Frequently Asked Questions
This article answers frequently asked questions relating to the Azure landing zones Terraform module.
If you have a question not listed here, please raise an issue and we'll do our best to help.
Questions relating to the architecture can be found in the Azure landing zone frequently asked questions (FAQ) page on the Cloud Adoption Framework site.
There are various reasons why you might get an error when using this module. To minimize errors caused by the module, we do our best to test the module before cutting a release.
If you observe an error, the first place to look is in our Troubleshooting guide.
If the error you are seeing is not documented here, please check our existing issues before raising a new issue.
The Azure landing zones Terraform module covers many different deployment scenarios, so costs can vary dramatically depending on what options are configured.
Some of these costs can come from resources deployed directly by the module. Other costs may be incurred when Azure Policy performs remediation of non-compliant resources within scope of the deployment.
If you are looking to reduce costs as part of evaluating the module, we recommend assessing whether your evaluation needs to implement the following common resources which can incur the highest costs include:
- Microsoft Defender for Cloud
- Azure DDoS Network Protection
- Azure Firewall
- Azure Virtual Network Gateway (ExpressRoute/VPN)
Although our examples try to minimize the use of these resources and to use lower cost SKUs where applicable, please take care to ensure you understand which resources are being deployed and the associated costs these will incur.
In large environments, costs can also increase when large volumes of data are being stored in the Log Analytics workspace.
To see further guidance regarding costs for Azure landing zones, please refer to our pricing guidance page.
With the upcoming release of the new Azure Landing Zones AVM module, what is the future for this module and what should I do today?
The Azure Landing Zones Terraform module (caf-enterprise-scale) is still our recommendation for customers looking to accelerate deployments.
We are working on a new set of more focussed modules that can be combined like Lego bricks to achieve the outcome you are looking for. These will be published as AVM modules. However, these are not all ready yet. We will publish guidance on the roadmap (including migration advice) in the coming months.
We do want to reassure customers that the caf-enterprise-scale module will remain supported once we release the new set of modules.
- Home
- User guide
- Video guides
-
Examples
- Level 100
- Level 200
-
Level 300
- Deploy multi region networking with custom settings (Hub and Spoke)
- Deploy multi region networking with custom settings (Virtual WAN)
- Deploy with Zero Trust network principles (Hub and Spoke)
- Deploy identity resources with custom settings
- Deploy management resources with custom settings
- Expand built-in archetype definitions
- Create custom policies, initiatives and assignments
- Override module role assignments
- Control policy enforcement mode
- Policy assignments with user assigned managed identities
- Level 400
- Frequently Asked Questions
- Troubleshooting
- Contributing