From 5e52a3836bc8212e9747dce8ac194f82fd246d79 Mon Sep 17 00:00:00 2001 From: Dennis Eikelenboom Date: Thu, 5 Aug 2021 14:52:54 -0700 Subject: [PATCH 1/6] Added two Azure ML quickstart templates --- .gitignore | 1 + quickstart/101-machine-learning/main.tf | 11 + quickstart/101-machine-learning/variables.tf | 17 ++ quickstart/101-machine-learning/workspace.tf | 57 +++++ .../201-machine-learning-private/main.tf | 11 + .../201-machine-learning-private/variables.tf | 17 ++ .../201-machine-learning-private/workspace.tf | 203 ++++++++++++++++++ 7 files changed, 317 insertions(+) create mode 100644 quickstart/101-machine-learning/main.tf create mode 100644 quickstart/101-machine-learning/variables.tf create mode 100644 quickstart/101-machine-learning/workspace.tf create mode 100644 quickstart/201-machine-learning-private/main.tf create mode 100644 quickstart/201-machine-learning-private/variables.tf create mode 100644 quickstart/201-machine-learning-private/workspace.tf diff --git a/.gitignore b/.gitignore index 37a6b4dc..5b6ef27a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,7 @@ ## Ignore terraform provider and state files *.terraform *.tfstate* +.terraform.lock.hcl ## Ignore Visual Studio temporary files, build results, and ## files generated by popular Visual Studio add-ons. diff --git a/quickstart/101-machine-learning/main.tf b/quickstart/101-machine-learning/main.tf new file mode 100644 index 00000000..3a873834 --- /dev/null +++ b/quickstart/101-machine-learning/main.tf @@ -0,0 +1,11 @@ +provider "azurerm" { + version = "~>2.0" + features {} +} + +data "azurerm_client_config" "current" {} + +resource "azurerm_resource_group" "default" { + name = "${var.name}-${var.environment}-rgp" + location = "${var.location}" +} \ No newline at end of file diff --git a/quickstart/101-machine-learning/variables.tf b/quickstart/101-machine-learning/variables.tf new file mode 100644 index 00000000..8140ad98 --- /dev/null +++ b/quickstart/101-machine-learning/variables.tf @@ -0,0 +1,17 @@ +variable "name" { + type = string + description = "Name of the deployment" + default = "azureml999" +} + +variable "environment" { + type = string + description = "Name of the environment" + default = "dev" +} + +variable "location" { + type = string + description = "Location of the resources" + default = "East US" +} \ No newline at end of file diff --git a/quickstart/101-machine-learning/workspace.tf b/quickstart/101-machine-learning/workspace.tf new file mode 100644 index 00000000..de924454 --- /dev/null +++ b/quickstart/101-machine-learning/workspace.tf @@ -0,0 +1,57 @@ +# Dependent resources for Azure Machine Learning +resource "azurerm_application_insights" "default" { + name = "${var.name}-${var.environment}-ain" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + application_type = "web" +} + +resource "azurerm_key_vault" "default" { + name = "${var.name}${var.environment}kv" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + tenant_id = data.azurerm_client_config.current.tenant_id + sku_name = "premium" + purge_protection_enabled = false + + network_acls { + default_action = "Deny" + bypass = "AzureServices" + } +} + +resource "azurerm_storage_account" "default" { + name = "${var.name}${var.environment}sa" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + account_tier = "Standard" + account_replication_type = "GRS" + + network_rules { + default_action = "Deny" + bypass = ["AzureServices"] + } +} + +resource "azurerm_container_registry" "default" { + name = "${var.name}${var.environment}cr" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + sku = "Premium" + admin_enabled = true +} + +# Machine Learning workspace +resource "azurerm_machine_learning_workspace" "default" { + name = "${var.name}-${var.environment}-aml" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + application_insights_id = azurerm_application_insights.default.id + key_vault_id = azurerm_key_vault.default.id + storage_account_id = azurerm_storage_account.default.id + container_registry_id = azurerm_container_registry.default.id + + identity { + type = "SystemAssigned" + } +} \ No newline at end of file diff --git a/quickstart/201-machine-learning-private/main.tf b/quickstart/201-machine-learning-private/main.tf new file mode 100644 index 00000000..3a873834 --- /dev/null +++ b/quickstart/201-machine-learning-private/main.tf @@ -0,0 +1,11 @@ +provider "azurerm" { + version = "~>2.0" + features {} +} + +data "azurerm_client_config" "current" {} + +resource "azurerm_resource_group" "default" { + name = "${var.name}-${var.environment}-rgp" + location = "${var.location}" +} \ No newline at end of file diff --git a/quickstart/201-machine-learning-private/variables.tf b/quickstart/201-machine-learning-private/variables.tf new file mode 100644 index 00000000..acf05ee1 --- /dev/null +++ b/quickstart/201-machine-learning-private/variables.tf @@ -0,0 +1,17 @@ +variable "name" { + type = string + description = "Name of the deployment" + default = "mlple999" +} + +variable "environment" { + type = string + description = "Name of the environment" + default = "dev" +} + +variable "location" { + type = string + description = "Location of the resources" + default = "East US" +} \ No newline at end of file diff --git a/quickstart/201-machine-learning-private/workspace.tf b/quickstart/201-machine-learning-private/workspace.tf new file mode 100644 index 00000000..c21083d3 --- /dev/null +++ b/quickstart/201-machine-learning-private/workspace.tf @@ -0,0 +1,203 @@ +# Dependent resources for Azure Machine Learning +resource "azurerm_application_insights" "default" { + name = "${var.name}-${var.environment}-ain" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + application_type = "web" +} + +resource "azurerm_key_vault" "default" { + name = "${var.name}${var.environment}kv" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + tenant_id = data.azurerm_client_config.current.tenant_id + sku_name = "premium" + purge_protection_enabled = false + + network_acls { + default_action = "Deny" + bypass = "AzureServices" + } +} + +resource "azurerm_storage_account" "default" { + name = "${var.name}${var.environment}sa" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + account_tier = "Standard" + account_replication_type = "GRS" + + network_rules { + default_action = "Deny" + bypass = ["AzureServices"] + } +} + +resource "azurerm_container_registry" "default" { + name = "${var.name}${var.environment}cr" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + sku = "Premium" + admin_enabled = true +} + +# Machine Learning workspace +resource "azurerm_machine_learning_workspace" "default" { + name = "${var.name}-${var.environment}-aml" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + