Customize MG Hierarchy - Needs: Author Feedback

[louien]

Does the module support customizing the management groups hierarchy? I looked in the wiki/documentation and can't find any reference to this. I don't want to keep the default hierarchy, I want to be able to customize it (grouping the connectivity, management and identity together) and not have a root_id, but instead just have the landing zones right below the root MG. Is that possible?

[jtracey93]

Yes it is possible @louien via custom landing zones https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BExamples%5D-Deploy-Custom-Landing-Zone-Archetypes

[matt-FFFFFF]

As @jtracey93 says yes you can, but some of the intelligence in the module disappears if you don't deploy the core landing zones.

You will have to customize more policy parameters as they won't be set by default.

[louien]

@jtracey93, @matt-FFFFFF - Thanks for sharing that link. I think I came across this but didn't feel like it did what I want to do. the hierarchy I am trying to go for looks something like this: Management Root -----------> Shared Services Landing Zone -----------> ABC Landing Zone| -----------> XYZ Landing Zone -----------> Sandbox Landing Zone

I want to use the Shared Services Landing Zone for connectivity, management and identity. From the looks of it and if I understand correctly, if I create it as a custom landing zone I can't deploy the connectivity resources to it (Hub vnet, subnets etc), and I have to customize the policy parameters as well.

Is my understanding correct? would it be just easier to stick to the default structure?

[jtracey93]

It is much easier to stick with the default recommended hierarchy

[louien]

@jtracey93 Thank you for your feedback.

[microsoft-github-policy-service[bot]]

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 7 days. It will be closed if no further activity occurs within 7 days of this comment.