Microsoft Cloud Adoption Framework for Azure provides you with guidance and best practices to adopt Azure.
This module allows you to create resources on Microsoft Azure, is used by the Cloud Adoption Framework for Azure (CAF) landing zones to provision resources in an Azure subscription.
- Access to an Azure subscription.
| Name | Version |
|---|---|
| terraform | >= 1.3.5 |
| azuread | ~> 2.39.0 |
| azurerm | >= 3.59.0 |
| random | ~> 3.5.1 |
| time | >= 0.9.1 |
| tls | >= 3.1.0 |
| Name | Version |
|---|---|
| azuread | ~> 2.39.0 |
| azurerm | >= 3.59.0 |
| azurerm.connectivity | >= 3.59.0 |
| azurerm.management | >= 3.59.0 |
| Name | Source | Version |
|---|---|---|
| analysis_services | ./modules/analysis_services | n/a |
| api_management | ./modules/api_management | n/a |
| api_management_product | ./modules/api_management/product | n/a |
| api_management_subscription | ./modules/api_management/subscription | n/a |
| app_service_plan_diagnostics | ./modules/monitor/diagnostic_settings | n/a |
| app_service_plans | ./modules/web/app_service_plan | n/a |
| application_insights | ./modules/application_insights | n/a |
| cdn_frontdoors | ./modules/networking/cdn_frontdoor | n/a |
| container_app_environment_certificates | ./modules/web/container_app/environment_certificate | n/a |
| container_app_environment_dapr_components | ./modules/web/container_app/environment_dapr_component | n/a |
| container_app_environment_storage | ./modules/web/container_app/environment_storage | n/a |
| container_app_environments | ./modules/web/container_app/environment | n/a |
| container_apps | ./modules/web/container_app | n/a |
| data_factory | ./modules/data_factory/data_factory | n/a |
| data_factory_diagnostics | ./modules/monitor/diagnostic_settings | n/a |
| data_factory_integration_runtime_azure_ssis | ./modules/data_factory/data_factory_integration_runtime_azure_ssis | n/a |
| data_factory_integration_runtime_self_hosted | ./modules/data_factory/data_factory_integration_runtime_self_hosted | n/a |
| data_factory_pipeline | ./modules/data_factory/data_factory_pipeline | n/a |
| data_factory_private_endpoints | ./modules/networking/private_endpoint | n/a |
| data_factory_trigger_schedule | ./modules/data_factory/data_factory_trigger_schedule | n/a |
| dns_zones | ./modules/networking/dns_zone | n/a |
| event_hub_auth_rules | ./modules/messaging/event_hubs/hubs/auth_rules | n/a |
| event_hub_consumer_groups | ./modules/messaging/event_hubs/consumer_groups | n/a |
| event_hub_namespace_auth_rules | ./modules/messaging/event_hubs/namespaces/auth_rules | n/a |
| event_hub_namespaces | ./modules/messaging/event_hubs/namespaces | n/a |
| event_hub_namespaces_diagnostics | ./modules/monitor/diagnostic_settings | n/a |
| event_hub_namespaces_private_endpoints | ./modules/networking/private_endpoint | n/a |
| event_hubs | ./modules/messaging/event_hubs/hubs | n/a |
| express_route_circuits | ./modules/networking/express_route_circuit | n/a |
| frontdoors | ./modules/networking/frontdoor | n/a |
| ip_groups | ./modules/networking/ip_group | n/a |
| keyvault_access_policies | ./modules/security/keyvault_access_policies | n/a |
| keyvault_access_policies_azuread_apps | ./modules/security/keyvault_access_policies | n/a |
| keyvault_diagnostics | ./modules/monitor/diagnostic_settings | n/a |
| keyvault_private_endpoints | ./modules/networking/private_endpoint | n/a |
| keyvaults | ./modules/security/keyvault | n/a |
| linux_function_apps | ./modules/web/function_app_linux | n/a |
| linux_function_apps_diagnostics | ./modules/monitor/diagnostic_settings | n/a |
| linux_web_apps | ./modules/web/app_service_linux | n/a |
| linux_web_apps_diagnostics | ./modules/monitor/diagnostic_settings | n/a |
| log_analytics | ./modules/log_analytics | n/a |
| log_analytics_diagnostics | ./modules/monitor/diagnostic_settings | n/a |
| managed_identities | ./modules/security/managed_identity | n/a |
| monitor_autoscale_settings | ./modules/monitor/autoscale_setting | n/a |
| mssql_databases | ./modules/databases/mssql_database | n/a |
| mssql_servers | ./modules/databases/mssql_server | n/a |
| mssql_servers_private_endpoints | ./modules/networking/private_endpoint | n/a |
| mysql_databases | ./modules/databases/mysql_flexible_database | n/a |
| mysql_servers | ./modules/databases/mysql_flexible_server | n/a |
| private_dns | ./modules/networking/private_dns | n/a |
| private_dns_resolver | ./modules/networking/private_dns_resolver | n/a |
| redis_cache | ./modules/databases/redis_cache | n/a |
| resource_groups | ./modules/resource_group | n/a |
| static_sites | ./modules/web/static_site | n/a |
