Azure landing zone accelerators provide architectural guidance, reference architectures, reference implementations, and automation to deploy workload platforms on Azure at scale. They are aligned with industry proven practices, such as those presented in Azure landing zones guidance in the Cloud Adoption Framework.
This Azure Container Apps landing zone accelerator represents the strategic design path and target technical state for an Azure Container Apps deployment, owned and operated by an workload team.
This repository provides packaged guidance for customer scenarios, reference architecture, reference implementation, tooling, design area guidance, sample application deployed after provisioning the infrastructure using the accelerator. The architectural approach can be used as design guidance for greenfield implementation and as an assessment for brownfield customers already using containerized apps.
The architecture is considered across four key design areas. Please review them as part of your overall understanding of this landing zone accelerator.
- Identity and Access Management
- Network Topology and Connectivity
- Security, Governance, and Compliance
- Management and Monitoring
This repo contains the Azure landing zone accelerator's reference implementations, all with supporting Infrastructure as Code artifacts. The scenarios covered are:
More reference implementation scenarios will be added as they become available.
ℹ️ NOTE: The official Terraform AzureRM provider does not currently support the new Azure Container Apps workload profiles, more networking features, and jobs. The Terraform implementation in the main branch is referring to the older V1.1.0 implementation, which is not using workload profiles therefore the egress network traffic is not secured through an Azure Firewall. For a Terraform implementation using the AzAPI provider of the Secure Baseline Scenario, please check out the udr-implementation-azapi branch. Once the AzureRM provider provides support for workload profiles in Azure Container Apps, a full Terraform implementation using the AzureRM provider will be become available in the main branch.
Please use GitHub issues if you have any feedback or requests on how we can improve these reference implementations.
The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft's privacy statement. Our privacy statement is located at https://go.microsoft.com/fwlink/?LinkId=521839. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.
Telemetry collection is on by default.
To opt-out, set enableTelemetry
to false
in the Bicep parameter file.
We welcome contributions, please see our Contribution guide to learn how you can participate.
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.