krowlandson
commented
2 years ago Hi @JCP13 ... this looks OK to me.
Are you able to confirm what you're expecting, and what you're observing that differs from expectation?
Based on the above, I would expect to see the 3 Subscriptions mapped above moved into their respective Management Groups (assuming you're using valid Subscription IDs š).
To offer a slight variation on the above which I know works as designed, please try the following with your own Subscription values for the Subscription ID input variables:
# The following variables allow customisation of the
# deployment
variable "root_id" {
type = string
description = "Sets the value used for generating unique resource naming within the module."
default = "my-org"
}
variable "root_name" {
type = string
description = "Sets the display name of the \"root\" Management Group."
default = "My Organization"
}
variable "subscription_id_connectivity" {
type = string
description = "Sets the subscription ID to use for deploying \"connectivity\" resources."
default = ""
}
variable "subscription_id_identity" {
type = string
description = "Sets the subscription ID to use for deploying \"identity\" resources."
default = ""
}
variable "subscription_id_management" {
type = string
description = "Sets the subscription ID to use for deploying \"management\" resources."
default = ""
}
# The following locals are used to establish the subscription_id
# for each provider
locals {
subscription_id_management = coalesce(var.subscription_id_management, data.azurerm_client_config.current.subscription_id)
subscription_id_connectivity = coalesce(var.subscription_id_connectivity, local.subscription_id_management)
subscription_id_identity = coalesce(var.subscription_id_identity, local.subscription_id_management)
}
# The following providers are mapped into the module but may
# all map to the same Subscription depending on what values
# are provided in the variables
provider "azurerm" {
features {}
}
provider "azurerm" {
alias = "connectivity"
features {}
subscription_id = local.subscription_id_connectivity
}
provider "azurerm" {
alias = "identity"
features {}
subscription_id = local.subscription_id_identity
}
provider "azurerm" {
alias = "management"
features {}
subscription_id = local.subscription_id_management
}
# Client config object used to extract Tenant ID
# and current Subscription ID used for logic within
# the locals and module
data "azurerm_client_config" "current" {
}
# caf-enterprise-scale module declaration
module "enterprise_scale" {
source = "Azure/caf-enterprise-scale/azurerm"
version = "2.0.2"
providers = {
azurerm = azurerm
azurerm.connectivity = azurerm.connectivity
azurerm.management = azurerm.management
}
root_parent_id = data.azurerm_client_config.current.tenant_id
root_id = var.root_id
root_name = var.root_name
deploy_connectivity_resources = false
subscription_id_connectivity = local.subscription_id_connectivity
deploy_management_resources = false
subscription_id_management = local.subscription_id_management
deploy_identity_resources = false
subscription_id_identity = local.subscription_id_identity
}
JCP13
Community Note
Greetings,
I would like to deploy just the policies and landing zones without the connectivity and management resources using multi-subscription. I was thinking something like this:
module "enterprise_scale" { source = "Azure/caf-enterprise-scale/azurerm" version = "2.0.2"
providers = { azurerm = azurerm azurerm.connectivity = azurerm azurerm.management = azurerm }
root_parent_id = data.azurerm_client_config.core.tenant_id root_id = var.root_id root_name = var.root_name
deploy_connectivity_resources = false subscription_id_connectivity = 0000000-0000-0000-0000-000000000000
deploy_management_resources = false subscription_id_management = 111111111-111111-11111-1111-1111111111111111
deploy_identity_resources = false subscription_id_identity = 2222222-2222-2222-2222-2222222222222
but it does not work.
what is the best way of doing this?
Thank you in advance.