Azure · AlexanderSehr · Feb 14, 2025 · Nov 30, 2024 · Nov 30, 2024 · Nov 30, 2024
@@ -31,6 +31,7 @@
 /avm/ptn/dev-ops/cicd-agents-and-runners/ @Azure/avm-ptn-devops-cicdagentsandrunners-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/ptn/finops-toolkit/finops-hub/ @Azure/avm-ptn-finopstoolkit-finopshub-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/ptn/lz/sub-vending/ @Azure/avm-ptn-lz-subvending-module-owners-bicep @Azure/avm-module-reviewers-bicep
+/avm/ptn/mgmt-groups/subscription-placement/ @Azure/avm-ptn-mgmtgroups-subscriptionplacement-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/ptn/network/hub-networking/ @Azure/avm-ptn-network-hubnetworking-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/ptn/network/private-link-private-dns-zones/ @Azure/avm-ptn-network-privatelinkprivatednszones-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/ptn/policy-insights/remediation/ @Azure/avm-ptn-policyinsights-remediation-module-owners-bicep @Azure/avm-module-reviewers-bicep

@@ -66,6 +66,7 @@ body:
         - "avm/ptn/dev-ops/cicd-agents-and-runners"
         - "avm/ptn/finops-toolkit/finops-hub"
         - "avm/ptn/lz/sub-vending"
+        - "avm/ptn/mgmt-groups/subscription-placement"
         - "avm/ptn/network/hub-networking"
         - "avm/ptn/network/private-link-private-dns-zones"
         - "avm/ptn/policy-insights/remediation"

@@ -0,0 +1,84 @@
+name: "avm.ptn.mgmt-groups.subscription-placement"
+
+on:
+  workflow_dispatch:
+    inputs:
+      staticValidation:
+        type: boolean
+        description: "Execute static validation"
+        required: false
+        default: true
+      deploymentValidation:
+        type: boolean
+        description: "Execute deployment validation"
+        required: false
+        default: true
+      removeDeployment:
+        type: boolean
+        description: "Remove deployed module"
+        required: false
+        default: true
+  push:
+    branches:
+      - main
+    paths:
+      - ".github/actions/templates/avm-**"
+      - ".github/workflows/avm.template.module.yml"
+      - ".github/workflows/avm.ptn.mgmt-groups.subscription-placement.yml"
+      - "avm/ptn/lz/sub-placement/**"
+      - "avm/utilities/pipelines/**"
+      - "!avm/utilities/pipelines/platform/**"
+      - "!*/**/README.md"
+
+env:
+  modulePath: "avm/ptn/mgmt-groups/subscription-placement"
+  workflowPath: ".github/workflows/avm.ptn.mgmt-groups.subscription-placement.yml"
+
+concurrency:
+  group: ${{ github.workflow }}
+
+jobs:
+  ###########################
+  #   Initialize pipeline   #
+  ###########################
+  job_initialize_pipeline:
+    runs-on: ubuntu-latest
+    name: "Initialize pipeline"
+    steps:
+      - name: "Checkout"
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: "Set input parameters to output variables"
+        id: get-workflow-param
+        uses: ./.github/actions/templates/avm-getWorkflowInput
+        with:
+          workflowPath: "${{ env.workflowPath}}"
+      - name: "Get module test file paths"
+        id: get-module-test-file-paths
+        uses: ./.github/actions/templates/avm-getModuleTestFiles
+        with:
+          modulePath: "${{ env.modulePath }}"
+    outputs:
+      workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }}
+      moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }}
+      psRuleModuleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.psRuleModuleTestFilePaths }}
+      modulePath: "${{ env.modulePath }}"
+
+  ##############################
+  #   Call reusable workflow   #
+  ##############################
+  call-workflow-passing-data:
+    name: "Run"
+    permissions:
+      id-token: write # For OIDC
+      contents: write # For release tags
+    needs:
+      - job_initialize_pipeline
+    uses: ./.github/workflows/avm.template.module.yml
+    with:
+      workflowInput: "${{ needs.job_initialize_pipeline.outputs.workflowInput }}"
+      moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}"
+      psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}"
+      modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}"
+    secrets: inherit
@@ -0,0 +1,170 @@
+# subscription-placement `[MgmtGroups/SubscriptionPlacement]`
+
+This module allows for placement of subscriptions to management groups 
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+- [Data Collection](#Data-Collection)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.Management/managementGroups/subscriptions` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Management/2023-04-01/managementGroups/subscriptions) |
+
+## Usage examples
+
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+
+>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+
+>**Note**: To reference the module, please use the following syntax `br/public:avm/ptn/mgmt-groups/subscription-placement:<version>`.
+
+- [Using only defaults.](#example-1-using-only-defaults)
+
+### Example 1: _Using only defaults._
+
+This instance deploys the module with the minimum set of required parameters.
