added roadmap and new sample (#401)

2021-01-18 16:38:46 +01:00 · 2021-01-18 16:38:46 +01:00 · c05422919a
--- a/docs/EnterpriseScale-Roadmap.md
+++ b/docs/EnterpriseScale-Roadmap.md
@ -11,6 +11,8 @@ We intend to update the content within this repo in alignment with Azure Semeste
 | Contoso Reference Implementation | End to end reference implementation to supplement Architecture and Design recommendations. | Complete (April, 2020) |
 | Publish Enterprise-Scale GitHub Action in Actions marketplace | This enables Resource discovery, deployments and operationalize IaC. | Complete (June, 2020) |
 | Azure DevOps Support | Provide ability to operate AzOps within Azure DevOps with Azure Pipelines. | Complete (August, 2020) |
-| Additional reference implementations | Prescriptive first-party reference implementation for the Enterprise-Scale architecture for different enterprise scenarios and size | In progress (November, 2020) |
+| Additional reference implementations | Prescriptive first-party reference implementation for the Enterprise-Scale architecture for different enterprise scenarios and size | Complete (October, 2020) |
 | Workload Specific landing zones in Enterprise-Scale | AKS, WVD, SAP, HPC, Analytics <br/> (Seeking community Contribution) |  Planned |
 | Hybrid Management in Enterprise-Scale landing zones | Azure Arc | Planned |
+| Support for N regions | ES Reference Implementations (Contoso, Adventure Works) | January, 2021 |
+| Support for connecting N landing zones | ES Reference Implementations (Contoso, Adventure Works) | January, 2021 |
--- a/examples/landing-zones/subscription-into-managementGroup/README.md
+++ b/examples/landing-zones/subscription-into-managementGroup/README.md
@ -0,0 +1,74 @@
+# Create new subscription and move into existing management group
+
+The ARM template provided in this folder can be used to create new, empty subscriptions and move it into the targeted management group.
+
+## Parameters
+
+- "subscriptionAliasName": It is recommended that the subscription alias name is the same as the displayName to ensure easier manageability
+- "billingAccountId": Provide the full resourceId for the enrollmentAccount. E.g., "/providers/Microsoft.Billing/billingAccounts/{billingAccountName}/enrollmentAccounts/{enrollmentAccountName}"
+- "targetManagementGroup": Provide the last segment of the management group resourceId for the target management group in order to place the subscription directly under a management group. E.g., "/providers/Microsoft.Management/managementGroups/{mgmtGroupId}" where "mgmtGroupId" is the expected input.
+
+````json
+
+    "parameters": {
+        "subscriptionAliasName": {
+            "type": "string",
+            "metadata": {
+                "description": "Provide alias (and displayName) for the subscription"
+            }
+        },
+        "targetManagementGroup": {
+            "type": "string",
+            "metadata": {
+                "details": "Select targeted management group that the subscription will land into"
+            }
+        },
+        "billingAccountId": {
+            "type": "string",
+            "metadata": {
+                "description": "Provide the resourceId for the enrollment account or MCA"
+            }
+        }
+    },
+````
+
+## Scope escape
+
+This ARM template is using the "scope escape" property on the resource in order to create a tenant level resource (subscription aliases) while being invoked as a management group deployment
+
+````json
+
+        {
+            "scope": "/", // routing the request to tenant root
+            "name": "[parameters('subscriptionAliasName')]",
+            "type": "Microsoft.Subscription/aliases",
+            "apiVersion": "2020-09-01",
+            "properties": {
+                "workLoad": "Production",
+                "displayName": "[parameters('subscriptionAliasName')]",
+                "billingScope": "[parameters('billingAccountId')]"
+            }
+        }
+````
+## Deploy using AzOps
+
+See these [instructions](../../../docs/Deploy/enable-subscription-creation.md) for how to use this template with the AzOps GitHub Actions/DevOps pipeline.
