Home | Design | Add-Ons | Resources
Mission Landing Zone is a highly opinionated infrastructure as code (IaC) template. IT oversight organizations can use the template to create a cloud management system to deploy Azure environments for their workloads and teams. The solution addresses a narrowly scoped, specific need for a Secure Cloud Computing Architecture (SCCA) compliant hub and spoke infrastructure.
- Designed for US Government mission customers
- Implements controls following Microsoft's SACA and zero trust guidance
- Deployable in Azure Commercial, Azure Government, Azure Government Secret, and Azure Government Top Secret clouds
- A simple solution with low configuration and narrow scope
- Written as Bicep templates
Mission Landing Zone is the right solution when:
- A simple, secure, and scalable hub and spoke infrastructure is needed.
- A central IT team is administering cloud resources on behalf of other teams and workloads.
- There is a need to implement SCCA with zero trust.
- Hosting any workload requiring a secure environment, for example: data warehousing, AI/ML, and containerized applications.
Design goals include:
- A simple, minimal set of code that is easy to configure
- Good defaults that allow experimentation and testing in a single subscription
- Deployment via command line or with a user interface
Our intent is to enable IT Admins to use this software to:
- Test and evaluate the landing zone using a single Azure subscription
- Develop a known good configuration that can be used for production with multiple Azure subscriptions
- Customize the deployment configuration to suit specific needs
- Deploy multiple customer workloads in production.
Note
Be sure to check out our add-ons to accelerate workload deployments.
Mission Landing Zone can be deployed from the Azure Portal, or with Azure command line tools.
The following prerequisites are required on the target subscription(s):
Deploy Mission Landing Zone into Azure Commercial or Azure Government from the Azure Portal:
Cloud | Deployment Button |
---|---|
Azure Commercial | |
Azure Government |
Click here to learn how to create a templatespec.
-
Clone the repository and change directory to the root of the repository:
git clone https://github.com/Azure/missionlz.git cd missionlz
-
Deploy Mission Landing Zone with the
az deployment sub create
command. For a quickstart, we suggest a test deployment into the current AZ CLI subscription setting these parameters:--name
: (optional) The deployment name, which is visible in the Azure Portal under Subscription/Deployments.--location
: (required) The Azure region to store the deployment metadata.--template-file
: (required) The file path to themlz.bicep
template.--parameters resourcePrefix=<value>
: (required) TheresourcePrefix
Bicep parameter is used to generate names for your resources. It is the only required parameter in the Bicep file. You can set it to any alphanumeric value (without whitespace) that is between 3-10 characters. You can omit this parameter and theaz deployment sub create
command will prompt you to enter a value.
Here's an example:
az deployment sub create \ --name myMlzDeployment \ --location eastus \ --template-file ./src/bicep/mlz.bicep \ --parameters resourcePrefix="myMlz"
-
Once the MLZ deployment is complete, see our add-ons directory to extend the capabilities of your landing zone.
Note
For more detailed deployment instructions, see the Deployment Guide for Bicep in the docs folder.