-
Notifications
You must be signed in to change notification settings - Fork 51
Expand file tree
/
Copy pathinputs-local-terraform-financial-services-landing-zone.yaml
More file actions
76 lines (72 loc) · 2.22 KB
/
inputs-local-terraform-financial-services-landing-zone.yaml
File metadata and controls
76 lines (72 loc) · 2.22 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
---
# Basic Inputs
iac: "terraform"
bootstrap: "alz_local"
starter: "financial_services_landing_zone"
# Shared Interface Inputs
bootstrap_location: "<region-1>"
starter_locations: ["<region-1>"] # NOTE: FSI only support a single region by design
root_parent_management_group_id: ""
subscription_id_management: "<management-subscription-id>"
subscription_id_identity: "<identity-subscription-id>"
subscription_id_connectivity: "<connectivity-subscription-id>"
# Bootstrap Inputs
target_directory: ""
create_bootstrap_resources_in_azure: false
bootstrap_subscription_id: ""
service_name: "fsi"
environment_name: "mgmt"
postfix_number: 1
architecture_definition_name: "fsi"
apply_alz_archetypes_via_architecture_definition_template: true
# Starter Module Specific Variables
allowed_locations: []
allowed_locations_for_confidential_computing: []
az_firewall_policies_enabled: true
bastion_outbound_ssh_rdp_ports: ["22", "3389"]
custom_subnets: {
AzureBastionSubnet: {
address_prefixes: "10.20.15.0/24",
name: "AzureBastionSubnet",
networkSecurityGroupId: "",
routeTableId: ""
},
AzureFirewallSubnet: {
address_prefixes: "10.20.254.0/24",
name: "AzureFirewallSubnet",
networkSecurityGroupId: "",
routeTableId: ""
},
GatewaySubnet: {
address_prefixes: "10.20.252.0/24",
name: "GatewaySubnet",
networkSecurityGroupId: "",
routeTableId: ""
}
}
customer: "Country/Region"
customer_policy_sets: {}
default_postfix: ""
default_prefix: "fsi"
deploy_bastion: true
deploy_ddos_protection: true
deploy_hub_network: true
deploy_log_analytics_workspace: true
enable_firewall: true
enable_telemetry: true
express_route_gateway_config: {name: "noconfigEr"}
hub_network_address_prefix: "10.20.0.0/16"
landing_zone_management_group_children: {}
log_analytics_workspace_retention_in_days: "365"
ms_defender_for_cloud_email_security_contact: "security_contact@replaceme.com"
policy_assignment_enforcement_mode: "Default"
policy_effect: "Deny"
policy_exemptions: {}
subscription_billing_scope: ""
tags: {}
top_level_management_group_name: "Financial Services Landing Zone"
use_premium_firewall: true
vpn_gateway_config: {name: "noconfigVpn"}
# Advanced Inputs
bootstrap_module_version: "v4.1.8"
starter_module_version: "latest"