feat!: ama (Azure#968)

clouddrove · anmolnagpal · Jul 8, 2024 · Apr 5, 2024 · Apr 11, 2024 · Apr 17, 2024
commit 4d983f7780dbb514c254dc331b71b89f476a2c86
diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 <!-- BEGIN_TF_DOCS -->
 # Azure landing zones Terraform module
 
-[![Build Status](https://dev.azure.com/mscet/CAE-ALZ-Terraform/_apis/build/status/Tests/E2E?branchName=refs%2Ftags%2Fv3.3.0)](https://dev.azure.com/mscet/CAE-ALZ-Terraform/_build/latest?definitionId=26&branchName=refs%2Ftags%2Fv3.3.0)
+[![Build Status](https://dev.azure.com/mscet/CAE-ALZ-Terraform/_apis/build/status/Tests/E2E?branchName=refs%2Ftags%2Fv6.0.0)](https://dev.azure.com/mscet/CAE-ALZ-Terraform/_build/latest?definitionId=26&branchName=refs%2Ftags%2Fv6.0.0)
 ![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/Azure/terraform-azurerm-caf-enterprise-scale?style=flat&logo=github)
 [![Average time to resolve an issue](http://isitmaintained.com/badge/resolution/azure/terraform-azurerm-caf-enterprise-scale.svg)](http://isitmaintained.com/project/azure/terraform-azurerm-caf-enterprise-scale "Average time to resolve an issue")
 [![Percentage of issues still open](http://isitmaintained.com/badge/open/azure/terraform-azurerm-caf-enterprise-scale.svg)](http://isitmaintained.com/project/azure/terraform-azurerm-caf-enterprise-scale "Percentage of issues still open")
@@ -41,12 +41,10 @@ This allows customers to address concerns around managing large state files, or
 
 ## Terraform versions
 
-This module has been tested using Terraform `1.3.1` and AzureRM Provider `3.74.0` as a baseline, and various versions to up the latest at time of release.
+This module has been tested using Terraform `1.7.0` and AzureRM Provider `3.107.0` as a baseline, and various versions to up the latest at time of release.
 In some cases, individual versions of the AzureRM provider may cause errors.
 If this happens, we advise upgrading to the latest version and checking our [troubleshooting](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/Troubleshooting) guide before [raising an issue](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/issues).
 
-> **NOTE:** The module now requires a minimum Terraform version of `1.3.1` to support the GA release of [`optional()` Object Type Attributes](https://developer.hashicorp.com/terraform/language/expressions/type-constraints#optional-object-type-attributes) and the required fix for [issue #31844](https://github.com/hashicorp/terraform/issues/31844).
-
 ## Usage
 
 We recommend starting with the following configuration in your root module to learn what resources are created by the module and how it works.
@@ -66,7 +64,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.74.0"
+      version = "~> 3.107"
     }
   }
 }
@@ -156,6 +154,7 @@ Please see the [releases](https://github.com/Azure/terraform-azurerm-caf-enterpr
 
 For upgrade guides from previous versions, please refer to the following links:
 
+- [Upgrade from v5.2.1 to v6.0.0](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BUser-Guide%5D-Upgrade-from-v5.2.1-to-v6.0.0)
 - [Upgrade from v4.2.0 to v5.0.0](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BUser-Guide%5D-Upgrade-from-v4.2.0-to-v5.0.0)
 - [Upgrade from v3.3.0 to v4.0.0](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BUser-Guide%5D-Upgrade-from-v3.3.0-to-v4.0.0)
 - [Upgrade from v2.4.1 to v3.0.0](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BUser-Guide%5D-Upgrade-from-v2.4.1-to-v3.0.0)
@@ -172,15 +171,15 @@ For upgrade guides from previous versions, please refer to the following links:
 
 The following requirements are needed by this module:
 
-- <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) (>= 1.3.1)
+- <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) (~> 1.7)
 
-- <a name="requirement_azapi"></a> [azapi](#requirement\_azapi) (>= 1.7.0)
+- <a name="requirement_azapi"></a> [azapi](#requirement\_azapi) (~> 1.13, != 1.13.0)
 
-- <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (>= 3.74.0)
+- <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (~> 3.107)
 
-- <a name="requirement_random"></a> [random](#requirement\_random) (>= 3.1.0)
+- <a name="requirement_random"></a> [random](#requirement\_random) (~> 3.6)
 
-- <a name="requirement_time"></a> [time](#requirement\_time) (>= 0.7.0)
+- <a name="requirement_time"></a> [time](#requirement\_time) (~> 0.11)
 
