101-ai-studio

quickstart/101-ai-foundry/README.md

@@ -0,0 +1,45 @@
+# Azure AI Studio
+
+This deployment configuration specifies an [Azure AI hub](https://learn.microsoft.com/en-us/azure/ai-studio/concepts/ai-resources), 
+and its associated resources including Azure Key Vault, Azure Storage. You can optionally provision and attach Azure Application Insights and Azure Container Registry.
+
+This configuration describes the minimal set of resources you require to get started with Azure AI Studio.
+
+## Resources
+
+| Terraform Resource Type | Description |
+| - | - |
+| `azurerm_resource_group` | The resource group all resources get deployed into. |
+| `azurerm_key_vault` | An Azure Key Vault instance associated to the Azure Machine Learning workspace. |
+| `azurerm_storage_account` | An Azure Storage instance associated to the Azure Machine Learning workspace. |
+| `azurerm_application_insights` | An Azure Application Insights instance associated to the Azure Machine Learning workspace. |
+| `azurerm_container_registry` | An Azure Container Registry instance associated to the Azure Machine Learning workspace. |
+
+## Variables
+
+| Name | Description | Default |
+| ---- | ----------- | ------- |
+| `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg |
+| `resource_group_location` | Location of the resource group. | eastus |
+| `prefix` | This variable is used to name the hub, project, and dependent resources. | ai |
+| `sku` | The SKU for AI Services resources | S0
+
+## Usage
+
+After git cloning the repo, run the following commands after having docker running on your machine.
+
+```bash
+terraform init
+
+az login 
+
+terraform plan -out demo.tfplan
+
+terraform apply "demo.tfplan"
+```
+
+## Common mistakes
+
+1. Make sure docker is running
+1. Make sure to have logged into your Azure Subscription by running ```az login```.
+1. Ensure that you have the correct RBAC permissions for in your subscription, hub, and project. 

