Merge pull request #502 from Azure/AL-2309

September 2023 Updates

Author: arnaudlh

.devcontainer/docker-compose.yml

@@ -6,7 +6,7 @@
   version: '3.7'
   services:
     rover:
-      image: aztfmod/rover:1.5.4-2307.2804
+      image: aztfmod/rover:1.5.6-2309.0507
       user: vscode
 
       labels:

.github/workflows/landingzones-tf100.yml

@@ -39,7 +39,7 @@ jobs:
           random_length: ['5']
 
     container:
-      image: aztfmod/rover:1.5.4-2307.2804
+      image: aztfmod/rover:1.5.6-2309.0507
       options: --user 0
 
     steps:
@@ -96,7 +96,7 @@ jobs:
           ]
 
     container:
-      image: aztfmod/rover:1.5.4-2307.2804
+      image: aztfmod/rover:1.5.6-2309.0507
       options: --user 0
 
     steps:
@@ -143,7 +143,7 @@ jobs:
           random_length: ['5']
 
     container:
-      image: aztfmod/rover:1.5.4-2307.2804
+      image: aztfmod/rover:1.5.6-2309.0507
       options: --user 0
 
     steps:
@@ -198,7 +198,7 @@ jobs:
           ]
 
     container:
-      image: aztfmod/rover:1.5.4-2307.2804
+      image: aztfmod/rover:1.5.6-2309.0507
       options: --user 0
 
     steps:
@@ -244,7 +244,7 @@ jobs:
         random_length: ['5']
 
     container:
-      image: aztfmod/rover:1.5.4-2307.2804
+      image: aztfmod/rover:1.5.6-2309.0507
       options: --user 0
 
     steps:

README.md

@@ -2,22 +2,20 @@
 
 [![Gitter](https://badges.gitter.im/aztfmod/community.svg)](https://gitter.im/aztfmod/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
 
-# Cloud Adoption Framework for Azure Terraform landing zones
+# Azure Terraform SRE
 
-Microsoft [Cloud Adoption Framework for Azure](https://docs.microsoft.com/azure/cloud-adoption-framework/overview) provides you with guidance and best practices to adopt Azure.
 
-CAF Terraform landing zones team mission statement is to:
+Azure Terraform SRE (formely CAF Terraform) ambitions:
 
 * Equip the Site Reliability Engineering teams for Terraform on Azure.
 * Democratize an IaC: Infrastructure-as-Configuration.
 * Commoditize state management and enterprise-wide composition.
-* Standardize deployments using Azure enterprise-scale landing zones.
-* Implement Azure enterprise-scale design and approach with native Terraform and DevOps.
+* Standardize deployments leveraging official Azure landing zones components.
 * Propose a prescriptive guidance on how to enable DevOps for infrastructure as code on Microsoft Azure.
 * Foster a community of Azure *Terraformers* using a common set of practices and sharing best practices.
 
 
-You can review the different components parts of the Cloud Adoption Framework for Azure Terraform landing zones and look at the quick intro video below:
+You can review the different components parts of the Azure Terraform SRE and look at the quick intro video below:
 
 [![caf_elements](./_pictures/caf_elements.png)](https://www.youtube.com/watch?v=FlQ17u4NNts "CAF Introduction")
 
@@ -26,7 +24,7 @@ You can review the different components parts of the Cloud Adoption Framework fo
 
 When starting an enterprise deployment, we recommend you start creating a configuration repository where you craft the configuration files for your environments.
 
-The best way to start is to clone the [platform starter repository](https://github.com/Azure/caf-terraform-landingzones-platform-starter) and getting started with the configuration files. 
+The best way to start is to clone the [platform starter repository](https://github.com/Azure/caf-terraform-landingzones-platform-starter) and getting started with the configuration files.
 
 If you are reading this, you are probably interested also in reading the doc as below:
 :books: Read our [centralized documentation page](https://aka.ms/caf/terraform)

caf_launchpad/dynamic_secrets.tf

@@ -1,7 +1,7 @@
 
 module "dynamic_keyvault_secrets" {
   source  = "aztfmod/caf/azurerm//modules/security/dynamic_keyvault_secrets"
-  version = "5.7.3"
+  version = "5.7.4"
 
   for_each = try(var.dynamic_keyvault_secrets, {})
 

caf_launchpad/landingzone.tf

@@ -1,6 +1,6 @@
 module "launchpad" {
   source  = "aztfmod/caf/azurerm"
-  version = "5.7.3"
+  version = "5.7.4"
   # source = "git::https://github.com/aztfmod/terraform-azurerm-caf.git?ref=main"
 
   providers = {

caf_launchpad/scenario/200/diagnostics_definition.tfvars

@@ -9,11 +9,11 @@ diagnostics_definition = {
     categories = {
       log = [
         # ["Category name",  "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period]
-        ["Audit", true, false, 7],
+        ["Audit", true, false, 0],
       ]
       metric = [
         #["Category name",  "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period]
-        ["AllMetrics", true, false, 7],
+        ["AllMetrics", true, false, 0],
       ]
     }
 
