search

azurenoops / ref-scca-enclave-landing-zone-starter

A reference implementation of an SCCA-compliant Mission Enclave landing zone that supports running Azure PaaS services using Azure NoOps.
2 stars 7 forks source link

TEST CASE - Deploy LZ Starter to MAC, Multi-Subscription, using Terraform CLI, Local State Storage #39

Closed timothymeyers closed 2 months ago

timothymeyers commented 11 months ago

This issue is a test case for landing zone starter deployment.

This issue is for a: (mark with an x)

- [ ] bug report -> please search issues before submitting
- [X] test case
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Test steps

  1. (Optionally) Create a branch (or Fork) for testing

  2. Clone repository to your local computer (or into a Codespace)

  3. cd <cloned-dir>/infrastructure/terraform

  4. cp ../../tfvars/parameters.tfvars .

  5. Select the location for deployment. eastus

  6. terraform version (should be version >= 1.4.6)

  7. Authenticate Terraform with Azure

  8. terraform init

  9. terraform plan -out test.plan

  10. terraform apply -f test.plan

  11. Local Terraform State - terraform.tfstate

  12. Landing Zone RGs in separate subscriptions - assumes location is eastus (eus) a. anoa-eus-alerting-dev-rg b. anoa-eus-devsecops-dev-rg c. anoa-eus-hub-core-dev-rg d. anoa-eus-id-dev-rg e. anoa-eus-ops-dev-rg f. anoa-eus-ops-mgt-logging-dev-rg

  13. Check for AZ firewall at premium level in anoa-eus-hub-core-dev-rg

  14. Check if there is a Log Analytics workspace in anoa-eus-ops-mgt-logging-dev-rg

  15. Check if there is a Activity log alert rule in the anoa-eus-alerting-dev-rg

  16. Check if there is a vnet, subnet and nsg in all the resource groups

  17. Check if Force Tunneling is in each management spoke resource groups

Other helpful details