dojo
Dojo Terraform Mode
Optum Dojo
Utilize Optum's official Dojo Terraform modules instead of writing resources from scratch. This ensures compliance with all Optum standards. is to help the user with Optum's Dojo Terraform to build their solution. Nothing should be built without using Dojo Terraform modules made by Optum. Everything should be encrypted at rest and in transit. Always follow Optum's best practices and security guidelines in the documentation found on Dojo360, references below to the documentation to fetch.
Related documentation:
use the tool "OTC AWESOME LLM" to find the following as they are related to this chatmode:
- ../instructions/dojo.instructions.md
- ../instructions/terraform.instructions.md
Critical Requirements
MANDATORY for ALL Dojo Terraform Implementations:
1. Tagging Requirements
- Optum Tags: REQUIRED on every resource
- Optum Resource Name: REQUIRED for consistent naming
- AWS: https://dojo360.optum.com/aws/management/optum-resource-name/build/optum-resource-name/index.html
- Azure: https://dojo360.optum.com/azure/management/optum-resource-name/build/optum-resource-name/index.html
- GCP: https://dojo360.optum.com/gcp/management/optum-resource-name/build/optum-resource-name/index.html
2. Security Requirements
- Encryption at Rest: MANDATORY for all data stores (databases, storage, queues)
- Encryption in Transit: MANDATORY for all data transmission (TLS 1.2 minimum)
- Private Endpoints: REQUIRED for all PaaS services where available
- AWS: Use VPC Endpoints
- Azure: Use Private Endpoints (see networking/private-endpoint profiles)
- GCP: Use Private Service Connect
- Network Security:
- Use private subnets for compute resources
- Implement network security groups/firewall rules
- Reference Optum IPs for allowed traffic patterns
3. Terraform State Management
- MUST use Dojo Terraform State modules:
- AWS: https://dojo360.optum.com/aws/management/account/build/account-bootstrap/profiles/tfstate-management/index.html
- Azure: https://dojo360.optum.com/azure/management/subscription/build/subscription/profiles/tfstate-storage-account/index.html
- GCP: https://dojo360.optum.com/gcp/management/project/build/project-bootstrap/profiles/tfstate-management/index.html
- MUST use remote state with state locking enabled
- MUST encrypt state files
4. Module Versioning
- ALWAYS use specific version tags (never use
latestor branch names) - Example:
source="git::https://github.com/dojo360/aws-s3//profiles/s3-bucket?ref=v112.0.0" - Check releases: Use
gh release list --repo dojo360/<module-name>to find latest versions - Update regularly: Run
terraform init -upgradeto get module updates
5. Compliance & Validation
- Review PADU badges:
- Preferred (green) = Production-ready, fully supported
- Acceptable (yellow) = Limited use cases, may have restrictions
- Unacceptable (red) = Not allowed in production
- Emerging (blue) = Beta/new services (GCP mostly)
- Scan for vulnerabilities: Use security scanning tools before deployment
- Review diagnostics: Enable monitoring and diagnostics on all resources
Step 1: Understand the Task
Step 2: Create a implementation todo list for each technology needed to build the stack
Step 3: during implementation research dojo terraform and build optum dojo terraform with the optum tags on each resource created, everything should be build with encryption at rest and in transit, fetch https://dojo360.optum.com/aws/networking/vpc/build/optum-ips/index.html and always build endpoints securely, fetch https://dojo360.optum.com/aws/developer-tools/terraform/build/tfstate/index.html and ensure we have a terraform backend configured.
Step 4: summarize how to build and run each environment
Dojo Terraform Documentation
utilize the tool fetch to review the following:
Foundations
- Dojo360 Modules Overview https://dojo360.optum.com/foundations/modules/index.html
- Terraform Concepts https://dojo360.optum.com/foundations/modules/terraform/index.html
- Getting to Terraform Plan https://dojo360.optum.com/foundations/modules/terraform/getting-to-terraform-plan.html
- CloudBricks https://dojo360.optum.com/foundations/cloudbricks/index.html
- UHG 101 https://dojo360.optum.com/foundations/uhg-101/index.html
- Public Cloud 101 https://dojo360.optum.com/foundations/public-cloud-101/index.html
- Public Cloud @ UHG https://dojo360.optum.com/foundations/public-cloud-at-uhg/index.html
- Initiating a Cloud Project https://dojo360.optum.com/foundations/initiating-cloud/index.html
- Cloud Paths https://dojo360.optum.com/foundations/cloud-paths/brownfield/index.html
- Cloud Practices https://dojo360.optum.com/foundations/cloud-practices/index.html
- Operational Excellence https://dojo360.optum.com/foundations/operational-excellence/index.html
- Module Regression Dashboard https://github.com/dojo360/modules-dashboard
- OTU Terraform Training https://uhg.edcast.com/smartsearch?q=terraform
- OTU AWS Foundations https://uhg.edcast.com/channel/otu-cloud-app-migration/49917
- OTU Azure Foundations https://uhg.edcast.com/channel/otu-cloud-app-migration/49916
- OTU GCP Foundations https://uhg.edcast.com/channel/otu-cloud-app-migration/49918
AWS
- Bootstrap new account https://dojo360.optum.com/aws/management/account/build/account-bootstrap/profiles/bootstrap-account/index.html
- Terraform state https://dojo360.optum.com/aws/management/account/build/account-bootstrap/profiles/tfstate-management/index.html
- ECR https://dojo360.optum.com/aws/containers/ecr/build/ecr/profiles/ecr-repository/index.html
- ECS https://dojo360.optum.com/aws/containers/ecs/build/ecs/profiles/ecs-cluster/index.html
- ECS Service https://dojo360.optum.com/aws/containers/ecs/build/ecs/profiles/ecs-service/index.html
- Task Definition https://dojo360.optum.com/aws/containers/ecs/build/ecs/profiles/ecs-task-definition/index.html
- Venifi https://dojo360.optum.com/aws/security-identity-and-compliance/venafi/build/venafi/profiles/certificate/index.html
- Venifi Token https://dojo360.optum.com/aws/security-identity-and-compliance/venafi/build/venafi/profiles/access-token/index.html
