This repository contains code which is used to manage Azure Enterprise Scale Landing Zone with Bicep.
Deployment scripts on "scripts" folder are configured on way that without parameters those will run on what if mode against of LAB environment.
You can trigger actual deployment by using -DeployChanges "true" parameter.
You can also run script against of Acceptance environment by using -environment "acc"
You can also run script against of Production environment by using -environment "prd"
However actual deployments against of production environment (-DeployChanges "true" -environment "prd") is denied by script because purpose is validate code changes through pull requests first and let CI/CD on Azure DevOps to do actual deployments.
High level description of folder structure. More detailed structure is described on subfolders.
|- custom # Root folder for SD Worx custom modules
|- standard # Root folder for standardized open source modules
|- parameters # Root folder for paramenter files
|- scrips # Folder for deployment scripts
|- definitions # Folder for Azure Pipelines YAML definitions
Because of these known issues/not yet approved pull requests we are currently forced to use partly customized versions of ALZ-Bicep modules:
Because of these issues we are not currently using following parts of this of this solution:
- Logging: WhatIf does not works correctly because of Azure/arm-template-whatif#176 and Azure/arm-template-whatif#251 which why we currently cannot enable CI for logging.
- Create service connection like described on here
- Try deployment and find object id from error message
- Assign full rights for service connections with command:
az login
az role assignment create --role "Owner" --scope "/" --assignee "<object Id>"- For more information look: https://docs.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin