February 19, 2023
Using terraform-azurerm-caf-enterprise-scale and custom landing zone archetypes makes it easy to modify role assignments by using the access_control block under parameters. To set role assignments for the built-in management groups is a bit different, and not very clearly documented in the repository wiki. To override the role assignments for the built-in management groups you need to use the archetype_config_overrides block. The block requires you to set the archetype_id, parameters and acess_control:
February 6, 2023
A little while back I spent an hour or so writing an Azure policy, only to discover that the Azure landing zones Terraform module already has a policy definition that does exactly what I wanted to accomplish, but no assignments linked to it. It took me another hour of confusion and frustration to figure out how to actually assign the policy, as there is a step I completely overlooked. So here is a quick summary of how to use these policies so you can save yourself the trouble.
December 22, 2022
A recurring theme in conversations I have been having the last few months have been how to write more re-usable code in Terraform. Co-workers or clients have started out by themself or with some guidance and links to introductory manuals, but have run into a wall as their codebase grows. A few days ago I noticed that Google Cloud maintains a great guide on what they think are best practices for Terraform (even though I don’t like the term “best” practices and would prefer the term “good” as there are always trade offs, suboptimal choices taken because of some valid reason etc.
August 4, 2022

I believe most of us who works with Azure have felt the frustration of managing virtual networks as they grow in complexity. It’s easy to make mistakes when configuring peering and route tables and end up spending too much time running queries in Network Watcher to figure out what’s going on. Azure Virtual Network Manager aims to make this a lot easier and let us configure both Hub-Spoke and Mesh networks, as well as central management of security rules for all virtual networks.

As this new service is still in preview, there is no support for using the AzureRM provider in Terraform to configure it, but by using the AzAPI we can get up and running without diving into scripty shenanigans that breaks or otherwise declarative approach to infrastructure as code