 ## Modules
 
@@ -349,9 +348,11 @@ object({
             virtual_network_gateway = optional(object({
               enabled = optional(bool, false)
               config = optional(object({
-                address_prefix           = optional(string, "")
-                gateway_sku_expressroute = optional(string, "")
-                gateway_sku_vpn          = optional(string, "")
+                address_prefix              = optional(string, "")
+                gateway_sku_expressroute    = optional(string, "")
+                gateway_sku_vpn             = optional(string, "")
+                remote_vnet_traffic_enabled = optional(bool, false)
+                virtual_wan_traffic_enabled = optional(bool, false)
                 advanced_vpn_settings = optional(object({
                   enable_bgp                       = optional(bool, null)
                   active_active                    = optional(bool, null)
@@ -515,6 +516,9 @@ object({
             azure_api_management                 = optional(bool, true)
             azure_app_configuration_stores       = optional(bool, true)
             azure_arc                            = optional(bool, true)
+            azure_arc_guest_configuration        = optional(bool, true)
+            azure_arc_hybrid_resource_provider   = optional(bool, true)
+            azure_arc_kubernetes                 = optional(bool, true)
             azure_automation_dscandhybridworker  = optional(bool, true)
             azure_automation_webhook             = optional(bool, true)
             azure_backup                         = optional(bool, true)
@@ -537,6 +541,7 @@ object({
             azure_database_for_mariadb_server    = optional(bool, true)
             azure_database_for_mysql_server      = optional(bool, true)
             azure_database_for_postgresql_server = optional(bool, true)
+            azure_databricks                     = optional(bool, true)
             azure_digital_twins                  = optional(bool, true)
             azure_event_grid_domain              = optional(bool, true)
             azure_event_grid_topic               = optional(bool, true)
@@ -550,9 +555,11 @@ object({
             azure_kubernetes_service_management  = optional(bool, true)
             azure_machine_learning_workspace     = optional(bool, true)
             azure_managed_disks                  = optional(bool, true)
+            azure_managed_grafana                = optional(bool, true)
             azure_media_services                 = optional(bool, true)
             azure_migrate                        = optional(bool, true)
             azure_monitor                        = optional(bool, true)
+            azure_openai_service                 = optional(bool, true)
             azure_purview_account                = optional(bool, true)
             azure_purview_studio                 = optional(bool, true)
             azure_relay_namespace                = optional(bool, true)
@@ -563,6 +570,7 @@ object({
             azure_synapse_analytics_dev          = optional(bool, true)
             azure_synapse_analytics_sql          = optional(bool, true)
             azure_synapse_studio                 = optional(bool, true)
+            azure_virtual_desktop                = optional(bool, true)
             azure_web_apps_sites                 = optional(bool, true)
             azure_web_apps_static_sites          = optional(bool, true)
             cognitive_services_account           = optional(bool, true)
@@ -625,36 +633,32 @@ Type:
 ```hcl
 object({
     settings = optional(object({
+      ama = optional(object({
+        enable_uami                                                         = optional(bool, true)
+        enable_vminsights_dcr                                               = optional(bool, true)
+        enable_change_tracking_dcr                                          = optional(bool, true)
+        enable_mdfc_defender_for_sql_dcr                                    = optional(bool, true)
+        enable_mdfc_defender_for_sql_query_collection_for_security_research = optional(bool, true)
+      }), {})
       log_analytics = optional(object({
         enabled = optional(bool, true)
         config = optional(object({
-          retention_in_days                                 = optional(number, 30)
-          enable_monitoring_for_vm                          = optional(bool, true)
-          enable_monitoring_for_vmss                        = optional(bool, true)
-          enable_solution_for_agent_health_assessment       = optional(bool, true)
-          enable_solution_for_anti_malware                  = optional(bool, true)
-          enable_solution_for_change_tracking               = optional(bool, true)
-          enable_solution_for_service_map                   = optional(bool, false)
-          enable_solution_for_sql_assessment                = optional(bool, true)
-          enable_solution_for_sql_vulnerability_assessment  = optional(bool, true)
-          enable_solution_for_sql_advanced_threat_detection = optional(bool, true)
-          enable_solution_for_updates                       = optional(bool, true)
-          enable_solution_for_vm_insights                   = optional(bool, true)