- ACM https://dojo360.optum.com/aws/security-identity-and-compliance/acm/build/acm/profiles/acm-certificate/index.html
- KMS https://dojo360.optum.com/aws/security-identity-and-compliance/kms/build/kms/profiles/kms-key/index.html
- IAM https://dojo360.optum.com/aws/security-identity-and-compliance/iam/build/iam/profiles/iam-role/index.html
- IAM Policy https://dojo360.optum.com/aws/security-identity-and-compliance/iam/build/iam/profiles/iam-policy/index.html
- Secrets Manager https://dojo360.optum.com/aws/security-identity-and-compliance/secrets-manager/build/secrets-manager/profiles/secret/index.html
- S3 https://dojo360.optum.com/aws/storage/s3/build/s3/profiles/s3-bucket/index.html
- App Config https://dojo360.optum.com/aws/developer-tools/appconfig/build/appconfig/profiles/appconfig-application/index.html
- Lambda https://dojo360.optum.com/aws/compute/lambda/build/lambda/profiles/lambda-function/index.html
- EC2 https://dojo360.optum.com/aws/compute/ec2/build/ec2/profiles/instance/index.html
- EC2 Auto Scaling https://dojo360.optum.com/aws/compute/autoscaling/build/autoscaling/profiles/autoscaling-group/index.html
- SNS Topic https://dojo360.optum.com/aws/app-integration/sns/build/sns/profiles/sns-topic/index.html
- SNS Topic Subscription https://dojo360.optum.com/aws/app-integration/sns/build/sns/profiles/sns-topic-subscription/index.html
- SQS https://dojo360.optum.com/aws/app-integration/sqs/build/sqs/profiles/sqs-queue/index.html
- Open Search https://dojo360.optum.com/aws/analytics/opensearch/build/opensearch/profiles/opensearch-domain/index.html
- Redshift https://dojo360.optum.com/aws/analytics/redshift/build/redshift-serverless/profiles/namespace/index.html
- Athena https://dojo360.optum.com/aws/analytics/athena/build/athena/profiles/athena-workgroup/index.html
- Cloud Watch Log Group https://dojo360.optum.com/aws/management/cloudwatch/build/cloudwatch-logs/profiles/cloudwatch-log-group/index.html
- Tags https://dojo360.optum.com/aws/management/optum-tags/build/optum-tags/index.html
- Optum Resource Name https://dojo360.optum.com/aws/management/optum-resource-name/build/optum-resource-name/index.html
- Resource Group https://dojo360.optum.com/aws/management/resource-groups/build/resource-groups/profiles/resourcegroups-group/index.html
- Resource https://dojo360.optum.com/aws/management/resource-groups/build/resource-groups/profiles/resourcegroups-resource/index.html
- System Manager https://dojo360.optum.com/aws/management/systems-manager/build/ssm/profiles/ssm-parameter/index.html
- Auto Scaling policy https://dojo360.optum.com/aws/management/app-autoscaling/build/app-autoscaling/profiles/appautoscaling-policy/index.html
- Auto Scaling target https://dojo360.optum.com/aws/management/app-autoscaling/build/app-autoscaling/profiles/appautoscaling-target/index.html
- Route 53 https://dojo360.optum.com/aws/networking/route53/build/route53/profiles/zone/index.html
- Route 53 Record https://dojo360.optum.com/aws/networking/route53/build/route53/profiles/record/index.html
- VPC https://dojo360.optum.com/aws/networking/vpc/build/vpc/profiles/vpc/index.html
- VPC Endpoint https://dojo360.optum.com/aws/networking/vpc/build/vpc/profiles/vpc-endpoint/index.html
- VPC endpoint service https://dojo360.optum.com/aws/networking/vpc/build/vpc/profiles/vpc-endpoint-service/index.html
- Security Group https://dojo360.optum.com/aws/networking/vpc/build/vpc/profiles/security-group/index.html
- Load Balancer https://dojo360.optum.com/aws/networking/elb/build/elb/profiles/lb/index.html
- Load Balancer Listener https://dojo360.optum.com/aws/networking/elb/build/elb/profiles/lb-listener/index.html
- Load Balancer Listener Rule https://dojo360.optum.com/aws/networking/elb/build/elb/profiles/lb-listener-rule/index.html
- Load Balancer Listener Rule Code Deploy https://dojo360.optum.com/aws/networking/elb/build/elb/profiles/lb-listener-rule-code-deploy/index.html
- Load Balancer Target Group https://dojo360.optum.com/aws/networking/elb/build/elb/profiles/lb-target-group/index.html
- CloudWatch Event Bridge https://dojo360.optum.com/aws/app-integration/eventbridge/build/eventbridge/profiles/cloudwatch-event-bus/index.html
- CloudWatch Event Rule https://dojo360.optum.com/aws/app-integration/eventbridge/build/eventbridge/profiles/cloudwatch-event-rule/index.html
- CloudWatch Event Target https://dojo360.optum.com/aws/app-integration/eventbridge/build/eventbridge/profiles/cloudwatch-event-target/index.html
- AppSync DataSource https://dojo360.optum.com/aws/app-integration/appsync/build/appsync/profiles/appsync-datasource/index.html
- AppSync GraphQL API https://dojo360.optum.com/aws/app-integration/appsync/build/appsync/profiles/appsync-graphql-api/index.html
- Pinpoint App https://dojo360.optum.com/aws/business-applications/pinpoint/build/pinpoint/profiles/pinpoint-app/index.html
- Batch Compute Environment https://dojo360.optum.com/aws/compute/batch/build/batch/profiles/compute-environment/index.html
- Batch Job Definition https://dojo360.optum.com/aws/compute/batch/build/batch/profiles/job-definition/index.html
- Batch Job Queue https://dojo360.optum.com/aws/compute/batch/build/batch/profiles/job-queue/index.html
- EKS Cluster https://dojo360.optum.com/aws/containers/eks/build/eks/profiles/eks-cluster/index.html
- EKS Addons https://dojo360.optum.com/aws/containers/eks/build/eks/profiles/eks-addons/index.html
- DynamoDB Table https://dojo360.optum.com/aws/database/dynamodb/build/dynamodb/profiles/dynamodb-table/index.html
- DynamoDB Table Auto Scale https://dojo360.optum.com/aws/database/dynamodb/build/dynamodb/profiles/dynamodb-table-autoscale/index.html
- DynamoDB Table Replica https://dojo360.optum.com/aws/database/dynamodb/build/dynamodb/profiles/dynamodb-table-replica/index.html
- ElastiCache Replication Group https://dojo360.optum.com/aws/database/elasticache/build/elasticache/profiles/replication-group/index.html
- RDS Cluster https://dojo360.optum.com/aws/database/rds/build/rds/profiles/rds-cluster/index.html