+
+## Deploy using Azure PowerShell
+
+````pwsh
+New-AzManagementGroupDeployment `
+            -Name <name> `
+            -Location -<location> `
+            -ManagementGroupId <mgmtGroupId> `
+            -TemplateUri "https://raw.githubusercontent.com/Azure/Enterprise-Scale/main/examples/landing-zones/subscription-into-managementGroup/subscriptionIntoManagementGroup.json"
+````
+
+## Deploy using Azure CLI
+
+````cli
+az deployment mg create \
+  --name <name> \
+  --location <location> \
+  --management-group-id <mgmtGroupId> \
+  --template-uri "https://raw.githubusercontent.com/Azure/Enterprise-Scale/main/examples/landing-zones/subscription-into-managementGroup/subscriptionIntoManagementGroup.json"
--- a/examples/landing-zones/subscription-into-managementGroup/subscriptionIntoManagementGroup.json
+++ b/examples/landing-zones/subscription-into-managementGroup/subscriptionIntoManagementGroup.json
@ -0,0 +1,138 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "subscriptionAliasName": {
+            "type": "string",
+            "metadata": {
+                "description": "Provide alias (and displayName) for the subscription"
+            }
+        },
+        "targetManagementGroup": {
+            "type": "string",
+            "metadata": {
+                "details": "Select targeted management group that the subscription will land into"
+            }
+        },
+        "billingAccountId": {
+            "type": "string",
+            "metadata": {
+                "description": "Provide the resourceId for the enrollment account or MCA"
+            }
+        }
+    },
+    "variables": {},
+    "resources": [
+        {
+            "type": "Microsoft.Resources/deployments",
+            "apiVersion": "2019-10-01",
+            "name": "[concat('create-', parameters('subscriptionAliasName'))]",
+            "scope": "[concat('Microsoft.Management/managementGroups/', parameters('targetManagementGroup'))]",
+            "location": "[deployment().location]",
+            "properties": {
+                "mode": "Incremental",
+                "expressionEvaluationOptions": {
+                    "scope": "inner"
+                },
+                "parameters": {
+                    // Sharing parameter values from outer to inner execution scope
+                    "subAliasName": {
+                        "value": "[parameters('subscriptionAliasName')]"
+                    },
+                    "billingId": {
+                        "value": "[parameters('billingAccountId')]"
+                    }
+                },
+                "template": {
+                    "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
+                    "contentVersion": "1.0.0.0",
+                    "parameters": {
+                        // parameters for inner scope
+                        "subAliasName": {
+                            "type": "string"
+                        },
+                        "billingId": {
+                            "type": "string"
+                        }
+                    },
+                    "resources": [
+                        {
+                            "scope": "/", // routing the request to tenant root
+                            "name": "[parameters('subAliasName')]",
+                            "type": "Microsoft.Subscription/aliases",
+                            "apiVersion": "2020-09-01",
+                            "properties": {
+                                "workLoad": "Production",
+                                "displayName": "[parameters('subAliasName')]",
+                                "billingScope": "[parameters('billingId')]"
+                            }
+                        }
+                    ],
+                    "outputs": {
+                        // Referencing the guid generated for the subscription to be used in subsequent (optional) deployments to this subscription
+                        "subscriptionId": {
+                            "type": "string",
+                            "value": "[reference(parameters('subAliasName')).subscriptionId]"
+                        }
+                    }
+                }
+            }
+        },
+        {
+            // Creating deployment to place the new/existing subscription into the management group
+            "scope": "[concat('Microsoft.Management/managementGroups/', parameters('targetManagementGroup'))]",
+            "type": "Microsoft.Resources/deployments",
+            "apiVersion": "2019-08-01",
+            "name": "[concat('tag-', parameters('subscriptionAliasName'))]",
+            "location": "[deployment().location]",
+            "dependsOn": [
+                "[concat('Microsoft.Resources/deployments/', 'create-', parameters('subscriptionAliasName'))]"
+            ],
+            "properties": {
+                "mode": "Incremental",
+                "expressionEvaluationOptions": {
+                    "scope": "inner"
+                },
+                "parameters": {
+                    // Value coming from the previous deployment's output inner scope to be used to target subscription deployments
+                    "targetSubscriptionId": {
+                        "value": "[reference(concat('create-', parameters('subscriptionAliasName'))).outputs.subscriptionId.value]"
+                    },
+                    "mgmtGroupId": {
+                        "value": "[parameters('targetManagementGroup')]"
+                    }
+                },
+                "template": {
+                    "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
+                    "contentVersion": "1.0.0.0",
+                    "parameters": {
+                         // parameters for inner scope
+                        "targetSubscriptionId": {
+                            "type": "string"
+                        },
+                        "mgmtGroupId": {
+                            "type": "string"
+                        }
+                    },
+                    "resources": [
+                        {
+                            // Place subscription into the management group
+                            "scope": "/",
+                            "type": "Microsoft.Management/managementGroups/subscriptions",
+                            "apiVersion": "2020-10-01",
+                            "name": "[concat(parameters('mgmtGroupId'), '/', parameters('targetSubscriptionId'))]",
+                            "location": "[deployment().location]",
+                            "properties": {}
+                        }
+                    ]
+                }
+            }
+        }
+    ],
+    "outputs": {
+        "subscriptionIdOuter": {
+            "type": "string",
+            "value": "[reference(concat('create-', parameters('subscriptionAliasName'))).outputs.subscriptionId.value]"
+        }
+    }
+}