application_insights_id = azurerm_application_insights.default.id + key_vault_id = azurerm_key_vault.default.id + storage_account_id = azurerm_storage_account.default.id + container_registry_id = azurerm_container_registry.default.id + + identity { + type = "SystemAssigned" + } +} + +# Virtual network +resource "azurerm_virtual_network" "default" { + name = "${var.name}-${var.environment}-vnet" + address_space = ["10.0.0.0/16"] + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_subnet" "mlsubnet" { + name = "mlsubnet" + resource_group_name = azurerm_resource_group.default.name + virtual_network_name = azurerm_virtual_network.default.name + address_prefixes = ["10.0.1.0/24"] + enforce_private_link_endpoint_network_policies = true +} + +# DNS zones +resource "azurerm_private_dns_zone" "dnsvault" { + name = "privatelink.vaultcore.azure.net" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone" "dnsstorageblob" { + name = "privatelink.blob.core.windows.net" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone" "dnsstoragefile" { + name = "privatelink.file.core.windows.net" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone" "dnscontainerregistry" { + name = "privatelink.azurecr.io" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone" "dnsazureml" { + name = "privatelink.api.azureml.ms" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone" "dnsnotebooks" { + name = "privatelink.azureml.notebooks.net" + resource_group_name = azurerm_resource_group.default.name +} + +# Private endpoints +resource "azurerm_private_endpoint" "keyvault_ple" { + name = "${var.name}-${var.environment}-kv-ple" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + subnet_id = azurerm_subnet.mlsubnet.id + + private_dns_zone_group { + name = "private-dns-zone-group" + private_dns_zone_ids = [azurerm_private_dns_zone.dnsvault.id] + } + + private_service_connection { + name = "${var.name}kv-psc" + private_connection_resource_id = azurerm_key_vault.default.id + subresource_names = [ "vault" ] + is_manual_connection = false + } +} + +resource "azurerm_private_endpoint" "storage_ple_blob" { + name = "${var.name}-${var.environment}-sa-ple-blob" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + subnet_id = azurerm_subnet.mlsubnet.id + + private_dns_zone_group { + name = "private-dns-zone-group" + private_dns_zone_ids = [azurerm_private_dns_zone.dnsstorageblob.id] + } + + private_service_connection { + name = "${var.name}sa-psc" + private_connection_resource_id = azurerm_storage_account.default.id + subresource_names = [ "blob" ] + is_manual_connection = false + } +} + +resource "azurerm_private_endpoint" "storage_ple_file" { + name = "${var.name}-${var.environment}-sa-ple-file" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + subnet_id = azurerm_subnet.mlsubnet.id + + private_dns_zone_group { + name = "private-dns-zone-group" + private_dns_zone_ids = [azurerm_private_dns_zone.dnsstoragefile.id] + } + + private_service_connection { + name = "${var.name}sa-psc" + private_connection_resource_id = azurerm_storage_account.default.id + subresource_names = [ "file" ] + is_manual_connection = false + } +} + +resource "azurerm_private_endpoint" "cr_ple" { + name = "${var.name}-${var.environment}-cr-ple" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + subnet_id = azurerm_subnet.mlsubnet.id + + private_dns_zone_group { + name = "private-dns-zone-group" + private_dns_zone_ids = [azurerm_private_dns_zone.dnscontainerregistry.id] + } + + private_service_connection { + name = "${var.name}cr-psc" + private_connection_resource_id = azurerm_container_registry.default.id + subresource_names = [ "registry" ] + is_manual_connection = false + } +} + +resource "azurerm_private_endpoint" "ml_ple" { + name = "${var.name}-${var.environment}-ple" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + subnet_id = azurerm_subnet.mlsubnet.id + + private_dns_zone_group { + name = "private-dns-zone-group" + private_dns_zone_ids = [ + azurerm_private_dns_zone.dnsazureml.id, + azurerm_private_dns_zone.dnsnotebooks.id + ] + } + + private_service_connection { + name = "${var.name}ml-psc" + private_connection_resource_id = azurerm_machine_learning_workspace.default.id + subresource_names = [ "amlworkspace" ] + is_manual_connection = false + } +} \ No newline at end of file From 14b6c7c279c8387a2dbd26a568ba3ae9b7ca837a Mon Sep 17 00:00:00 2001 From: Dennis Eikelenboom Date: Mon, 16 Aug 2021 09:53:59 -0700 Subject: [PATCH 2/6] include vnet links --- .../201-machine-learning-private/main.tf | 92 ++++++++++++++++++- .../201-machine-learning-private/workspace.tf | 52 +---------- 2 files changed, 94 insertions(+), 50 deletions(-) diff --git a/quickstart/201-machine-learning-private/main.tf b/quickstart/201-machine-learning-private/main.tf index 3a873834..4908b2b8 100644 --- a/quickstart/201-machine-learning-private/main.tf +++ b/quickstart/201-machine-learning-private/main.tf @@ -8,4 +8,94 @@ data "azurerm_client_config" "current" {} resource "azurerm_resource_group" "default" { name = "${var.name}-${var.environment}-rgp" location = "${var.location}" -} \ No newline at end of file +} + +# Virtual network +resource "azurerm_virtual_network" "default" { + name = "${var.name}-${var.environment}-vnet" + address_space = ["10.0.0.0/16"] + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_subnet" "mlsubnet" { + name = "mlsubnet" + resource_group_name = azurerm_resource_group.default.name + virtual_network_name = azurerm_virtual_network.default.name + address_prefixes = ["10.0.1.0/24"] + enforce_private_link_endpoint_network_policies = true +} + +# DNS zones +resource "azurerm_private_dns_zone" "dnsvault" { + name = "privatelink.vaultcore.azure.net" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkvault" { + name = "dnsvaultlink" + resource_group_name = azurerm_resource_group.default.name + private_dns_zone_name = azurerm_private_dns_zone.dnsvault.name + virtual_network_id = azurerm_virtual_network.default.id +} + +resource "azurerm_private_dns_zone" "dnsstorageblob" { + name = "privatelink.blob.core.windows.net" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkblob" { + name = "dnsblobstoragelink" + resource_group_name = azurerm_resource_group.default.name + private_dns_zone_name = azurerm_private_dns_zone.dnsstorageblob.name + virtual_network_id = azurerm_virtual_network.default.id +} + + +resource "azurerm_private_dns_zone" "dnsstoragefile" { + name = "privatelink.file.core.windows.net" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkfile" { + name = "dnsfilestoragelink" + resource_group_name = azurerm_resource_group.default.name + private_dns_zone_name = azurerm_private_dns_zone.dnsstoragefile.name + virtual_network_id = azurerm_virtual_network.default.id +} + +resource "azurerm_private_dns_zone" "dnscontainerregistry" { + name = "privatelink.azurecr.io" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkcr" { + name = "dnscrlink" + resource_group_name = azurerm_resource_group.default.name + private_dns_zone_name = azurerm_private_dns_zone.dnscontainerregistry.name + virtual_network_id = azurerm_virtual_network.default.id +} + +resource "azurerm_private_dns_zone" "dnsazureml" { + name = "privatelink.api.azureml.ms" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkml" { + name = "dnsazuremllink" + resource_group_name = azurerm_resource_group.default.name + private_dns_zone_name = azurerm_private_dns_zone.dnsazureml.name + virtual_network_id = azurerm_virtual_network.default.id +} + +resource "azurerm_private_dns_zone" "dnsnotebooks" { + name = "privatelink.azureml.notebooks.net" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinknbs" { + name = "dnsnotebookslink" + resource_group_name = azurerm_resource_group.default.name + private_dns_zone_name = azurerm_private_dns_zone.dnsnotebooks.name + virtual_network_id = azurerm_virtual_network.default.id +} diff --git a/quickstart/201-machine-learning-private/workspace.tf b/quickstart/201-machine-learning-private/workspace.tf index c21083d3..bdf5ed4e 100644 --- a/quickstart/201-machine-learning-private/workspace.tf +++ b/quickstart/201-machine-learning-private/workspace.tf @@ -12,7 +12,7 @@ resource "azurerm_key_vault" "default" { resource_group_name = azurerm_resource_group.default.name tenant_id = data.azurerm_client_config.current.tenant_id sku_name = "premium" - purge_protection_enabled = false + purge_protection_enabled = true network_acls { default_action = "Deny" @@ -56,53 +56,6 @@ resource "azurerm_machine_learning_workspace" "default" { } } -# Virtual network -resource "azurerm_virtual_network" "default" { - name = "${var.name}-${var.environment}-vnet" - address_space = ["10.0.0.0/16"] - location = azurerm_resource_group.default.location - resource_group_name = azurerm_resource_group.default.name -} - -resource "azurerm_subnet" "mlsubnet" { - name = "mlsubnet" - resource_group_name = azurerm_resource_group.default.name - virtual_network_name = azurerm_virtual_network.default.name - address_prefixes = ["10.0.1.0/24"] - enforce_private_link_endpoint_network_policies = true -} - -# DNS zones -resource "azurerm_private_dns_zone" "dnsvault" { - name = "privatelink.vaultcore.azure.net" - resource_group_name = azurerm_resource_group.default.name -} - -resource "azurerm_private_dns_zone" "dnsstorageblob" { - name = "privatelink.blob.core.windows.net" - resource_group_name = azurerm_resource_group.default.name -} - -resource "azurerm_private_dns_zone" "dnsstoragefile" { - name = "privatelink.file.core.windows.net" - resource_group_name = azurerm_resource_group.default.name -} - -resource "azurerm_private_dns_zone" "dnscontainerregistry" { - name = "privatelink.azurecr.io" - resource_group_name = azurerm_resource_group.default.name -} - -resource "azurerm_private_dns_zone" "dnsazureml" { - name = "privatelink.api.azureml.ms" - resource_group_name = azurerm_resource_group.default.name -} - -resource "azurerm_private_dns_zone" "dnsnotebooks" { - name = "privatelink.azureml.notebooks.net" - resource_group_name = azurerm_resource_group.default.name -} - # Private endpoints resource "azurerm_private_endpoint" "keyvault_ple" { name = "${var.name}-${var.environment}-kv-ple" @@ -181,7 +134,7 @@ resource "azurerm_private_endpoint" "cr_ple" { } resource "azurerm_private_endpoint" "ml_ple" { - name = "${var.name}-${var.environment}-ple" + name = "${var.name}-${var.environment}-ml-ple" location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name subnet_id = azurerm_subnet.mlsubnet.id @@ -200,4 +153,5 @@ resource "azurerm_private_endpoint" "ml_ple" { subresource_names = [ "amlworkspace" ] is_manual_connection = false } + } \ No newline at end of file From 3cb80cebe4e2d518fd85ce60f2294cee29d543fc Mon Sep 17 00:00:00 2001 From: Dennis Eikelenboom Date: Wed, 18 Aug 2021 08:23:27 -0700 Subject: [PATCH 3/6] update docs --- quickstart/101-machine-learning/readme.md | 39 ++++++++ .../201-machine-learning-private/main.tf | 90 ------------------- .../201-machine-learning-private/network.tf | 89 ++++++++++++++++++ .../201-machine-learning-private/readme.md | 50 +++++++++++ 4 files changed, 178 insertions(+), 90 deletions(-) create mode 100644 quickstart/101-machine-learning/readme.md create mode 100644 quickstart/201-machine-learning-private/network.tf create mode 100644 quickstart/201-machine-learning-private/readme.md diff --git a/quickstart/101-machine-learning/readme.md b/quickstart/101-machine-learning/readme.md new file mode 100644 index 00000000..8211d4bf --- /dev/null +++ b/quickstart/101-machine-learning/readme.md @@ -0,0 +1,39 @@ +# Azure Machine Learning workspace + +This deployment template specifies an [Azure Machine Learning workspace](https://docs.microsoft.com/en-us/azure/machine-learning/concept-workspace), +and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. + +This template describes the minimal set of resources you require to get started with Azure Machine Learning. + +## Resources + +| Terraform Resource Type | Description | +| - | - | +| `azurerm_resource_group` | The resource group all resources get deployed into | +| `azurerm_application_insights` | An Azure Application Insights instance associated to the Azure Machine Learning workspace | +| `azurerm_key_vault` | An Azure Key Vault instance associated to the Azure Machine Learning workspace | +| `azurerm_storage_account` | An Azure Storage instance associated to the Azure Machine Learning workspace | +| `azurerm_container_registry` | An Azure Container Registry instance associated to the Azure Machine Learning workspace | +| `azurerm_machine_learning_workspace` | An Azure Machine Learning workspace instance | + +## Variables + +| Name | Description | +|-|-| +| name | Name of the deployment | +| environment | The deployment environment name (used for pre- and postfixing resource names) | +| location | The Azure region used for deployments | + +## Usage + +```bash +terraform plan \ + -var 'name=azureml999' \ + -var 'environment=dev' \ + -var 'location=East US' \ + -out demo.tfplan + +terraform apply demo.tfplan +``` + +\* Example shown with [Bash](https://www.gnu.org/software/bash/). For [Powershell](https://docs.microsoft.com/en-us/powershell/) replace backslashes with backticks. \ No newline at end of file diff --git a/quickstart/201-machine-learning-private/main.tf b/quickstart/201-machine-learning-private/main.tf index 4908b2b8..59201a17 100644 --- a/quickstart/201-machine-learning-private/main.tf +++ b/quickstart/201-machine-learning-private/main.tf @@ -9,93 +9,3 @@ resource "azurerm_resource_group" "default" { name = "${var.name}-${var.environment}-rgp" location = "${var.location}" } - -# Virtual network -resource "azurerm_virtual_network" "default" { - name = "${var.name}-${var.environment}-vnet" - address_space = ["10.0.0.0/16"] - location = azurerm_resource_group.default.location - resource_group_name = azurerm_resource_group.default.name -} - -resource "azurerm_subnet" "mlsubnet" { - name = "mlsubnet" - resource_group_name = azurerm_resource_group.default.name - virtual_network_name = azurerm_virtual_network.default.name - address_prefixes = ["10.0.1.0/24"] - enforce_private_link_endpoint_network_policies = true -} - -# DNS zones -resource "azurerm_private_dns_zone" "dnsvault" { - name = "privatelink.vaultcore.azure.net" - resource_group_name = azurerm_resource_group.default.name -} - -resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkvault" { - name = "dnsvaultlink" - resource_group_name = azurerm_resource_group.default.name - private_dns_zone_name = azurerm_private_dns_zone.dnsvault.name - virtual_network_id = azurerm_virtual_network.default.id -} - -resource "azurerm_private_dns_zone" "dnsstorageblob" { - name = "privatelink.blob.core.windows.net" - resource_group_name = azurerm_resource_group.default.name -} - -resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkblob" { - name = "dnsblobstoragelink" - resource_group_name = azurerm_resource_group.default.name - private_dns_zone_name = azurerm_private_dns_zone.dnsstorageblob.name - virtual_network_id = azurerm_virtual_network.default.id -} - - -resource "azurerm_private_dns_zone" "dnsstoragefile" { - name = "privatelink.file.core.windows.net" - resource_group_name = azurerm_resource_group.default.name -} - -resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkfile" { - name = "dnsfilestoragelink" - resource_group_name = azurerm_resource_group.default.name - private_dns_zone_name = azurerm_private_dns_zone.dnsstoragefile.name - virtual_network_id = azurerm_virtual_network.default.id -} - -resource "azurerm_private_dns_zone" "dnscontainerregistry" { - name = "privatelink.azurecr.io" - resource_group_name = azurerm_resource_group.default.name -} - -resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkcr" { - name = "dnscrlink" - resource_group_name = azurerm_resource_group.default.name - private_dns_zone_name = azurerm_private_dns_zone.dnscontainerregistry.name - virtual_network_id = azurerm_virtual_network.default.id -} - -resource "azurerm_private_dns_zone" "dnsazureml" { - name = "privatelink.api.azureml.ms" - resource_group_name = azurerm_resource_group.default.name -} - -resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkml" { - name = "dnsazuremllink" - resource_group_name = azurerm_resource_group.default.name - private_dns_zone_name = azurerm_private_dns_zone.dnsazureml.name - virtual_network_id = azurerm_virtual_network.default.id -} - -resource "azurerm_private_dns_zone" "dnsnotebooks" { - name = "privatelink.azureml.notebooks.net" - resource_group_name = azurerm_resource_group.default.name -} - -resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinknbs" { - name = "dnsnotebookslink" - resource_group_name = azurerm_resource_group.default.name - private_dns_zone_name = azurerm_private_dns_zone.dnsnotebooks.name - virtual_network_id = azurerm_virtual_network.default.id -} diff --git a/quickstart/201-machine-learning-private/network.tf b/quickstart/201-machine-learning-private/network.tf new file mode 100644 index 00000000..de660c42 --- /dev/null +++ b/quickstart/201-machine-learning-private/network.tf @@ -0,0 +1,89 @@ +# Virtual Network resources +resource "azurerm_virtual_network" "default" { + name = "${var.name}-${var.environment}-vnet" + address_space = ["10.0.0.0/16"] + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_subnet" "mlsubnet" { + name = "mlsubnet" + resource_group_name = azurerm_resource_group.default.name + virtual_network_name = azurerm_virtual_network.default.name + address_prefixes = ["10.0.1.0/24"] + enforce_private_link_endpoint_network_policies = true +} + +# DNS zones +resource "azurerm_private_dns_zone" "dnsvault" { + name = "privatelink.vaultcore.azure.net" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkvault" { + name = "dnsvaultlink" + resource_group_name = azurerm_resource_group.default.name + private_dns_zone_name = azurerm_private_dns_zone.dnsvault.name + virtual_network_id = azurerm_virtual_network.default.id +} + +resource "azurerm_private_dns_zone" "dnsstorageblob" { + name = "privatelink.blob.core.windows.net" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkblob" { + name = "dnsblobstoragelink" + resource_group_name = azurerm_resource_group.default.name + private_dns_zone_name = azurerm_private_dns_zone.dnsstorageblob.name + virtual_network_id = azurerm_virtual_network.default.id +} + + +resource "azurerm_private_dns_zone" "dnsstoragefile" { + name = "privatelink.file.core.windows.net" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkfile" { + name = "dnsfilestoragelink" + resource_group_name = azurerm_resource_group.default.name + private_dns_zone_name = azurerm_private_dns_zone.dnsstoragefile.name + virtual_network_id = azurerm_virtual_network.default.id +} + +resource "azurerm_private_dns_zone" "dnscontainerregistry" { + name = "privatelink.azurecr.io" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkcr" { + name = "dnscrlink" + resource_group_name = azurerm_resource_group.default.name + private_dns_zone_name = azurerm_private_dns_zone.dnscontainerregistry.name + virtual_network_id = azurerm_virtual_network.default.id +} + +resource "azurerm_private_dns_zone" "dnsazureml" { + name = "privatelink.api.azureml.ms" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinkml" { + name = "dnsazuremllink" + resource_group_name = azurerm_resource_group.default.name + private_dns_zone_name = azurerm_private_dns_zone.dnsazureml.name + virtual_network_id = azurerm_virtual_network.default.id +} + +resource "azurerm_private_dns_zone" "dnsnotebooks" { + name = "privatelink.azureml.notebooks.net" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone_virtual_network_link" "vnetlinknbs" { + name = "dnsnotebookslink" + resource_group_name = azurerm_resource_group.default.name + private_dns_zone_name = azurerm_private_dns_zone.dnsnotebooks.name + virtual_network_id = azurerm_virtual_network.default.id +} diff --git a/quickstart/201-machine-learning-private/readme.md b/quickstart/201-machine-learning-private/readme.md new file mode 100644 index 00000000..f4cda8d1 --- /dev/null +++ b/quickstart/201-machine-learning-private/readme.md @@ -0,0 +1,50 @@ +# Azure Machine