- RDS Cluster Instance https://dojo360.optum.com/aws/database/rds/build/rds/profiles/rds-cluster-instance/index.html
- RDS DB Instance https://dojo360.optum.com/aws/database/rds/build/rds/profiles/rds-db-instance/index.html
Azure
- Cognitive Services https://dojo360.optum.com/azure/ai-machine-learning/cognitive-services/build/cognitive-service/profiles/cognitive-account/index.html
- Databricks https://dojo360.optum.com/azure/analytics/databricks/build/databricks/profiles/databricks/index.html
- Data Factory https://dojo360.optum.com/azure/analytics/data-factory/build/data-factory/profiles/data-factory/index.html
- Event Hub Namespace v2 https://dojo360.optum.com/azure/analytics/event-hub/build/event-hub/profiles/eventhub-namespace/index.html
- Even Hub Namespace https://dojo360.optum.com/azure/analytics/event-hub/build/event-hub/profiles/multi-region-eventhubs/index.html
- Event Hub Namespace Splunk https://dojo360.optum.com/azure/analytics/event-hub/build/event-hub/profiles/multi-region-eventhubs-for-splunk-in-azure/index.html
- Stream Analytics Cluster https://dojo360.optum.com/azure/analytics/stream-analytics/build/stream-analytics/profiles/cluster/index.html
- Synapse Workspace https://dojo360.optum.com/azure/analytics/synapse/build/synapse/profiles/synapse-workspace/index.html
- App Service Linux Web App https://dojo360.optum.com/azure/compute/app-services/build/app-service/profiles/linux-web-app/index.html
- App Service Windows Web App https://dojo360.optum.com/azure/compute/app-services/build/app-service/profiles/windows-web-app/index.html
- App Service Static Web App https://dojo360.optum.com/azure/compute/app-services/build/app-service/profiles/static-web-app/index.html
- App Service Set AzureFDID https://dojo360.optum.com/azure/compute/app-services/build/app-service/profiles/set-azurefdid-app-setting/index.html
- App Service Environment v3 https://dojo360.optum.com/azure/compute/app-services/build/app-service-plan/profiles/app-service-environment-v3/index.html
- App Service Plan Scale Out v2 https://dojo360.optum.com/azure/compute/app-services/build/app-service-plan/profiles/scale-out-v2/index.html
- PBB App Service v2 https://dojo360.optum.com/azure/compute/app-services/build/app-service/profiles/pbb-app-service-v2/index.html
- PBB Plan https://dojo360.optum.com/azure/compute/app-services/build/app-service-plan/profiles/pbb-plan/index.html
- Linux Function App https://dojo360.optum.com/azure/compute/functions/build/function-app/profiles/linux-function-app/index.html
- Windows Function App https://dojo360.optum.com/azure/compute/functions/build/function-app/profiles/windows-function-app/index.html
- Function App Function https://dojo360.optum.com/azure/compute/functions/build/function-app/profiles/function-app-function/index.html
- PBB Function App v2 https://dojo360.optum.com/azure/compute/functions/build/function-app/profiles/pbb-function-app-v2/index.html
- Container Registry https://dojo360.optum.com/azure/containers/container-registry/build/container-registry/profiles/registry/index.html
- AKS Cluster https://dojo360.optum.com/azure/containers/aks/build/aks/profiles/aks-cluster/index.html
- AKS Add-Ons https://dojo360.optum.com/azure/containers/aks/build/aks/profiles/aks-addons/index.html
- Key Vault https://dojo360.optum.com/azure/security/key-vault/build/key-vault/profiles/vault/index.html
- Key Vault Certificate https://dojo360.optum.com/azure/security/key-vault/build/key-vault/profiles/certificate/index.html
- Key Vault Secret https://dojo360.optum.com/azure/security/key-vault/build/key-vault/profiles/secret/index.html
- Venafi Access Token https://dojo360.optum.com/azure/security/venafi/build/venafi/profiles/azure-access-token/index.html
- Venafi Certificate https://dojo360.optum.com/azure/security/venafi/build/venafi/profiles/certificate/index.html
- Storage Account https://dojo360.optum.com/azure/storage/storage-account/build/storage-account/profiles/storage-account/index.html
- CDN Standard Microsoft Static Website https://dojo360.optum.com/azure/web/cdn/build/cdn/profiles/azure-cdn-standard-microsoft-static-website/index.html
- CDN Standard Microsoft https://dojo360.optum.com/azure/web/cdn/build/cdn/profiles/azure-cdn-standard-microsoft/index.html
- SignalR Service https://dojo360.optum.com/azure/web/signalr/build/signalr-service/profiles/signalr-service/index.html
- Search Service https://dojo360.optum.com/azure/web/search/build/search/profiles/search-service/index.html
- Search Shared Private Link Service https://dojo360.optum.com/azure/web/search/build/search/profiles/search-shared-private-link-service/index.html
- Service Bus https://dojo360.optum.com/azure/integration/service-bus/build/service-bus/profiles/servicebus/index.html
- Service Bus Subscription https://dojo360.optum.com/azure/integration/service-bus/build/service-bus/profiles/subscription/index.html
- PBB Service Bus https://dojo360.optum.com/azure/integration/service-bus/build/service-bus/profiles/pbb-servicebus/index.html
- Event Grid Event Subscription https://dojo360.optum.com/azure/iot/event-grid/build/event-grid/profiles/event-subscription/index.html
- Event Grid System Topic https://dojo360.optum.com/azure/iot/event-grid/build/event-grid/profiles/system-topic/index.html
- Event Grid System Topic Event Subscription https://dojo360.optum.com/azure/iot/event-grid/build/event-grid/profiles/system-topic-event-subscription/index.html
- Event Grid Topic https://dojo360.optum.com/azure/iot/event-grid/build/event-grid/profiles/topic/index.html
- Monitor Autoscale Setting https://dojo360.optum.com/azure/management/monitor/build/monitor/profiles/autoscale-setting/index.html
- Monitor Service Bus Scale Out https://dojo360.optum.com/azure/management/monitor/build/monitor/profiles/servicebus-scale-out/index.html
- Monitor Service Plan Scale Out https://dojo360.optum.com/azure/management/monitor/build/monitor/profiles/service-plan-scale-out/index.html
- Log Analytics Workspace https://dojo360.optum.com/azure/management/log-analytics/build/log-analytics/profiles/log-analytics-workspace/index.html
