Fixed subnet and main-proj-caphost

Fixed subnet and main-proj-caphost

Author: meerakurup

samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/README.md

@@ -10,7 +10,7 @@
 1. Create new (or use existing) resource group:
 
 ```bash
-    az group create --name <new-rg-name> --location westus
+    az group create --name <new-rg-name> --location eastus
 ```
 
 2. Deploy the main-create.bicep

samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/main-create.bicep

@@ -25,15 +25,15 @@ param aiServices string = 'aiservices'
 
 // Model deployment parameters
 @description('The name of the model you want to deploy')
-param modelName string = 'gpt-4o'
-@description('The provider of your model')
-param modelFormat string = 'OpenAI'
-@description('The version of your model')
-param modelVersion string = '2024-05-13'
-@description('The sku of your model deployment')
-param modelSkuName string = 'GlobalStandard'
-@description('The tokens per minute (TPM) of your model deployment')
-param modelCapacity int = 1
+// param modelName string = 'gpt-4o'
+// @description('The provider of your model')
+// param modelFormat string = 'OpenAI'
+// @description('The version of your model')
+// param modelVersion string = '2024-05-13'
+// @description('The sku of your model deployment')
+// param modelSkuName string = 'GlobalStandard'
+// @description('The tokens per minute (TPM) of your model deployment')
+// param modelCapacity int = 1
 
 // Create a short, unique suffix, that will be unique to each resource group
 param deploymentTimestamp string = utcNow('yyyyMMddHHmmss')
@@ -97,11 +97,11 @@ module aiAccount 'modules-network-secured/ai-account-identity.bicep' = {
     // workspace organization
     accountName: accountName
     location: location
-    modelName: modelName
-    modelFormat: modelFormat
-    modelVersion: modelVersion
-    modelSkuName: modelSkuName
-    modelCapacity: modelCapacity
+    // modelName: modelName
+    // modelFormat: modelFormat
+    // modelVersion: modelVersion
+    // modelSkuName: modelSkuName
+    // modelCapacity: modelCapacity
     subnetId: vnet.outputs.subnetId
   }
 }
@@ -241,13 +241,6 @@ output projectPrincipalId string = aiProject.outputs.projectPrincipalId
 output aiSearchConnection string = aiProject.outputs.aiSearchConnection
 output azureStorageConnection string = aiProject.outputs.azureStorageConnection
 output cosmosDBConnection string = aiProject.outputs.cosmosDBConnection
-output cosmosDBSubscriptionId string = aiDependencies.outputs.cosmosDBSubscriptionId
-output cosmosDBResourceGroupName string = aiDependencies.outputs.cosmosDBResourceGroupName
-output aiSearchServiceSubscriptionId string = aiDependencies.outputs.aiSearchServiceSubscriptionId
-output aiSearchServiceResourceGroupName string = aiDependencies.outputs.aiSearchServiceResourceGroupName
-output azureStorageSubscriptionId string = aiDependencies.outputs.azureStorageSubscriptionId
-output azureStorageResourceGroupName string = aiDependencies.outputs.azureStorageResourceGroupName
-
 output subscriptionID string = subscription().subscriptionId
 output resourceGroupName string = resourceGroup().name
 output suffix string = uniqueSuffix

samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/main-project-caphost-create.bicep

@@ -1,22 +1,68 @@
-
 param projectCapHost string = 'caphostproj'
 // Create a short, unique suffix, that will be unique to each resource group
 param deploymentTimestamp string = utcNow('yyyyMMddHHmmss')
 var uniqueSuffix = substring(uniqueString('${resourceGroup().id}-${deploymentTimestamp}'), 0, 4)
 
-module mainCreate 'main-create.bicep' = {
-  name: 'main-create-deployment'
+param accountName string
+param projectName string
+param aiSearchName string
+param azureStorageName string
+param cosmosDBName string
+
+// The name of the account to reference
+module accountCreate 'modules-network-secured/ai-account-reference.bicep' = {
+  name: 'account-${uniqueSuffix}-deployment'
+  scope: resourceGroup()
+  params: {
+    accountName: accountName
+  }
+}
+
+// The name of standard created resource to reference
+module standardCreate 'modules-network-secured/standard-dependent-reference.bicep' = {
+  name: 'standard-${uniqueSuffix}-deployment'
   scope: resourceGroup()
+  params: {
+    aiSearchName: aiSearchName
+    azureStorageName: azureStorageName
+    cosmosDBName: cosmosDBName
+  }
+}
+
+// The name of the project to reference
+module projectCreate 'modules-network-secured/ai-project-reference.bicep' = {
+  name: 'project-${uniqueSuffix}-deployment'
+  scope: resourceGroup()
+  params: {
+    accountName: accountCreate.outputs.accountName
+    projectName: projectName
+    aiSearchName: standardCreate.outputs.aiSearchName
+    azureStorageName: standardCreate.outputs.azureStorageName
+    cosmosDBName: standardCreate.outputs.cosmosDBName
+  }
+}
+
+// This module creates the capability host for the project and account
+module addProjectCapabilityHost 'modules-network-secured/add-project-capability-host.bicep' = {
+  name: 'capabilityHost-configuration-${uniqueSuffix}-deployment'
+  params: {
+    accountName: accountCreate.outputs.accountName
+    projectName: projectCreate.outputs.projectName
+    cosmosDBConnection: projectCreate.outputs.cosmosDBConnection 
+    azureStorageConnection: projectCreate.outputs.azureStorageConnection
+    aiSearchConnection: projectCreate.outputs.aiSearchConnection
+    projectCapHost: projectCapHost
+  }
 }
 
