Merge pull request #7 from azure-ai-foundry/feature/infra-templates

Add initial enterprise configuraiton templates

Author: deeikele

use-cases/infrastructure-as-code/00-basic/azuredeploy.json

@@ -1,28 +1,61 @@
-param aiServicesName string = 'myaiservices123'
-param location string = 'East US 2'
-param sku string = 'S0'
-param aiProjectName string = 'myaiservices123-proj'
+param aiFoundryName string = 'resourcename'
+param aiProjectName string = '${aiFoundryName}-proj'
+param location string = 'westus'
 
-resource aiService 'Microsoft.CognitiveServices/accounts@2025-04-01-preview' = {
-  name: aiServicesName
+/*
+  An AI Foundry resources is a variant of a CognitiveServices/account resource type
+*/ 
+resource aiFoundry 'Microsoft.CognitiveServices/accounts@2025-04-01-preview' = {
+  name: aiFoundryName
   location: location
   identity: {
     type: 'SystemAssigned'
   }
   sku: {
-    name: sku
+    name: 'S0'
   }
   kind: 'AIServices'
   properties: {
-    allowProjectManagement: true
+    allowProjectManagement: true // required to work in AI Foundry
+
+    // Defines developer API endpoint subdomain
+    customSubDomainName: aiFoundryName
   }
 }
 
+/*
+  Developer APIs are exposed via a project, which groups in- and outputs that relate to one use case, including files.
+  Its advisable to create one project right away, so development teams can directly get started.
+  Projects may be granted individual RBAC permissions and identities on top of what account provides.
+*/ 
 resource aiProject 'Microsoft.CognitiveServices/accounts/projects@2025-04-01-preview' = {
   name: aiProjectName
-  parent: aiService
+  parent: aiFoundry
   location: location
   identity: {
     type: 'SystemAssigned'
   }
+  properties: {
+    displayName: 'test'
+    description: 'test2'
+    isDefault: true
+  }
+}
+
+/*
+  Optionally deploy a model to use in playground, agents and other tools.
+*/
+resource modelDeployment 'Microsoft.CognitiveServices/accounts/deployments@2024-10-01'= {
+  parent: aiFoundry
+  name: 'gpt-4o'
+  sku : {
+    capacity: 1
+    name: 'GlobalStandard'
+  }
+  properties: {
+    model:{
+      name: 'gpt-4o'
+      format: 'OpenAI'
+    }
+  }
 }

use-cases/infrastructure-as-code/00-basic/main.bicep

@@ -0,0 +1,50 @@
+/*
+This example demonstrates how to add an Azure AI Search connection.
+*/
+param aiFoundryName string = 'your-account'
+param aiSearchName string = 'ais-${aiFoundryName}'
+
+// whether ai Search is existing or new
+@allowed([
+  'new'
+  'existing'
+])
+param newOrExisting string = 'new'
+ 
+#disable-next-line BCP081
+resource aiFoundry 'Microsoft.CognitiveServices/accounts@2025-04-01-preview' existing = {
+  name: aiFoundryName
+  scope: resourceGroup()
+}
+
+resource existingSearchService 'Microsoft.Search/searchServices@2025-02-01-preview' existing = if (newOrExisting == 'existing') {
+  name: aiSearchName
+}
+
+resource newSearchService 'Microsoft.Search/searchServices@2025-02-01-preview' = if (newOrExisting == 'new') {
+  name: aiSearchName
+  location: 'westus'
+  sku: {
+    name: 'basic'
+  }
+  properties: {}
+}
+
+resource project_connection_azureai_search 'Microsoft.CognitiveServices/accounts/connections@2025-04-01-preview' = {
+  name: aiSearchName
+  parent: aiFoundry
+  properties: {
+    category: 'CognitiveSearch'
+    target: ((newOrExisting == 'new') ? newSearchService.properties.endpoint : existingSearchService.properties.endpoint)
+    authType: 'ApiKey'
+    isSharedToAll: true
+    credentials: { 
+      key: ((newOrExisting == 'new') ? listKeys(newSearchService.id, '2020-06-10').key1 : listKeys(existingSearchService.id, '2020-06-10').key1)
+    }
+    metadata: {
+      ApiType: 'Azure'
+      ResourceId: ((newOrExisting == 'new') ? newSearchService.id : existingSearchService.id)
+      location: ((newOrExisting == 'new') ? newSearchService.location : existingSearchService.location)
+    }
+  }
+}

use-cases/infrastructure-as-code/01-connections/ai-search.bicep

@@ -0,0 +1,45 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "accounts_sansinhtest19871_name": {
+            "defaultValue": "sansinhtest199919",
+            "type": "String"
+        }
+    },
+    "variables": {},
+    "resources": [
+        {
+            "type": "Microsoft.CognitiveServices/accounts",
+            "apiVersion": "2024-10-01",
+            "name": "[parameters('accounts_sansinhtest19871_name')]",
+            "location": "eastus",
+            "sku": {
+                "name": "S0"
+            },
+			
+            "kind": "AIServices",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "allowProjectManagement": true,
+                "customSubDomainName": "[parameters('accounts_sansinhtest19871_name')]",
+                "networkAcls": {
+                    "defaultAction": "Allow",
+                    "virtualNetworkRules": [],
+                    "ipRules": []
+                },
+                "publicNetworkAccess": "Enabled",
+			    "networkInjections":[
+                {
+                    "scenario": "agent",
+                    "subnetArmId" : "/subscriptions/a9216f37-b90e-4db2-b844-b171e5394fc1/resourceGroups/sansinhtest/providers/Microsoft.Network/virtualNetworks/sansinheert/subnets/default",
+                    "useMicrosoftManagedNetwork": false
+                }
+                ]
+            }
+
+        }        
+    ]
+}

use-cases/infrastructure-as-code/10-private-network/deploy.json

@@ -2,40 +2,41 @@
   AI Foundry account and project - with your User-Assigned managed identity.
   
