Kicking off a series about the terraform-azurerm-caf-enterprise-scale module

---

https://github.com/Azure/terraform-azurerm-caf-enterprise-scale is a set of Terraform modules developed by Microsoft to aid in the deployment and management of resources in Azure following the best practices of Microsoft’s Cloud Adoption Framework (CAF).

It consists of the following submodules:

Core resources

• Create the Management Group resource hierarchy
  
• Assign Subscriptions to Management Groups
  
• Create custom Policy Assignments, Policy Definitions and Policy Set Definitions (Initiatives)
  
• Role assignments, Role definitions

---

Management Resources

• Create a central Log Analytics workspace and Automation Account
  
• Link Log Analytics workspace to the Automation Account
  
• Deploy recommended Log Analytics Solutions
  
• Enable Microsoft Defender for Cloud
  
• Enable Sentinel

---

Connectivity Resources

• Create a centralized hub network: Traditional Azure networking topology (hub and spoke), Virtual WAN network topology (Microsoft-managed)
  
• Secure network design: Azure Firewall, DDoS Network Protection
  
• Hybrid connectivity: Azure Virtual Network Gateway, Azure ExpressRoute Gateway
  
• Centrally managed DNS zones
  

---

Identity Resources

• Secure the identity subscription using Azure Policy
  
• Create custom Role Assignments and Role Definitions

---

Conclusion

I really like this module because it is highly flexible. You don’t need to implement all the submodules or every resource within each submodule; you can customize it to suit the needs of your environment.