Learning workspace using Azure Private Link + +This deployment template specifies an [Azure Machine Learning workspace](https://docs.microsoft.com/en-us/azure/machine-learning/concept-workspace), +and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. + +In addition to these core services, this template deploys any networking components that are required to set up Azure Machine Learning +for private network connectivity using [Azure Private Link](https://docs.microsoft.com/en-us/azure/private-link/). + +This template describes the minimal set of resources you require to get started with Azure Machine Learning in a network-isolated set-up. + +To learn more about security configurations in Azure Machine Learning, see [Enterprise security and governance for Azure Machine Learning](https://docs.microsoft.com/en-us/azure/machine-learning/concept-enterprise-security). + +## Resources + +| Terraform Resource Type | Description | +| - | - | +| `azurerm_resource_group` | The resource group all resources get deployed into | +| `azurerm_application_insights` | An Azure Application Insights instance associated to the Azure Machine Learning workspace | +| `azurerm_key_vault` | An Azure Key Vault instance associated to the Azure Machine Learning workspace | +| `azurerm_storage_account` | An Azure Storage instance associated to the Azure Machine Learning workspace | +| `azurerm_container_registry` | An Azure Container Registry instance associated to the Azure Machine Learning workspace | +| `azurerm_machine_learning_workspace` | An Azure Machine Learning workspace instance | +| `azurerm_virtual_network` | An Azure Machine Learning workspace instance | +| `azurerm_subnet` | An Azure Machine Learning workspace instance | +| `azurerm_private_dns_zone` | Private DNS Zones for FQDNs required for Azure Machine Learning and associated resources | +| `azurerm_private_dns_zone_virtual_network_link` | Virtual network links of the Private DNS Zones to the virtual network resource | +| `azurerm_private_endpoint` | Private Endpoints for the Azure Machine Learning workspace and associated resources | + +## Variables + +| Name | Description | +|-|-| +| name | Name of the deployment | +| environment | The deployment environment name (used for pre- and postfixing resource names) | +| location | The Azure region used for deployments | + + +## Usage + +```bash +terraform plan \ + -var 'name=azureml999' \ + -var 'environment=dev' \ + -var 'location=East US' \ + -out demo.tfplan + +terraform apply demo.tfplan +``` + +\* Example shown with [Bash](https://www.gnu.org/software/bash/). For [Powershell](https://docs.microsoft.com/en-us/powershell/) replace backslashes with backticks. \ No newline at end of file From d0bba2ea8d227a34e4f18a5b317792ad1dc97f34 Mon Sep 17 00:00:00 2001 From: "Mark Gray (MSFT)" <2914336+grayzu@users.noreply.github.com> Date: Wed, 18 Aug 2021 10:28:14 -0700 Subject: [PATCH 4/6] Removing git ignore from PR Git ignore should not be include in the PR. --- .gitignore | 297 ----------------------------------------------------- 1 file changed, 297 deletions(-) delete mode 100644 .gitignore diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 5b6ef27a..00000000 --- a/.gitignore +++ /dev/null @@ -1,297 +0,0 @@ -## Ignore terraform provider and state files -*.terraform -*.tfstate* -.terraform.lock.hcl - -## Ignore Visual Studio temporary files, build results, and -## files generated by popular Visual Studio add-ons. -## -## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore - -# User-specific files -*.suo -*.user -*.userosscache -*.sln.docstates - -# User-specific files (MonoDevelop/Xamarin Studio) -*.userprefs - -# Build results -[Dd]ebug/ -[Dd]ebugPublic/ -[Rr]elease/ -[Rr]eleases/ -x64/ -x86/ -bld/ -[Bb]in/ -[Oo]bj/ -[Ll]og/ - -# Visual Studio 2015 cache/options directory -.vs/ -# Uncomment if you have tasks that create the project's static files in wwwroot -#wwwroot/ - -# MSTest test Results -[Tt]est[Rr]esult*/ -[Bb]uild[Ll]og.* - -# NUNIT -*.VisualState.xml -TestResult.xml - -# Build Results of an ATL Project -[Dd]ebugPS/ -[Rr]eleasePS/ -dlldata.c - -# .NET Core -project.lock.json -project.fragment.lock.json -artifacts/ -**/Properties/launchSettings.json - -*_i.c -*_p.c -*_i.h -*.ilk -*.meta -*.obj -*.pch -*.pdb -*.pgc -*.pgd -*.rsp -*.sbr -*.tlb -*.tli -*.tlh -*.tmp -*.tmp_proj -*.log -*.vspscc -*.vssscc -.builds -*.pidb -*.svclog -*.scc - -# Chutzpah Test files -_Chutzpah* - -# Visual C++ cache files -ipch/ -*.aps -*.ncb -*.opendb -*.opensdf -*.sdf -*.cachefile -*.VC.db -*.VC.VC.opendb - -# Visual Studio profiler -*.psess -*.vsp -*.vspx -*.sap - -# TFS 2012 Local Workspace -$tf/ - -# Guidance Automation Toolkit -*.gpState - -# ReSharper is a .NET coding add-in -_ReSharper*/ -*.[Rr]e[Ss]harper -*.DotSettings.user - -# JustCode is a .NET coding add-in -.JustCode - -# TeamCity is a build add-in -_TeamCity* - -# DotCover is a Code Coverage Tool -*.dotCover - -# Visual Studio code coverage results -*.coverage -*.coveragexml - -# NCrunch -_NCrunch_* -.*crunch*.local.xml -nCrunchTemp_* - -# MightyMoose -*.mm.* -AutoTest.Net/ - -# Web workbench (sass) -.sass-cache/ - -# Installshield output folder -[Ee]xpress/ - -# DocProject is a documentation generator add-in -DocProject/buildhelp/ -DocProject/Help/*.HxT -DocProject/Help/*.HxC -DocProject/Help/*.hhc -DocProject/Help/*.hhk -DocProject/Help/*.hhp -DocProject/Help/Html2 -DocProject/Help/html - -# Click-Once directory -publish/ - -# Publish Web Output -*.[Pp]ublish.xml -*.azurePubxml -# TODO: Comment the next line if you want to checkin your web deploy settings -# but database connection strings (with potential passwords) will be unencrypted -*.pubxml -*.publishproj - -# Microsoft Azure Web App publish settings. Comment the next line if you want to -# checkin your Azure Web App publish settings, but sensitive information contained -# in these scripts will be unencrypted -PublishScripts/ - -# NuGet Packages -*.nupkg -# The packages folder can be ignored because of Package Restore -**/packages/* -# except build/, which is used as an MSBuild target. -!**/packages/build/ -# Uncomment if necessary however generally it will be regenerated when needed -#!**/packages/repositories.config -# NuGet v3's project.json files produces more ignorable files -*.nuget.props -*.nuget.targets - -# Microsoft Azure Build Output -csx/ -*.build.csdef - -# Microsoft Azure Emulator -ecf/ -rcf/ - -# Windows Store app package directories and files -AppPackages/ -BundleArtifacts/ -Package.StoreAssociation.xml -_pkginfo.txt - -# Visual Studio cache files -# files ending in .cache can be ignored -*.[Cc]ache -# but keep track of directories ending in .cache -!*.