update docs

quickstart/101-machine-learning/readme.md

@@ -0,0 +1,39 @@
+# Azure Machine Learning workspace
+
+This deployment template specifies an [Azure Machine Learning workspace](https://docs.microsoft.com/en-us/azure/machine-learning/concept-workspace), 
+and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry.
+
+This template describes the minimal set of resources you require to get started with Azure Machine Learning.
+
+## Resources
+
+| Terraform Resource Type | Description |
+| - | - |
+| `azurerm_resource_group` | The resource group all resources get deployed into |
+| `azurerm_application_insights` | An Azure Application Insights instance associated to the Azure Machine Learning workspace |
+| `azurerm_key_vault` | An Azure Key Vault instance associated to the Azure Machine Learning workspace |
+| `azurerm_storage_account` | An Azure Storage instance associated to the Azure Machine Learning workspace |
+| `azurerm_container_registry` | An Azure Container Registry instance associated to the Azure Machine Learning workspace |
+| `azurerm_machine_learning_workspace` | An Azure Machine Learning workspace instance |
+
+## Variables
+
+| Name | Description |
+|-|-|
+| name | Name of the deployment |
+| environment | The deployment environment name (used for pre- and postfixing resource names) |
+| location | The Azure region used for deployments |
+
+## Usage
+
+```bash
+terraform plan \
+    -var 'name=azureml999' \
+    -var 'environment=dev' \
+    -var 'location=East US' \
+    -out demo.tfplan
+
+terraform apply demo.tfplan
+```
+
+\* Example shown with [Bash](https://www.gnu.org/software/bash/).  For [Powershell](https://docs.microsoft.com/en-us/powershell/) replace backslashes with backticks.

quickstart/201-machine-learning-private/main.tf

@@ -9,93 +9,3 @@ resource "azurerm_resource_group" "default" {
   name     = "${var.name}-${var.environment}-rgp"
   location = "${var.location}"
 }
-
-# Virtual network
-resource "azurerm_virtual_network" "default" {
-  name                = "${var.name}-${var.environment}-vnet"
-  address_space       = ["10.0.0.0/16"]
-  location            = azurerm_resource_group.default.location
-  resource_group_name = azurerm_resource_group.default.name
-}
-
-resource "azurerm_subnet" "mlsubnet" {
-  name                 = "mlsubnet"
-  resource_group_name  = azurerm_resource_group.default.name
-  virtual_network_name = azurerm_virtual_network.default.name
-  address_prefixes     = ["10.0.1.0/24"]
-  enforce_private_link_endpoint_network_policies = true
-}
-
-# DNS zones
-resource "azurerm_private_dns_zone" "dnsvault" {
-  name                = "privatelink.vaultcore.azure.net"
-  resource_group_name = azurerm_resource_group.default.name
-}
-
-resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkvault" {
-  name                  = "dnsvaultlink"
-  resource_group_name   = azurerm_resource_group.default.name
-  private_dns_zone_name = azurerm_private_dns_zone.dnsvault.name
-  virtual_network_id    = azurerm_virtual_network.default.id
-}
-
-resource "azurerm_private_dns_zone" "dnsstorageblob" {
-  name                = "privatelink.blob.core.windows.net"
-  resource_group_name = azurerm_resource_group.default.name
-}
-
-resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkblob" {
-  name                  = "dnsblobstoragelink"
-  resource_group_name   = azurerm_resource_group.default.name
-  private_dns_zone_name = azurerm_private_dns_zone.dnsstorageblob.name
-  virtual_network_id    = azurerm_virtual_network.default.id
-}
-
-
-resource "azurerm_private_dns_zone" "dnsstoragefile" {
-  name                = "privatelink.file.core.windows.net"
-  resource_group_name = azurerm_resource_group.default.name
-}
-
-resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkfile" {
-  name                  = "dnsfilestoragelink"
-  resource_group_name   = azurerm_resource_group.default.name
-  private_dns_zone_name = azurerm_private_dns_zone.dnsstoragefile.name
-  virtual_network_id    = azurerm_virtual_network.default.id
-}
-
-resource "azurerm_private_dns_zone" "dnscontainerregistry" {
-  name                = "privatelink.azurecr.io"
-  resource_group_name = azurerm_resource_group.default.name
-}
-
-resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkcr" {
-  name                  = "dnscrlink"
-  resource_group_name   = azurerm_resource_group.default.name
-  private_dns_zone_name = azurerm_private_dns_zone.dnscontainerregistry.name
-  virtual_network_id    = azurerm_virtual_network.default.id
-}
-
-resource "azurerm_private_dns_zone" "dnsazureml" {
-  name                = "privatelink.api.azureml.ms"
-  resource_group_name = azurerm_resource_group.default.name
-}
-
-resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkml" {
-  name                  = "dnsazuremllink"
-  resource_group_name   = azurerm_resource_group.default.name
-  private_dns_zone_name = azurerm_private_dns_zone.dnsazureml.name
-  virtual_network_id    = azurerm_virtual_network.default.id
-}
-
-resource "azurerm_private_dns_zone" "dnsnotebooks" {
-  name                = "privatelink.azureml.notebooks.net"
-  resource_group_name = azurerm_resource_group.default.name
-}
-
-resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinknbs" {
-  name                  = "dnsnotebookslink"
-  resource_group_name   = azurerm_resource_group.default.name
-  private_dns_zone_name = azurerm_private_dns_zone.dnsnotebooks.name
-  virtual_network_id    = azurerm_virtual_network.default.id
-}

