ALZ Standards and best practice
This page sets out our standards and best practices within the Azure landing zone
ALZ Standards
| Title | Notes |
|---|---|
| Development environment as standard | We always have a development environment for things that run in Production. Core spoke/workload |
| Follow Microsoft best practice for resource naming in Azure | Resource name should follow naming convention i.e. resource name then unique identifier. Define your naming convention |
| Terraform is used to define our infrastructure | Preferred technologies |
| Powershell | Preferred technologies |
| Pester for testing | Preferred technologies |
| Ingress and egress traffic has to be inspected by Palo Altos for security | Enforced using UDR’s (User Defined Routing) |
| Each workload has to have mandatory tag for chargeback | In time, all resources should adhere to the ALZ tagging standards (yet to be defined) |
| Data kept within UK | UK south/UK West regions |
| Segregation of code/state for infrastructure running non-core ALZ spoke applications | To allow us to change core ALZ stuff without interfering with other business critical apps that we don’t ultimately maintain |
ALZ Best Practices
| Title | Notes |
|---|---|
| Tenant segregation | Total separation between operating environments (production, pre-production, and development). |
| Infrastructure as Code (IaC) | Landing Zone must be deployed using HashiCorp Terraform. Code will be stored within MoJ’s GitHub Enterprise repositories and deployment will be via Azure DevOps (AzDO) pipelines within MoJ’s AzDO organisation. |
| All resource changes to any environment actioned via code | Changes to environments always actioned via CI/CD (continuous integration and continuous delivery/continuous deploymen) |
| Pull Requests have comments and descriptions | Clear descriptions on all Pull Requests and comments |
| ALZ Engineering practices document | Refer to the documentation, review and update practices documentation |
| Source control for all code | Source Control |
| IPAM (IP Address Management) | All IP address ranges reserved and labelled in IPAM |
| Resource Tagging Process | Tags are applied to resource groups via Terraform and inherited by resources through Azure policies. Key tags: application, businessunit, isproduction, owner, purchaseorder, source-code. |
This page was last reviewed on 15 October 2024.
It needs to be reviewed again on 15 January 2025
.
This page was set to be reviewed before 15 January 2025.
This might mean the content is out of date.