Enterprise Terraform Modules

Compliance-ready infrastructure blueprints for ISO 27001, NIS2, and KRITIS environments. Each module is tested, documented, and ready to deploy.

New to this stack? Start with the Hub & Spoke foundation — the Firewall and other modules are designed to drop into it.

Terraform Module Azure Terraform ISO 27001 NIS2 Private Link

Azure Acmebot — Enterprise VNet Edition

Production-ready Let's Encrypt automation for hardened Azure environments. Full Private Link isolation, default-deny firewall rules, and Managed Identity — compliant with ISO 27001, NIS2, and KRITIS out of the box.

€49
one-time · instant download
  • Default-deny network architecture (VNet Integration + Private Link)
  • Private DNS Zones — correct resolution out of the box
  • Entra ID & Managed Identity automation included
  • Saves 4–8h of senior engineer troubleshooting
  • Full source code — no lock-in, no black box
Terraform Module Start here Azure Terraform Zero-Trust Networking Compliance

Enterprise Hub & Spoke — Zero-Trust Edition

Zero-Trust NSGs, centralized Private DNS, DINE policy bypass — audit-ready on day one.

€49
one-time · instant download
  • Zero-Trust NSG baseline bound to all Spoke subnets
  • 4 centralized Private DNS Zones (Blob, SQL, Key Vault, ACR)
  • DINE policy lifecycle bypass — no more broken pipelines
  • Environment-aware naming convention throughout
  • Full source code — no lock-in, no black box
Terraform Module Azure Terraform Firewall Networking Zero-Trust

Azure Firewall — Enterprise Forced Tunneling Edition

Cycle-error-free Forced Tunneling with KMS & Azure AD bypasses, dynamic IP Groups, and FQDN baseline policies. Drops into any existing Hub & Spoke without breaking Windows VMs or Managed Identities.

€49
one-time · instant download
  • Cycle-error-free resource ordering — deploys first time, every time
  • KMS & Azure AD bypass routes — no broken Windows VMs or auth failures
  • Dynamic for_each subnet binding — scales to any number of Spokes
  • IP Group-based firewall policies — no hardcoded IP addresses
  • FQDN baseline rules for Windows Updates and core Microsoft services
Terraform Module Azure Terraform AI Zero-Trust OpenAI

Enterprise AI RAG — Zero-Trust Networking

A fully isolated, audit-ready AI infrastructure blueprint. Features automated Shared Private Link approval, VNet injection, Private DNS automation, and RBAC Identity Chaining for Azure OpenAI and AI Search.

€79
one-time · instant download
  • Automated AzAPI Link Approval — no manual Portal clicks required
  • Full VNet Injection — Public Network Access strictly disabled
  • Pre-configured Identity Chaining (System Managed Identities + RBAC)
  • Automated Private DNS Zone linking for both services
  • ISO 27001 & NIS2 compliant architecture on day one
Bundle Most Popular Bundle Azure Terraform ISO 27001 Zero-Trust

Azure Zero-Trust Starter Pack

Everything to pass your first Azure compliance audit: Acmebot certificate automation, the Hub & Spoke zero-trust foundation, and Forced Tunneling — bundled, plus a bonus ISO 27001 Auditor Checklist mapping every module to Annex A controls.

€147 €99
one-time · instant download · 3 modules + bonus PDF
  • Includes: Acmebot Enterprise VNet, Hub & Spoke Zero-Trust, Azure Firewall Forced Tunneling
  • Save €48 vs. buying the three modules separately
  • Bonus: ISO 27001 Auditor Checklist (PDF) — Annex A control map for all 3 modules
  • Everything to pass your first Azure compliance audit
  • Full source code for all 3 modules — no lock-in, no black box
Coming Soon Read the article

License & Delivery

  • Full Terraform source code — no compiled binaries, no lock-in
  • One-time payment via Lemon Squeezy (MoR — VAT handled automatically)
  • Single-organization license: use in your own infrastructure or for a single client engagement
  • Questions? david@woitzik.dev

New modules & deep dives

Get notified when new enterprise modules drop. No spam, unsubscribe anytime.