[AVM Module Issue]: Support for Separate Terraform States for vWAN and Secure Hubs by Environment

[mofaizal]

Check for previous/existing GitHub issues

• [X] I have checked for previous/existing GitHub issues

Issue Type?

Feature Request

(Optional) Module Version

0.5.0

(Optional) Correlation Id

No response

Description

Summary:

The customer requires a flexible deployment strategy for Single Azure Virtual WAN (vWAN) and multiple Secure Hubs across environments, adhering to their security and process requirements. This includes managing separate Terraform states for each environment to allow independent deployment pipelines and prevent process conflicts during production freezes.

Request:

• Deploy a single vWAN with multiple Secure Hubs.
• As a first step, create the vWAN in Resource Group A and manage its Terraform state separately.
• For each environment (e.g., Prod, Non-Prod), create a Secure Hub in its respective resource group and maintain a separate Terraform state for each (e.g., store state in separate folders).
• This approach allows different deployment pipelines to be run by environment and better manage Terraform states individually.
• Due to security requirements and deployment processes (e.g., during production deployment freezes), customers need the ability to test and deploy changes to Dev or Non-Prod Secure Hubs independently, ensuring no impact on the production environment.

Proposed Resource Group Structure:

• rg-central-vwan
  • central-vwan
• rg-virtualhub-prod
  • virtualhub-prod
• rg-virtualhub-non-prod
  • virtualhub-non-prod

This setup helps in managing distinct Terraform states by environment and supports streamlined deployment processes across Dev, Non-Prod, and Prod environments.

[microsoft-github-policy-service[bot]]

[!IMPORTANT] The "Needs: Triage :mag:" label must be removed once the triage process is complete!

[!TIP] For additional guidance on how to triage this issue/PR, see the TF Issue Triage documentation.