the_order/infra/terraform/management-groups/main.tf

# Management Group Hierarchy for Cloud for Sovereignty
# Root: SOVEREIGN-ORDER-OF-HOSPITALLERS

variable "management_group_id" {
  description = "Root management group ID"
  type        = string
  default     = "SOVEREIGN-ORDER-OF-HOSPITALLERS"
}

# Configure Azure Provider
provider "azurerm" {
  features {}
}

# Data source for existing root management group
data "azurerm_management_group" "root" {
  name = var.management_group_id
}

# Landing Zones Management Group
resource "azurerm_management_group" "landing_zones" {
  name                       = "LandingZones"
  display_name               = "Landing Zones"
  parent_management_group_id = data.azurerm_management_group.root.id

  subscription_ids = []
}

# Platform Landing Zone
resource "azurerm_management_group" "platform" {
  name                       = "Platform"
  display_name               = "Platform Landing Zone"
  parent_management_group_id = azurerm_management_group.landing_zones.id

  subscription_ids = []
}

# Sandbox Landing Zone
resource "azurerm_management_group" "sandbox" {
  name                       = "Sandbox"
  display_name               = "Sandbox Landing Zone"
  parent_management_group_id = azurerm_management_group.landing_zones.id

  subscription_ids = []
}

# Workloads Landing Zone
resource "azurerm_management_group" "workloads" {
  name                       = "Workloads"
  display_name               = "Workload Workloads"
  parent_management_group_id = azurerm_management_group.landing_zones.id

  subscription_ids = []
}

# Management Management Group
resource "azurerm_management_group" "management" {
  name                       = "Management"
  display_name               = "Management"
  parent_management_group_id  = data.azurerm_management_group.root.id

  subscription_ids = []
}

# Identity Management Group
resource "azurerm_management_group" "identity" {
  name                       = "Identity"
  display_name               = "Identity and Access Management"
  parent_management_group_id = azurerm_management_group.management.id

  subscription_ids = []
}

# Security Management Group
resource "azurerm_management_group" "security" {
  name                       = "Security"
  display_name               = "Security Operations"
  parent_management_group_id = azurerm_management_group.management.id

  subscription_ids = []
}

# Monitoring Management Group
resource "azurerm_management_group" "monitoring" {
  name                       = "Monitoring"
  display_name               = "Centralized Monitoring"
  parent_management_group_id = azurerm_management_group.management.id

  subscription_ids = []
}

# Connectivity Management Group
resource "azurerm_management_group" "connectivity" {
  name                       = "Connectivity"
  display_name               = "Connectivity"
  parent_management_group_id = data.azurerm_management_group.root.id

  subscription_ids = []
}

# Hub Networks Management Group
resource "azurerm_management_group" "hub_networks" {
  name                       = "HubNetworks"
  display_name               = "Hub Networks"
  parent_management_group_id = azurerm_management_group.connectivity.id

  subscription_ids = []
}

# Spoke Networks Management Group
resource "azurerm_management_group" "spoke_networks" {
  name                       = "SpokeNetworks"
  display_name               = "Spoke Networks"
  parent_management_group_id = azurerm_management_group.connectivity.id

  subscription_ids = []
}

# Outputs
output "management_group_hierarchy" {
  description = "Management group hierarchy"
  value = {
    root          = data.azurerm_management_group.root.id
    landing_zones = azurerm_management_group.landing_zones.id
    platform      = azurerm_management_group.platform.id
    sandbox       = azurerm_management_group.sandbox.id
    workloads     = azurerm_management_group.workloads.id
    management    = azurerm_management_group.management.id
    identity      = azurerm_management_group.identity.id
    security      = azurerm_management_group.security.id
    monitoring    = azurerm_management_group.monitoring.id
    connectivity  = azurerm_management_group.connectivity.id
    hub_networks  = azurerm_management_group.hub_networks.id
    spoke_networks = azurerm_management_group.spoke_networks.id
  }
}