gen-paas-application-landing-zone

Latest: v5.2.1

Release History

v5.2.1 Latest

Changes:

• Removed the pattern for checking the name of subnet delegations in the schema. If the delegation name is not specified the service name will be used for the delegation name.
• Merged PR 18092: allow the name of the subnet delegation to be set.

v5.2.0

Changes:

• Add overwrite_subscription_name option to environments. To overwrite the subscription name that is generated by the code.
• Merged PR 18033: Update environment module to support subscription name overwrite and bump ver...

v5.1.3

Changes:

• Fixed: "Error: Invalid for_each argument..." when building the access_rules for firewall and nsg rules.
• Merged PR 17957: NSG and Docs

v5.1.2

Changes:

• Fixed: "Error: Invalid for_each argument..." when building the access_rules for firewall and nsg rules.
• Merged PR 17930: solve static key requested by terraform

v5.1.1

Changes:

• Add extra filter to prevent empty destination addresses
• Merged PR 17813: Add extra filter to prevent empty destination addresses

v5.1.0

Changes:

• Remove code from the validation script to check for unique environment names.
• Merged PR 17811: Updated README.md

v5.0.6

Changes:

• Remove code from the validation script to check for unique environment names.
• Merged PR 17801: The second new version today.

v5.0.5

Changes:

• Fix bug when adding access rules.
• Merged PR 17773: fix access rules problems after terraform upgrade to v1.14.x

v5.0.4

Changes:

• Fix bug when adding access rules.
• Merged PR 17755: Fix readonly-lock resource to use count instead of for_each for NSG rules

v5.0.3

Changes:

• Fix bug when adding access rules.
• Merged PR 17746: Refactor NSG rule logic to consolidate rule collection and ensure proper coun...

v5.0.2

Changes:

• Fix bug when adding access rules.
• Merged PR 17742: nsg rule based on module.

v5.0.1

Changes:

• Added the ACT - Nightly build trigger as a pipeline resource trigger. Pipeline will then only run the test stage every night. Removed src trigger
• Merged PR 17613: Update pr template and add nightly build trigger
• New version of the apf-landingzone module
• Update version number of APF-landingzones

v5.0.0 Breaking

Changes:

• Update required versions of terraform and providers Add lifecycle postcondition checks to the data http resources to detect problems during terraform plan Rewrote subscription provider registration module to make it easier to add providers and features to the module. And allow to add extra providers and features in landingzone.yml Add comments to the build and filtering code for NSG and firewall rules to help understand how the rules are build and filtered Reintroduced subnet delegations. It is only possible to set them on initial deployment of a subnet Enhance filtering of null objects in the subnet body Add privateEndpointNetworkPolicies and serviceEndpoints to the ignore_changes section of the subnet to prevent drift Moved security contact code from the main module to the environment module. And fix the bug in the destroy actions for the security contacts Make it optional to add RBAC for EntraID Service Principal Allow to create environments with the same name in different azure locations when using CAF naming convention for subscriptions Update the documentation Removed the unused security_zone/connectivity_subscription_id variable from the code.
• Merged PR 17408: Major refresh of the landingzone module

v4.18.0

Changes:

• Registration resource provider compute.
• Merged PR 17040: Register Microsoft.Compute resource provider

v4.17.1

Changes:

• Lock on routes where created before the route self.
• Merged PR 16788: Updated route_table.tf

v4.17.0

Changes:

• No delegated roles need to be specified, as all non-privileged roles are now allowed.
• The delegated_roles parameter is obsolete and has been removed..
• Merged PR 16291: Removed Delegated_roles

v4.16.1

Changes:

• Replace theabbreviation AFS with APF
• Merged PR 15941: Update backup policies to APF naming convention and remove obsolete AFS policies

v4.16.0

Changes:

• Add application data parameter optional landingzone_resource_tags to allow overwrite for tags set on subscriptions on resources and resource_groups created by the landingzone module. Add option to skip the creation of the toLocalvNet route. Allow for adding extra routes without causing drift. Fix the use of apim_subscription_key parameter the http provider did not handle the try correctly when the value was not provided.
• Merged PR 15592: Routing and landingzone resource tags

v4.15.2

Changes:

• Fix the code for setting the subscription and resource tags.
• Merged PR 15575: Refactor environment metadata to enhance subscription tags handling

v4.15.1

Changes:

• New: Add API Management support
• error when tag where not set in landingzone.yml
• Merged PR 15471: Updated README.md

v4.15.0

Changes:

• Added tags and subscription_tags to individual environments.
• Duplicate tagstake precedence over their "global" counterpart.overwrite_environment is still honored.
• Merged PR 15354: Add tags and subscription tags to the individual environments

v4.14.6

Changes:

