Welcome to the Enterprise Landing Zone!
This project is a template designed to accelerate the creation of secure, scalable, and well-governed cloud environments using the Infrastructure as Code (IaC) philosophy with Terraform.
The MAIN GOAL is to provide a modular and reusable framework that serves as a foundation for deploying workloads across multiple clouds providers like AWS, Azure, GCP and OCI.
- Modularity: Build independent and reusable modules for common cloud services (e.g., networking, identity, security).
- Environment Segregation: Utilize Terraform Workspaces to cleanly and securely isolate and manage configurations for different environments (
DEV,QAS,PRD). - Accelerator Template: Serve as a GitHub repository template, allowing new teams or projects to quickly start with best practices already built-in.
- Extensibility: Be the foundation for future integrations with Configuration Management tools like Ansible for application and OS provisioning.
The directory structure is designed to be intuitive and scalable. Each cloud provider has its own directory containing its respective modules.
enterprise-landing-zone/
├── .github/
│ └── workflows/ # (Optional) Future CI/CD workflows
├── modules/
│ ├── aws/
│ │ ├── network/ # Example: Module for network resources (VPC, Subnets)
│ │ │ ├── main.tf
│ │ │ ├── variables.tf
│ │ │ ├── outputs.tf
| | | ├── locals.tf
│ │ │ └── environments/
│ │ │ └── dev.yaml # Configuration for the DEV environment
│ │ │ └── qas.yaml # Configuration for the QAS environment
│ │ │ └── main.yaml # Configuration for the PRD environment
│ │ └── ... (other aws modules: iam, s3, eks, etc.)
│ ├── azure/
│ │ └── ... (modules for Azure)
│ ├── gcp/
│ │ └── ... (modules for GCP)
│ └── oci/
│ └── ... (modules for Oracle Cloud)
├── .gitignore
├── LICENSE
└── README.md
modules/: The root directory containing all reusable modules, organized by cloud provider.environments/: This directory holds the configuration-as-code for each environment in easy-to-read YAML files.locals.tf: This is the core of our dynamic configuration. It uses the built-in Terraform functionyamldecodeto read and parse the appropriate YAML file from theenvironmentsdirectory based on the name of the currently selected workspace. This automates configuration loading.
The configuration for each environment is now loaded automatically from a YAML file based on the selected Terraform workspace. The workflow is clean and simple.
Prerequisites:
- Terraform installed.
- AWS credentials configured in your environment.
- Git installed.
-
Clone this repository:
git clone [https://github.com/vieira.devops/enterprise-landing-zone.git](https://github.com/vieira.devops/enterprise-landing-zone.git) cd enterprise-landing-zone/modules/aws/network -
Initialize Terraform:
terraform init
-
Select your Workspace: This is the crucial step. The workspace name must match the name of your config file (e.g.,
devfordev-config.yaml).# Create the workspace if it doesn't exist terraform workspace new dev # Or select it if it already exists terraform workspace select dev
-
Plan and Apply: Notice that you no longer need the
-var-fileflag. Terraform will automatically load the configuration based on the workspace.# Plan the execution terraform plan # Apply the changes terraform apply
This project is constantly evolving. The next planned steps are:
- Add essential modules for AWS (IAM, S3, EKS).
- Develop the first modules for Azure and GCP (Network, Identity).
- Develop CI/CD pipeline examples for both GitHub Actions and Azure DevOps for automatic validation and deployment.
- Ansible Integration: Create playbooks to configure instances provisioned via Terraform.
- Add infrastructure tests with tools like Terratest.
Contributions are very welcome!
If you have ideas, suggestions, or find a bug, please open an Issue to discuss it. If you want to contribute code, please Fork the repository and submit a Pull Request.
This project is distributed under the MIT License. See the LICENSE file for more details.