Home - Node4-Digital/ris-CloudInfra-ALZ-MS-Bicep GitHub Wiki

PDS Azure Landing Zones Bicep Repo - Wiki

Welcome to the wiki of the PDS Azure Landing Zones Bicep repo. This repo contains the Azure Landing Zone Bicep modules that help you create and implement the Azure Landing Zone Conceptual Architecture for Police Forces and Fire Services as approved by the PDS in a modular approach.

Artefacts like policies and monitoring have been pulled down from the Azure/Enterprise-Scale repo and Azure/Monitor repo to ensure the latest Microsoft recommended policies and monitoring have been used.

Have you seen Microsoft's latest page in the Azure Architecture Center here: Azure landing zones - Bicep modules design considerations

Navigation

• Wiki Home
• Deployment Flow
  • Network Topology: Hub and Spoke
  • Network Topology: Virtual WAN
  • Zero Trust Networking Guide: Hub and Spoke
• Consumer Guide
  • Accelerator
• How Does ALZ-Bicep Implement Azure Policies?
  • Adding Custom Azure Policy Definitions
  • Assigning Azure Policies
• Contributing
• Telemetry Tracking Using Customer Usage Attribution (PID)
• Azure Container Registry Deployment - Private Bicep Registry
• Frequently Asked Questions
• Sample Pipelines
  • GitHub Actions
  • Azure DevOps
• Code Tours

ALZ Architecture

The diagram below shows the future architecture of the Azure Landing Zone solution.

In the Microsoft Cloud Adoption Framework for Azure - Enterprise-scale landing zone architecture, several key components are involved, including management groups, subscriptions, resource groups, and resources. Let's look at each of these components:

• Management Groups: Management groups provide a hierarchical structure to organize and manage Azure resources effectively. They act as containers for subscriptions and enable centralized governance across multiple subscriptions. Management groups allow you to apply policies, access controls, and RBAC (Role-Based Access Control) permissions consistently across the hierarchy. They provide a way to logically group subscriptions based on business units, environments, or other organizational criteria.
• Subscriptions: Subscriptions are the fundamental unit of Azure resource management. They represent the billing and security boundaries within Azure. Each subscription has its own identity, limits, policies, and separate billing. In the enterprise-scale landing zone architecture, subscriptions are organized within management groups. Subscriptions are typically aligned with specific workloads, departments, projects, or environments. They allow you to allocate costs, apply governance policies, and manage resources within a controlled scope.
• Resource Groups: Resource groups provide a logical container for organizing and managing Azure resources. They are used to group related resources for a specific application, project, or environment. Resource groups enable centralized management, monitoring, and access control for resources within them. They also define the scope of resource-level permissions and policies. In the enterprise-scale landing zone architecture, resource groups are typically deployed within subscriptions.
• Resources: Resources in Azure represent the individual components that make up an application or service. They can be virtual machines, storage accounts, databases, virtual networks, web apps, or any other Azure service. Resources are created and managed within resource groups. Each resource has its own properties, configurations, and lifecycle. Resources are provisioned, configured, and operated based on the specific requirements of an application or workload.

In the enterprise-scale landing zone architecture, these components work together to provide a structured and scalable approach for managing Azure resources. The architecture defines the hierarchy and organization of management groups and subscriptions to enable centralized governance and control. Resource groups help logically group related resources, providing easier management and control within subscriptions. Resources represent the actual components of an application or service deployed in Azure and are managed within the appropriate resource groups.

Azure Enablement Show Videos

We have created a short 3-part series of video on the Azure Enablement Show that can be found below:

Part 1 - Introduction to Azure Landing Zones Bicep

Part 2 - Azure Landing Zones Bicep - Enabling platform services

Part 3 - Azure Landing Zones Bicep - Enabling landing zones