DEV Community

Cover image for 📌 Azure Landing Zone baseline
tarak-brainboard for Brainboard

Posted on

📌 Azure Landing Zone baseline

Description

This reference architecture provides a recommended infrastructure architecture to deploy a Landing Zone in one Subscription in Azure. It is based on architectural and terraform best practices in terms of networking, security, and application.

This architecture is focused on the Landing Zone concepts where we have two separate entities, hub and spoke and the workflow consists of connections coming from hub-to-spoke. The architecture can serve as a baseline and can be scaled according to the business needs. It ensures a network topology that supports multi-regional growth, and secures the in-cluster traffic.

You can consider this infrastructure as your starting point for pre-production and production stages.

Network Topology

The topology of the network that this architecture uses is hub and spoke. Both these entities are deployed in two separate virtual networks that are connected through peering. One of the advantages of this architecture is that is minimizes direct exposure of Azure resources to the public internet.

The central point of the architecture will be the Hub Network. All the connections will first come in the Hub layer and then pass to the Spoke layer. The hub will contain an Azure Firewall connected to firewall policies that will be configured based on the need of the organization, a gateway for VPN connectivity, and a Jump host where connections will pass through to Spoke.

The spoke Vnet consists of an AKS Cluster, a Mysql Flexible server and a KeyVault.

You can use the template on Brainboard here 👉 https://app.brainboard.co

CI/CD pipeline that shows the security posture, cost estimation and a complete workflow visually designed

Top comments (0)