diff --git a/.gitignore b/.gitignore index 37a6b4dc..5b6ef27a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,7 @@ ## Ignore terraform provider and state files *.terraform *.tfstate* +.terraform.lock.hcl ## Ignore Visual Studio temporary files, build results, and ## files generated by popular Visual Studio add-ons. diff --git a/quickstart/101-machine-learning/main.tf b/quickstart/101-machine-learning/main.tf new file mode 100644 index 00000000..3a873834 --- /dev/null +++ b/quickstart/101-machine-learning/main.tf @@ -0,0 +1,11 @@ +provider "azurerm" { + version = "~>2.0" + features {} +} + +data "azurerm_client_config" "current" {} + +resource "azurerm_resource_group" "default" { + name = "${var.name}-${var.environment}-rgp" + location = "${var.location}" +} \ No newline at end of file diff --git a/quickstart/101-machine-learning/variables.tf b/quickstart/101-machine-learning/variables.tf new file mode 100644 index 00000000..8140ad98 --- /dev/null +++ b/quickstart/101-machine-learning/variables.tf @@ -0,0 +1,17 @@ +variable "name" { + type = string + description = "Name of the deployment" + default = "azureml999" +} + +variable "environment" { + type = string + description = "Name of the environment" + default = "dev" +} + +variable "location" { + type = string + description = "Location of the resources" + default = "East US" +} \ No newline at end of file diff --git a/quickstart/101-machine-learning/workspace.tf b/quickstart/101-machine-learning/workspace.tf new file mode 100644 index 00000000..de924454 --- /dev/null +++ b/quickstart/101-machine-learning/workspace.tf @@ -0,0 +1,57 @@ +# Dependent resources for Azure Machine Learning +resource "azurerm_application_insights" "default" { + name = "${var.name}-${var.environment}-ain" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + application_type = "web" +} + +resource "azurerm_key_vault" "default" { + name = "${var.name}${var.environment}kv" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + tenant_id = data.azurerm_client_config.current.tenant_id + sku_name = "premium" + purge_protection_enabled = false + + network_acls { + default_action = "Deny" + bypass = "AzureServices" + } +} + +resource "azurerm_storage_account" "default" { + name = "${var.name}${var.environment}sa" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + account_tier = "Standard" + account_replication_type = "GRS" + + network_rules { + default_action = "Deny" + bypass = ["AzureServices"] + } +} + +resource "azurerm_container_registry" "default" { + name = "${var.name}${var.environment}cr" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + sku = "Premium" + admin_enabled = true +} + +# Machine Learning workspace +resource "azurerm_machine_learning_workspace" "default" { + name = "${var.name}-${var.environment}-aml" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + application_insights_id = azurerm_application_insights.default.id + key_vault_id = azurerm_key_vault.default.id + storage_account_id = azurerm_storage_account.default.id + container_registry_id = azurerm_container_registry.default.id + + identity { + type = "SystemAssigned" + } +} \ No newline at end of file diff --git a/quickstart/201-machine-learning-private/main.tf b/quickstart/201-machine-learning-private/main.tf new file mode 100644 index 00000000..3a873834 --- /dev/null +++ b/quickstart/201-machine-learning-private/main.tf @@ -0,0 +1,11 @@ +provider "azurerm" { + version = "~>2.0" + features {} +} + +data "azurerm_client_config" "current" {} + +resource "azurerm_resource_group" "default" { + name = "${var.name}-${var.environment}-rgp" + location = "${var.location}" +} \ No newline at end of file diff --git a/quickstart/201-machine-learning-private/variables.tf b/quickstart/201-machine-learning-private/variables.tf new file mode 100644 index 00000000..acf05ee1 --- /dev/null +++ b/quickstart/201-machine-learning-private/variables.tf @@ -0,0 +1,17 @@ +variable "name" { + type = string + description = "Name of the deployment" + default = "mlple999" +} + +variable "environment" { + type = string + description = "Name of the environment" + default = "dev" +} + +variable "location" { + type = string + description = "Location of the resources" + default = "East US" +} \ No newline at end of file diff --git a/quickstart/201-machine-learning-private/workspace.tf b/quickstart/201-machine-learning-private/workspace.tf new file mode 100644 index 00000000..c21083d3 --- /dev/null +++ b/quickstart/201-machine-learning-private/workspace.tf @@ -0,0 +1,203 @@ +# Dependent resources for Azure Machine Learning +resource "azurerm_application_insights" "default" { + name = "${var.name}-${var.environment}-ain" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + application_type = "web" +} + +resource "azurerm_key_vault" "default" { + name = "${var.name}${var.environment}kv" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + tenant_id = data.azurerm_client_config.current.tenant_id + sku_name = "premium" + purge_protection_enabled = false + + network_acls { + default_action = "Deny" + bypass = "AzureServices" + } +} + +resource "azurerm_storage_account" "default" { + name = "${var.name}${var.environment}sa" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + account_tier = "Standard" + account_replication_type = "GRS" + + network_rules { + default_action = "Deny" + bypass = ["AzureServices"] + } +} + +resource "azurerm_container_registry" "default" { + name = "${var.name}${var.environment}cr" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + sku = "Premium" + admin_enabled = true +} + +# Machine Learning workspace +resource "azurerm_machine_learning_workspace" "default" { + name = "${var.name}-${var.environment}-aml" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + application_insights_id = azurerm_application_insights.default.id + key_vault_id = azurerm_key_vault.default.id + storage_account_id = azurerm_storage_account.default.id + container_registry_id = azurerm_container_registry.default.id + + identity { + type = "SystemAssigned" + } +} + +# Virtual network +resource "azurerm_virtual_network" "default" { + name = "${var.name}-${var.environment}-vnet" + address_space = ["10.0.0.0/16"] + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_subnet" "mlsubnet" { + name = "mlsubnet" + resource_group_name = azurerm_resource_group.default.name + virtual_network_name = azurerm_virtual_network.default.name + address_prefixes = ["10.0.1.0/24"] + enforce_private_link_endpoint_network_policies = true +} + +# DNS zones +resource "azurerm_private_dns_zone" "dnsvault" { + name = "privatelink.vaultcore.azure.net" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone" "dnsstorageblob" { + name = "privatelink.blob.core.windows.net" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone" "dnsstoragefile" { + name = "privatelink.file.core.windows.net" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone" "dnscontainerregistry" { + name = "privatelink.azurecr.io" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone" "dnsazureml" { + name = "privatelink.api.azureml.ms" + resource_group_name = azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone" "dnsnotebooks" { + name = "privatelink.azureml.notebooks.net" + resource_group_name = azurerm_resource_group.default.name +} + +# Private endpoints +resource "azurerm_private_endpoint" "keyvault_ple" { + name = "${var.name}-${var.environment}-kv-ple" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + subnet_id = azurerm_subnet.mlsubnet.id + + private_dns_zone_group { + name = "private-dns-zone-group" + private_dns_zone_ids = [azurerm_private_dns_zone.dnsvault.id] + } + + private_service_connection { + name = "${var.name}kv-psc" + private_connection_resource_id = azurerm_key_vault.default.id + subresource_names = [ "vault" ] + is_manual_connection = false + } +} + +resource "azurerm_private_endpoint" "storage_ple_blob" { + name = "${var.name}-${var.environment}-sa-ple-blob" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + subnet_id = azurerm_subnet.mlsubnet.id + + private_dns_zone_group { + name = "private-dns-zone-group" + private_dns_zone_ids = [azurerm_private_dns_zone.dnsstorageblob.id] + } + + private_service_connection { + name = "${var.name}sa-psc" + private_connection_resource_id = azurerm_storage_account.default.id + subresource_names = [ "blob" ] + is_manual_connection = false + } +} + +resource "azurerm_private_endpoint" "storage_ple_file" { + name = "${var.name}-${var.environment}-sa-ple-file" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + subnet_id = azurerm_subnet.mlsubnet.id + + private_dns_zone_group { + name = "private-dns-zone-group" + private_dns_zone_ids = [azurerm_private_dns_zone.dnsstoragefile.id] + } + + private_service_connection { + name = "${var.name}sa-psc" + private_connection_resource_id = azurerm_storage_account.default.id + subresource_names = [ "file" ] + is_manual_connection = false + } +} + +resource "azurerm_private_endpoint" "cr_ple" { + name = "${var.name}-${var.environment}-cr-ple" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + subnet_id = azurerm_subnet.mlsubnet.id + + private_dns_zone_group { + name = "private-dns-zone-group" + private_dns_zone_ids = [azurerm_private_dns_zone.dnscontainerregistry.id] + } + + private_service_connection { + name = "${var.name}cr-psc" + private_connection_resource_id = azurerm_container_registry.default.id + subresource_names = [ "registry" ] + is_manual_connection = false + } +} + +resource "azurerm_private_endpoint" "ml_ple" { + name = "${var.name}-${var.environment}-ple" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + subnet_id = azurerm_subnet.mlsubnet.id + + private_dns_zone_group { + name = "private-dns-zone-group" + private_dns_zone_ids = [ + azurerm_private_dns_zone.dnsazureml.id, + azurerm_private_dns_zone.dnsnotebooks.id + ] + } + + private_service_connection { + name = "${var.name}ml-psc" + private_connection_resource_id = azurerm_machine_learning_workspace.default.id + subresource_names = [ "amlworkspace" ] + is_manual_connection = false + } +} \ No newline at end of file