quickstart/201-machine-learning-private/network.tf

@@ -0,0 +1,89 @@
+# Virtual Network resources
+resource "azurerm_virtual_network" "default" {
+  name                = "${var.name}-${var.environment}-vnet"
+  address_space       = ["10.0.0.0/16"]
+  location            = azurerm_resource_group.default.location
+  resource_group_name = azurerm_resource_group.default.name
+}
+
+resource "azurerm_subnet" "mlsubnet" {
+  name                 = "mlsubnet"
+  resource_group_name  = azurerm_resource_group.default.name
+  virtual_network_name = azurerm_virtual_network.default.name
+  address_prefixes     = ["10.0.1.0/24"]
+  enforce_private_link_endpoint_network_policies = true
+}
+
+# DNS zones
+resource "azurerm_private_dns_zone" "dnsvault" {
+  name                = "privatelink.vaultcore.azure.net"
+  resource_group_name = azurerm_resource_group.default.name
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkvault" {
+  name                  = "dnsvaultlink"
+  resource_group_name   = azurerm_resource_group.default.name
+  private_dns_zone_name = azurerm_private_dns_zone.dnsvault.name
+  virtual_network_id    = azurerm_virtual_network.default.id
+}
+
+resource "azurerm_private_dns_zone" "dnsstorageblob" {
+  name                = "privatelink.blob.core.windows.net"
+  resource_group_name = azurerm_resource_group.default.name
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkblob" {
+  name                  = "dnsblobstoragelink"
+  resource_group_name   = azurerm_resource_group.default.name
+  private_dns_zone_name = azurerm_private_dns_zone.dnsstorageblob.name
+  virtual_network_id    = azurerm_virtual_network.default.id
+}
+
+
+resource "azurerm_private_dns_zone" "dnsstoragefile" {
+  name                = "privatelink.file.core.windows.net"
+  resource_group_name = azurerm_resource_group.default.name
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkfile" {
+  name                  = "dnsfilestoragelink"
+  resource_group_name   = azurerm_resource_group.default.name
+  private_dns_zone_name = azurerm_private_dns_zone.dnsstoragefile.name
+  virtual_network_id    = azurerm_virtual_network.default.id
+}
+
+resource "azurerm_private_dns_zone" "dnscontainerregistry" {
+  name                = "privatelink.azurecr.io"
+  resource_group_name = azurerm_resource_group.default.name
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkcr" {
+  name                  = "dnscrlink"
+  resource_group_name   = azurerm_resource_group.default.name
+  private_dns_zone_name = azurerm_private_dns_zone.dnscontainerregistry.name
+  virtual_network_id    = azurerm_virtual_network.default.id
+}
+
+resource "azurerm_private_dns_zone" "dnsazureml" {
+  name                = "privatelink.api.azureml.ms"
+  resource_group_name = azurerm_resource_group.default.name
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkml" {
+  name                  = "dnsazuremllink"
+  resource_group_name   = azurerm_resource_group.default.name
+  private_dns_zone_name = azurerm_private_dns_zone.dnsazureml.name
+  virtual_network_id    = azurerm_virtual_network.default.id
+}
+
+resource "azurerm_private_dns_zone" "dnsnotebooks" {
+  name                = "privatelink.azureml.notebooks.net"
+  resource_group_name = azurerm_resource_group.default.name
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinknbs" {
+  name                  = "dnsnotebookslink"
+  resource_group_name   = azurerm_resource_group.default.name
+  private_dns_zone_name = azurerm_private_dns_zone.dnsnotebooks.name
+  virtual_network_id    = azurerm_virtual_network.default.id
+}

