6a8582e54d
- Add Cloud for Sovereignty landing zone architecture and deployment - Implement complete legal document management system - Reorganize documentation with improved navigation - Add infrastructure improvements (Dockerfiles, K8s, monitoring) - Add operational improvements (graceful shutdown, rate limiting, caching) - Create comprehensive project structure documentation - Add Azure deployment automation scripts - Improve repository navigation and organization
121 lines
3.3 KiB
HCL
121 lines
3.3 KiB
HCL
# Multi-Region Landing Zone Deployment
|
|
# Deploys landing zones across all non-US commercial Azure regions
|
|
# Uses the regional-landing-zone module
|
|
|
|
variable "environment" {
|
|
description = "Environment name (dev, stage, prod)"
|
|
type = string
|
|
default = "dev"
|
|
}
|
|
|
|
variable "management_group_id" {
|
|
description = "Root management group ID"
|
|
type = string
|
|
default = "SOVEREIGN-ORDER-OF-HOSPITALLERS"
|
|
}
|
|
|
|
variable "deploy_all_regions" {
|
|
description = "Deploy to all supported regions"
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
variable "regions_to_deploy" {
|
|
description = "Specific regions to deploy (if deploy_all_regions is false)"
|
|
type = list(string)
|
|
default = []
|
|
}
|
|
|
|
# Supported non-US commercial regions
|
|
locals {
|
|
supported_regions = [
|
|
"westeurope", # Netherlands - Primary
|
|
"northeurope", # Ireland - Secondary
|
|
"uksouth", # London - UK workloads
|
|
"switzerlandnorth", # Zurich - Swiss workloads
|
|
"norwayeast", # Oslo - Nordic workloads
|
|
"francecentral", # Paris - French workloads
|
|
"germanywestcentral" # Frankfurt - German workloads
|
|
]
|
|
|
|
regions = var.deploy_all_regions ? local.supported_regions : var.regions_to_deploy
|
|
|
|
# Hub VNet address spaces per region
|
|
hub_address_spaces = {
|
|
westeurope = "10.0.0.0/16"
|
|
northeurope = "10.10.0.0/16"
|
|
uksouth = "10.20.0.0/16"
|
|
switzerlandnorth = "10.30.0.0/16"
|
|
norwayeast = "10.40.0.0/16"
|
|
francecentral = "10.50.0.0/16"
|
|
germanywestcentral = "10.60.0.0/16"
|
|
}
|
|
|
|
# Spoke VNet address spaces per region
|
|
spoke_address_spaces = {
|
|
westeurope = "10.1.0.0/16"
|
|
northeurope = "10.11.0.0/16"
|
|
uksouth = "10.21.0.0/16"
|
|
switzerlandnorth = "10.31.0.0/16"
|
|
norwayeast = "10.41.0.0/16"
|
|
francecentral = "10.51.0.0/16"
|
|
germanywestcentral = "10.61.0.0/16"
|
|
}
|
|
|
|
common_tags = {
|
|
Environment = var.environment
|
|
Project = "the-order"
|
|
ManagedBy = "terraform"
|
|
SovereigntyLevel = "high"
|
|
DataClassification = "confidential"
|
|
Compliance = "gdpr,eidas"
|
|
}
|
|
}
|
|
|
|
# Deploy regional landing zones
|
|
module "regional_landing_zones" {
|
|
source = "../modules/regional-landing-zone"
|
|
|
|
for_each = toset(local.regions)
|
|
|
|
region = each.value
|
|
environment = var.environment
|
|
management_group_id = var.management_group_id
|
|
hub_vnet_address_space = local.hub_address_spaces[each.value]
|
|
spoke_vnet_address_space = local.spoke_address_spaces[each.value]
|
|
tags = merge(local.common_tags, {
|
|
Region = each.value
|
|
})
|
|
}
|
|
|
|
# Outputs
|
|
output "deployed_regions" {
|
|
description = "List of deployed regions"
|
|
value = local.regions
|
|
}
|
|
|
|
output "regional_resource_groups" {
|
|
description = "Resource group names per region"
|
|
value = {
|
|
for region, module in module.regional_landing_zones :
|
|
region => module.resource_group_name
|
|
}
|
|
}
|
|
|
|
output "regional_key_vaults" {
|
|
description = "Key Vault IDs per region"
|
|
value = {
|
|
for region, module in module.regional_landing_zones :
|
|
region => module.key_vault_id
|
|
}
|
|
}
|
|
|
|
output "regional_storage_accounts" {
|
|
description = "Storage account names per region"
|
|
value = {
|
|
for region, module in module.regional_landing_zones :
|
|
region => module.storage_account_name
|
|
}
|
|
}
|
|
|