[Cc]ache/ - -# Others -ClientBin/ -~$* -*~ -*.dbmdl -*.dbproj.schemaview -*.jfm -*.pfx -*.publishsettings -orleans.codegen.cs - -# Since there are multiple workflows, uncomment next line to ignore bower_components -# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) -#bower_components/ - -# RIA/Silverlight projects -Generated_Code/ - -# Backup & report files from converting an old project file -# to a newer Visual Studio version. Backup files are not needed, -# because we have git ;-) -_UpgradeReport_Files/ -Backup*/ -UpgradeLog*.XML -UpgradeLog*.htm - -# SQL Server files -*.mdf -*.ldf -*.ndf - -# Business Intelligence projects -*.rdl.data -*.bim.layout -*.bim_*.settings - -# Microsoft Fakes -FakesAssemblies/ - -# GhostDoc plugin setting file -*.GhostDoc.xml - -# Node.js Tools for Visual Studio -.ntvs_analysis.dat -node_modules/ - -# Typescript v1 declaration files -typings/ - -# Visual Studio 6 build log -*.plg - -# Visual Studio 6 workspace options file -*.opt - -# Visual Studio 6 auto-generated workspace file (contains which files were open etc.) -*.vbw - -# Visual Studio LightSwitch build output -**/*.HTMLClient/GeneratedArtifacts -**/*.DesktopClient/GeneratedArtifacts -**/*.DesktopClient/ModelManifest.xml -**/*.Server/GeneratedArtifacts -**/*.Server/ModelManifest.xml -_Pvt_Extensions - -# Paket dependency manager -.paket/paket.exe -paket-files/ - -# FAKE - F# Make -.fake/ - -# JetBrains Rider -.idea/ -*.sln.iml - -# CodeRush -.cr/ - -# Python Tools for Visual Studio (PTVS) -__pycache__/ -*.pyc - -# Cake - Uncomment if you are using it -# tools/** -# !tools/packages.config - -# Telerik's JustMock configuration file -*.jmconfig - -# BizTalk build output -*.btp.cs -*.btm.cs -*.odx.cs -*.xsd.cs - -# Golang -go.sum -.test-data/ \ No newline at end of file From 79449910c3b2b8ffee15f1b41bcb4db983258cdc Mon Sep 17 00:00:00 2001 From: Dennis Eikelenboom Date: Wed, 18 Aug 2021 10:36:04 -0700 Subject: [PATCH 5/6] Clarify examples and read me --- quickstart/101-machine-learning/main.tf | 14 ++++++++++++-- quickstart/101-machine-learning/readme.md | 10 ++-------- quickstart/201-machine-learning-private/main.tf | 16 +++++++++++++--- .../201-machine-learning-private/network.tf | 8 ++++---- .../201-machine-learning-private/readme.md | 10 ++-------- .../201-machine-learning-private/variables.tf | 14 +++++++++++++- .../201-machine-learning-private/workspace.tf | 2 +- 7 files changed, 47 insertions(+), 27 deletions(-) diff --git a/quickstart/101-machine-learning/main.tf b/quickstart/101-machine-learning/main.tf index 3a873834..a2d6a6f7 100644 --- a/quickstart/101-machine-learning/main.tf +++ b/quickstart/101-machine-learning/main.tf @@ -1,6 +1,16 @@ +terraform { + required_version = ">=0.15.0" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "=2.56.0" + } + } +} + provider "azurerm" { - version = "~>2.0" - features {} + features {} } data "azurerm_client_config" "current" {} diff --git a/quickstart/101-machine-learning/readme.md b/quickstart/101-machine-learning/readme.md index 8211d4bf..1bf3d7c5 100644 --- a/quickstart/101-machine-learning/readme.md +++ b/quickstart/101-machine-learning/readme.md @@ -27,13 +27,7 @@ This template describes the minimal set of resources you require to get started ## Usage ```bash -terraform plan \ - -var 'name=azureml999' \ - -var 'environment=dev' \ - -var 'location=East US' \ - -out demo.tfplan +terraform plan -var name=azureml567 -out demo.tfplan -terraform apply demo.tfplan +terraform apply "demo.tfplan" ``` - -\* Example shown with [Bash](https://www.gnu.org/software/bash/). For [Powershell](https://docs.microsoft.com/en-us/powershell/) replace backslashes with backticks. \ No newline at end of file diff --git a/quickstart/201-machine-learning-private/main.tf b/quickstart/201-machine-learning-private/main.tf index 59201a17..5f1e8381 100644 --- a/quickstart/201-machine-learning-private/main.tf +++ b/quickstart/201-machine-learning-private/main.tf @@ -1,6 +1,16 @@ +terraform { + required_version = ">=0.15.0" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "=2.72.0" + } + } +} + provider "azurerm" { - version = "~>2.0" - features {} + features {} } data "azurerm_client_config" "current" {} @@ -8,4 +18,4 @@ data "azurerm_client_config" "current" {} resource "azurerm_resource_group" "default" { name = "${var.name}-${var.environment}-rgp" location = "${var.location}" -} +} \ No newline at end of file diff --git a/quickstart/201-machine-learning-private/network.tf b/quickstart/201-machine-learning-private/network.tf index de660c42..65d7b682 100644 --- a/quickstart/201-machine-learning-private/network.tf +++ b/quickstart/201-machine-learning-private/network.tf @@ -1,7 +1,7 @@ -# Virtual Network resources +# Virtual Network resource "azurerm_virtual_network" "default" { name = "${var.name}-${var.environment}-vnet" - address_space = ["10.0.0.0/16"] + address_space = var.vnet_address_space location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name } @@ -10,11 +10,11 @@ resource "azurerm_subnet" "mlsubnet" { name = "mlsubnet" resource_group_name = azurerm_resource_group.default.name virtual_network_name = azurerm_virtual_network.default.name - address_prefixes = ["10.0.1.0/24"] + address_prefixes = var.subnet_address_space enforce_private_link_endpoint_network_policies = true } -# DNS zones +# Private DNS Zones resource "azurerm_private_dns_zone" "dnsvault" { name = "privatelink.vaultcore.azure.net" resource_group_name = azurerm_resource_group.default.name diff --git a/quickstart/201-machine-learning-private/readme.md b/quickstart/201-machine-learning-private/readme.md index f4cda8d1..221333ab 100644 --- a/quickstart/201-machine-learning-private/readme.md +++ b/quickstart/201-machine-learning-private/readme.md @@ -38,13 +38,7 @@ To learn more about security configurations in Azure Machine Learning, see [Ente ## Usage ```bash -terraform plan \ - -var 'name=azureml999' \ - -var 'environment=dev' \ - -var 'location=East US' \ - -out demo.tfplan +terraform plan -var name=azureml567 -out demo.tfplan -terraform apply demo.tfplan +terraform apply "demo.tfplan" ``` - -\* Example shown with [Bash](https://www.gnu.org/software/bash/). For [Powershell](https://docs.microsoft.com/en-us/powershell/) replace backslashes with backticks. \ No newline at end of file diff --git a/quickstart/201-machine-learning-private/variables.tf b/quickstart/201-machine-learning-private/variables.tf index acf05ee1..274468c6 100644 --- a/quickstart/201-machine-learning-private/variables.tf +++ b/quickstart/201-machine-learning-private/variables.tf @@ -1,7 +1,7 @@ variable "name" { type = string description = "Name of the deployment" - default = "mlple999" + default = "azureml568" } variable "environment" { @@ -14,4 +14,16 @@ variable "location" { type = string description = "Location of the resources" default = "East US" +} + +variable "vnet_address_space" { + type = list(string) + description = "Address space of the subnet" + default = ["10.0.0.0/16"] +} + +variable "subnet_address_space" { + type = list(string) + description = "Address space of the subnet" + default = ["10.0.0.0/24"] } \ No newline at end of file diff --git a/quickstart/201-machine-learning-private/workspace.tf b/quickstart/201-machine-learning-private/workspace.tf index bdf5ed4e..911dbe80 100644 --- a/quickstart/201-machine-learning-private/workspace.tf +++ b/quickstart/201-machine-learning-private/workspace.tf @@ -1,4 +1,4 @@ -# Dependent resources for Azure Machine Learning +# Dependent resources for the workspace resource "azurerm_application_insights" "default" { name = "${var.name}-${var.environment}-ain" location = azurerm_resource_group.default.location From d8141155599fe886d521db54fb28a66ff73c0fba Mon Sep 17 00:00:00 2001 From: Dennis Eikelenboom Date: Wed, 18 Aug 2021 11:58:01 -0700 Subject: [PATCH 6/6] update resource abbrevations to azure standarsd --- quickstart/101-machine-learning/main.tf | 4 +- quickstart/101-machine-learning/readme.md | 4 +- quickstart/101-machine-learning/variables.tf | 1 - quickstart/101-machine-learning/workspace.tf | 10 ++--- .../201-machine-learning-private/main.tf | 6 +-- .../201-machine-learning-private/network.tf | 2 +- .../201-machine-learning-private/readme.md | 6 +-- .../201-machine-learning-private/variables.tf | 1 - .../201-machine-learning-private/workspace.tf | 40 +++++++++---------- 9 files changed, 36 insertions(+), 38 deletions(-) diff --git a/quickstart/101-machine-learning/main.tf b/quickstart/101-machine-learning/main.tf index a2d6a6f7..3c5cf513 100644 --- a/quickstart/101-machine-learning/main.tf +++ b/quickstart/101-machine-learning/main.tf @@ -16,6 +16,6 @@ provider "azurerm" { data "azurerm_client_config" "current" {} resource "azurerm_resource_group" "default" { - name = "${var.name}-${var.environment}-rgp" - location = "${var.location}" + name = "rg-${var.name}-${var.environment}" + location = var.location } \ No newline at end of file diff --git a/quickstart/101-machine-learning/readme.md b/quickstart/101-machine-learning/readme.md index 1bf3d7c5..0bfd76f1 100644 --- a/quickstart/101-machine-learning/readme.md +++ b/quickstart/101-machine-learning/readme.md @@ -1,9 +1,9 @@ # Azure Machine Learning workspace -This deployment template specifies an [Azure Machine Learning workspace](https://docs.microsoft.com/en-us/azure/machine-learning/concept-workspace), +This deployment configuration specifies an [Azure Machine Learning workspace](https://docs.microsoft.com/en-us/azure/machine-learning/concept-workspace), and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. -This template describes the minimal set of resources you require to get started with Azure Machine Learning. +This configuration describes the minimal set of resources you require to get started with Azure Machine Learning. ## Resources diff --git a/quickstart/101-machine-learning/variables.tf b/quickstart/101-machine-learning/variables.tf index 8140ad98..2eef923b 100644 --- a/quickstart/101-machine-learning/variables.tf +++ b/quickstart/101-machine-learning/variables.tf @@ -1,7 +1,6 @@ variable "name" { type = string description = "Name of the deployment" - default = "azureml999" } variable "environment" { diff --git a/quickstart/101-machine-learning/workspace.tf b/quickstart/101-machine-learning/workspace.tf index de924454..edc60426 100644 --- a/quickstart/101-machine-learning/workspace.tf +++ b/quickstart/101-machine-learning/workspace.tf @@ -1,13 +1,13 @@ # Dependent resources for Azure Machine Learning resource "azurerm_application_insights" "default" { - name = "${var.name}-${var.environment}-ain" + name = "appi-${var.name}-${var.environment}" location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name application_type = "web" } resource "azurerm_key_vault" "default" { - name = "${var.name}${var.environment}kv" + name = "kv-${var.name}-${var.environment}" location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name tenant_id = data.azurerm_client_config.current.tenant_id @@ -21,7 +21,7 @@ resource "azurerm_key_vault" "default" { } resource "azurerm_storage_account" "default" { - name = "${var.name}${var.environment}sa" + name = "st${var.name}${var.environment}" location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name account_tier = "Standard" @@ -34,7 +34,7 @@ resource "azurerm_storage_account" "default" { } resource "azurerm_container_registry" "default" { - name = "${var.name}${var.environment}cr" + name = "cr${var.name}${var.environment}" location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name sku = "Premium" @@ -43,7 +43,7 @@ resource "azurerm_container_registry" "default" { # Machine Learning workspace resource "azurerm_machine_learning_workspace" "default" { - name = "${var.name}-${var.environment}-aml" + name = "mlw-${var.name}-${var.environment}" location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name application_insights_id = azurerm_application_insights.default.id diff --git a/quickstart/201-machine-learning-private/main.tf b/quickstart/201-machine-learning-private/main.tf index 5f1e8381..b6b66a46 100644 --- a/quickstart/201-machine-learning-private/main.tf +++ b/quickstart/201-machine-learning-private/main.tf @@ -16,6 +16,6 @@ provider "azurerm" { data "azurerm_client_config" "current" {} resource "azurerm_resource_group" "default" { - name = "${var.name}-${var.environment}-rgp" - location = "${var.location}" -} \ No newline at end of file + name = "rg-${var.name}-${var.environment}" + location = var.location +} diff --git a/quickstart/201-machine-learning-private/network.tf b/quickstart/201-machine-learning-private/network.tf index 65d7b682..dbf1b6a6 100644 --- a/quickstart/201-machine-learning-private/network.tf +++ b/quickstart/201-machine-learning-private/network.tf @@ -1,6 +1,6 @@ # Virtual Network resource "azurerm_virtual_network" "default" { - name = "${var.name}-${var.environment}-vnet" + name = "vnet-${var.name}-${var.environment}" address_space = var.vnet_address_space location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name diff --git a/quickstart/201-machine-learning-private/readme.md b/quickstart/201-machine-learning-private/readme.md index 221333ab..70c1b663 100644 --- a/quickstart/201-machine-learning-private/readme.md +++ b/quickstart/201-machine-learning-private/readme.md @@ -1,12 +1,12 @@ # Azure Machine Learning workspace using Azure Private Link -This deployment template specifies an [Azure Machine Learning workspace](https://docs.microsoft.com/en-us/azure/machine-learning/concept-workspace), +This