   Description: 
-  - Create an AI Foundry (previously known as Azure AI Services) account and project with UAI.
-  - Create a gpt-4o model deployment
-  - When creating a project, the Identity is not updateable. Please select 'SystemAssigned', 'UserAssigned' or 'SystemAssigned,UserAssigned' during creation as this cannot be updated. .
-  - Creating your first project is needed to support more capabilities and is the default reoute for APIs if no paramter is provided.
+  - Creates an AI Foundry (previously known as Azure AI Services) account and project with UAI.
+  - Creates a gpt-4o model deployment
+
+  Known limitations:
+  - When creating a project, managed identity cannot be updated. Please select 'SystemAssigned', 'UserAssigned' or 'SystemAssigned,UserAssigned' during creation.
 
 */
 @description('That name is the name of our application. It has to be unique. Type a name followed by your resource group name. (<name>-<resourceGroupName>)')
-param aiServicesName string = 'aiServices-${uniqueString(resourceGroup().id)}'
+param aiFoundryName string = 'your-resource'
 
 @description('Location for all resources.')
-param location string = resourceGroup().location
+param location string = 'eastus'
 
 @description('Name of the first project')
-param defaultProjectName string = '${aiServicesName}-proj'
+param defaultProjectName string = '${aiFoundryName}-proj'
 param defaultProjectDisplayName string = 'Project'
 param defaultProjectDescription string = 'Describe what your project is about.'
 
 /*
   Step 1: Get your existing/previously created Managed Identity
 
-*/ 
-@description('User Assigned Identity Name')
-param userAssignedIdentityName string
+*/
 @description('User Assigned Identity Resource Group Name')
 param userIdentityResourceGroupName string = resourceGroup().name
 
+@description('User Assigned Identity Name')
+param userAssignedIdentityName string = 'aifoundry-test-uai'
+
 var userAssignedIdentityId = extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, '${userIdentityResourceGroupName}'), 'Microsoft.ManagedIdentity/userAssignedIdentities', '${userAssignedIdentityName}')
 
 /*
   Step 2: Create a Cognitive Services Account 
-
 */ 
 resource account 'Microsoft.CognitiveServices/accounts@2025-04-01-preview' = {
-  name: aiServicesName
+  name: aiFoundryName
   location: location
   identity: {
     type: 'SystemAssigned,UserAssigned' // Select 'UserAssigned' or 'SystemAssigned,UserAssigned' during creation as this cannot be updated.
@@ -51,19 +52,20 @@ resource account 'Microsoft.CognitiveServices/accounts@2025-04-01-preview' = {
     // Networking
     publicNetworkAccess: 'Enabled'
 
-    // Specifies wheether this resource support project management as child resources, used as containers for access management, data isolation, and cost in AI Foundry.
+    // Specifies whether this resource support project management as child resources, used as containers for access management, data isolation, and cost in AI Foundry.
     allowProjectManagement: true
 
+    // Defines developer API endpoint subdomain
+    customSubDomainName: aiFoundryName
+
     // Auth
-    disableLocalAuth: true
+    disableLocalAuth: false
   }
 }
 
 /*
   Step 3: Deploy gpt-4o model
-  
 */
-
 resource modelDeployment 'Microsoft.CognitiveServices/accounts/deployments@2024-10-01'= {
   parent: account
   name: 'gpt-4o'
@@ -82,7 +84,6 @@ resource modelDeployment 'Microsoft.CognitiveServices/accounts/deployments@2024-
 
 /*
   Step 4: Create a Project
-
 */
 resource project 'Microsoft.CognitiveServices/accounts/projects@2025-04-01-preview' = {
   name: defaultProjectName
@@ -92,7 +93,7 @@ resource project 'Microsoft.CognitiveServices/accounts/projects@2025-04-01-previ
   identity: {
     type: 'SystemAssigned,UserAssigned' // Select 'UserAssigned' or 'SystemAssigned,UserAssigned' during creation as this cannot be updated.
     userAssignedIdentities: {
-    '${userAssignedIdentityId}': {}
+      '${userAssignedIdentityId}': {}
     }
   }
 
@@ -103,6 +104,10 @@ resource project 'Microsoft.CognitiveServices/accounts/projects@2025-04-01-previ
   }
 }
 
+/* Step 5:
+ Grant managed identity 'Azure AI Administrator' role on account
+*/
+
 output accountId string = account.id
 output accountName string = account.name
 output project string = project.name