quickstart/101-ai-foundry/main.tf

@@ -0,0 +1,160 @@
+// Resource group
+resource "random_pet" "rg_name" { 
+  prefix = var.resource_group_name_prefix
+}
+
+resource "azurerm_resource_group" "rg" {
+  location = var.resource_group_location
+  name     = random_pet.rg_name.id
+}
+
+data "azurerm_client_config" "current" {
+}
+
+// Storage Account
+resource "azurerm_storage_account" "default" {
+  name                            = "${var.prefix}storage${random_string.suffix.result}"
+  location                        = azurerm_resource_group.rg.location
+  resource_group_name             = azurerm_resource_group.rg.name
+  account_tier                    = "Standard"
+  account_replication_type        = "GRS"
+  allow_nested_items_to_be_public = false
+}
+
+// Key Vault
+resource "azurerm_key_vault" "default" {
+  name                     = "${var.prefix}keyvault${random_string.suffix.result}"
+  location                 = azurerm_resource_group.rg.location
+  resource_group_name      = azurerm_resource_group.rg.name
+  tenant_id                = data.azurerm_client_config.current.tenant_id
+  sku_name                 = "standard"
+  purge_protection_enabled = false
+}
+
+// AzAPI AIServices
+resource "azapi_resource" "AIServicesResource"{
+  type = "Microsoft.CognitiveServices/accounts@2024-10-01"
+  name = "AIServicesResource${random_string.suffix.result}"
+  location = azurerm_resource_group.rg.location
+  parent_id = azurerm_resource_group.rg.id
+
+  identity {
+    type = "SystemAssigned"
+  }
+
+  body = {
+    name = "AIServicesResource${random_string.suffix.result}"
+    properties = {
+      //restore = true
+      customSubDomainName = "${random_string.suffix.result}domain"
+        apiProperties = {
+            statisticsEnabled = false
+        }
+    }
+    kind = "AIServices"
+    sku = {
+        name = var.sku
+    }
+    }
+
+  response_export_values = ["*"]
+}
+
+// Azure AI Hub
+resource "azapi_resource" "hub" {
+  type = "Microsoft.MachineLearningServices/workspaces/connections@2024-10-01"
+  name = "${random_pet.rg_name.id}-aih"
+  location = azurerm_resource_group.rg.location
+  parent_id = azurerm_resource_group.rg.id
+
+  identity {
+    type = "SystemAssigned"
+  }
+
+  body = {
+    properties = {
+      description = "This is my Azure AI hub"
+      friendlyName = "My Hub"
+      storageAccount = azurerm_storage_account.default.id
+      keyVault = azurerm_key_vault.default.id
+
+      /* Optional: To enable these field, the corresponding dependent resources need to be uncommented.
+      applicationInsight = azurerm_application_insights.default.id
+      containerRegistry = azurerm_container_registry.default.id
+      */
+
+      /*Optional: To enable Customer Managed Keys, the corresponding 
+      encryption = {
+        status = var.encryption_status
+        keyVaultProperties = {
+            keyVaultArmId = azurerm_key_vault.default.id
+            keyIdentifier = var.cmk_keyvault_key_uri
+        }
+      }
+      */
+
+    }
+    kind = "hub"
+  }
+}
+
+// Azure AI Project
+resource "azapi_resource" "project" {
+  type = "Microsoft.MachineLearningServices/workspaces@2024-04-01-preview"
+  name = "my-ai-project${random_string.suffix.result}"
+  location = azurerm_resource_group.rg.location
+  parent_id = azurerm_resource_group.rg.id
+
+  identity {
+    type = "SystemAssigned"
+  }
+
+  body = jsonencode({
+    properties = {
+      description = "This is my Azure AI PROJECT"
+      friendlyName = "My Project"
+      hubResourceId = azapi_resource.hub.id
+    }
+    kind = "project"
+  })
+}
+
+// AzAPI AI Services Connection
+resource "azapi_resource" "AIServicesConnection" {
+  type = "Microsoft.MachineLearningServices/workspaces/connections@2024-04-01-preview"
+  name = "Default_AIServices${random_string.suffix.result}"
+  parent_id = azapi_resource.hub.id
+
+  body = jsonencode({
+      properties = {
+        category = "AIServices",
+        target = jsondecode(azapi_resource.AIServicesResource.output).properties.endpoint,
+        authType = "AAD",
+        isSharedToAll = true,
+        metadata = {
+          ApiType = "Azure",
+          ResourceId = azapi_resource.AIServicesResource.id
+        }
+      }
+    })
+  response_export_values = ["*"]
+}
+
+/* The following resources are OPTIONAL.
+// APPLICATION INSIGHTS
+resource "azurerm_application_insights" "default" {
+  name                = "${var.prefix}appinsights${random_string.suffix.result}"
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+  application_type    = "web"
+}
+
+// CONTAINER REGISTRY
+resource "azurerm_container_registry" "default" {
+  name                     = "${var.prefix}contreg${random_string.suffix.result}"
+  resource_group_name      = azurerm_resource_group.rg.name
+  location                 = azurerm_resource_group.rg.location
+  sku                      = "premium"
+  admin_enabled            = true
+}
+*/

quickstart/101-ai-foundry/outputs.tf

@@ -0,0 +1,11 @@
+output "resource_group_name" {
+  value = azurerm_resource_group.rg.id
+}
+
+output "workspace_name" {
+    value = azapi_resource.project.id
+}
+
+output "endpoint" {
+  value = azapi_resource.AIServicesResource.output
+}

quickstart/101-ai-foundry/providers.tf

@@ -0,0 +1,34 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers { 
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~>4.0"
+    }
+    azapi = {
+      source  = "azure/azapi"
+      version = "~>2.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~>3.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {
+    key_vault {
+      recover_soft_deleted_key_vaults    = false
+      purge_soft_delete_on_destroy       = false
+      purge_soft_deleted_keys_on_destroy = false
+    }
+    resource_group {
+      prevent_deletion_if_contains_resources = false
+    }
+  }
+}
+
+provider "azapi" {
+}

