Add Azure infrastructure skills (Landing Zone, WAF Review, Implementa… #603
Conversation
…tion Patterns, Assessment)
There was a problem hiding this comment.
Pull request overview
This PR introduces several Azure infrastructure-focused skills and supporting reference material for the Well-Architected Framework (WAF), landing zone design, and implementation patterns in Bicep/Terraform/CI.
Changes:
- Add
azure-waf-reviewskill with deep-dive reference content for the five WAF pillars (reliability, security, cost, operations, performance) targeted at Azure workloads. - Add
azure-waf-assessmentskill with a structured question bank, scoring guide, and report template for conducting guided WAF assessments. - Add
azure-landing-zone-architectandazure-infra-patternsskills with detailed references on landing zone identity, networking, governance, security, and IaC implementation patterns (Bicep, Terraform, CI/CD, naming).
Reviewed changes
Copilot reviewed 20 out of 20 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| skills/azure-waf-review/SKILL.md | Defines the azure-waf-review skill and links to WAF pillar reference docs to support architecture reviews. |
| skills/azure-waf-review/references/security.md | Provides detailed Azure security/WAF guidance to be used by the review skill. |
| skills/azure-waf-review/references/reliability.md | Documents Azure reliability and DR design patterns for use in WAF reviews. |
| skills/azure-waf-review/references/performance.md | Captures performance and scaling best practices for Azure workloads. |
| skills/azure-waf-review/references/operations.md | Describes DevOps, monitoring, and incident management practices under the operational excellence pillar. |
| skills/azure-waf-review/references/cost.md | Provides Azure cost optimization patterns and sample configurations. |
| skills/azure-waf-assessment/SKILL.md | Defines the azure-waf-assessment guided Q&A assessment skill and ties it to supporting references. |
| skills/azure-waf-assessment/references/questions.md | Supplies a structured WAF question bank for use during assessments. |
| skills/azure-waf-assessment/references/scoring-guide.md | Defines maturity levels and scoring rules across all WAF pillars. |
| skills/azure-waf-assessment/references/report-template.md | Provides a reusable report template to document WAF assessment outcomes. |
| skills/azure-landing-zone-architect/SKILL.md | Introduces the azure-landing-zone-architect skill for landing zone/platform design and links to reference docs. |
| skills/azure-landing-zone-architect/references/security.md | Details a security baseline (Defender, network security, data protection, SecOps) for Azure landing zones. |
| skills/azure-landing-zone-architect/references/networking.md | Documents hub-spoke/Virtual WAN topologies, connectivity, DNS, and IP planning for landing zones. |
| skills/azure-landing-zone-architect/references/identity.md | Describes tenant, RBAC, PIM, hybrid identity, and Conditional Access design for landing zones. |
| skills/azure-landing-zone-architect/references/governance.md | Covers management groups, subscription patterns, policy strategy, naming/tagging, and cost management. |
| skills/azure-infra-patterns/SKILL.md | Defines the azure-infra-patterns skill that consolidates code-level IaC implementation patterns. |
| skills/azure-infra-patterns/references/bicep.md | Provides Bicep module/parameter/loop patterns and common resource examples (storage, Key Vault, RBAC, diagnostics). |
| skills/azure-infra-patterns/references/terraform.md | Documents Terraform provider, state, module, and common Azure resource patterns. |
| skills/azure-infra-patterns/references/cicd.md | Adds CI/CD workflow patterns for Bicep/Terraform using GitHub Actions and Azure DevOps. |
| skills/azure-infra-patterns/references/naming.md | Defines Azure-wide naming conventions, prefixes, abbreviations, and code helpers for Bicep/Terraform. |
| @secure() | ||
| param adminPassword string | ||
|
|
||
| // Reference from Key Vault in parameter file | ||
| param adminPassword = az.getSecret('<subscription>', '<rg>', '<vault>', '<secret>') |
There was a problem hiding this comment.
In this secure parameter example, adminPassword is defined twice and the az.getSecret(...) call is not valid Bicep syntax for a .bicepparam file, so this snippet would not compile if copied as-is. Consider showing a single @secure() parameter here and either removing the pseudo az.getSecret line or replacing it with a realistic pattern (for example, explaining that secrets are injected via deployment tooling or Key Vault references, not an az function call inside Bicep).
| @secure() | |
| param adminPassword string | |
| // Reference from Key Vault in parameter file | |
| param adminPassword = az.getSecret('<subscription>', '<rg>', '<vault>', '<secret>') | |
| // main.bicep | |
| @secure() | |
| param adminPassword string | |
| // Secure value is supplied at deployment time (for example via a parameter file, | |
| // pipeline variable, or Key Vault reference), not hard-coded in the template. |
| - Conducting WAF pillar-specific deep dives | ||
| - Documenting assessment findings systematically | ||
| This skill provides the conversation structure, question frameworks, and output templates | ||
| for assessments. For interpretation of findings, use azure-architecture-waf-review. |
There was a problem hiding this comment.