 // The Cosmos DB Operator role must be assigned before the caphost is created
 module cosmosContainerRoleAssignments 'modules-network-secured/cosmos-container-role-assignments.bicep' = {
   name: 'cosmos-role-assignments-${uniqueSuffix}-deployment' 
   scope: resourceGroup()
   params: {
-    cosmosAccountName: mainCreate.outputs.cosmosDBName
-    projectWorkspaceId: mainCreate.outputs.projectWorkspaceId
-    projectPrincipalId: mainCreate.outputs.projectPrincipalId
+    cosmosAccountName: standardCreate.outputs.cosmosDBName
+    projectWorkspaceId: projectCreate.outputs.projectWorkspaceId
+    projectPrincipalId: projectCreate.outputs.projectPrincipalId
   }
 dependsOn: [
   addProjectCapabilityHost
@@ -29,27 +75,14 @@ module storageContainersRoleAssignment 'modules-network-secured/blob-storage-con
   name: 'storage-containers-${uniqueSuffix}-deployment'
   scope: resourceGroup()
   params: { 
-    aiProjectPrincipalId: mainCreate.outputs.projectPrincipalId
-    storageName: mainCreate.outputs.azureStorageName
-    workspaceId: mainCreate.outputs.projectWorkspaceId
+    aiProjectPrincipalId: projectCreate.outputs.projectPrincipalId
+    storageName: standardCreate.outputs.azureStorageName
+    workspaceId: projectCreate.outputs.projectWorkspaceId
   }
   dependsOn: [
     addProjectCapabilityHost
   ]
 }
 
-// This module creates the capability host for the project and account
-module addProjectCapabilityHost 'modules-network-secured/add-project-capability-host.bicep' = {
-  name: 'capabilityHost-configuration-${uniqueSuffix}-deployment'
-  params: {
-    accountName: mainCreate.outputs.accountName
-    projectName: mainCreate.outputs.projectName
-    cosmosDBConnection: mainCreate.outputs.cosmosDBConnection 
-    azureStorageConnection: mainCreate.outputs.azureStorageConnection
-    aiSearchConnection: mainCreate.outputs.aiSearchConnection
-    projectCapHost: projectCapHost
-  }
-}
-
 
 

samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/modules-network-secured/ai-account-identity.bicep

@@ -1,10 +1,10 @@
 param accountName string
 param location string
-param modelName string 
-param modelFormat string 
-param modelVersion string 
-param modelSkuName string 
-param modelCapacity int
+// param modelName string 
+// param modelFormat string 
+// param modelVersion string 
+// param modelSkuName string 
+// param modelCapacity int
 param subnetId string
 param networkInjection string = 'true'
 
@@ -39,22 +39,22 @@ resource account 'Microsoft.CognitiveServices/accounts@2025-04-01-preview' = {
   }
 }
 
-#disable-next-line BCP081
-resource modelDeployment 'Microsoft.CognitiveServices/accounts/deployments@2025-04-01-preview'=  {
-  parent: account
-  name: modelName
-  sku : {
-    capacity: modelCapacity
-    name: modelSkuName
-  }
-  properties: {
-    model:{
-      name: modelName
-      format: modelFormat
-      version: modelVersion
-    }
-  }
-}
+// #disable-next-line BCP081
+// resource modelDeployment 'Microsoft.CognitiveServices/accounts/deployments@2025-04-01-preview'=  {
+//   parent: account
+//   name: modelName
+//   sku : {
+//     capacity: modelCapacity
+//     name: modelSkuName
+//   }
+//   properties: {
+//     model:{
+//       name: modelName
+//       format: modelFormat
+//       version: modelVersion
+//     }
+//   }
+// }
 
 output accountName string = account.name
 output accountID string = account.id

samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/modules-network-secured/ai-account-reference.bicep

