Quick start (Bicep)
If you prefer Microsoft’s native IaC, use the Bicep root — it deploys the same architecture as the Terraform root.
1. Sign in
git clone https://github.com/travishankins/azure-launchpad.gitcd azure-launchpadaz loginaz account set --subscription <subscription-id>Bicep tracks deployment history in Azure itself — no separate state backend required.
2. Pick a scenario
The four scenarios mirror the Terraform side: baseline, firewall, vpn, full. Each has a .bicepparam file under infra/bicep/foundation/scenarios/.
For VPN/full, edit the file first and replace the onPremisesAddressSpace value with your customer CIDRs.
3. Preview
az deployment sub what-if \ --location westcentralus \ --name foundation-baseline \ --parameters infra/bicep/foundation/scenarios/baseline.bicepparamReview the output carefully — Bicep what-if shows every resource that will be created, modified, or deleted.
4. Deploy
az deployment sub create \ --location westcentralus \ --name foundation-baseline \ --parameters infra/bicep/foundation/scenarios/baseline.bicepparamThat’s it. To switch scenarios, just point --parameters at a different .bicepparam file and pick a new --name.
Switching from Terraform to Bicep (or back)
The two roots manage the same resource names by design (rg-hub-contoso-wcus, vnet-hub-contoso-wcus, etc.). Do not run both against the same subscription with the same namePrefix/name_prefix — pick one IaC and stick with it for that environment.
Tip — use the deployment wizard and pick Bicep at step 1 to generate a
wizard.bicepparamfile tailored to your customer’s needs.
Management Groups (Bicep, tenant scope)
az deployment tenant create \ --location westcentralus \ --name foundations-mg-full \ --parameters infra/bicep/management-groups/scenarios/full.bicepparamThe principal needs Management Group Contributor on the Tenant Root Group (and Resource Policy Contributor if you set enablePolicies = true).