From 097321f7d5da25cc8f25b013ea411c19a83ea27f Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 15 May 2024 20:45:38 +0000 Subject: [PATCH] added files --- quickstart/101-ai-studio/README.md | 44 ++++++++++++++++ quickstart/101-ai-studio/connections.tf | 26 ++++++++++ quickstart/101-ai-studio/dependent.tf | 67 +++++++++++++++++++++++++ quickstart/101-ai-studio/hub-cmk.tf | 48 ++++++++++++++++++ quickstart/101-ai-studio/hub.tf | 26 ++++++++++ quickstart/101-ai-studio/main.tf | 17 +++++++ quickstart/101-ai-studio/output.tf | 16 ++++++ quickstart/101-ai-studio/project.tf | 20 ++++++++ quickstart/101-ai-studio/variables.tf | 18 +++++++ 9 files changed, 282 insertions(+) create mode 100644 quickstart/101-ai-studio/README.md create mode 100644 quickstart/101-ai-studio/connections.tf create mode 100644 quickstart/101-ai-studio/dependent.tf create mode 100644 quickstart/101-ai-studio/hub-cmk.tf create mode 100644 quickstart/101-ai-studio/hub.tf create mode 100644 quickstart/101-ai-studio/main.tf create mode 100644 quickstart/101-ai-studio/output.tf create mode 100644 quickstart/101-ai-studio/project.tf create mode 100644 quickstart/101-ai-studio/variables.tf diff --git a/quickstart/101-ai-studio/README.md b/quickstart/101-ai-studio/README.md new file mode 100644 index 00000000..579d518f --- /dev/null +++ b/quickstart/101-ai-studio/README.md @@ -0,0 +1,44 @@ +# Azure AI Studio + +This deployment configuration specifies an [Azure AI hub](https://learn.microsoft.com/en-us/azure/ai-studio/concepts/ai-resources), +and its associated resources including Azure Key Vault, Azure Storage. You can optionally provision and attach Azure Application Insights and Azure Container Registry. + +This configuration describes the minimal set of resources you require to get started with Azure AI Studio. + +## Resources + +| Terraform Resource Type | Description | +| - | - | +| `azurerm_resource_group` | The resource group all resources get deployed into. | +| `azurerm_key_vault` | An Azure Key Vault instance associated to the Azure Machine Learning workspace. | +| `azurerm_storage_account` | An Azure Storage instance associated to the Azure Machine Learning workspace. | +| `azurerm_application_insights` | An Azure Application Insights instance associated to the Azure Machine Learning workspace. | +| `azurerm_container_registry` | An Azure Container Registry instance associated to the Azure Machine Learning workspace. | + +## Variables + +| Name | Description | Default | +| ---- | ----------- | ------- | +| names | Prefix name for dependent resources. | myfirst | +| location | The Azure region used for deployments | East US | +| sku | The SKU for AI Services resources | S0 + +## Usage + +After git cloning the repo, run the following commands after having docker running on your machine. + +```bash +terraform init + +az login + +terraform plan -var names="tftemplate" -out demo.tfplan + +terraform apply "demo.tfplan" +``` + +## Common mistakes + +1. Make sure docker is running +1. Make sure to have logged into your Azure Subscription by running ```az login```. +1. Ensure that you have the correct RBAC permissions for in your subscription, hub, and project. \ No newline at end of file diff --git a/quickstart/101-ai-studio/connections.tf b/quickstart/101-ai-studio/connections.tf new file mode 100644 index 00000000..60640c44 --- /dev/null +++ b/quickstart/101-ai-studio/connections.tf @@ -0,0 +1,26 @@ +//Create an AI Services connection. +resource "azapi_resource" "AIServicesConnection" { + type = "Microsoft.MachineLearningServices/workspaces/connections@2024-04-01-preview" + name = "Default_AIServices" + parent_id = azapi_resource.hub.id + + body = jsonencode({ + properties = { + category = "AIServices", + target = jsondecode(azapi_resource.AIServicesResource.output).properties.endpoint, + authType = "AAD", // or "APIKey" + isSharedToAll = true, + metadata = { + ApiType = "Azure", + ResourceId = azapi_resource.AIServicesResource.id + } + + credentials = { + Key = "" // <- must input APIKey here + } + + } + }) + schema_validation_enabled = false + response_export_values = ["*"] +} \ No newline at end of file diff --git a/quickstart/101-ai-studio/dependent.tf b/quickstart/101-ai-studio/dependent.tf new file mode 100644 index 00000000..038af316 --- /dev/null +++ b/quickstart/101-ai-studio/dependent.tf @@ -0,0 +1,67 @@ + +resource "azurerm_resource_group" "default" { + name = "azapi-template-rg-${var.names}" + location = var.location +} + +resource "azurerm_storage_account" "default" { + name = "${var.names}storage" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + account_tier = "Standard" + account_replication_type = "GRS" + allow_nested_items_to_be_public = false +} + +resource "azurerm_key_vault" "default" { + name = "${var.names}keyvault" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + tenant_id = data.azurerm_client_config.current.tenant_id + sku_name = "standard" + purge_protection_enabled = false +} + +// AzAPI AIServices +resource "azapi_resource" "AIServicesResource"{ + type = "Microsoft.CognitiveServices/accounts@2024-01-01-preview" + name = "${var.names}AIServicesResource" + location = azurerm_resource_group.default.location + parent_id = azurerm_resource_group.default.id + + identity { + type = "SystemAssigned" + } + + body = jsonencode({ + properties = { + apiProperties = { + statisticsEnabled = false + } + } + kind = "AIServices" + sku = { + name = var.sku + } + }) + + schema_validation_enabled = false + response_export_values = ["*"] +} + +/* The following resources are OPTIONAL. +resource "azurerm_application_insights" "default" { + name = "${var.names}appinsights" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + application_type = "web" +} + +resource "azurerm_container_registry" "default" { + name = "${var.names}contreg" + resource_group_name = azurerm_resource_group.default.name + location = azurerm_resource_group.default.location + sku = "premium" + admin_enabled = true +} +*/ \ No newline at end of file diff --git a/quickstart/101-ai-studio/hub-cmk.tf b/quickstart/101-ai-studio/hub-cmk.tf new file mode 100644 index 00000000..c29c1f3e --- /dev/null +++ b/quickstart/101-ai-studio/hub-cmk.tf @@ -0,0 +1,48 @@ +/* // To enable cmk, pass in arguments to set up keyIdentifier via cmk_keyvault_key_uri. Also comment out hub.tf. + +variable "cmk_keyvault_key_uri" { + description = "Key vault uri to access the encryption key." +} + +variable "encryption_status" { + description = "Indicates whether or not the encryption is enabled for the workspace." + default = "Enabled" +} + +resource "azapi_resource" "hub" { + type = "Microsoft.MachineLearningServices/workspaces@2024-04-01" + name = "my-ai-hub" + location = azurerm_resource_group.default.location + parent_id = azurerm_resource_group.default.id + + identity { + type = "SystemAssigned" + } + + body = jsonencode({ + properties = { + description = "This is my Azure AI hub" + friendlyName = "My Hub" + storageAccount = azurerm_storage_account.default.id + keyVault = azurerm_key_vault.default.id + + /* Optional: To enable these field, the corresponding dependent resources need to be uncommented. + applicationInsight = azurerm_application_insights.default.id + containerRegistry = azurerm_container_registry.default.id + /* + + encryption = { + status = var.encryption_status + keyVaultProperties = { + keyVaultArmId = azurerm_key_vault.default.id + keyIdentifier = var.cmk_keyvault_key_uri + } + } + + } + kind = "hub" + }) + schema_validation_enabled = false +} + +*/ \ No newline at end of file diff --git a/quickstart/101-ai-studio/hub.tf b/quickstart/101-ai-studio/hub.tf new file mode 100644 index 00000000..7629f30b --- /dev/null +++ b/quickstart/101-ai-studio/hub.tf @@ -0,0 +1,26 @@ +resource "azapi_resource" "hub" { + type = "Microsoft.MachineLearningServices/workspaces@2024-04-01" + name = "my-ai-hub" + location = azurerm_resource_group.default.location + parent_id = azurerm_resource_group.default.id + + identity { + type = "SystemAssigned" + } + + body = jsonencode({ + properties = { + description = "This is my Azure AI hub" + friendlyName = "My Hub" + storageAccount = azurerm_storage_account.default.id + keyVault = azurerm_key_vault.default.id + + /* Optional: To enable these field, the corresponding dependent resources need to be uncommented. + applicationInsight = azurerm_application_insights.default.id + containerRegistry = azurerm_container_registry.default.id + */ + } + kind = "hub" + }) + schema_validation_enabled = false +} \ No newline at end of file diff --git a/quickstart/101-ai-studio/main.tf b/quickstart/101-ai-studio/main.tf new file mode 100644 index 00000000..ed091aa3 --- /dev/null +++ b/quickstart/101-ai-studio/main.tf @@ -0,0 +1,17 @@ +terraform { + required_providers { + azapi = { + source = "azure/azapi" + } + } +} + +provider "azurerm" { + features {} +} + +provider "azapi" { +} + +data "azurerm_client_config" "current" { +} \ No newline at end of file diff --git a/quickstart/101-ai-studio/output.tf b/quickstart/101-ai-studio/output.tf new file mode 100644 index 00000000..c24deefa --- /dev/null +++ b/quickstart/101-ai-studio/output.tf @@ -0,0 +1,16 @@ +output "ResourceGroup" { + value = azurerm_resource_group.default.id +} + +output "HubId" { + value = azapi_resource.hub.id +} + +output "ProjectId" { + value = azapi_resource.project.id +} + +output "endpoint" { + value = jsondecode(azapi_resource.AIServicesResource.output).properties.endpoint +} + diff --git a/quickstart/101-ai-studio/project.tf b/quickstart/101-ai-studio/project.tf new file mode 100644 index 00000000..2bcec10b --- /dev/null +++ b/quickstart/101-ai-studio/project.tf @@ -0,0 +1,20 @@ +resource "azapi_resource" "project" { + type = "Microsoft.MachineLearningServices/workspaces@2024-04-01" + name = "my-ai-project" + location = azurerm_resource_group.default.location + parent_id = azurerm_resource_group.default.id + + identity { + type = "SystemAssigned" + } + + body = jsonencode({ + properties = { + description = "This is my Azure AI PROJECT" + friendlyName = "My Project" + hubResourceId = azapi_resource.hub.id + } + kind = "project" + }) + schema_validation_enabled = false +} \ No newline at end of file diff --git a/quickstart/101-ai-studio/variables.tf b/quickstart/101-ai-studio/variables.tf new file mode 100644 index 00000000..ae636375 --- /dev/null +++ b/quickstart/101-ai-studio/variables.tf @@ -0,0 +1,18 @@ +// Names and Try are used for naming conventions in hub.tf and depende +variable "names" { + type = string + description="This variable is used to name the hub, project, and dependent resources." + default = "tftemplate" +} + +variable "location" { + type = string + description = "This is the location for all resources" + default = "East US 2" +} + +variable "sku" { + type = string + description = "The sku name of the Azure Analysis Services server to create. Choose from: B1, B2, D1, S0, S1, S2, S3, S4, S8, S9. Some skus are region specific. See https://docs.microsoft.com/en-us/azure/analysis-services/analysis-services-overview#availability-by-region" + default = "S0" +} \ No newline at end of file