diff --git a/quickstart/101-machine-learning/readme.md b/quickstart/101-machine-learning/readme.md new file mode 100644 index 00000000..8211d4bf --- /dev/null +++ b/quickstart/101-machine-learning/readme.md @@ -0,0 +1,39 @@ +# Azure Machine Learning workspace + +This deployment template specifies an [Azure Machine Learning workspace](https://docs.microsoft.com/en-us/azure/machine-learning/concept-workspace), +and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. + +This template describes the minimal set of resources you require to get started with Azure Machine Learning. + +## Resources + +| Terraform Resource Type | Description | +| - | - | +| `azurerm_resource_group` | The resource group all resources get deployed into | +| `azurerm_application_insights` | An Azure Application Insights instance associated to the Azure Machine Learning workspace | +| `azurerm_key_vault` | An Azure Key Vault instance associated to the Azure Machine Learning workspace | +| `azurerm_storage_account` | An Azure Storage instance associated to the Azure Machine Learning workspace | +| `azurerm_container_registry` | An Azure Container Registry instance associated to the Azure Machine Learning workspace | +| `azurerm_machine_learning_workspace` | An Azure Machine Learning workspace instance | + +## Variables + +| Name | Description | +|-|-| +| name | Name of the deployment | +| environment | The deployment environment name (used for pre- and postfixing resource names) | +| location | The Azure region used for deployments | + +## Usage + +```bash +terraform plan \ + -var 'name=azureml999' \ + -var 'environment=dev' \ + -var 'location=East US' \ + -out demo.tfplan + +terraform apply demo.tfplan +``` + +\* Example shown with [Bash](https://www.gnu.org/software/bash/). For [Powershell](https://docs.microsoft.com/en-us/powershell/) replace backslashes with backticks. \ No newline at end of file diff --git a/quickstart/201-machine-learning-private/main.tf b/quickstart/201-machine-learning-private/main.tf index 4908b2b8..59201a17 100644 --- a/quickstart/201-machine-learning-private/main.tf +++ b/quickstart/201-machine-learning-private/main.tf @@ -9,93 +9,3 @@ resource "azurerm_resource_group" "default" { name = "${var.name}-${var.environment}-rgp" location = "${var.location}" } - -# Virtual network -resource "azurerm_virtual_network" "default" { - name = "${var.name}-${var.environment}-vnet" - address_space = ["10.0.0.0/16"] - location = azurerm_resource_group.default.location - resource_group_name = azurerm_resource_group.default.name -} - -resource "azurerm_subnet" "mlsubnet" { - name = "mlsubnet" - resource_group_name = azurerm_resource_group.default.name - virtual_network_name = azurerm_virtual_network.default.name - address_prefixes = ["10.0.1.0/24"] - enforce_private_link_endpoint_network_policies = true -} - -# DNS zones -resource "azurerm_private_dns_zone" "dnsvault" { - name = "privatelink.vaultcore.azure.net" - resource_group_name = azurerm_resource_group.default.name -} - -resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkvault" { - name = "dnsvaultlink" - resource_group_name = azurerm_resource_group.default.name - private_dns_zone_name = azurerm_private_dns_zone.dnsvault.name - virtual_network_id = azurerm_virtual_network.default.id -} - -resource "azurerm_private_dns_zone" "dnsstorageblob" { - name = "privatelink.blob.core.windows.net" - resource_group_name = azurerm_resource_group.default.name -} - -resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkblob" { - name = "dnsblobstoragelink" - resource_group_name = azurerm_resource_group.default.name - private_dns_zone_name = azurerm_private_dns_zone.dnsstorageblob.name - virtual_network_id = azurerm_virtual_network.default.id -} - - -resource "azurerm_private_dns_zone" "dnsstoragefile" { - name = "privatelink.file.core.windows.net" - resource_group_name = azurerm_resource_group.default.name -} - -resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkfile" { - name = "dnsfilestoragelink" - resource_group_name = azurerm_resource_group.default.name - private_dns_zone_name = azurerm_private_dns_zone.dnsstoragefile.name - virtual_network_id = azurerm_virtual_network.default.id -} - -resource "azurerm_private_dns_zone" "dnscontainerregistry" { - name = "privatelink.azurecr.io" - resource_group_name = azurerm_resource_group.default.name -} - -resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkcr" { - name = "dnscrlink" - resource_group_name = azurerm_resource_group.default.name - private_dns_zone_name = azurerm_private_dns_zone.dnscontainerregistry.name - virtual_network_id = azurerm_virtual_network.default.id -} - -resource "azurerm_private_dns_zone" "dnsazureml" { - name = "privatelink.api.azureml.ms" - resource_group_name = azurerm_resource_group.default.name -} - -resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkml" { - name = "dnsazuremllink" - resource_group_name = azurerm_resource_group.default.name - private_dns_zone_name = azurerm_private_dns_zone.dnsazureml.name - virtual_network_id = azurerm_virtual_network.default.id -} - -resource "azurerm_private_dns_zone" "dnsnotebooks" { - name = "privatelink.azureml.notebooks.net" - resource_group_name = azurerm_resource_group.default.name -} - -resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinknbs" { - name = "dnsnotebookslink" - resource_group_name = azurerm_resource_group.default.name - private_dns_zone_name = azurerm_private_dns_zone.dnsnotebooks.name - virtual_network_id = azurerm_virtual_network.default.id -} diff --git a/quickstart/201-machine-learning-private/network.tf b/quickstart/201-machine-learning-private/network.tf new file mode 100644 index 00000000..de660c42 --- /dev/null +++ b/quickstart/201-machine-learning-private/network.tf @@ -0,0 +1,89 @@ +# Virtual Network resources +resource "azurerm_virtual_network" "default" { + name = "${var.name}-${var.environment}-vnet" + address_space = ["10.0.0.0/16"] + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_subnet" "mlsubnet" { + name = "mlsubnet" + resource_group_name = azurerm_resource_group.default.name + virtual_network_name = azurerm_virtual_network.default.name + address_prefixes = ["10.0.1.0/24"] + enforce_private_link_endpoint_network_policies = true +} + +# DNS zones +resource "azurerm_private_dns_zone" "dnsvault" { + name = "privatelink.vaultcore.azure.net" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkvault" { + name = "dnsvaultlink" + resource_group_name = azurerm_resource_group.default.name + private_dns_zone_name = azurerm_private_dns_zone.dnsvault.name + virtual_network_id = azurerm_virtual_network.default.id +} + +resource "azurerm_private_dns_zone" "dnsstorageblob" { + name = "privatelink.blob.core.windows.net" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkblob" { + name = "dnsblobstoragelink" + resource_group_name = azurerm_resource_group.default.name + private_dns_zone_name = azurerm_private_dns_zone.dnsstorageblob.name + virtual_network_id = azurerm_virtual_network.default.id +} + + +resource "azurerm_private_dns_zone" "dnsstoragefile" { + name = "privatelink.file.core.windows.net" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkfile" { + name = "dnsfilestoragelink" + resource_group_name = azurerm_resource_group.default.name + private_dns_zone_name = azurerm_private_dns_zone.dnsstoragefile.name + virtual_network_id = azurerm_virtual_network.default.id +} + +resource "azurerm_private_dns_zone" "dnscontainerregistry" { + name = "privatelink.azurecr.io" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkcr" { + name = "dnscrlink" + resource_group_name = azurerm_resource_group.default.name + private_dns_zone_name = azurerm_private_dns_zone.dnscontainerregistry.name + virtual_network_id = azurerm_virtual_network.default.id +} + +resource "azurerm_private_dns_zone" "dnsazureml" { + name = "privatelink.api.azureml.ms" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkml" { + name = "dnsazuremllink" + resource_group_name = azurerm_resource_group.default.name + private_dns_zone_name = azurerm_private_dns_zone.dnsazureml.name + virtual_network_id = azurerm_virtual_network.default.id +} + +resource "azurerm_private_dns_zone" "dnsnotebooks" { + name = "privatelink.azureml.notebooks.net" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinknbs" { + name = "dnsnotebookslink" + resource_group_name = azurerm_resource_group.default.name + private_dns_zone_name = azurerm_private_dns_zone.dnsnotebooks.name + virtual_network_id = azurerm_virtual_network.default.id +} diff --git a/quickstart/201-machine-learning-private/readme.md b/quickstart/201-machine-learning-private/readme.md new file mode 100644 index 00000000..f4cda8d1 --- /dev/null +++ b/quickstart/201-machine-learning-private/readme.md @@ -0,0 +1,50 @@ +# Azure Machine Learning workspace using Azure Private Link + +This deployment template specifies an [Azure Machine Learning workspace](https://docs.microsoft.com/en-us/azure/machine-learning/concept-workspace), +and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. + +In addition to these core services, this template deploys any networking components that are required to set up Azure Machine Learning +for private network connectivity using [Azure Private Link](https://docs.microsoft.com/en-us/azure/private-link/). + +This template describes the minimal set of resources you require to get started with Azure Machine Learning in a network-isolated set-up. + +To learn more about security configurations in Azure Machine Learning, see [Enterprise security and governance for Azure Machine Learning](https://docs.microsoft.com/en-us/azure/machine-learning/concept-enterprise-security). + +## Resources + +| Terraform Resource Type | Description | +| - | - | +| `azurerm_resource_group` | The resource group all resources get deployed into | +| `azurerm_application_insights` | An Azure Application Insights instance associated to the Azure Machine Learning workspace | +| `azurerm_key_vault` | An Azure Key Vault instance associated to the Azure Machine Learning workspace | +| `azurerm_storage_account` | An Azure Storage instance associated to the Azure Machine Learning workspace | +| `azurerm_container_registry` | An Azure Container Registry instance associated to the Azure Machine Learning workspace | +| `azurerm_machine_learning_workspace` | An Azure Machine Learning workspace instance | +| `azurerm_virtual_network` | An Azure Machine Learning workspace instance | +| `azurerm_subnet` | An Azure Machine Learning workspace instance | +| `azurerm_private_dns_zone` | Private DNS Zones for FQDNs required for Azure Machine Learning and associated resources | +| `azurerm_private_dns_zone_virtual_network_link` | Virtual network links of the Private DNS Zones to the virtual network resource | +| `azurerm_private_endpoint` | Private Endpoints for the Azure Machine Learning workspace and associated resources | + +## Variables + +| Name | Description | +|-|-| +| name | Name of the deployment | +| environment | The deployment environment name (used for pre- and postfixing resource names) | +| location | The Azure region used for deployments | + + +## Usage + +```bash +terraform plan \ + -var 'name=azureml999' \ + -var 'environment=dev' \ + -var 'location=East US' \ + -out demo.tfplan + +terraform apply demo.tfplan +``` + +\* Example shown with [Bash](https://www.gnu.org/software/bash/). For [Powershell](https://docs.microsoft.com/en-us/powershell/) replace backslashes with backticks. \ No newline at end of file