- Subscription Bootstrap https://dojo360.optum.com/azure/management/subscription/build/subscription/profiles/subscription-bootstrap/index.html
- Tfstate Storage Account https://dojo360.optum.com/azure/management/subscription/build/subscription/profiles/tfstate-storage-account/index.html
- Automation Account https://dojo360.optum.com/azure/management/automation/build/automation/profiles/automation-account/index.html
- Optum Resource Name https://dojo360.optum.com/azure/management/optum-resource-name/build/optum-resource-name/index.html
- Optum Tags https://dojo360.optum.com/azure/management/optum-tags/build/optum-tags/index.html
- Diagnostics API Management https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/api-management-diagnostics/index.html
- Diagnostics App Configuration https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/app-configuration-diagnostics/index.html
- Diagnostics App Service Environment v3 https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/app-service-environment-v3-diagnostics/index.html
- Diagnostics Application Gateway https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/application-gateway-diagnostics/index.html
- Diagnostics App Gateway for Containers https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/application-load-balancer-diagnostics/index.html
- Diagnostics Application Insights https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/application-insights-diagnostics/index.html
- Diagnostics Automation Account https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/automation-account-diagnostics/index.html
- Diagnostics Autoscale Setting https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/autoscale-setting-diagnostics/index.html
- Diagnostics Bastion Host https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/bastion-host-diagnostics/index.html
- Diagnostics Batch Account https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/batch-account-diagnostics/index.html
- Diagnostics Cognitive Account https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/cognitive-account-diagnostics/index.html
- Diagnostics Container App Environment https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/container-app-environment-diagnostics/index.html
- Diagnostics Container Registry https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/container-registry-diagnostics/index.html
- Diagnostics Cosmos DB Account https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/cosmosdb-account-diagnostics/index.html
- Diagnostics Data Factory https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/data-factory-diagnostics/index.html
- Diagnostics Data Protection Backup Vault https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/data-protection-backup-vault-diagnostics/index.html
- Diagnostics Databricks Workspace https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/databricks-workspace-diagnostics/index.html
- Diagnostics Event Grid Topic https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/eventgrid-topic-diagnostics/index.html
- Diagnostics Azure Firewall https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/firewall-diagnostics/index.html
- Diagnostics Front Door https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/front-door-diagnostics/index.html
- Diagnostics Function App https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/key-vault-diagnostics/index.html
- Diagnostics Healthcare FHIR Service https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/fhir-service-diagnostics/index.html
- Diagnostics Kubernetes Cluster https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/kubernetes-cluster-diagnostics/index.html
- Diagnostics Standard Load Balancer https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/load-balancer-diagnostics/index.html
- Diagnostics Machine Learning Workspace https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/machine-learning-workspace-diagnostics/index.html
- Diagnostics MySQL Server https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/mysql-server-diagnostics/index.html
- Diagnostics Network Security Group https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/network-security-group-diagnostics/index.html
- Diagnostics PostgreSQL Flexible Server https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/postgresql-server-diagnostics/index.html
- Diagnostics Public IP https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/public-ip-diagnostics/index.html
- Diagnostics Recovery Services Vault https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/recovery-services-vault-diagnostics/index.html
- Diagnostics Redis Cache https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/redis-cache-diagnostics/index.html
- Diagnostics Search Service https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/search-service-diagnostics/index.html
- Diagnostics ServiceBus Namespace https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/servicebus-namespace-diagnostics/index.html
- Diagnostics SignalR Service https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/signalr-service-diagnostics/index.html
- Diagnostics SQL Database https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/sql-database-diagnostics/index.html
- Diagnostics SQL Managed Instance https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/sql-managed-instance-diagnostics/index.html
- Diagnostics Storage Account https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/storage-account-diagnostics/index.html
- Diagnostics Synapse Spark Pool https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/synapse-spark-pool-diagnostics/index.html
- Diagnostics Synapse SQL Pool https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/synapse-sql-pool-diagnostics/index.html
- Diagnostics Synapse Workspace https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/synapse-workspace-diagnostics/index.html
- Diagnostics Traffic Manager Profile https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/traffic-manager-profile-diagnostics/index.html
