad (Rover) and CAF Terraform Landing Zone examples are based on a single subscription model.

There are scenarios where it would make sense to support deployment of landing zone to a different subscription, for example setting up central logging and monitoring ("caf foundations"), so they would reside in separate subscription from production subscription. This could also include something like logging policies enforced on Management group level.

Are there plans to support deployment over several subscriptions from a single Launchpad (Rover)?

Describe the solution you'd like

rover /tf/caf/landingzones/landingzone_caf_foundations plan -var 'target_subscription_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'

Describe alternatives you've considered

Currently, it seems that one should stick with just one "primary subscription". Launchpad (Level 0) is tied to a single subscription and the other Levels along with it.

If deploying resources to multiple subscriptions they're considered separate environments and each have their own launchpads.

Additional context

Single subscription model:
https://docs.microsoft.com/fi-fi/azure/cloud-adoption-framework/ready/landing-zone/terraform-landing-zone#design-decisions

Networking for spokes:
https://github.com/Azure/caf-terraform-landingzones/blob/master/landingzones/landingzone_hub_spoke/readme.md#introduction-to-hub-spoke-network-topology-in-azure-landing-zone
@Masahigo Masahigo added the enhancement New feature or request label May 4, 2020
@Masahigo
Copy link
Author

Masahigo commented May 6, 2020
edited

I kinda figured this out on my own.

Terraform supports this out-of-the-box:
https://www.terraform.io/docs/configuration/modules.html#passing-providers-explicitly

I wanted to deploy the Azure resources under "caf foundation" landing zone to a different subscription than where level 0 (launchpad) was provisioned.

This could be done my modifying the foundation LZ following way:

main.tf

provider "azurerm" {
  version = "~>2.4.0"
  features {}
}

provider "azurerm" {
  features {} 
  alias           = "foundations"
  subscription_id = var.subscription_id
  skip_provider_registration = "true"
}
...

foundations.tf

module "xxx" {
    source                              = "./xxx/"

    providers = {
        azurerm = azurerm.foundations
    }
}

This way I can control per module which subscription it targets. The subscription_id is passed in as an extra variable.

@Masahigo Masahigo closed this as completed May 6, 2020
@hadiulla
Copy link

@Masahigo can you provide a full example of this please. This would help many others like me who are stuck in deploying in single subscription.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Masahigo @hadiulla