-          enable_solution_for_container_insights            = optional(bool, true)
-          enable_sentinel                                   = optional(bool, true)
+          retention_in_days          = optional(number, 30)
+          enable_monitoring_for_vm   = optional(bool, true)
+          enable_monitoring_for_vmss = optional(bool, true)
+          enable_sentinel            = optional(bool, true)
+          enable_change_tracking     = optional(bool, true)
         }), {})
       }), {})
       security_center = optional(object({
         enabled = optional(bool, true)
         config = optional(object({
           email_security_contact                                = optional(string, "security_contact@replace_me")
-          enable_defender_for_apis                              = optional(bool, true)
           enable_defender_for_app_services                      = optional(bool, true)
           enable_defender_for_arm                               = optional(bool, true)
           enable_defender_for_containers                        = optional(bool, true)
           enable_defender_for_cosmosdbs                         = optional(bool, true)
           enable_defender_for_cspm                              = optional(bool, true)
-          enable_defender_for_dns                               = optional(bool, true)
           enable_defender_for_key_vault                         = optional(bool, true)
           enable_defender_for_oss_databases                     = optional(bool, true)
           enable_defender_for_servers                           = optional(bool, true)
@@ -1059,6 +1063,7 @@ Default: `{}`
 
 The following resources are used by this module:
 
+- [azapi_resource.data_collection_rule](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/resource) (resource)
 - [azapi_resource.diag_settings](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/resource) (resource)
 - [azurerm_automation_account.management](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/automation_account) (resource)
 - [azurerm_dns_zone.connectivity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_zone) (resource)
@@ -1096,6 +1101,7 @@ The following resources are used by this module:
 - [azurerm_subscription_template_deployment.telemetry_core](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subscription_template_deployment) (resource)
 - [azurerm_subscription_template_deployment.telemetry_identity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subscription_template_deployment) (resource)
 - [azurerm_subscription_template_deployment.telemetry_management](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subscription_template_deployment) (resource)
+- [azurerm_user_assigned_identity.management](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) (resource)
 - [azurerm_virtual_hub.virtual_wan](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_hub) (resource)
 - [azurerm_virtual_hub_connection.virtual_wan](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_hub_connection) (resource)
 - [azurerm_virtual_hub_routing_intent.virtual_wan](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_hub_routing_intent) (resource)
@@ -1262,4 +1268,4 @@ If you don't wish to send usage data to Microsoft, details on how to turn it off
   - [Feature Requests](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/Feature-Requests)
   - [Contributing to Code](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/Contributing-to-Code)
   - [Contributing to Documentation](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/Contributing-to-Documentation)
-<!-- END_TF_DOCS -->
+<!-- END_TF_DOCS -->
diff --git a/_README_header.md b/_README_header.md
@@ -1,6 +1,6 @@
 # Azure landing zones Terraform module
 
-[![Build Status](https://dev.azure.com/mscet/CAE-ALZ-Terraform/_apis/build/status/Tests/E2E?branchName=refs%2Ftags%2Fv3.3.0)](https://dev.azure.com/mscet/CAE-ALZ-Terraform/_build/latest?definitionId=26&branchName=refs%2Ftags%2Fv3.3.0)
+[![Build Status](https://dev.azure.com/mscet/CAE-ALZ-Terraform/_apis/build/status/Tests/E2E?branchName=refs%2Ftags%2Fv6.0.0)](https://dev.azure.com/mscet/CAE-ALZ-Terraform/_build/latest?definitionId=26&branchName=refs%2Ftags%2Fv6.0.0)
 ![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/Azure/terraform-azurerm-caf-enterprise-scale?style=flat&logo=github)
 [![Average time to resolve an issue](http://isitmaintained.com/badge/resolution/azure/terraform-azurerm-caf-enterprise-scale.svg)](http://isitmaintained.com/project/azure/terraform-azurerm-caf-enterprise-scale "Average time to resolve an issue")
 [![Percentage of issues still open](http://isitmaintained.com/badge/open/azure/terraform-azurerm-caf-enterprise-scale.svg)](http://isitmaintained.com/project/azure/terraform-azurerm-caf-enterprise-scale "Percentage of issues still open")
@@ -40,12 +40,10 @@ This allows customers to address concerns around managing large state files, or
 
 ## Terraform versions
 
-This module has been tested using Terraform `1.3.1` and AzureRM Provider `3.74.0` as a baseline, and various versions to up the latest at time of release.
+This module has been tested using Terraform `1.7.0` and AzureRM Provider `3.107.0` as a baseline, and various versions to up the latest at time of release.
 In some cases, individual versions of the AzureRM provider may cause errors.
