# Management Group Hierarchy for Cloud for Sovereignty # Root: SOVEREIGN-ORDER-OF-HOSPITALLERS variable "management_group_id" { description = "Root management group ID" type = string default = "SOVEREIGN-ORDER-OF-HOSPITALLERS" } # Configure Azure Provider provider "azurerm" { features {} } # Data source for existing root management group data "azurerm_management_group" "root" { name = var.management_group_id } # Landing Zones Management Group resource "azurerm_management_group" "landing_zones" { name = "LandingZones" display_name = "Landing Zones" parent_management_group_id = data.azurerm_management_group.root.id subscription_ids = [] } # Platform Landing Zone resource "azurerm_management_group" "platform" { name = "Platform" display_name = "Platform Landing Zone" parent_management_group_id = azurerm_management_group.landing_zones.id subscription_ids = [] } # Sandbox Landing Zone resource "azurerm_management_group" "sandbox" { name = "Sandbox" display_name = "Sandbox Landing Zone" parent_management_group_id = azurerm_management_group.landing_zones.id subscription_ids = [] } # Workloads Landing Zone resource "azurerm_management_group" "workloads" { name = "Workloads" display_name = "Workload Workloads" parent_management_group_id = azurerm_management_group.landing_zones.id subscription_ids = [] } # Management Management Group resource "azurerm_management_group" "management" { name = "Management" display_name = "Management" parent_management_group_id = data.azurerm_management_group.root.id subscription_ids = [] } # Identity Management Group resource "azurerm_management_group" "identity" { name = "Identity" display_name = "Identity and Access Management" parent_management_group_id = azurerm_management_group.management.id subscription_ids = [] } # Security Management Group resource "azurerm_management_group" "security" { name = "Security" display_name = "Security Operations" parent_management_group_id = azurerm_management_group.management.id subscription_ids = [] } # Monitoring Management Group resource "azurerm_management_group" "monitoring" { name = "Monitoring" display_name = "Centralized Monitoring" parent_management_group_id = azurerm_management_group.management.id subscription_ids = [] } # Connectivity Management Group resource "azurerm_management_group" "connectivity" { name = "Connectivity" display_name = "Connectivity" parent_management_group_id = data.azurerm_management_group.root.id subscription_ids = [] } # Hub Networks Management Group resource "azurerm_management_group" "hub_networks" { name = "HubNetworks" display_name = "Hub Networks" parent_management_group_id = azurerm_management_group.connectivity.id subscription_ids = [] } # Spoke Networks Management Group resource "azurerm_management_group" "spoke_networks" { name = "SpokeNetworks" display_name = "Spoke Networks" parent_management_group_id = azurerm_management_group.connectivity.id subscription_ids = [] } # Outputs output "management_group_hierarchy" { description = "Management group hierarchy" value = { root = data.azurerm_management_group.root.id landing_zones = azurerm_management_group.landing_zones.id platform = azurerm_management_group.platform.id sandbox = azurerm_management_group.sandbox.id workloads = azurerm_management_group.workloads.id management = azurerm_management_group.management.id identity = azurerm_management_group.identity.id security = azurerm_management_group.security.id monitoring = azurerm_management_group.monitoring.id connectivity = azurerm_management_group.connectivity.id hub_networks = azurerm_management_group.hub_networks.id spoke_networks = azurerm_management_group.spoke_networks.id } }