Scope of the AVM project

Azure / Azure-Verified-Modules

Azure Verified Modules (AVM) is an initiative to consolidate and set the standards for what a good Infrastructure-as-Code module looks like. Modules will then align to these standards, across languages (Bicep, Terraform etc.) and will then be classified as AVMs and available from their respective language specific registries.

https://aka.ms/AVM

MIT License

349 stars 83 forks source link

Scope of the AVM project #71

Closed LaurentLesle closed 9 months ago

LaurentLesle commented 1 year ago

Check for previous/existing GitHub issues

[X] I have checked for previous/existing GitHub issues

Description

AVM stands for Azure Verified Module.

What is the strategy for Azure AD (entra) and other Azure services like Azure devops, Github, Power Platform that would eventually benefit of having the verified module approach.

In the guidance there is a normalisation of the output variable to resource_id. This is something very specific to Azure and it does not exist in Azure Devops for example

jtracey93 commented 1 year ago

Hey @LaurentLesle,

Thanks for the issue, great call out!

We will update the AVM website to be explicit about this in the FAQ, with the below statement:

"Whilst the principles and practices of AVM are largely applicable to other clouds and services such as, Microsoft 365 & Azure DevOps, the AVM program (today) only covers Azure cloud resources and architectures.

However, if you think this program, or a similar one, should exist to cover these other Microsoft Cloud offerings, please give a 👍 or leave a comment on this GitHub Issue #71 in the AVM repository."

Thanks

Jack

nnellans commented 1 year ago

I think it would be absolutely fantastic to have resource/pattern modules in AVM for GitHub.

mbilalamjad commented 11 months ago

@jtracey93 just circling back on this one to check if there are any additional actions that could be taken at this point in time to address the feedback and close the issue?

segraef commented 11 months ago

Thumbs up for AVM (TF) modules to cover Azure DevOps and GitHub.

matt-FFFFFF commented 11 months ago

For those proposing GH and ADO verified modules:

What value add would you like to see?

For example in Azure we have requirements for resource features such as role assignments, private endpoints and diag settings.

What are the equivalents for GH and ADO?

jaredfholgate commented 11 months ago

@matt-FFFFFF I am thinking along the lines of pattern modules for CI / CD that can be integrated with Identity and role assignment modules in Azure. Also pattern modules for self hosted agents on ACI, VMSS, ACA and AKS. Some of these would cross over the boundary of Azure and Azure DevOps / GitHub, but providing these would add great value to customers leveraging CI / CD practices. Templated pipelines for IaC and Application deployments would also be of value. I am not sure about resource modules for these tools, as it is less relevant in regards to security and logging best practices, possibly in the future though.

matt-FFFFFF commented 11 months ago

Supportive of this and have seen the proposal for cicd

mbilalamjad commented 9 months ago

We've got a few pattern modules using other providers so closing this issue. Please let us know if you think otherwise and we need to re-open to discuss further.

dkershaw10 commented 8 months ago

@jtracey93 - we're working with the Azure Engineering team (Alex Frankel) to use the new Bicep extensibility framework to expose Microsoft Graph resource types (primarily Entra resources to start with) in Bicep templates. This investment is based on customer demand to fill the gap where deploying Azure infrastructure has a heavy dependency on Entra resources. How can we make these Entra resources available through AVM, as it seems to be exclusive to Azure RPs? cc: @alex-frankel