woitzik.dev
Templates

Compliance-ready infrastructure blueprints for ISO 27001, NIS2, and KRITIS environments. Each module is tested, documented, and ready to deploy.

Terraform Module Azure Terraform ISO 27001 NIS2 Private Link

Azure Acmebot — Enterprise VNet Edition

Production-ready Let's Encrypt automation for hardened Azure environments. Full Private Link isolation, default-deny firewall rules, and Managed Identity — compliant with ISO 27001, NIS2, and KRITIS out of the box.

€49
one-time · instant download
  • Default-deny network architecture (VNet Integration + Private Link)
  • Private DNS Zones — correct resolution out of the box
  • Entra ID & Managed Identity automation included
  • Saves 4–8h of senior engineer troubleshooting
  • Full source code — no lock-in, no black box
Buy Now → Read the article
Terraform Module Azure Terraform Zero-Trust Networking Compliance

Enterprise Hub & Spoke — Zero-Trust Edition

Zero-Trust NSGs, centralized Private DNS, DINE policy bypass — audit-ready on day one.

€49
one-time · instant download
  • Zero-Trust NSG baseline bound to all Spoke subnets
  • 4 centralized Private DNS Zones (Blob, SQL, Key Vault, ACR)
  • DINE policy lifecycle bypass — no more broken pipelines
  • Environment-aware naming convention throughout
  • Full source code — no lock-in, no black box
Buy Now → Read the article
Terraform Module Azure Terraform Firewall Networking Zero-Trust

Azure Firewall — Enterprise Forced Tunneling Edition

Cycle-error-free Forced Tunneling with KMS & Azure AD bypasses, dynamic IP Groups, and FQDN baseline policies. Drops into any existing Hub & Spoke without breaking Windows VMs or Managed Identities.

€49
one-time · instant download
  • Cycle-error-free resource ordering — deploys first time, every time
  • KMS & Azure AD bypass routes — no broken Windows VMs or auth failures
  • Dynamic for_each subnet binding — scales to any number of Spokes
  • IP Group-based firewall policies — no hardcoded IP addresses
  • FQDN baseline rules for Windows Updates and core Microsoft services
Buy Now → Read the article
Terraform Module Azure Terraform AI Zero-Trust OpenAI

Enterprise AI RAG — Zero-Trust Networking

A fully isolated, audit-ready AI infrastructure blueprint. Features automated Shared Private Link approval, VNet injection, Private DNS automation, and RBAC Identity Chaining for Azure OpenAI and AI Search.

€79
one-time · instant download
  • Automated AzAPI Link Approval — no manual Portal clicks required
  • Full VNet Injection — Public Network Access strictly disabled
  • Pre-configured Identity Chaining (System Managed Identities + RBAC)
  • Automated Private DNS Zone linking for both services
  • ISO 27001 & NIS2 compliant architecture on day one
Buy Now → Read the article