-
Notifications
You must be signed in to change notification settings - Fork 501
DeploymentFlowHS
This deploys a hub and spoke network topology to the Azure Landing Zone foundation.
Please review and run the Deployment Flow before running these modules.
There are 2 options available to deploy the Hub & Spoke networking topology. One that uses an orchestration module for the spoke networking and one that does not.
We recommend using option 1 were possible as the orchestration module has some added benefits, like subscription placement, as well as the spoke networking.
This option does utilize an orchestration module (a module that wrap/call other modules).
| Deployment Order | Module | Description | Prerequisites | Module Documentation |
|---|---|---|---|---|
| 1 | Hub Networking | Creates Hub networking infrastructure with Azure Firewall to support Hub & Spoke network topology in the Connectivity subscription. |
Management Groups, Subscription for Hub Networking. | infra-as-code/bicep/modules/hubNetworking |
| 2 | Hub Peered Spoke Networking | Creates Spoke networking infrastructure for workloads with Virtual Network Peering (optional) to support Hub & Spoke network topology or Virtual Hub Connection (optional). Also can optionally place Subscription in specified Management Group, create VNet Peering in both directions, create UDR and configure a next hop IP for the default route (0.0.0.0/0) Review docs of module for more information.
|
Management Groups, Hub Networking & Subscription for spoke networking | infra-as-code/bicep/orchestration/hubPeeredSpoke |
This option doesn't utilize any orchestration modules (modules that wrap/call other modules).
| Deployment Order | Module | Description | Prerequisites | Module Documentation |
|---|---|---|---|---|
| 1 | Hub Networking | Creates Hub networking infrastructure with Azure Firewall to support Hub & Spoke network topology in the Connectivity subscription. |
Management Groups, Subscription for Hub Networking. | infra-as-code/bicep/modules/hubNetworking |
| 2 | Spoke Network | Creates Spoke networking infrastructure for workloads to support Hub & Spoke network topology. Spoke subscriptions are used for deploying construction sets and workloads. | Management Groups, Hub Networking & Subscription for spoke networking | infra-as-code/bicep/modules/spokeNetworking |
| 3 | VNet Peering | Creates VNet peering between 2 VNets (e.g. Hub & Spoke). Make sure to run this module twice, once in each direction. e.g. Hub to Spoke and then Spoke to Hub | Management Groups, Hub Networking & Spoke Network | infra-as-code/bicep/modules/vnetPeering |
If you discover any documentation bugs or would like to request new content, please raise them as an issue on the repo.
Contributions to this wiki are done through the main repo under docs/wiki.
- Wiki Home
- Deployment Flow
- Consumer Guide
- How Does ALZ-Bicep Implement Azure Policies?
- How Does ALZ-Bicep Implement resilient deployments across availability zones?
- Contributing
- Telemetry Tracking Using Customer Usage Attribution (PID)
- Azure Container Registry Deployment - Private Bicep Registry
- Sample Pipelines
- Code tours