@@ -1,3 +1,4 @@
+@description('Reference to an existing AI account. This module is used to reference an existing AI account in the Bicep template.')
 param accountName string
 
 resource account 'Microsoft.CognitiveServices/accounts@2025-04-01-preview' existing = {
@@ -9,3 +10,5 @@ output accountID string = account.id
 output accountTarget string = account.properties.endpoint
 output accountPrincipalId string = account.identity.principalId
 
+
+

samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/modules-network-secured/ai-project-reference.bicep

@@ -0,0 +1,39 @@
+param accountName string
+param projectName string
+param cosmosDBName string
+param azureStorageName string 
+param aiSearchName string
+
+
+resource account 'Microsoft.CognitiveServices/accounts@2025-04-01-preview' existing = {
+  name: accountName
+  scope: resourceGroup()
+}
+
+resource project 'Microsoft.CognitiveServices/accounts/projects@2025-04-01-preview' existing = {
+  parent: account
+  name: projectName
+
+  resource project_connection_cosmosdb_account 'connections@2025-04-01-preview' existing = {
+    name: cosmosDBName
+  }
+
+  resource project_connection_azure_storage 'connections@2025-04-01-preview' existing= {
+    name: azureStorageName
+  }
+
+  resource project_connection_ai_search 'connections@2025-04-01-preview' existing= {
+    name: aiSearchName
+  }
+}
+
+output projectName string = project.name
+output projectId string = project.id
+output projectPrincipalId string = project.identity.principalId
+output projectWorkspaceId string = project.properties.amlWorkspace.internalId
+
+// return the BYO connection names
+output cosmosDBConnection string = cosmosDBName
+output azureStorageConnection string = azureStorageName
+output aiSearchConnection string = aiSearchName
+

samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/modules-network-secured/standard-dependent-reference.bicep

@@ -0,0 +1,26 @@
+@description('The name of the AI Search resource to reference')
+param aiSearchName string
+
+@description('Name of the storage account to reference')
+param azureStorageName string
+
+@description('Name of the new Cosmos DB account to reference')
+param cosmosDBName string
+
+
+resource cosmosDB 'Microsoft.DocumentDB/databaseAccounts@2024-11-15' existing = {
+  name: cosmosDBName
+}
+
+resource aiSearch 'Microsoft.Search/searchServices@2024-06-01-preview' existing =  {
+  name: aiSearchName
+}
+
+resource storage 'Microsoft.Storage/storageAccounts@2023-05-01' existing = {
+  name: azureStorageName
+
+}
+
+output aiSearchName string = aiSearch.name
+output azureStorageName string = storage.name  
+output cosmosDBName string = cosmosDB.name

samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/modules-network-secured/standard-dependent-resources.bicep

@@ -127,34 +127,6 @@ resource storage 'Microsoft.Storage/storageAccounts@2023-05-01' = if(!azureStora
   }
 }
 
-//KeyVault deployment is disabled for now, as it is not used in the current setup. Uncomment the code below to enable KeyVault deployment.
-
-// resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
-//   name: keyvaultName
-//   location: location
-//   tags: tags
-//   properties: {
-//     createMode: 'default'
-//     enabledForDeployment: false
-//     enabledForDiskEncryption: false
-//     enabledForTemplateDeployment: false
-//     enableSoftDelete: true
-//     enableRbacAuthorization: true
-//     enablePurgeProtection: true
-//     networkAcls: {
-//       bypass: 'AzureServices'
-//       defaultAction: 'Deny'
-//     }
-//     sku: {
-//       family: 'A'
-//       name: 'standard'
-//     }
-//     softDeleteRetentionInDays: 7
-//     tenantId: subscription().tenantId
-//   }
-// }
-
-
 output aiSearchName string = aiSearchExists ? existingSearchService.name : aiSearch.name
 output aiSearchID string = aiSearchExists ? existingSearchService.id : aiSearch.id
 output aiSearchServiceResourceGroupName string = aiSearchExists ? acsParts[4] : resourceGroup().name

samples/microsoft/infrastructure-setup/15-private-network-standard-agent-setup/modules-network-secured/vnet.bicep

@@ -59,16 +59,8 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = {
     ]
   }
 }
-
-resource subnet 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' = {
-  parent: virtualNetwork
-  name: agentSubnetName
-  properties: {
-    addressPrefix: '192.168.0.0/24'
-  }
-}
 // Output variables
 output peSubnetName string = peSubnetName
 output agentSubnetName string = agentSubnetName
-output subnetId string = subnet.id
+output subnetId string = '${virtualNetwork.id}/subnets/${agentSubnetName}'
 output virtualNetworkName string = virtualNetwork.name