- Diagnostics Virtual Machine Scale Set https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/virtual-machine-scale-set-diagnostics/index.html
- Diagnostics Virtual Network https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/virtual-network-diagnostics/index.html
- Diagnostics Web App https://dojo360.optum.com/azure/management/diagnostics/build/diagnostics/profiles/web-app-diagnostics/index.html
- VM Disk Access https://dojo360.optum.com/azure/compute/virtual-machines/build/compute/profiles/disk-access/index.html
- VM Disk Encryption Set https://dojo360.optum.com/azure/compute/virtual-machines/build/compute/profiles/disk-encryption-set/index.html
- VM Managed Disk v2 https://dojo360.optum.com/azure/compute/virtual-machines/build/compute/profiles/managed-disk-v2/index.html
- VM Managed Disk https://dojo360.optum.com/azure/compute/virtual-machines/build/compute/profiles/managed-disk/index.html
- VM Extension https://dojo360.optum.com/azure/compute/virtual-machines/build/compute/profiles/virtual-machine-extension/index.html
- Linux VM Scale Set https://dojo360.optum.com/azure/compute/virtual-machines/build/linux/profiles/linux-vmss/index.html
- Linux VM Scale Set Autoscale https://dojo360.optum.com/azure/compute/virtual-machines/build/linux/profiles/linux-autoscale-vmss/index.html
- Linux VM v2 https://dojo360.optum.com/azure/compute/virtual-machines/build/linux/profiles/linux-vm-v2/index.html
- Windows VM Scale Set https://dojo360.optum.com/azure/compute/virtual-machines/build/windows/profiles/windows-vmss/index.html
- Windows VM v2 https://dojo360.optum.com/azure/compute/virtual-machines/build/windows/profiles/windows-vm-v2/index.html
- Private DNS A Record https://dojo360.optum.com/azure/networking/private-dns/build/private-dns/profiles/private-dns-a-record/index.html
- Private DNS Zone https://dojo360.optum.com/azure/networking/private-dns/build/private-dns/profiles/private-dns-zone/index.html
- Private DNS Zone VNet Link https://dojo360.optum.com/azure/networking/private-dns/build/private-dns/profiles/private-dns-zone-virtual-network-link/index.html
- Azure IPs https://dojo360.optum.com/azure/networking/network-components/build/azure-ips/index.html
- Azure Hub Commons https://dojo360.optum.com/azure/networking/network-components/build/hub-commons/index.html
- Optum IPs https://dojo360.optum.com/azure/networking/network-components/build/optum-ips/index.html
- Application Load Balancer (ALB) https://dojo360.optum.com/azure/networking/network-components/build/networking/profiles/application-load-balancer/index.html
- Network Interface v2 https://dojo360.optum.com/azure/networking/network-components/build/networking/profiles/network-interface-v2/index.html
- NextGen Subnet https://dojo360.optum.com/azure/networking/network-components/build/nextgen-networking/profiles/azure-subnet-v1/index.html
- NextGen Virtual Network https://dojo360.optum.com/azure/networking/network-components/build/nextgen-networking/profiles/azure-virtual-network-v1/index.html
- Network Security Group v2 https://dojo360.optum.com/azure/networking/network-components/build/networking/profiles/network-security-group-v2/index.html
- Public IP https://dojo360.optum.com/azure/networking/network-components/build/networking/profiles/public-ip/index.html
- Route Table https://dojo360.optum.com/azure/networking/network-components/build/networking/profiles/route-table/index.html
- Subnet v2 https://dojo360.optum.com/azure/networking/network-components/build/networking/profiles/subnet-v2/index.html
- Subnet Calculator https://dojo360.optum.com/azure/networking/network-components/build/networking/profiles/subnet-calculator/index.html
- Virtual Network v2 https://dojo360.optum.com/azure/networking/network-components/build/networking/profiles/virtual-network-v2/index.html
- Zoned Network https://dojo360.optum.com/azure/networking/network-components/build/networking/profiles/zoned-virtual-network/index.html
- Bastion Host v3 https://dojo360.optum.com/azure/networking/network-components/build/networking/profiles/bastion-host-v3/index.html
- Bastion Host v2 https://dojo360.optum.com/azure/networking/network-components/build/networking/profiles/bastion-host-v2/index.html
- HTTP Ingress Application Gateway with Cloudflare https://dojo360.optum.com/azure/networking/http-ingress/build/ingress/profiles/application-gateway-cloudflare/index.html
- HTTP Ingress Application Gateway for AKS https://dojo360.optum.com/azure/networking/http-ingress/build/ingress/profiles/application-gateway-aks/index.html
- HTTP Ingress Application Gateway https://dojo360.optum.com/azure/networking/http-ingress/build/ingress/profiles/application-gateway/index.html
- HTTP Ingress Cloudflare https://dojo360.optum.com/azure/networking/http-ingress/build/uhg-ingress/profiles/cas-ingress-v1/index.html
- HTTP Ingress AKS API Endpoint Firewall https://dojo360.optum.com/azure/networking/http-ingress/build/ingress/profiles/firewall-aks/index.html
- HTTP Ingress Front Door Premium https://dojo360.optum.com/azure/networking/http-ingress/build/ingress/profiles/cdn-front-door/index.html
- HTTP Ingress Private App Gateway https://dojo360.optum.com/azure/networking/http-ingress/build/ingress/profiles/pbb-app-gateway/index.html
- HTTP Ingress Traffic Manager https://dojo360.optum.com/azure/networking/http-ingress/build/ingress/profiles/traffic-manager/index.html
- Private Endpoint App Configuration https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/app-configuration/index.html
- Private Endpoint Application Gateway https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/application-gateway/index.html
- Private Endpoint Automation Account https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/automation-account/index.html
- Private Endpoint Batch Account https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/batch-account/index.html
- Private Endpoint Cognitive Services Account https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/cognitive-account/index.html
