the_order/infra/terraform/multi-region

Multi-Region Landing Zone Deployment

Deploys Cloud for Sovereignty landing zones across all non-US commercial Azure regions.

Supported Regions

1. West Europe (Netherlands) - Primary region
2. North Europe (Ireland) - Secondary region
3. UK South (London) - UK-specific workloads
4. Switzerland North (Zurich) - Swiss-specific workloads
5. Norway East (Oslo) - Nordic-specific workloads
6. France Central (Paris) - French-specific workloads
7. Germany West Central (Frankfurt) - German-specific workloads

Architecture

Each region includes:

• Hub Virtual Network (gateway, firewall, management)
• Spoke Virtual Network (application, database, storage)
• Azure Firewall (centralized security)
• Key Vault (regional secrets with private endpoints)
• Log Analytics Workspace (regional logging)
• Storage Account (regional storage with private endpoints)

Usage

Deploy All Regions

cd infra/terraform/multi-region
terraform init
terraform plan -var="environment=dev" -var="management_group_id=SOVEREIGN-ORDER-OF-HOSPITALLERS"
terraform apply

Deploy Specific Regions

terraform plan \
  -var="environment=dev" \
  -var="deploy_all_regions=false" \
  -var='regions_to_deploy=["westeurope", "northeurope"]'
terraform apply

Variables

• environment: dev, stage, or prod
• management_group_id: Root management group ID
• deploy_all_regions: Deploy to all supported regions (default: true)
• regions_to_deploy: Specific regions if deploy_all_regions is false

Outputs

• deployed_regions: List of deployed regions
• regional_resource_groups: Resource group names per region
• regional_key_vaults: Key Vault names per region
• regional_storage_accounts: Storage account names per region
• deployment_summary: Complete deployment summary