Trond Jakob Sjøvang

Musings on cloud, devops & infrastructure as code

February 19, 2023
Using terraform-azurerm-caf-enterprise-scale and custom landing zone archetypes makes it easy to modify role assignments by using the access_control block under parameters. To set role assignments for the built-in management groups is a bit different, and not very clearly documented in the repository wiki. To override the role assignments for the built-in management groups you need to use the archetype_config_overrides block. The block requires you to set the archetype_id, parameters and acess_control:
February 6, 2023
A little while back I spent an hour or so writing an Azure policy, only to discover that the Azure landing zones Terraform module already has a policy definition that does exactly what I wanted to accomplish, but no assignments linked to it. It took me another hour of confusion and frustration to figure out how to actually assign the policy, as there is a step I completely overlooked. So here is a quick summary of how to use these policies so you can save yourself the trouble.
January 1, 2023
For some time I have reflected over the evolution of social media and their efforts to present me with content I am not interested in. Maybe I am somewhat special kind of grumpy, but the amount of “Suggested posts”, reels, recommended posts, etc. that is presented to me when I open an app instead of giving me a chronological feed of content from the people I actively choose to follow only makes me disengaged and less likely to publish anything at all.
December 22, 2022
A recurring theme in conversations I have been having the last few months have been how to write more re-usable code in Terraform. Co-workers or clients have started out by themself or with some guidance and links to introductory manuals, but have run into a wall as their codebase grows. A few days ago I noticed that Google Cloud maintains a great guide on what they think are best practices for Terraform (even though I don’t like the term “best” practices and would prefer the term “good” as there are always trade offs, suboptimal choices taken because of some valid reason etc.
August 4, 2022

I believe most of us who works with Azure have felt the frustration of managing virtual networks as they grow in complexity. It’s easy to make mistakes when configuring peering and route tables and end up spending too much time running queries in Network Watcher to figure out what’s going on. Azure Virtual Network Manager aims to make this a lot easier and let us configure both Hub-Spoke and Mesh networks, as well as central management of security rules for all virtual networks.

As this new service is still in preview, there is no support for using the AzureRM provider in Terraform to configure it, but by using the AzAPI we can get up and running without diving into scripty shenanigans that breaks or otherwise declarative approach to infrastructure as code