+
+
+<details>
+
+<summary>via Bicep module</summary>
+
+```bicep
+module subscriptionPlacement 'br/public:avm/ptn/mgmt-groups/subscription-placement:<version>' = {
+  name: 'subscriptionPlacementDeployment'
+  params: {
+    parSubscriptionPlacement: [
+      {
+        managementGroupId: '<managementGroupId>'
+        subscriptionIds: [
+          '<subVendingSubscriptionId>'
+        ]
+      }
+    ]
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via JSON parameters file</summary>
+
+```json
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "parSubscriptionPlacement": {
+      "value": [
+        {
+          "managementGroupId": "<managementGroupId>",
+          "subscriptionIds": [
+            "<subVendingSubscriptionId>"
+          ]
+        }
+      ]
+    }
+  }
+}
+```
+
+</details>
+<p>
+
+<details>
+
+<summary>via Bicep parameters file</summary>
+
+```bicep-params
+using 'br/public:avm/ptn/mgmt-groups/subscription-placement:<version>'
+
+param parSubscriptionPlacement = [
+  {
+    managementGroupId: '<managementGroupId>'
+    subscriptionIds: [
+      '<subVendingSubscriptionId>'
+    ]
+  }
+]
+```
+
+</details>
+<p>
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`parSubscriptionPlacement`](#parameter-parsubscriptionplacement) | array | The management group IDs along with the subscriptions to be placed underneath them. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+
+### Parameter: `parSubscriptionPlacement`
+
+The management group IDs along with the subscriptions to be placed underneath them.
+
+- Required: Yes
+- Type: array
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`managementGroupId`](#parameter-parsubscriptionplacementmanagementgroupid) | string | The ID of the management group. |
+| [`subscriptionIds`](#parameter-parsubscriptionplacementsubscriptionids) | array | The list of subscription IDs to be placed underneath the management group. |
+
+### Parameter: `parSubscriptionPlacement.managementGroupId`
+
+The ID of the management group.
+
+- Required: Yes
+- Type: string
+
+### Parameter: `parSubscriptionPlacement.subscriptionIds`
+
+The list of subscription IDs to be placed underneath the management group.
+
+- Required: Yes
+- Type: array
+
+### Parameter: `enableTelemetry`
+
+Enable/Disable usage telemetry for module.
+
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location for all resources.
+
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `subscriptionPlacementSummary` | string | Output of number of management groups that have been configured with subscription placements. |
+
+## Data Collection
+
+The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the [repository](https://aka.ms/avm/telemetry). There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at <https://go.microsoft.com/fwlink/?LinkID=824704>. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.
@@ -0,0 +1,67 @@
+targetScope = 'tenant'
+
+metadata name = 'subscription-placement'
+metadata description = 'This module allows for placement of subscriptions to management groups '
+
+// ------------------
+//    PARAMETERS
+// ------------------
+
+@description('Required. The management group IDs along with the subscriptions to be placed underneath them.')
+param parSubscriptionPlacement subscriptionPlacementType[]
+
+@description('Optional. Location for all resources.')
+param location string = deployment().location
+
+@description('Optional. Enable/Disable usage telemetry for module.')
+param enableTelemetry bool = true
+
+#disable-next-line no-deployments-resources
+resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableTelemetry) {
+  name: '46d3xbcp.ptn.mgmtgroup-subplacement.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}'
+  location: location
+  properties: {
+    mode: 'Incremental'
+    template: {
+      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+      contentVersion: '1.0.0.0'
+      resources: []
+      outputs: {
+        telemetry: {
+          type: 'String'
+          value: 'For more information, see https://aka.ms/avm/TelemetryInfo'
+        }
+      }
+    }
+  }
+}
+
+module customSubscriptionPlacement './modules/helper.bicep' = [
+  for (subscriptionPlacement, index) in parSubscriptionPlacement: {
+    name: 'subPlacment-${uniqueString(subscriptionPlacement.managementGroupId)}${index}'
+    params: {
+      managementGroupId: subscriptionPlacement.managementGroupId
+      subscriptionIds: subscriptionPlacement.subscriptionIds
+    }
+  }
+]
+
+// =============== //
+//   Outputs   //
+// =============== //
+
+@description('Output of number of management groups that have been configured with subscription placements.')
+output subscriptionPlacementSummary string = 'Subscription placements have been configured for ${length(parSubscriptionPlacement)} management groups.'
+
+// =============== //
+//   Definitions   //
+// =============== //
+
+@export()
+@description('The type for a subscription placement.')
+type subscriptionPlacementType = {
+  @description('Required. The ID of the management group.')
+  managementGroupId: string
+  @description('Required. The list of subscription IDs to be placed underneath the management group.')
+  subscriptionIds: string[]
+}