Mx Infrastructure - Terraform Project¶
A comprehensive Terraform infrastructure-as-code project for deploying and managing the Marketing (Mx) platform on Microsoft Azure. This project provides multi-environment support with standardized configurations for Dev, QA, UAT, and Production environments.
Overview¶
The Mx Infrastructure project manages Azure resources for multiple marketing applications including:
- AIO - All-in-One Marketing Platform
- HFH - Homes for Heroes Platform
- Hub - Central Hub Application
- MIP - Marketing Integration Platform
- Portal - Marketing Portal Application
Key Features¶
- Multi-Environment Support: Dev, QA, UAT, and Production environments
- Modular Design: Reusable Terraform modules for consistent deployments
- Azure Integration: Full Azure cloud infrastructure with networking, security, and monitoring
- Container Support: Azure Container Registry integration for containerized applications
- Database Management: Elastic SQL pools and databases with configurable performance tiers
- Security: Key Vault integration, private endpoints, and network security rules
- Monitoring: Application Insights integration for telemetry and monitoring
Project Structure¶
mx-infrastructure/
βββ π environments/ # Environment-specific configurations
β βββ π dev/ # Development environment
β β βββ backend.tf # Remote state configuration
β β βββ dev.tf # Dev-specific resources
β β βββ providers.tf # Provider configurations
β βββ π qa/ # QA environment
β β βββ backend.tf
β β βββ qa.tf
β β βββ providers.tf
β βββ π uat/ # UAT environment
β βββ backend.tf
β βββ uat.tf
β βββ providers.tf
β
βββ π mx-resources/ # Core infrastructure module
β βββ app-insights.tf # Application monitoring
β βββ app-service-plan.tf # Hosting platform
β βββ virtual-network.tf # Network infrastructure
β βββ key-vault.tf # Secrets management
β βββ elastic-sqlserver.tf # Database infrastructure
β βββ variables.tf # Input variables
β
βββ π mx-projects/ # Application-specific modules
β βββ π aio/ # All-in-One platform
β β βββ linux-app-service.tf # Containerized app
β β βββ elastic-sqldb.tf # Dedicated database
β β βββ frontdoor.tf # Global load balancer
β βββ π hfh/ # Homes for Heroes
β βββ π hub/ # Central Hub (includes Functions)
β βββ π mip/ # Marketing Integration Platform
β βββ π portal/ # Marketing Portal
β
βββ π Documentation
βββ README.md # This project guide
βββ ARCHITECTURE.md # Technical architecture
Module Dependencies¶
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
β environments/ βββββΆβ mx-resources/ βββββΆβ mx-projects/ β
β β β β β β
β β’ dev.tf β β β’ Core infra β β β’ Applications β
β β’ qa.tf β β β’ Networking β β β’ Databases β
β β’ uat.tf β β β’ Security β β β’ Front Doors β
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
Prerequisites¶
Required Tools¶
- Terraform:
~> 1.9(1.x.x) - Azure CLI: Latest version for authentication
- Azure DevOps Service Connection: For automated deployments
Required Permissions¶
- Contributor access to target Azure subscriptions
- Access to Azure Container Registry for image pulls
- Key Vault access for secrets management
Getting Started¶
1. Authentication¶
# Login to Azure
az login
# Set the subscription (replace with your subscription ID)
az account set --subscription "your-subscription-id"
2. Initialize Terraform¶
Navigate to the desired environment directory:
3. Plan Deployment¶
4. Apply Configuration¶
Environment Configuration¶
Development Environment¶
- Network:
10.221.112.0/23 - Debug Mode: Enabled
- DNS Servers:
["10.221.7.20", "10.220.8.20"] - Hub VNet: Connected to CmgHubDevVnet01
QA Environment¶
- Network: Custom address space
- Debug Mode: Disabled
- Production-like configuration with reduced capacity
UAT Environment¶
- Network: Custom address space
- Production mirror for user acceptance testing
- Full security and monitoring enabled
Key Variables¶
Required Variables¶
| Variable | Description | Type |
|---|---|---|
environment_name |
Environment name (Dev/Qa/Uat/Prod) | string |
webAppEnableDebugMode |
Enable debug mode for web apps | bool |
azure_devops_service_connection_id |
ADO service connection Object ID | string |
vnet_address_space |
Virtual network address space | string |
remote_hub_vnet_id |
Hub VNet resource ID for peering | string |
container_registry_id |
Container registry resource ID | string |
Optional Variables¶
| Variable | Default | Description |
|---|---|---|
project_name |
"Mx" | Project/application name |
location |
"westus2" | Azure region |
appservice_plan_capacity |
1 | App Service Plan instances |
sql_sku_name |
"StandardPool" | SQL database SKU |
sql_min_compute_capacity |
10 | SQL pool min compute |
sql_max_compute_capacity |
100 | SQL pool max compute |
Infrastructure Components¶
Core Resources (mx-resources/)¶
Core Infrastructure Components:
| Component | Purpose | Configuration |
|---|---|---|
| ποΈ Resource Groups | Logical organization | Environment-specific grouping |
| π Virtual Network | Network isolation | 10.221.112.0/23 address space |
| π₯οΈ App Service Plan | Compute platform | Linux containers, auto-scaling |
| π Key Vault | Secrets management | Private endpoint, RBAC policies |
| π Application Insights | Monitoring | Telemetry and performance tracking |
| ποΈ SQL Server | Database platform | Private endpoint, audit policies |
| π Elastic Pool | Shared DB resources | Standard tier, DTU-based scaling |
Security & Networking Layer:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Virtual Network β