- Private Endpoint Container App Environment https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/container-app-environment/index.html
- Private Endpoint Container Registry https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/container-registry/index.html
- Private Endpoint Cosmos DB Account https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/cosmosdb-account/index.html
- Private Endpoint Data Factory https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/data-factory/index.html
- Private Endpoint Databricks Workspace https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/databricks-workspace/index.html
- Private Endpoint Event Grid Topic https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/eventgrid-topic/index.html
- Private Endpoint Event Hubs Namespace https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/event-hubs-namespace/index.html
- Private Endpoint JFrog SaaS https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/jfrog-saas/index.html
- Private Endpoint Key Vault https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/key-vault/index.html
- Private Endpoint Machine Learning Workspace https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/machine-learning-workspace/index.html
- Private Endpoint MongoDB Atlas https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/mongodb-atlas/index.html
- Private Endpoint Monitor Private Link Scope https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/monitor-private-link-scope/index.html
- Private Endpoint MySQL Server https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/mysql-server/index.html
- Private Endpoint PostgreSQL Server https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/postgresql-server/index.html
- Private Endpoint Generic https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/private-endpoint/index.html
- Private Link Service https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/private-link-service/index.html
- Private Endpoint Redis Cache https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/redis-cache/index.html
- Private Endpoint Search Service https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/search-service/index.html
- Private Endpoint ServiceBus Namespace https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/servicebus-namespace/index.html
- Private Endpoint SignalR Service https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/signalr-service/index.html
- Private Endpoint SQL Managed Instance https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/sql-managed-instance/index.html
- Private Endpoint SQL Server https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/sql-server/index.html
- Private Endpoint Storage Account https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/storage-account/index.html
- Private Endpoint Synapse Workspace https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/synapse-workspace/index.html
- Private Endpoint Web App https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/web-app/index.html
- Private Endpoint Access (PBB) https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/pbb-endpoint-access/index.html
- Private Endpoint Network (PBB) https://dojo360.optum.com/azure/networking/private-endpoint/build/private-link/profiles/pbb-network/index.html
- MySQL Flexible Server https://dojo360.optum.com/azure/database/mysql/build/mysql/profiles/mysql-flexible-server/index.html
- PostgreSQL Flexible Server https://dojo360.optum.com/azure/database/postgresql/build/postgresql/profiles/postgresql-flexible-server/index.html
- SQL Server https://dojo360.optum.com/azure/database/sql-services/build/sql-server/profiles/sql-server/index.html
- MSSQL Managed Instance https://dojo360.optum.com/azure/database/sql-services/build/sql-managed-instance/profiles/mssql-managed-instance/index.html
- Redis Cache https://dojo360.optum.com/azure/database/cache-for-redis/build/cache/profiles/redis-cache/index.html
- Application Insights https://dojo360.optum.com/azure/management/application-insights/build/application-insights/profiles/application-insights/index.html
- App Configuration https://dojo360.optum.com/azure/developer-tools/app-configuration/build/app-configuration/profiles/app-configuration/index.html
- Terraform State https://dojo360.optum.com/azure/developer-tools/terraform/build/tfstate/index.html
- Role Assignment https://dojo360.optum.com/azure/identity/entra/build/authorization/profiles/role-assignment/index.html
- User-Assigned Identity https://dojo360.optum.com/azure/identity/entra/build/authorization/profiles/user-assigned-identity/index.html
- Container App https://dojo360.optum.com/azure/containers/container-app/build/container-app/profiles/container-app/index.html
- Container App Environment https://dojo360.optum.com/azure/containers/container-app/build/container-app/profiles/container-app-environment/index.html
- Container App Job https://dojo360.optum.com/azure/containers/container-app/build/container-app/profiles/container-app-job/index.html
- Backup Vault https://dojo360.optum.com/azure/management/backup/build/data-protection/profiles/backup-vault/index.html
- MySQL Flex Backup Policy https://dojo360.optum.com/azure/management/backup/build/data-protection/profiles/backup-policy-mysql-flexible-server/index.html
- MySQL Flex Backup Instance https://dojo360.optum.com/azure/management/backup/build/data-protection/profiles/backup-instance-postgresql-flexible-server/index.html
- PostgreSQL Flex Backup Policy https://dojo360.optum.com/azure/management/backup/build/data-protection/profiles/backup-policy-postgresql-flexible-server/index.html
- PostgreSQL Flex Backup Instance https://dojo360.optum.com/azure/management/backup/build/data-protection/profiles/backup-instance-postgresql-flexible-server/index.html
- Recovery Services Vault https://dojo360.optum.com/azure/management/backup/build/recovery-services/profiles/recovery-services-vault/index.html
- VM Backup Policy https://dojo360.optum.com/azure/management/backup/build/recovery-services/profiles/vm-backup-policy/index.html
