Cloud Org Infra is a modular Azure infrastructure automation framework built with PowerShell and Azure REST APIs.
The project focuses on repeatable, idempotent, and enterprise-oriented infrastructure provisioning across Azure environments. It automates the deployment of core cloud infrastructure components while enforcing operational consistency, standardized naming, centralized observability, and security-focused configuration.
This repository was designed to simulate real-world cloud engineering and infrastructure operations patterns commonly found in enterprise Azure environments.
- Modular Infrastructure as Code (IaC) using PowerShell
- Idempotent deployments safe for repeated execution
- Enterprise-style naming and tagging standards
- Centralized infrastructure orchestration
- Azure REST API integration for advanced scenarios
- GitHub Actions and Azure DevOps CI/CD ready
- Security-focused infrastructure configuration
- Centralized diagnostics and observability
- RBAC automation and access standardization
- Environment health validation and reporting
- Private Endpoint and Private DNS integration
- Deployment validation and execution summaries
flowchart TD
A[GitHub Actions / Local Execution]
--> B[deploy-environment.ps1]
B --> C[Resource Group]
C --> D[Networking]
D --> E[Network Security Groups]
C --> F[Storage Account]
C --> G[Key Vault]
C --> H[Log Analytics Workspace]
C --> I[Application Insights]
C --> J[App Service]
C --> K[RBAC]
C --> L[Diagnostics]
C --> M[Health Checks]
The deployment flow follows a dependency-aware orchestration model to ensure consistent and predictable infrastructure provisioning.
Additional architecture documentation and detailed diagrams are available under:
/architecture/documentation/security/operations
Each environment can provision:
- Resource Groups
- Virtual Networks and Subnets
- Network Security Groups
- Storage Accounts
- Azure Key Vault
- App Service Plans and App Services
- Log Analytics Workspace
- Application Insights
- Azure Monitor Diagnostics
- Action Groups and Alerting
- RBAC Assignments
- Environment Health Validation
Cloud Org Infra applies security-oriented defaults and infrastructure hardening patterns.
Security-related capabilities include:
- HTTPS-only App Services
- Minimum TLS version enforcement
- Managed Identity enablement
- Azure Key Vault integration
- Private Endpoint support
- Private DNS integration
- Role-Based Access Control (RBAC)
- Purge protection validation
- Secure container permissions
- Centralized diagnostics and monitoring
Detailed security documentation is available under:
/security/documentation
The platform includes centralized observability components designed for operational visibility and troubleshooting.
Configured services include:
- Log Analytics Workspace
- Application Insights
- Azure Diagnostic Settings
- Azure Monitor Action Groups
- Infrastructure Health Checks
- Deployment Validation Reporting
Diagnostics are configured automatically during deployment and routed centrally into Log Analytics.
All deployment modules are designed to be idempotent.
This means:
- Existing resources are safely reused
- Missing components are automatically provisioned
- Re-running the same deployment does not create duplicate infrastructure
- Infrastructure state remains consistent across repeated executions
This operational model aligns with modern Infrastructure as Code and DevOps deployment practices.
Example naming patterns:
rg-core-dev-weuvnet-core-dev-weunsg-core-dev-weustcoredevweuXXXXXXkvcoredevweuXXXXXXasp-core-dev-weuapp-core-dev-weulaw-core-dev-weuappi-core-dev-weuag-core-dev-weu
This structure improves:
- Resource discoverability
- Environment consistency
- Operational clarity
- Governance alignment
- Enterprise scalability
Primary orchestration entrypoint:
automation/deploy-environment.ps1Execution sequence:
create-rg.ps1create-network.ps1create-nsgs.ps1create-storage.ps1create-keyvault.ps1create-loganalytics.ps1create-diagnostics.ps1create-appservice.ps1create-appinsights.ps1create-appservice-extended.ps1create-alerts.ps1create-rbac.ps1create-healthchecks.ps1New-DeploymentSummary.ps1
Each deployment module is designed to be modular, reusable, and independently maintainable.
Example deployment:
cd automation
.\deploy-environment.ps1 `
-Environment dev `
-App core `
-Region weu `
-Location westeuropeThis deployment provisions:
- Networking
- Security
- Storage
- Monitoring
- Diagnostics
- Application Hosting
- RBAC
- Validation
in a fully automated sequence.
-
Microsoft Azure Subscription
-
PowerShell 7+
-
Az PowerShell Modules
-
Azure authentication via:
Connect-AzAccountOR- Service Principal credentials
Required environment variables for Service Principal authentication:
AZURE_CLIENT_ID
AZURE_CLIENT_SECRET
AZURE_TENANT_ID
AZURE_SUBSCRIPTION_ID
The project is designed for CI/CD execution using:
- GitHub Actions
- Azure OIDC authentication
- Service Principal authentication
- Validation workflows
- Environment deployment orchestration
Typical pipeline flow:
- Checkout repository
- Install PowerShell 7
- Install Az modules
- Authenticate to Azure
- Execute deployment orchestration
- Run health validation
- Generate deployment summary
The same orchestration flow can be reused across:
- Development
- Testing
- Production
| Directory | Purpose |
|---|---|
/architecture |
High-level architecture diagrams and infrastructure design |
/documentation |
Detailed module and deployment documentation |
/operations |
Operational workflows, runbooks, and procedures |
/security |
Security baselines, RBAC, and identity documentation |
/policy |
Governance and Azure Policy examples |
/automation |
Infrastructure deployment orchestration and modules |
The project intentionally focuses on operational infrastructure concerns commonly encountered in enterprise environments, including:
- Infrastructure consistency
- Centralized monitoring
- Secure defaults
- Environment validation
- Deployment repeatability
- RBAC governance
- Diagnostics automation
- Infrastructure hardening
- Dependency-aware orchestration
Planned future enhancements include:
- Terraform-based Cloud Org Infra v2
- Multi-environment expansion
- Extended CI/CD templates
- Application Gateway and WAF support
- AKS integration
- Optional SQL and PostgreSQL modules
- Policy-as-Code integration
- Advanced observability dashboards
- Remote state management
Internal use and portfolio demonstration purposes only.
Not intended for commercial redistribution without permission.
Designed with a focus on:
- Infrastructure automation
- Cloud operations
- Observability
- Security-oriented architecture
- Long-term maintainability
- Modular engineering practices
The environment includes:
- Recovery Services Vault
- VM Backup Policies
- Automated VM Protection
- Recovery Point validation
- On-demand backup support
- GitHub Actions automation