@@ -24,11 +24,11 @@ diagnostics_definition = {
     categories = {
       log = [
         # ["Category name",  "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period]
-        ["AuditEvent", true, false, 7],
+        ["AuditEvent", true, false, 0],
       ]
       metric = [
         #["Category name",  "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period]
-        ["AllMetrics", true, false, 7],
+        ["AllMetrics", true, false, 0],
       ]
     }
 
@@ -39,7 +39,7 @@ diagnostics_definition = {
     categories = {
       log = [
         # ["Category name",  "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period]
-        ["BastionAuditLogs", true, false, 7],
+        ["BastionAuditLogs", true, false, 0],
       ]
     }
 
@@ -50,11 +50,11 @@ diagnostics_definition = {
     categories = {
       log = [
         # ["Category name",  "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period]
-        ["VMProtectionAlerts", true, false, 7],
+        ["VMProtectionAlerts", true, false, 0],
       ]
       metric = [
         #["Category name",  "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period]
-        ["AllMetrics", true, false, 7],
+        ["AllMetrics", true, false, 0],
       ]
     }
 
@@ -65,13 +65,13 @@ diagnostics_definition = {
     categories = {
       log = [
         # ["Category name",  "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period]
-        ["DDoSProtectionNotifications", true, false, 7],
-        ["DDoSMitigationFlowLogs", true, false, 7],
-        ["DDoSMitigationReports", true, false, 7],
+        ["DDoSProtectionNotifications", true, false, 0],
+        ["DDoSMitigationFlowLogs", true, false, 0],
+        ["DDoSMitigationReports", true, false, 0],
       ]
       metric = [
         #["Category name",  "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period]
-        ["AllMetrics", true, false, 7],
+        ["AllMetrics", true, false, 0],
       ]
     }
 
@@ -82,8 +82,8 @@ diagnostics_definition = {
     categories = {
       log = [
         # ["Category name",  "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period]
-        ["NetworkSecurityGroupEvent", true, false, 7],
-        ["NetworkSecurityGroupRuleCounter", true, false, 7],
+        ["NetworkSecurityGroupEvent", true, false, 0],
+        ["NetworkSecurityGroupRuleCounter", true, false, 0],
       ]
     }
 
@@ -94,11 +94,11 @@ diagnostics_definition = {
     categories = {
       # log = [
       #   # ["Category name",  "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period]
-      #   ["AuditEvent", true, false, 7],
+      #   ["AuditEvent", true, false, 0],
       # ]
       metric = [
         #["Category name",  "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period]
-        ["AllMetrics", true, false, 7],
+        ["AllMetrics", true, false, 0],
       ]
     }
 