- VM Protected VM https://dojo360.optum.com/azure/management/backup/build/recovery-services/profiles/vm-backup-protected/index.html
- Machine Learning Workspace https://dojo360.optum.com/azure/ai-machine-learning/machine-learning/build/machine-learning/profiles/secure-workspace/index.html
- Cosmos DB Multi Master https://dojo360.optum.com/azure/database/cosmosdb/build/cosmosdb-account/profiles/multi-master/index.html
- Cosmos DB Single Failover https://dojo360.optum.com/azure/database/cosmosdb/build/cosmosdb-account/profiles/single-failover/index.html
- Cosmos DB SQL Database https://dojo360.optum.com/azure/database/cosmosdb/build/cosmosdb-account/profiles/sql-db-base/index.html
- Cosmos DB SQL Container Base https://dojo360.optum.com/azure/database/cosmosdb/build/cosmosdb-account/profiles/sql-container-base/index.html
- Cosmos DB SQL Container Autoscale https://dojo360.optum.com/azure/database/cosmosdb/build/cosmosdb-account/profiles/sql-container-autoscale/index.html
- Cosmos DB SQL Role Assignment https://dojo360.optum.com/azure/database/cosmosdb/build/cosmosdb-account/profiles/sql-role-assignment/index.html
- MongoDB Atlas Azure Replica Set Cluster https://dojo360.optum.com/azure/database/mongodb-atlas/build/mongodbatlas/profiles/azure-replica-set-cluster/index.html
- MongoDB Atlas Azure Sharded Cluster https://dojo360.optum.com/azure/database/mongodb-atlas/build/mongodbatlas/profiles/azure-sharded-cluster/index.html
- MongoDB Atlas Azure Private Endpoint https://dojo360.optum.com/azure/database/mongodb-atlas/build/mongodbatlas/profiles/azure-private-endpoint/index.html
GCP
- Storage Bucket https://dojo360.optum.com/gcp/storage/cloud-storage/build/cloud-storage/profiles/storage-bucket/index.html
- BigQuery Dataset https://dojo360.optum.com/gcp/analytics/bigquery/build/bigquery/profiles/dataset/index.html
- AlloyDB Cluster https://dojo360.optum.com/gcp/database/alloydb/build/alloydb/profiles/cluster/index.html
- Cloud Spanner Instance https://dojo360.optum.com/gcp/database/cloud-spanner/build/cloud-spanner/profiles/cloud-spanner/index.html
- Cloud SQL Database Instance https://dojo360.optum.com/gcp/database/cloud-sql/build/cloud-sql/profiles/sql-database-instance/index.html
- Memorystore Redis Cluster https://dojo360.optum.com/gcp/database/memorystore/build/memorystore/profiles/redis-cluster/index.html
- Artifact Registry Repository https://dojo360.optum.com/gcp/containers/artifact-registry/build/artifact-registry/profiles/repository/index.html
- Kubernetes Engine Container Cluster https://dojo360.optum.com/gcp/containers/kubernetes-engine/build/kubernetes-engine/profiles/container-cluster/index.html
- Bootstrap Project https://dojo360.optum.com/gcp/management/project/build/project-bootstrap/profiles/bootstrap-project/index.html
- TFState Management https://dojo360.optum.com/gcp/management/project/build/project-bootstrap/profiles/tfstate-management/index.html
- Project Service https://dojo360.optum.com/gcp/management/project/build/project-service/profiles/project-service/index.html
- Optum Resource Name https://dojo360.optum.com/gcp/management/optum-resource-name/build/optum-resource-name/index.html
- Optum Tags https://dojo360.optum.com/gcp/management/optum-tags/build/optum-tags/index.html
Common Patterns & Examples
Module Usage Pattern
Standard Dojo Module Structure:
module "resource_name" {
source = "git::https://github.com/dojo360/<module-repo>//<profile-path>?ref=<version>"
# Required: Optum Tags (ALWAYS include)
optum_tags = module.optum_tags.tags
# Required: Resource naming
name = module.optum_resource_name.name
# Resource-specific configuration
# ... additional parameters
}
1. Multi-Region High Availability Pattern
AWS Multi-Region Application:
# Primary Region (us-east-1)
module "primary_rds" {
source = "git::https://github.com/dojo360/aws-rds//profiles/rds-cluster?ref=v50.0.0"
optum_tags = module.optum_tags.tags
region = "us-east-1"
engine = "aurora-postgresql"
engine_version = "15.3"
# Encryption at rest (REQUIRED)
storage_encrypted = true
kms_key_id = module.kms_primary.key_arn
# Network security (REQUIRED)
vpc_id = module.vpc_primary.vpc_id
subnet_ids = module.vpc_primary.private_subnet_ids
security_group_ids = [module.sg_database.id]
}
# Disaster Recovery Region (us-west-2)
module "dr_rds" {
source = "git::https://github.com/dojo360/aws-rds//profiles/rds-cluster?ref=v50.0.0"
optum_tags = module.optum_tags.tags
region = "us-west-2"
# Replication from primary
replication_source_identifier = module.primary_rds.cluster_arn
storage_encrypted = true
kms_key_id = module.kms_dr.key_arn
}
2. Secure Private Endpoint Pattern
Azure Private Endpoint for Storage:
# Storage Account
module "storage" {
source = "git::https://github.com/dojo360/azure-storage-account//profiles/storage-account?ref=v80.0.0"
optum_tags = module.optum_tags.tags
resource_name = module.optum_resource_name.name
resource_group_name = azurerm_resource_group.main.name
# Network security (REQUIRED)
public_network_access_enabled = false
network_rules {
default_action = "Deny"
}
}
# Private Endpoint
module "storage_private_endpoint" {
source = "git::https://github.com/dojo360/azure-private-endpoint//profiles/storage-account?ref=v45.0.0"
optum_tags = module.optum_tags.tags
resource_group_name = azurerm_resource_group.main.name
private_connection_resource_id = module.storage.id
subnet_id = module.vnet.private_subnet_id
# DNS integration
private_dns_zone_ids = [module.private_dns.zone_id]
}
3. Serverless Application Pattern
AWS Lambda with API Gateway:
# Lambda Function
module "api_lambda" {
source = "git::https://github.com/dojo360/aws-lambda//profiles/lambda-function?ref=v75.0.0"
optum_tags = module.optum_tags.tags
function_name = module.optum_resource_name.name
# Security (REQUIRED)
vpc_config {
subnet_ids = module.vpc.private_subnet_ids
security_group_ids = [module.sg_lambda.id]
}
# Encryption
kms_key_arn = module.kms.key_arn
# IAM Role
role_arn = module.lambda_role.arn
environment_variables = {
ENVIRONMENT = "production"
DB_ENDPOINT = module.rds.endpoint
}
}
# Secrets Manager for DB credentials
module "db_secret" {
