# Azure Well-Architected Framework - Quick Start ## Overview This quick start guide provides the essential steps to implement Well-Architected Framework recommendations for the DeFi Oracle Meta Mainnet infrastructure. ## Prerequisites - Azure CLI installed and configured - Terraform >= 1.0 installed - Azure subscription with appropriate permissions - Understanding of Azure Management Groups ## Step 1: Create Management Groups (5 minutes) ```bash # Login to Azure az login # Create Management Groups az account management-group create --name "Production" --display-name "Production" az account management-group create --name "Non-Production" --display-name "Non-Production" az account management-group create --name "SharedServices" --display-name "Shared Services" ``` ## Step 2: Deploy Resource Groups (10 minutes) ```bash # Navigate to well-architected directory cd terraform/well-architected # Copy example variables cp terraform.tfvars.example terraform.tfvars # Edit terraform.tfvars with your values # - environment: prod, dev, test, or staging # - location: Azure region (e.g., eastus) # - subscription_id: Your Azure subscription ID # Initialize Terraform terraform init # Plan deployment terraform plan -var-file=terraform.tfvars # Apply deployment terraform apply -var-file=terraform.tfvars ``` ## Step 3: Configure Key Vault (15 minutes) The enhanced Key Vault is automatically deployed. Update the configuration: ```hcl # terraform/well-architected/terraform.tfvars key_vault_allowed_subnet_ids = [ # Add your subnet IDs ] key_vault_allowed_ip_ranges = [ # Add your management IPs ] key_vault_private_endpoint_subnet_id = "" # Add private endpoint subnet ID (optional for prod) ``` Apply the changes: ```bash terraform apply -var-file=terraform.tfvars ``` ## Step 4: Configure Budget Alerts (5 minutes) Update budget configuration: ```hcl # terraform/well-architected/terraform.tfvars budget_amount = 10000 # Monthly budget in USD budget_contact_emails = [ "devops@example.com" # Update with your email ] ``` Apply the changes: ```bash terraform apply -var-file=terraform.tfvars ``` ## Step 5: Verify Deployment (5 minutes) ```bash # List resource groups az group list --query "[?contains(name, 'rg-prod-')].{Name:name, Location:location}" --output table # List Key Vaults az keyvault list --query "[].{Name:name, ResourceGroup:resourceGroup}" --output table # List budgets az consumption budget list --subscription ``` ## What's Next? 1. **Review Documentation**: Read the full [Well-Architected Review](AZURE_WELL_ARCHITECTED_REVIEW.md) 2. **Implement Security**: Follow the [Implementation Guide](AZURE_WELL_ARCHITECTED_IMPLEMENTATION.md) 3. **Migrate Resources**: Move existing resources to new resource groups 4. **Configure Policies**: Set up Azure Policy assignments 5. **Monitor Costs**: Review cost reports and optimize spending ## Common Issues ### Issue: Management Group Creation Fails **Solution**: Ensure you have appropriate permissions (Owner or Management Group Contributor) ```bash # Check your permissions az role assignment list --assignee --scope "/providers/Microsoft.Management/managementGroups" ``` ### Issue: Key Vault Network Restrictions Too Strict **Solution**: Temporarily allow your IP or subnet, then refine: ```hcl key_vault_allowed_ip_ranges = [ "1.2.3.4/32" # Your current IP ] ``` ### Issue: Budget Not Created **Solution**: Ensure you have Cost Management Contributor role: ```bash # Assign role az role assignment create \ --role "Cost Management Contributor" \ --assignee \ --scope "/subscriptions/" ``` ## References - [Well-Architected Review](AZURE_WELL_ARCHITECTED_REVIEW.md) - [Well-Architected Implementation](AZURE_WELL_ARCHITECTED_IMPLEMENTATION.md) - [Well-Architected Summary](AZURE_WELL_ARCHITECTED_SUMMARY.md) - [Microsoft Well-Architected Framework](https://docs.microsoft.com/azure/architecture/framework/)