quickstart/101-ai-foundry/variables.tf

@@ -0,0 +1,40 @@
+variable "resource_group_location" {
+  type        = string
+  default     = "eastus"
+  description = "Location of the resource group."
+}
+
+variable "resource_group_name_prefix" {
+  type        = string
+  default     = "rg"
+  description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
+}
+
+variable "prefix" {
+    type = string
+    description="This variable is used to name the hub, project, and dependent resources."
+    default = "ai"
+}
+
+variable "sku" {
+    type        = string
+    description = "The sku name of the Azure Analysis Services server to create. Choose from: B1, B2, D1, S0, S1, S2, S3, S4, S8, S9. Some skus are region specific. See https://docs.microsoft.com/en-us/azure/analysis-services/analysis-services-overview#availability-by-region"
+    default     = "S0"
+}
+
+resource "random_string" "suffix" {  
+  length           = 4  
+  special          = false  
+  upper            = false  
+} 
+
+/*Optional: For Customer Managed Keys, uncomment this part AND the corresponding section in main.tf
+variable "cmk_keyvault_key_uri" {
+    description = "Key vault uri to access the encryption key."
+}
+
+variable "encryption_status" {
+    description = "Indicates whether or not the encryption is enabled for the workspace."
+    default = "Enabled"
+}
+*/

quickstart/101-ai-studio/main.tf

@@ -1,8 +1,8 @@
+// Resource group
 resource "random_pet" "rg_name" { 
   prefix = var.resource_group_name_prefix
 }
 
-// RESOURCE GROUP
 resource "azurerm_resource_group" "rg" {
   location = var.resource_group_location
   name     = random_pet.rg_name.id
@@ -11,7 +11,7 @@ resource "azurerm_resource_group" "rg" {
 data "azurerm_client_config" "current" {
 }
 
-// STORAGE ACCOUNT
+// Storage Account
 resource "azurerm_storage_account" "default" {
   name                            = "${var.prefix}storage${random_string.suffix.result}"
   location                        = azurerm_resource_group.rg.location
@@ -21,7 +21,7 @@ resource "azurerm_storage_account" "default" {
   allow_nested_items_to_be_public = false
 }
 
-// KEY VAULT
+// Key Vault
 resource "azurerm_key_vault" "default" {
   name                     = "${var.prefix}keyvault${random_string.suffix.result}"
   location                 = azurerm_resource_group.rg.location
@@ -33,7 +33,7 @@ resource "azurerm_key_vault" "default" {
 
 // AzAPI AIServices
 resource "azapi_resource" "AIServicesResource"{
-  type = "Microsoft.CognitiveServices/accounts@2023-10-01-preview"
+  type = "Microsoft.CognitiveServices/accounts@2024-10-01"
   name = "AIServicesResource${random_string.suffix.result}"
   location = azurerm_resource_group.rg.location
   parent_id = azurerm_resource_group.rg.id
@@ -42,7 +42,7 @@ resource "azapi_resource" "AIServicesResource"{
     type = "SystemAssigned"
   }
 
-  body = jsonencode({
+  body = {
     name = "AIServicesResource${random_string.suffix.result}"
     properties = {
       //restore = true
@@ -55,14 +55,14 @@ resource "azapi_resource" "AIServicesResource"{
     sku = {
         name = var.sku
     }
-    })
+    }
 
   response_export_values = ["*"]
 }
 
 // Azure AI Hub
 resource "azapi_resource" "hub" {
-  type = "Microsoft.MachineLearningServices/workspaces@2024-04-01-preview"
+  type = "Microsoft.MachineLearningServices/workspaces/connections@2024-10-01"
   name = "${random_pet.rg_name.id}-aih"
   location = azurerm_resource_group.rg.location
   parent_id = azurerm_resource_group.rg.id
@@ -71,7 +71,7 @@ resource "azapi_resource" "hub" {
     type = "SystemAssigned"
   }
 
-  body = jsonencode({
+  body = {
     properties = {
       description = "This is my Azure AI hub"
       friendlyName = "My Hub"
@@ -95,7 +95,7 @@ resource "azapi_resource" "hub" {
 
     }
     kind = "hub"
-  })
+  }
 }
 
 // Azure AI Project

quickstart/101-ai-studio/providers.tf

@@ -4,10 +4,11 @@ terraform {
   required_providers { 
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "~>3.0"
+      version = "~>4.0"
     }
     azapi = {
       source  = "azure/azapi"
+      version = "~>2.0"
     }
     random = {
       source  = "hashicorp/random"