 If this happens, we advise upgrading to the latest version and checking our [troubleshooting](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/Troubleshooting) guide before [raising an issue](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/issues).
 
-> **NOTE:** The module now requires a minimum Terraform version of `1.3.1` to support the GA release of [`optional()` Object Type Attributes](https://developer.hashicorp.com/terraform/language/expressions/type-constraints#optional-object-type-attributes) and the required fix for [issue #31844](https://github.com/hashicorp/terraform/issues/31844).
-
 ## Usage
 
 We recommend starting with the following configuration in your root module to learn what resources are created by the module and how it works.
@@ -65,7 +63,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.74.0"
+      version = "~> 3.107"
     }
   }
 }
@@ -155,6 +153,7 @@ Please see the [releases](https://github.com/Azure/terraform-azurerm-caf-enterpr
 
 For upgrade guides from previous versions, please refer to the following links:
 
+- [Upgrade from v5.2.1 to v6.0.0](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BUser-Guide%5D-Upgrade-from-v5.2.1-to-v6.0.0)
 - [Upgrade from v4.2.0 to v5.0.0](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BUser-Guide%5D-Upgrade-from-v4.2.0-to-v5.0.0)
 - [Upgrade from v3.3.0 to v4.0.0](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BUser-Guide%5D-Upgrade-from-v3.3.0-to-v4.0.0)
 - [Upgrade from v2.4.1 to v3.0.0](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BUser-Guide%5D-Upgrade-from-v2.4.1-to-v3.0.0)

diff --git a/docs/wiki/[Examples]-Deploy-Connectivity-Resources-With-Custom-Settings.md b/docs/wiki/[Examples]-Deploy-Connectivity-Resources-With-Custom-Settings.md
@@ -73,7 +73,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.74.0"
+      version = "~> 3.107"
     }
   }
 }

diff --git a/docs/wiki/[Examples]-Deploy-Connectivity-Resources.md b/docs/wiki/[Examples]-Deploy-Connectivity-Resources.md
@@ -51,7 +51,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.74.0"
+      version = "~> 3.107"
     }
   }
 }

diff --git a/docs/wiki/[Examples]-Deploy-Custom-Landing-Zone-Archetypes.md b/docs/wiki/[Examples]-Deploy-Custom-Landing-Zone-Archetypes.md
@@ -44,7 +44,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.74.0"
+      version = "~> 3.107"
     }
   }
 }

diff --git a/docs/wiki/[Examples]-Deploy-Default-Configuration.md b/docs/wiki/[Examples]-Deploy-Default-Configuration.md
@@ -26,7 +26,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.74.0"
+      version = "~> 3.107"
     }
   }
 }

diff --git a/docs/wiki/[Examples]-Deploy-Demo-Landing-Zone-Archetypes.md b/docs/wiki/[Examples]-Deploy-Demo-Landing-Zone-Archetypes.md
@@ -33,7 +33,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.74.0"
+      version = "~> 3.107"
     }
   }
 }

diff --git a/docs/wiki/[Examples]-Deploy-Identity-Resources-With-Custom-Settings.md b/docs/wiki/[Examples]-Deploy-Identity-Resources-With-Custom-Settings.md
@@ -47,7 +47,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.74.0"
+      version = "~> 3.107"
     }
   }
 }

diff --git a/docs/wiki/[Examples]-Deploy-Identity-Resources.md b/docs/wiki/[Examples]-Deploy-Identity-Resources.md
@@ -41,7 +41,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.74.0"
+      version = "~> 3.107"
     }
   }
 }

diff --git a/docs/wiki/[Examples]-Deploy-Management-Resources-With-Custom-Settings.md b/docs/wiki/[Examples]-Deploy-Management-Resources-With-Custom-Settings.md
@@ -56,7 +56,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.74.0"
+      version = "~> 3.107"
     }
   }
 }

diff --git a/docs/wiki/[Examples]-Deploy-Management-Resources.md b/docs/wiki/[Examples]-Deploy-Management-Resources.md
@@ -41,7 +41,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.74.0"
+      version = "~> 3.107"
     }
   }
 }

diff --git a/docs/wiki/[Examples]-Deploy-Using-Module-Nesting.md b/docs/wiki/[Examples]-Deploy-Using-Module-Nesting.md
@@ -84,7 +84,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.74.0"
+      version = "~> 3.107"
     }
   }
 }

diff --git a/docs/wiki/[Examples]-Deploy-Virtual-WAN-Resources-With-Custom-Settings.md b/docs/wiki/[Examples]-Deploy-Virtual-WAN-Resources-With-Custom-Settings.md
@@ -71,7 +71,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.74.0"
+      version = "~> 3.107"
     }
   }
 }

diff --git a/docs/wiki/[Examples]-Deploy-Virtual-WAN-Resources.md b/docs/wiki/[Examples]-Deploy-Virtual-WAN-Resources.md
@@ -58,7 +58,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.74.0"
+      version = "~> 3.107"
     }
   }
 }

diff --git a/...wiki/[Examples]-Deploy-using-multiple-module-declarations-with-orchestration.md b/...wiki/[Examples]-Deploy-using-multiple-module-declarations-with-orchestration.md
@@ -90,7 +90,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.74.0"
+      version = "~> 3.107"
     }
   }
 }
@@ -260,7 +260,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.74.0"
+      version = "~> 3.107"
     }
   }
 }
@@ -474,7 +474,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.74.0"
+      version = "~> 3.107"
     }
   }
 }
@@ -688,7 +688,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.74.0"
+      version = "~> 3.107"
     }
   }
 }