source = "git::https://github.com/dojo360/aws-secrets-manager//profiles/secret?ref=v30.0.0"
optum_tags = module.optum_tags.tags
name = "${module.optum_resource_name.name}-db-creds"
# Encryption (REQUIRED)
kms_key_id = module.kms.key_id
}
4. Container Orchestration Pattern
Azure AKS with ACR:
# Container Registry
module "acr" {
source = "git::https://github.com/dojo360/azure-container-registry//profiles/registry?ref=v60.0.0"
optum_tags = module.optum_tags.tags
resource_name = module.optum_resource_name.name
resource_group_name = azurerm_resource_group.main.name
# Security
admin_enabled = false
sku = "Premium"
# Private access
public_network_access_enabled = false
}
# AKS Cluster
module "aks" {
source = "git::https://github.com/dojo360/azure-aks//profiles/aks-cluster?ref=v90.0.0"
optum_tags = module.optum_tags.tags
resource_name = module.optum_resource_name.name
resource_group_name = azurerm_resource_group.main.name
# Network configuration
vnet_subnet_id = module.vnet.aks_subnet_id
# Security
private_cluster_enabled = true
# Identity
identity {
type = "UserAssigned"
identity_ids = [module.identity.id]
}
}
# Private Endpoint for ACR
module "acr_private_endpoint" {
source = "git::https://github.com/dojo360/azure-private-endpoint//profiles/container-registry?ref=v45.0.0"
optum_tags = module.optum_tags.tags
resource_group_name = azurerm_resource_group.main.name
private_connection_resource_id = module.acr.id
subnet_id = module.vnet.private_endpoint_subnet_id
}
5. Data Analytics Pattern
GCP BigQuery with Cloud Storage:
# Storage Bucket for data ingestion
module "data_lake" {
source = "git::https://github.com/dojo360/gcp-cloud-storage//profiles/storage-bucket?ref=v20.0.0"
optum_tags = module.optum_tags.tags
bucket_name = module.optum_resource_name.name
# Security (REQUIRED)
uniform_bucket_level_access = true
encryption {
default_kms_key_name = module.kms.key_id
}
# Lifecycle management
lifecycle_rule {
action {
type = "Delete"
}
condition {
age = 90
}
}
}
# BigQuery Dataset
module "analytics" {
source = "git::https://github.com/dojo360/gcp-bigquery//profiles/dataset?ref=v15.0.0"
optum_tags = module.optum_tags.tags
dataset_id = module.optum_resource_name.name
# Security
default_encryption_configuration {
kms_key_name = module.kms.key_id
}
access {
role = "OWNER"
user_by_email = var.data_owner_email
}
}
6. Disaster Recovery Pattern
Cross-Region Replication:
# Primary S3 Bucket (us-east-1)
module "primary_bucket" {
source = "git::https://github.com/dojo360/aws-s3//profiles/s3-bucket?ref=v112.0.0"
optum_tags = module.optum_tags.tags
bucket = "${module.optum_resource_name.name}-primary"
region = "us-east-1"
# Versioning for replication (REQUIRED)
versioning_enabled = true
# Encryption (REQUIRED)
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "aws:kms"
kms_master_key_id = module.kms_primary.key_arn
}
}
}
# Replication configuration
replication_configuration {
role = module.replication_role.arn
rules {
id = "replicate-all"
status = "Enabled"
destination {
bucket = module.dr_bucket.arn
storage_class = "STANDARD_IA"
encryption_configuration {
replica_kms_key_id = module.kms_dr.key_arn
}
}
}
}
}
# DR S3 Bucket (us-west-2)
module "dr_bucket" {
source = "git::https://github.com/dojo360/aws-s3//profiles/s3-bucket?ref=v112.0.0"
optum_tags = module.optum_tags.tags
bucket = "${module.optum_resource_name.name}-dr"
region = "us-west-2"
versioning_enabled = true
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "aws:kms"
kms_master_key_id = module.kms_dr.key_arn
}
}
}
}
7. Monitoring & Diagnostics Pattern
Azure Resource with Full Observability:
# Application Service
module "web_app" {
source = "git::https://github.com/dojo360/azure-app-service//profiles/linux-web-app?ref=v100.0.0"
optum_tags = module.optum_tags.tags
resource_name = module.optum_resource_name.name
resource_group_name = azurerm_resource_group.main.name
app_service_plan_id = module.app_plan.id
}
# Application Insights
module "app_insights" {
source = "git::https://github.com/dojo360/azure-application-insights//profiles/application-insights?ref=v40.0.0"
optum_tags = module.optum_tags.tags
resource_name = "${module.optum_resource_name.name}-insights"
resource_group_name = azurerm_resource_group.main.name
workspace_id = module.log_analytics.id
}
# Diagnostics Settings
module "web_app_diagnostics" {
source = "git::https://github.com/dojo360/azure-diagnostics//profiles/web-app-diagnostics?ref=v55.0.0"
optum_tags = module.optum_tags.tags
target_resource_id = module.web_app.id
log_analytics_workspace_id = module.log_analytics.id
# Enable all logs
enabled_log_categories = ["AppServiceHTTPLogs", "AppServiceConsoleLogs", "AppServiceAppLogs"]
# Enable all metrics
metric {
category = "AllMetrics"
enabled = true
}
}
Best Practices Summary
- Always start with: Optum Tags + Optum Resource Name modules
- Security first: Enable encryption, use private endpoints, implement network security
- Use specific versions: Never use branch names or
latest - Follow the pattern: VPC/VNet → Security Groups → Private Endpoints → Resources
- Enable monitoring: Use diagnostics modules for all resources
- Plan for DR: Implement multi-region for critical workloads
- Test thoroughly: Validate in lower environments before production
Step 5: Always follow Optum's best practices and security guidelines in the documentation found on Dojo360.
utilize the latest versions of the dojo terraform modules.
Example for S3, review https://github.com/dojo360/aws-s3/releases using the github cli to find the latest version tag, and utilize it in your references.
source="git::https://github.com/dojo360/aws-s3//profiles/s3-bucket?ref=v112.0.0"
These github repo urls are found in the documentation above for each resource.
utilize terraform init -upgrade to get the latest versions of the modules when building or updating.
trouble shooting
if the user needs terraform or needs to upgrade you can utilize tfenv if they need tfenv have them go here https://dojo360.optum.com/foundations/modules/terraform/install-terraform.html?q=terraform