deployment configuration specifies an [Azure Machine Learning workspace](https://docs.microsoft.com/en-us/azure/machine-learning/concept-workspace), and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. -In addition to these core services, this template deploys any networking components that are required to set up Azure Machine Learning +In addition to these core services, this configuration specifies any networking components that are required to set up Azure Machine Learning for private network connectivity using [Azure Private Link](https://docs.microsoft.com/en-us/azure/private-link/). -This template describes the minimal set of resources you require to get started with Azure Machine Learning in a network-isolated set-up. +This configuration describes the minimal set of resources you require to get started with Azure Machine Learning in a network-isolated set-up. To learn more about security configurations in Azure Machine Learning, see [Enterprise security and governance for Azure Machine Learning](https://docs.microsoft.com/en-us/azure/machine-learning/concept-enterprise-security). diff --git a/quickstart/201-machine-learning-private/variables.tf b/quickstart/201-machine-learning-private/variables.tf index 274468c6..ae58bfd1 100644 --- a/quickstart/201-machine-learning-private/variables.tf +++ b/quickstart/201-machine-learning-private/variables.tf @@ -1,7 +1,6 @@ variable "name" { type = string description = "Name of the deployment" - default = "azureml568" } variable "environment" { diff --git a/quickstart/201-machine-learning-private/workspace.tf b/quickstart/201-machine-learning-private/workspace.tf index 911dbe80..da718bc2 100644 --- a/quickstart/201-machine-learning-private/workspace.tf +++ b/quickstart/201-machine-learning-private/workspace.tf @@ -1,18 +1,18 @@ -# Dependent resources for the workspace +# Dependent resources for Azure Machine Learning resource "azurerm_application_insights" "default" { - name = "${var.name}-${var.environment}-ain" + name = "appi-${var.name}-${var.environment}" location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name application_type = "web" } resource "azurerm_key_vault" "default" { - name = "${var.name}${var.environment}kv" + name = "kv-${var.name}-${var.environment}" location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name tenant_id = data.azurerm_client_config.current.tenant_id sku_name = "premium" - purge_protection_enabled = true + purge_protection_enabled = false network_acls { default_action = "Deny" @@ -21,7 +21,7 @@ resource "azurerm_key_vault" "default" { } resource "azurerm_storage_account" "default" { - name = "${var.name}${var.environment}sa" + name = "st${var.name}${var.environment}" location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name account_tier = "Standard" @@ -34,7 +34,7 @@ resource "azurerm_storage_account" "default" { } resource "azurerm_container_registry" "default" { - name = "${var.name}${var.environment}cr" + name = "cr${var.name}${var.environment}" location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name sku = "Premium" @@ -43,7 +43,7 @@ resource "azurerm_container_registry" "default" { # Machine Learning workspace resource "azurerm_machine_learning_workspace" "default" { - name = "${var.name}-${var.environment}-aml" + name = "mlw-${var.name}-${var.environment}" location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name application_insights_id = azurerm_application_insights.default.id @@ -57,8 +57,8 @@ resource "azurerm_machine_learning_workspace" "default" { } # Private endpoints -resource "azurerm_private_endpoint" "keyvault_ple" { - name = "${var.name}-${var.environment}-kv-ple" +resource "azurerm_private_endpoint" "kv_ple" { + name = "ple-${var.name}-${var.environment}-kv" location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name subnet_id = azurerm_subnet.mlsubnet.id @@ -69,15 +69,15 @@ resource "azurerm_private_endpoint" "keyvault_ple" { } private_service_connection { - name = "${var.name}kv-psc" + name = "psc-${var.name}-kv" private_connection_resource_id = azurerm_key_vault.default.id subresource_names = [ "vault" ] is_manual_connection = false } } -resource "azurerm_private_endpoint" "storage_ple_blob" { - name = "${var.name}-${var.environment}-sa-ple-blob" +resource "azurerm_private_endpoint" "st_ple_blob" { + name = "ple-${var.name}-${var.environment}-st-blob" location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name subnet_id = azurerm_subnet.mlsubnet.id @@ -88,7 +88,7 @@ resource "azurerm_private_endpoint" "storage_ple_blob" { } private_service_connection { - name = "${var.name}sa-psc" + name = "psc-${var.name}-st" private_connection_resource_id = azurerm_storage_account.default.id subresource_names = [ "blob" ] is_manual_connection = false @@ -96,7 +96,7 @@ resource "azurerm_private_endpoint" "storage_ple_blob" { } resource "azurerm_private_endpoint" "storage_ple_file" { - name = "${var.name}-${var.environment}-sa-ple-file" + name = "ple-${var.name}-${var.environment}-st-file" location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name subnet_id = azurerm_subnet.mlsubnet.id @@ -107,7 +107,7 @@ resource "azurerm_private_endpoint" "storage_ple_file" { } private_service_connection { - name = "${var.name}sa-psc" + name = "psc-${var.name}-st" private_connection_resource_id = azurerm_storage_account.default.id subresource_names = [ "file" ] is_manual_connection = false @@ -115,7 +115,7 @@ resource "azurerm_private_endpoint" "storage_ple_file" { } resource "azurerm_private_endpoint" "cr_ple" { - name = "${var.name}-${var.environment}-cr-ple" + name = "ple-${var.name}-${var.environment}-cr" location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name subnet_id = azurerm_subnet.mlsubnet.id @@ -126,15 +126,15 @@ resource "azurerm_private_endpoint" "cr_ple" { } private_service_connection { - name = "${var.name}cr-psc" + name = "psc-${var.name}-cr" private_connection_resource_id = azurerm_container_registry.default.id subresource_names = [ "registry" ] is_manual_connection = false } } -resource "azurerm_private_endpoint" "ml_ple" { - name = "${var.name}-${var.environment}-ml-ple" +resource "azurerm_private_endpoint" "mlw_ple" { + name = "ple-${var.name}-${var.environment}-mlw" location = azurerm_resource_group.default.location resource_group_name = azurerm_resource_group.default.name subnet_id = azurerm_subnet.mlsubnet.id @@ -148,7 +148,7 @@ resource "azurerm_private_endpoint" "ml_ple" { } private_service_connection { - name = "${var.name}ml-psc" + name = "psc-${var.name}-mlw" private_connection_resource_id = azurerm_machine_learning_workspace.default.id subresource_names = [ "amlworkspace" ] is_manual_connection = false