• New: Add API Management support
• error when tag where not set in landingzone.yml
• Merged PR 15454: Add API Management support

v4.14.5

Changes:

• Release notes not available

v4.14.4

Changes:

• Add customer short to recovery service vault storage account to prevent duplicated storage account names.
• Merged PR 15011: add customer short to storage name to prevent dubs

v4.14.3

Changes:

• Add the possibility to set lzinstance in defaults.yml. lzinstance is added to the tenant id for the getipspace function. This way multiple IP ranges can be reserved for the landing zones.
• Merged PR 14982: Add lzinstance variable for landing zone identification in network and subnet...

v4.14.2

Changes:

• Release notes not available

v4.14.1

Changes:

• Changed check for missing description in nsg rules from location.yml Remove old subnet delegations code. Add code to remove null values from subnet properties Change AllowSubnetInbound to use the prefix in stead of prefixes upgrade subnets api version form 2023-11-01 to 2024-10-01 AddedprivateLinkServiceNetworkPoliciesto the ignore_changes block for subnets.
• Merged PR 14689: Some small patches

v4.14.0

Changes:

• Release notes not available

v4.13.1

Changes:

• Changed the max length of the backup policies to 64 chars. By adding the environment in a previous update it could be come 70 chars which is not supported by Azure.
• Merged PR 14448: Refactor backup policy assignment names and descriptions for clarity and cons...
• Allow AzureLoadBalancer as Service Tag on the Source of Network Security Group Rules.

v4.13.0

Changes:

• Release notes not available
• In the README.md of the module Git Leaks detects 2 faults positives. Added#gitleaks:allowto the line.
• Merged PR 14153: update to version 4.13.0
• Update the locations.md in the doc directory

v4.12.5

Changes:

• Added environment and location to the Azure back-up policy name. Creating unique policy names, make it more clear.
• Merged PR 13054: Update policy assignment names to include environment and location short codes

v4.12.4

Changes:

• added feature for ipm publish
• Merged PR 12801: ipmhubtrue

v4.12.3

Changes:

• The data resource "azapi_resource_list" "maintenance_configurations"returned a lot of 429 errors.This is data resource is now removed from the code.
• The data resource did a get request of all "maintenance_configurations" in the resource group specified by the "update_manager_resource_group_id" in locations.yml.
• This parameter is replaced by "maintenance_configurations_ids".
• Now the data resource is not needed any more because the Maintenance Configurations IDs are loaded from locations.yml
• Merged PR 12710: Fixed it by removing the problem API Get List call.

v4.12.1

Changes:

• Themaintenance configurations where read per environment. Now themaintenance configurations are read 1 time per application.
• This is changed to solve the 429 error.
• Merged PR 12672: Reduced the times the reads maintenance configurations
• Release notes not available
• Added Retry code to the get request for themaintenanceconfigurations
• Merged PR 12384: IPMhub and AZAPI update

v4.12.0

Changes:

• New standard for NSG rules priority:
• 100 - 199 Default rules 100AllowSubnetInbound 101AllowIcmpInbound 200 - 299 Customer rules 600 - 699 Application rules 1000DenyAllInbound
• Merged PR 12107: Update priority values for security rules in locations.yml and data.tf

v4.11.1

Changes:

• The registration of the Microsoft.Monitor provider.
• Merged PR 11873: Add registration for Microsoft Monitor resource provider
• When run_mode is set to skip. No actions are preformed for the landing zone.

v4.11.0

Changes:

• Added a storage account that can be used as a staging storage account for Azure backup
• Merged PR 11522: Add staging storage account

v4.10.0

Changes:

• To back-up vms we need a snapshot resource group.
• the resource group
• AzureBackupRG_westeurope_1 if the
• recovery_services_vault_enabled is true.
• Merged PR 11417: Add resource group for recovery services vault snapshots

v4.9.2

Changes:

• With multiple environments in a landing-zone only on one of the subscriptions the security contacts where set on the first terraform apply. For the security contacts on other subscriptions you had to wait until defender created the security contact resource for the subscription. This can take up to 24 hours. And then run terraform apply again. Now the security contact recource is created for all subscriptions in a landing-zone
• Merged PR 11206: Fix Security Contacts

v4.9.1

Changes:

• The Actions are for some delegation services readonly. Not setting the default action["Microsoft.Network/virtualNetworks/subnets/action"]anymore.
• Merged PR 11095: Fix delegation change by MS.

v2.5.0

Changes:

• Azapi version 2.6.0 and above have reintroduced error 429 in Get List for maintenance.configurations.
• Setting the version of AZAPI fixed to 2.5.0 till it is solved.
• Merged PR 12391: Fix AZAPI to v2.5.0 and remove tried but not working retry parameters.

Back to Modules