|
| 1 | +--- |
| 2 | +description: This set of templates demonstrates how to set up Azure AI Foundry in the basic configuration with public network setup and Microsoft-managed storage resources using AzureRM provider. |
| 3 | +page_type: sample |
| 4 | +products: |
| 5 | +- azure |
| 6 | +- azure-resource-manager |
| 7 | +urlFragment: foundry-basic |
| 8 | +languages: |
| 9 | +- hcl |
| 10 | +--- |
| 11 | + |
| 12 | +# Azure AI Foundry: Basic setup with public networking (AzureRM) |
| 13 | + |
| 14 | +## Key Information |
| 15 | + |
| 16 | +This infrastructure-as-code (IaC) solution deploys Azure AI Foundry with public networking and uses Microsoft-managed storage for file upload experience. It supports getting started scenarios, for typically non-enterprise scenarios. This variant shows AzureRM Terraform provider. |
| 17 | + |
| 18 | +## Prerequisites |
| 19 | + |
| 20 | +1. **Active Azure subscription(s) with appropriate permissions** |
| 21 | + It's recommended to deploy these templates through a deployment pipeline associated to a service principal or managed identity with sufficient permissions over the the workload subscription (such as Owner or Role Based Access Control Administrator and Contributor). If deployed manually, the permissions below should be sufficient. |
| 22 | + |
| 23 | + - **Workload Subscription** |
| 24 | + - **Role Based Access Control Administrator**: Needed over the resource group to create the relevant role assignments |
| 25 | + - **Network Contributor**: Needed over the resource group to create virtual network and Private Endpoint resources |
| 26 | + - **Azure AI Account Owner**: Needed to create a cognitive services account and project |
| 27 | + - **Owner or Role Based Access Administrator**: Needed to assign RBAC to the required resources (Cosmos DB, Azure AI Search, Storage) |
| 28 | + - **Azure AI User**: Needed to create and edit agents |
| 29 | + |
| 30 | +2. **Register Resource Providers** |
| 31 | + |
| 32 | + ```bash |
| 33 | + az provider register --namespace 'Microsoft.CognitiveServices' |
| 34 | + ``` |
| 35 | + |
| 36 | +3. Sufficient quota for all resources in your target Azure region |
| 37 | + |
| 38 | +4. Azure CLI installed and configured on your local workstation or deployment pipeline server |
| 39 | + |
| 40 | +5. Terraform CLI version v1.11.4 or later on your local workstation or depoyment pipeline server. This template requires the usage of both the AzureRm and AzApi Terraform providers. |
| 41 | + |
| 42 | +### Variables |
| 43 | + |
| 44 | +The variables listed below [must be provided](https://developer.hashicorp.com/terraform/language/values/variables#variable-definition-precedence) when performing deploying the templates. The file example.tfvars provides a sample Terraform variables file that can be used. |
| 45 | + |
| 46 | +- **location** - The Azure region the resources will be deployed to. This must be the same region where the pre-existing virtual network has been deployed to. |
| 47 | + |
| 48 | +The variables listed below are optional and if not specified will use the defaults as included in the variables.tf file. |
| 49 | + |
| 50 | +## Deploy the Terraform template |
| 51 | + |
| 52 | +1. Fill in the required information for the variables listed in the example.tfvars file and rename the file to terraform.tfvars. |
| 53 | + |
| 54 | +2. If performing the deployment interactively, log in to Az CLI with a user that has sufficient permissions to deploy the resources. |
| 55 | + |
| 56 | +```bash |
| 57 | +az login |
| 58 | +``` |
| 59 | + |
| 60 | +3. Ensure the proper environmental variables are set for [AzApi](https://registry.terraform.io/providers/Azure/azapi/latest/docs) and [AzureRm](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs) providers. At a minimum, you must set the ARM_SUBSCRIPTION_ID environment variable to the subscription the resoruces will be deployed to. You can do this with the commands below: |
| 61 | + |
| 62 | +Linux/MacOS |
| 63 | +```bash |
| 64 | +export ARM_SUBSCRIPTION_ID="YOUR_SUBSCRIPTION_ID" |
| 65 | +terraform apply |
| 66 | +``` |
| 67 | + |
| 68 | +Windows |
| 69 | +```cmd |
| 70 | +set ARM_SUBSCRIPTION_ID="YOUR_SUBSCRIPTION_ID" |
| 71 | +terraform apply |
| 72 | +``` |
| 73 | + |
| 74 | +4. Initialize Terraform |
| 75 | + |
| 76 | +```bash |
| 77 | +terraform init |
| 78 | +``` |
| 79 | + |
| 80 | +5. Deploy the resources |
| 81 | +```bash |
| 82 | +terraform apply |
| 83 | +``` |
| 84 | + |
| 85 | +## Module Structure |
| 86 | + |
| 87 | +```text |
| 88 | +code/ |
| 89 | +├── data.tf # Creates data objects for active subscription being deployed to and deployment security context |
| 90 | +├── locals.tf # Creates local variables for project GUID |
| 91 | +├── main.tf # Main deployment file |
| 92 | +├── outputs.tf # Placeholder file for future outputs |
| 93 | +├── providers.tf # Terraform provider configuration |
| 94 | +├── example.tfvars # Sample tfvars file |
| 95 | +├── variables.tf # Terraform variables |
| 96 | +├── versions.tf # Configures minimum Terraform version and versions for providers |
| 97 | +``` |
| 98 | + |
| 99 | + |
| 100 | +## References |
| 101 | + |
| 102 | +- [Learn more about Azure AI Foundry architecture](https://learn.microsoft.com/en-us/azure/ai-foundry/concepts/architecture) |
| 103 | +- [Azure AI Foundry reference docs for Terraform](https://learn.microsoft.com/en-us/azure/ai-foundry/how-to/create-resource-terraform) |
0 commit comments