Reputation: 79
Azure Landing Zone for existing Azure infrastructure
We have existing Azure Subscription and resource groups for the applications. I was going through Cloud Adoption Framework and came across Landing Zone to setup "Enterprise " best practices using automation (Infrastructure as code).
My question how we can use the "Landing Zones" to transform existing Azure infrastructure ?
Upvotes: 1
Views: 913
Answers (3)
Reputation: 370
You can import state with the rover container. Or manually import the state into the statefile. The latter options is pretty messy and should be avoided if possible. https://github.com/aztfmod/rover
Upvotes: 0
Reputation: 35751
There's roughly two approaches you can follow
- set up a landing zone in a separate part of your AAD Tenant's resource hierarchy (i.e. a separate management group) and then move existing workloads over into it
- incrementally build landing zone capabilities around the infrastructure you already have deployed
The first approach is more appealing when you have little experience with building key cloud governance functions implemented by landing zones (e.g. resource policies, tagging policies, audit logging). The risk here is that moving existing workloads under the new Management Group could break workloads and deployments. You can use e.g. terraform-azurerm-caf-enterprise-scale for this approach.
The second approach will allow you to iterate in smaller steps around your existing infrastructure and design a landing zone that best fits the workload. You can roll your own IaC automation to build management group hierarchy, configure policy etc. around your existing infrastructure using terraform, ARM, or whatever IaC tool your team is comfortable with. There are also frameworks like Landing Zone Construction Kit if you like a more structured approach instead of assembling your tools from scratch.
My experience with many teams is that end to end landing zone examples (like Azure's enterprise scale examples) are a great starting point for exploring what landing zones can do and learn how to build those capabilities, but in practice you have to customize the landing zones for your specific workload and application team needs anyway.
Upvotes: 2
Reputation: 46
It is way more complex than just “use” landing zones.
But maybe in your case you just need to use Blueprints to create a resource consistency deployment for your new subscription.
You need to understand how/when/why to use Landing Zones to understand why I said is too complex in you case (which kind of network topology are you using? How this new landing zone will fit to your architecture? Etc…)
Refer to (https://learn.microsoft.com/en-us/azure/governance/blueprints/samples/caf-migrate-landing-zone/) to see how this Template implements Landing zone.
Upvotes: 0
Related Questions
- Enterprise Scale Landing Zone - CAF - Apply/Create Policies
- Microsoft Azure - Multi tenant architecture and landing zones
- Multiple data centers for Microsoft Azure?
- Azure VM Availibilty Zone and Load Balancing
- High availability on Azure Cloud Services using Availability Zones
- Azure environment on Windows Server
- Azure Virtual Machines and Endpoints
- Can Azure Website scale across multiple availability zones
- Azure configuration advice
- Windows azure deployment