quickstart/201-machine-learning-private/readme.md

@@ -0,0 +1,50 @@
+# Azure Machine Learning workspace using Azure Private Link
+
+This deployment template specifies an [Azure Machine Learning workspace](https://docs.microsoft.com/en-us/azure/machine-learning/concept-workspace), 
+and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry.
+
+In addition to these core services, this template deploys any networking components that are required to set up Azure Machine Learning
+for private network connectivity using [Azure Private Link](https://docs.microsoft.com/en-us/azure/private-link/). 
+
+This template describes the minimal set of resources you require to get started with Azure Machine Learning in a network-isolated set-up.
+
+To learn more about security configurations in Azure Machine Learning, see [Enterprise security and governance for Azure Machine Learning](https://docs.microsoft.com/en-us/azure/machine-learning/concept-enterprise-security).
+
+## Resources
+
+| Terraform Resource Type | Description |
+| - | - |
+| `azurerm_resource_group` | The resource group all resources get deployed into |
+| `azurerm_application_insights` | An Azure Application Insights instance associated to the Azure Machine Learning workspace |
+| `azurerm_key_vault` | An Azure Key Vault instance associated to the Azure Machine Learning workspace |
+| `azurerm_storage_account` | An Azure Storage instance associated to the Azure Machine Learning workspace |
+| `azurerm_container_registry` | An Azure Container Registry instance associated to the Azure Machine Learning workspace |
+| `azurerm_machine_learning_workspace` | An Azure Machine Learning workspace instance |
+| `azurerm_virtual_network` | An Azure Machine Learning workspace instance |
+| `azurerm_subnet` | An Azure Machine Learning workspace instance |
+| `azurerm_private_dns_zone` | Private DNS Zones for FQDNs required for Azure Machine Learning and associated resources |
+| `azurerm_private_dns_zone_virtual_network_link` | Virtual network links of the Private DNS Zones to the virtual network resource |
+| `azurerm_private_endpoint` | Private Endpoints for the Azure Machine Learning workspace and associated resources |
+
+## Variables
+
+| Name | Description |
+|-|-|
+| name | Name of the deployment |
+| environment | The deployment environment name (used for pre- and postfixing resource names) |
+| location | The Azure region used for deployments |
+
+
+## Usage
+
+```bash
+terraform plan \
+    -var 'name=azureml999' \
+    -var 'environment=dev' \
+    -var 'location=East US' \
+    -out demo.tfplan
+
+terraform apply demo.tfplan
+```
+
+\* Example shown with [Bash](https://www.gnu.org/software/bash/).  For [Powershell](https://docs.microsoft.com/en-us/powershell/) replace backslashes with backticks.