@@ -109,12 +109,12 @@ diagnostics_definition = {
     categories = {
       log = [
         # ["Category name",  "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period]
-        ["ContainerRegistryRepositoryEvents", true, false, 7],
-        ["ContainerRegistryLoginEvents", true, false, 7],
+        ["ContainerRegistryRepositoryEvents", true, false, 0],
+        ["ContainerRegistryLoginEvents", true, false, 0],
       ]
       metric = [
         #["Category name",  "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period]
-        ["AllMetrics", true, false, 7],
+        ["AllMetrics", true, false, 0],
       ]
     }
   }
@@ -124,17 +124,17 @@ diagnostics_definition = {
     categories = {
       log = [
         # ["Category name",  "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period]
-        ["kube-apiserver", true, false, 7],
-        ["kube-audit", true, false, 7],
-        ["kube-audit-admin", true, false, 7],
-        ["kube-controller-manager", true, false, 7],
-        ["kube-scheduler", true, false, 7],
-        ["cluster-autoscaler", true, false, 7],
-        ["guard", true, false, 7],
+        ["kube-apiserver", true, false, 0],
+        ["kube-audit", true, false, 0],
+        ["kube-audit-admin", true, false, 0],
+        ["kube-controller-manager", true, false, 0],
+        ["kube-scheduler", true, false, 0],
+        ["cluster-autoscaler", true, false, 0],
+        ["guard", true, false, 0],
       ]
       metric = [
         #["Category name",  "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period]
-        ["AllMetrics", true, false, 7],
+        ["AllMetrics", true, false, 0],
       ]
     }
   }
@@ -145,20 +145,20 @@ diagnostics_definition = {
     categories = {
       log = [
         # ["Category name",  "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period]
-        ["AzureBackupReport", true, true, 7],
-        ["CoreAzureBackup", true, true, 7],
-        ["AddonAzureBackupAlerts", true, true, 7],
-        ["AddonAzureBackupJobs", true, true, 7],
-        ["AddonAzureBackupPolicy", true, true, 7],
-        ["AddonAzureBackupProtectedInstance", true, true, 7],
-        ["AddonAzureBackupStorage", true, true, 7],
-        ["AzureSiteRecoveryJobs", true, true, 7],
-        ["AzureSiteRecoveryEvents", true, true, 7],
-        ["AzureSiteRecoveryReplicatedItems", true, true, 7],
-        ["AzureSiteRecoveryReplicationStats", true, true, 7],
-        ["AzureSiteRecoveryRecoveryPoints", true, true, 7],
-        ["AzureSiteRecoveryReplicationDataUploadRate", true, true, 7],
-        ["AzureSiteRecoveryProtectedDiskDataChurn", true, true, 30],
+        ["AzureBackupReport", true, true, 0],
+        ["CoreAzureBackup", true, true, 0],
+        ["AddonAzureBackupAlerts", true, true, 0],
+        ["AddonAzureBackupJobs", true, true, 0],
+        ["AddonAzureBackupPolicy", true, true, 0],
+        ["AddonAzureBackupProtectedInstance", true, true, 0],
+        ["AddonAzureBackupStorage", true, true, 0],
+        ["AzureSiteRecoveryJobs", true, true, 0],
+        ["AzureSiteRecoveryEvents", true, true, 0],
+        ["AzureSiteRecoveryReplicatedItems", true, true, 0],
+        ["AzureSiteRecoveryReplicationStats", true, true, 0],
+        ["AzureSiteRecoveryRecoveryPoints", true, true, 0],
+        ["AzureSiteRecoveryReplicationDataUploadRate", true, true, 0],
+        ["AzureSiteRecoveryProtectedDiskDataChurn", true, true, 0],
       ]
       metric = [
         #["AllMetrics", 60, True],
@@ -172,13 +172,13 @@ diagnostics_definition = {
     categories = {
       log = [
         # ["Category name",  "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period]
-        ["JobLogs", true, true, 30],
-        ["JobStreams", true, true, 30],
-        ["DscNodeStatus", true, true, 30],
+        ["JobLogs", true, true, 0],
+        ["JobStreams", true, true, 0],
+        ["DscNodeStatus", true, true, 0],
       ]
       metric = [
         # ["Category name",  "Metric Enabled(true/false)", "Retention Enabled(true/false)", Retention_period]
-        ["AllMetrics", true, true, 30],
+        ["AllMetrics", true, true, 0],
       ]
     }
 
@@ -189,17 +189,17 @@ diagnostics_definition = {
     categories = {
       log = [
         # ["Category name",  "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period]
-        ["ArchiveLogs", true, false, 7],
-        ["OperationalLogs", true, false, 7],
-        ["AutoScaleLogs", true, false, 7],
-        ["KafkaCoordinatorLogs", true, false, 7],
-        ["KafkaUserErrorLogs", true, false, 7],
-        ["EventHubVNetConnectionEvent", true, false, 7],
-        ["CustomerManagedKeyUserLogs", true, false, 7],
+        ["ArchiveLogs", true, false, 0],
+        ["OperationalLogs", true, false, 0],
+        ["AutoScaleLogs", true, false, 0],
+        ["KafkaCoordinatorLogs", true, false, 0],
+        ["KafkaUserErrorLogs", true, false, 0],
+        ["EventHubVNetConnectionEvent", true, false, 0],
+        ["CustomerManagedKeyUserLogs", true, false, 0],
       ]
       metric = [
         #["Category name",  "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period]
-        ["AllMetrics", true, false, 7],
+        ["AllMetrics", true, false, 0],
       ]
     }
 
@@ -210,11 +210,11 @@ diagnostics_definition = {
     categories = {
       log = [
         # ["Category name",  "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period]
-        ["AuditEvent", true, true, 365],
+        ["AuditEvent", true, true, 0],
       ]
       metric = [
         #["Category name",  "Diagnostics Enabled(true/false)", "Retention Enabled(true/false)", Retention_period]
-        ["AllMetrics", false, false, 7],
+        ["AllMetrics", false, false, 0],
       ]
     }
 

caf_solution/dynamic_secrets.tf

@@ -1,6 +1,6 @@
 module "dynamic_keyvault_secrets" {
   source  = "aztfmod/caf/azurerm//modules/security/dynamic_keyvault_secrets"
-  version = "5.7.3"
+  version = "5.7.4"
 
   for_each = {
     for keyvault_key, secrets in try(var.dynamic_keyvault_secrets, {}) : keyvault_key => {

caf_solution/landingzone.tf

@@ -1,6 +1,6 @@
 module "solution" {
   source  = "aztfmod/caf/azurerm"
-  version = "5.7.3"
+  version = "5.7.4"
   # source = "git::https://github.com/aztfmod/terraform-azurerm-caf.git?ref=main"
 
   providers = {

caf_solution/local.maps.tf

@@ -2,7 +2,7 @@ locals {
   maps = merge(
     var.maps,
     {
-      maps_accounts  = var.maps_accounts
+      maps_accounts = var.maps_accounts
     }
   )
 }