| storage_accounts | ./modules/storage/storage_account | n/a |
| storage_accounts_private_endpoints | ./modules/networking/private_endpoint | n/a |
| storage_syncs | ./modules/storage/storage_sync | n/a |
| virtual_machines | ./modules/compute/virtual_machine | n/a |
| virtual_networks | ./modules/networking/virtual_network | n/a |
| virtual_subnets | ./modules/networking/virtual_network/subnet | n/a |
| windows_function_apps | ./modules/web/function_app_windows | n/a |
| windows_function_apps_diagnostics | ./modules/monitor/diagnostic_settings | n/a |
| windows_web_apps | ./modules/web/app_service_windows | n/a |
| windows_web_apps_diagnostics | ./modules/monitor/diagnostic_settings | n/a |
| Name | Type |
|---|---|
| azuread_client_config.current | data source |
| azurerm_client_config.connectivity | data source |
| azurerm_client_config.current | data source |
| azurerm_client_config.management | data source |
| azurerm_private_dns_zone.dns | data source |
| azurerm_subscription.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| analysis_services | Configuration object - Analysis Services resources | map |
{} |
no |
| apim | Configuration object - API Management resources | map |
{} |
no |
| client_config | n/a | map |
{} |
no |
| cloud | Configuration object - Cloud resources defaults to Azure public, allows you to switch to other Azure endpoints. | map |
{ "acrLoginServerEndpoint": ".azurecr.io", "activeDirectory": "https://login.microsoftonline.com", "activeDirectoryDataLakeResourceId": "https://datalake.azure.net/", "activeDirectoryGraphResourceId": "https://graph.windows.net/", "activeDirectoryResourceId": "https://management.core.windows.net/", "appInsightsResourceId": "https://api.applicationinsights.io", "appInsightsTelemetryChannelResourceId": "https://dc.applicationinsights.azure.com/v2/track", "attestationEndpoint": ".attest.azure.net", "attestationResourceId": "https://attest.azure.net", "azmirrorStorageAccountResourceId": "null", "azureDatalakeAnalyticsCatalogAndJobEndpoint": "azuredatalakeanalytics.net", "azureDatalakeStoreFileSystemEndpoint": "azuredatalakestore.net", "batchResourceId": "https://batch.core.windows.net/", "gallery": "https://gallery.azure.com/", "keyvaultDns": ".vault.azure.net", "logAnalyticsResourceId": "https://api.loganalytics.io", "management": "https://management.core.windows.net/", "mariadbServerEndpoint": ".mariadb.database.azure.com", "mediaResourceId": "https://rest.media.azure.net", "mhsmDns": ".managedhsm.azure.net", "microsoftGraphResourceId": "https://graph.microsoft.com/", "mysqlServerEndpoint": ".mysql.database.azure.com", "ossrdbmsResourceId": "https://ossrdbms-aad.database.windows.net", "portal": "https://portal.azure.com", "postgresqlServerEndpoint": ".postgres.database.azure.com", "resourceManager": "https://management.azure.com/", "sqlManagement": "https://management.core.windows.net:8443/", "sqlServerHostname": ".database.windows.net", "storageEndpoint": "core.windows.net", "storageSyncEndpoint": "afs.azure.net", "synapseAnalyticsEndpoint": ".dev.azuresynapse.net", "synapseAnalyticsResourceId": "https://dev.azuresynapse.net", "vmImageAliasDoc": "https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/arm-compute/quickstart-templates/aliases.json" } |
no |
| compute | Configuration object - Azure compute resources | map |
{} |
no |
| data_factory | Configuration object - Data Factory resources. | map |
{} |
no |
| data_sources | Data gathering for resources not managed by CAF Module | map |
{} |
no |
| database | Configuration object - databases resources | map |
{} |
no |
| global_settings | Global settings object for the current deployment. | map |
{ "default_region": "region1", "environment": "sbx", "passthrough": false, "regions": { "region1": "eastus", "region2": "westus" } } |
no |
| messaging | Configuration object - messaging resources | map |
{} |
no |
| networking | Configuration object - networking resources | map |
{} |
no |
| remote_objects | Allow the landing zone to retrieve remote tfstate objects and pass them to the CAF module. | map |
{} |
no |
| resource_groups | Configuration object - Resource groups. | map |
{} |
no |
| security | Configuration object - security resources | map |
{} |
no |
| shared_services | Configuration object - Shared services resources | map |
{} |
no |
| storage | Configuration object - Storage resources | map |
{} |
no |
| subscription_id_connectivity | Sets the Subscription ID to use for Connectivity resources. | string |
"" |
no |
| subscription_id_management | Sets the Subscription ID to use for Management resources. | string |
"" |
no |
| web | Configuration object - Web Applications | map |
{} |
no |