β (10.221.112.0/23) β
β β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
β β App Service β β Database β β Management β β
β β Subnet β β Subnet β β Subnet β β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Network Security Groups β β
β β Private Endpoints β β
β β DNS Integration β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
Hub VNet Peering
β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Hub Network β
β DNS: 10.221.7.20, 10.220.8.20 β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Application Modules (mx-projects/)¶
Application Architecture:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β APPLICATION LAYER β
βββββββββββββββ¬ββββββββββββββ¬ββββββββββββββ¬ββββββββββββββ¬ββββββββββββββ€
β AIO β HFH β Hub β MIP β Portal β
β Platform β Homes β Central β Integration β Marketing β
β β for Heroes β Hub β Platform β Portal β
βββββββββββββββ΄ββββββββββββββ΄ββββββββββββββ΄ββββββββββββββ΄ββββββββββββββ
β β β β β
βββββββββββββββΌββββββββββββββΌββββββββββββββΌββββββββββββββ
β β β
βΌ βΌ βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β SHARED SERVICES β
β β
β π Azure Front Door π³ Container Registry π Key Vault β
β ποΈ SQL Server π Application Insights π Private Endpointsβ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Per-Application Components:
| Application | App Service | Functions | Database | Front Door | Secrets |
|---|---|---|---|---|---|
| AIO | β Linux Container | β | β Dedicated DB | β Global LB | β App-specific |
| HFH | β Linux Container | β | β Dedicated DB | β Global LB | β App-specific |
| Hub | β Linux Container | β Event Processing | β Dedicated DB | β Global LB | β App-specific |
| MIP | β Linux Container | β | β Dedicated DB | β Global LB | β App-specific |
| Portal | β Linux Container | β | β Dedicated DB | β Global LB | β App-specific |
Security Features¶
Network Security¶
- Private endpoints for PaaS services
- Network security groups with restrictive rules
- VNet peering with centralized hub
- DNS resolution through private zones
Identity and Access¶
- Service connection-based authentication
- Key Vault access policies
- Role-based access control (RBAC)
- Managed identities for applications
Data Protection¶
- SQL audit policies with retention
- Encrypted storage and transmission
- Backup and disaster recovery
- Compliance with security standards
Monitoring and Observability¶
Application Insights¶
- Performance monitoring
- Error tracking and diagnostics
- Custom telemetry and metrics
- Alerting and notifications
SQL Monitoring¶
- Database performance insights
- Query performance tracking
- Audit log retention (30-730 days)
- Automated backup management
Deployment Pipeline¶
Azure DevOps Integration¶
CI/CD Pipeline Workflow:
βββββββββββββββ βββββββββββββββ βββββββββββββββ βββββββββββββββ
β π Source βββββΆβ π§ Build βββββΆβ β
Test βββββΆβ π Deploy β
β Control β β Pipeline β β Validation β β Pipeline β
βββββββββββββββ βββββββββββββββ βββββββββββββββ βββββββββββββββ
β β β β
Feature Branch Terraform Init Terraform Plan Terraform Apply
Pull Request Terraform Validate Security Scan Environment Deploy
Code Review Lint & Format Integration Tests State Management
Environment Promotion Flow:
Development QA UAT Production
β β β β
βΌ βΌ βΌ βΌ
ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ
β π§ DEV βββββΆβ π§ͺ QA βββββΆβ π₯ UAT βββββΆβ π PROD β
β β β β β β β β
β β’ Auto β β β’ Auto β β β’ Manual β β β’ Manual β
β β’ Fast Fail β β β’ Testing β β β’ Approval β β β’ Approval β
β β’ Debug β β β’ Validation β β β’ Full Scale β β β’ Monitoring β
ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ
State Management:
| Component | Configuration | Purpose |
|---|---|---|
| ποΈ Remote Backend | Azure Storage Account | Centralized state storage |
| π State Locking | Azure Blob Lease | Prevent concurrent modifications |
| πΎ State Backup | Versioned blobs | Recovery and rollback capability |
| π Encryption | Azure encryption at rest | State file security |
Best Practices¶
- State file security and locking
- Plan review before apply
- Environment promotion workflow
- Rollback capabilities
Troubleshooting¶
Common Issues¶
- Authentication Errors
- Verify Azure CLI login
- Check service connection permissions
-
Validate subscription access
-
Network Connectivity
- Verify VNet peering configuration
- Check DNS server settings
-
Validate network security rules
-
Resource Conflicts
- Check for naming conflicts
- Verify resource availability in region
- Review quota limits
Useful Commands¶
# Check Terraform state
terraform state list
# Import existing resources
terraform import azurerm_resource_group.example /subscriptions/.../resourceGroups/example
# Refresh state
terraform refresh
# Target specific resources
terraform apply -target=module.example
Contributing¶
Development Workflow¶
- Create feature branch from
master - Make changes in appropriate environment
- Test in development environment
- Submit pull request with detailed description
- Deploy to QA/UAT for validation
- Promote to production
Code Standards¶
- Use consistent naming conventions
- Document all variables and outputs
- Include validation rules where applicable
- Follow Terraform best practices
- Maintain backward compatibility
Support¶
For questions or issues: - Technical Issues: Create issue in repository - Access Requests: Contact Azure administrators - Feature Requests: Submit through standard change process
License¶
This project is proprietary to CMG Financial Services and is not licensed for external use.