The description references a skill named azure-architecture-waf-review, but the actual skill defined in this repo is azure-waf-review, so this pointer will confuse users. Please update the reference to use the correct skill name so that readers can easily find the follow-up review skill.
| for assessments. For interpretation of findings, use azure-architecture-waf-review. | |
| for assessments. For interpretation of findings, use azure-waf-review. |
| --- | ||
| name: azure-infra-patterns | ||
| description: | | ||
| Implementation patterns for Azure infrastructure using Bicep, Terraform, and Azure Verified Modules. | ||
| Use when: | ||
| (1) Implementing infrastructure-as-code for Azure resources | ||
| (2) Choosing between Bicep and Terraform for a project | ||
| (3) Using Azure Verified Modules (AVM) or Azure Landing Zone (ALZ) modules | ||
| (4) Setting up CI/CD pipelines for infrastructure deployment | ||
| (5) Converting architecture designs to deployable code | ||
| (6) Implementing security-hardened resource configurations | ||
| Triggers: Bicep, Terraform, IaC, infrastructure code, AVM, Azure Verified Modules, | ||
| ALZ, Azure Landing Zones, ARM template, HCL, deployment | ||
| --- |
There was a problem hiding this comment.
For new skills, the repository guidelines expect entries to be added to docs/README.skills.md, but the new azure-waf-review, azure-waf-assessment, azure-landing-zone-architect, and azure-infra-patterns skills are not currently listed there. Please add entries for these skills to docs/README.skills.md so they appear in the skills index.
| --- | ||
| name: azure-waf-review | ||
| description: | | ||
| Review Azure architectures using the Well-Architected Framework (WAF) pillars. | ||
| Use when: | ||
| (1) Conducting architecture reviews for Azure workloads | ||
| (2) Identifying reliability, security, cost, or performance gaps | ||
| (3) Preparing for Azure Well-Architected Review assessments | ||
| (4) Evaluating existing architectures against best practices | ||
| (5) Creating remediation plans for architecture improvements | ||
| (6) Comparing design options using WAF principles | ||
| Triggers: Well-Architected, WAF, architecture review, reliability review, | ||
| security review, cost optimization, performance review, operational excellence |
There was a problem hiding this comment.
The description field in the front matter is using a block scalar (|) instead of a single-quoted string, which diverges from the SKILL.md conventions used elsewhere in the repo. To keep SKILL metadata consistent, consider switching this to a single-quoted description value on one line.
| --- | ||
| name: azure-waf-assessment | ||
| description: | | ||
| Guided Q&A workflow for conducting Azure Well-Architected Framework assessments. | ||
| Use this skill when: | ||
| - Running interactive architecture assessments with stakeholders | ||
| - Gathering structured input about Azure workloads | ||
| - Conducting WAF pillar-specific deep dives | ||
| - Documenting assessment findings systematically | ||
| This skill provides the conversation structure, question frameworks, and output templates | ||
| for assessments. For interpretation of findings, use azure-architecture-waf-review. | ||
| --- |
There was a problem hiding this comment.
The description field in the front matter is using a block scalar (|) instead of a single-quoted string, which diverges from the SKILL.md conventions used elsewhere in the repo. To keep SKILL metadata consistent, consider switching this to a single-quoted description value on one line.
| --- | ||
| name: azure-landing-zone-architect | ||
| description: | | ||
| Design and evolve Azure Landing Zones following Microsoft's Cloud Adoption Framework. | ||
| Use when: | ||
| (1) Designing a new Azure platform foundation or landing zone | ||
| (2) Evaluating or evolving an existing landing zone architecture | ||
| (3) Planning identity, networking, governance, or security design areas | ||
| (4) Implementing hub-spoke or Virtual WAN topologies | ||
| (5) Setting up management groups, policies, and subscription organization | ||
| (6) Designing platform vs application landing zones | ||
| Triggers: landing zone, ALZ, Cloud Adoption Framework, CAF, platform design, | ||
| management groups, hub-spoke, Virtual WAN, subscription vending, governance |
There was a problem hiding this comment.
The description field in the front matter is using a block scalar (|) instead of a single-quoted string, which diverges from the SKILL.md conventions used elsewhere in the repo. To keep SKILL metadata consistent, consider switching this to a single-quoted description value on one line.
| --- | ||
| name: azure-infra-patterns | ||
| description: | | ||
| Implementation patterns for Azure infrastructure using Bicep, Terraform, and Azure Verified Modules. | ||
| Use when: | ||
| (1) Implementing infrastructure-as-code for Azure resources | ||
| (2) Choosing between Bicep and Terraform for a project | ||
| (3) Using Azure Verified Modules (AVM) or Azure Landing Zone (ALZ) modules | ||
| (4) Setting up CI/CD pipelines for infrastructure deployment | ||
| (5) Converting architecture designs to deployable code | ||
| (6) Implementing security-hardened resource configurations | ||
| Triggers: Bicep, Terraform, IaC, infrastructure code, AVM, Azure Verified Modules, | ||
| ALZ, Azure Landing Zones, ARM template, HCL, deployment |
There was a problem hiding this comment.
The description field in the front matter is using a block scalar (|) instead of a single-quoted string, which diverges from the SKILL.md conventions used elsewhere in the repo. To keep SKILL metadata consistent, consider switching this to a single-quoted description value on one line.
1 participant
…tion Patterns, Assessment)
Pull Request Checklist
npm startand verified thatREADME.mdis up to date.Description
Type of Contribution
Additional Notes
By submitting this pull request, I confirm that my contribution abides by the Code of Conduct and will be licensed under the MIT License.