I'm trying to figure out how to set up my Terraform pipelines for building Platform Landing Zones, especially since I'll have separate modules for various components like management groups, subscriptions, policies, and connectivity. Would it make sense to have a distinct pipeline for each module, or is there a better way to arrange them? I've noticed some folks opt for separate stages in their Azure DevOps pipelines for each module, but that seems a bit awkward to me. Any advice on how to approach this?
5 Answers
That's a solid approach! Just curious, how do you guys handle the different states when a module like a central network changes? Do you communicate manually with the team managing dependent resources, or is there automation in place for that kind of coordination?
We've separated our Terraform templates for management, connectivity, landing zone vending, and firewall policies into different repositories, each with its own pipeline. Initially, we bundled everything together, but it became unwieldy, and pipeline runs would take ages—plus, we faced issues with access tokens expiring mid-run. Now, each repo has its own service principal, which makes management way easier and provides better segregation. It's definitely worked better for us!
In terms of managing subscriptions for each platform management group, I'd suggest taking a modular approach. You might want to create all the subscriptions together for the initial setup, but keeping it modular allows for flexibility as your environment grows. When starting from scratch in a greenfield Azure environment, focus on how to best segregate resources while still maintaining clean relationships between them.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically