-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathai-hub.bicep
192 lines (181 loc) · 6.79 KB
/
ai-hub.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
import { roleAssignmentInfo } from '../security/managed-identity.bicep'
import { serverlessModelDeploymentInfo, serverlessModelDeploymentOutputInfo } from './ai-hub-model-serverless-endpoint.bicep'
import { connectionInfo } from 'ai-hub-connection.bicep'
import { diagnosticSettingsInfo } from '../management_governance/log-analytics-workspace.bicep'
@description('Name of the resource.')
param name string
@description('Location to deploy the resource. Defaults to the location of the resource group.')
param location string = resourceGroup().location
@description('Tags for the resource.')
param tags object = {}
@description('Friendly name for the AI Hub.')
param friendlyName string = name
@description('Description for the AI Hub.')
param descriptionInfo string = 'Azure AI Hub'
@description('Isolation mode for the AI Hub.')
@allowed([
'AllowInternetOutbound'
'AllowOnlyApprovedOutbound'
'Disabled'
])
param isolationMode string = 'Disabled'
@description('Whether to enable public network access. Defaults to Enabled.')
@allowed([
'Enabled'
'Disabled'
])
param publicNetworkAccess string = 'Enabled'
@description('Whether or not to use credentials for the system datastores of the workspace. Defaults to identity.')
@allowed([
'accessKey'
'identity'
])
param systemDatastoresAuthMode string = 'identity'
@description('ID for the Storage Account associated with the AI Hub.')
param storageAccountId string
@description('ID for the Key Vault associated with the AI Hub.')
param keyVaultId string
@description('ID for the Application Insights associated with the AI Hub.')
param applicationInsightsId string
@description('ID for the Container Registry associated with the AI Hub.')
param containerRegistryId string?
@description('ID for the Managed Identity associated with the AI Hub. Defaults to the system-assigned identity.')
param identityId string?
@description('Name for the AI Services resource to connect to.')
param aiServicesName string
@description('Serverless model deployments for the AI Hub.')
param serverlessModels serverlessModelDeploymentInfo[] = []
@description('Resource connections associated with the AI Hub.')
param connections connectionInfo[] = []
@description('Role assignments to create for the AI Hub instance.')
param roleAssignments roleAssignmentInfo[] = []
@description('Name of the Log Analytics Workspace to use for diagnostic settings.')
param logAnalyticsWorkspaceName string?
@description('Diagnostic settings to configure for the AI Hub instance. Defaults to all logs and metrics.')
param diagnosticSettings diagnosticSettingsInfo = {
logs: [
{
categoryGroup: 'allLogs'
enabled: true
}
]
metrics: [
{
category: 'AllMetrics'
enabled: true
}
]
}
resource aiServices 'Microsoft.CognitiveServices/accounts@2024-04-01-preview' existing = {
name: aiServicesName
}
resource aiHub 'Microsoft.MachineLearningServices/workspaces@2024-04-01-preview' = {
name: name
location: location
tags: tags
kind: 'Hub'
identity: {
type: identityId == null ? 'SystemAssigned' : 'UserAssigned'
userAssignedIdentities: identityId == null
? null
: {
'${identityId}': {}
}
}
sku: {
name: 'Basic'
tier: 'Basic'
}
properties: {
friendlyName: friendlyName
description: descriptionInfo
managedNetwork: {
isolationMode: isolationMode
}
publicNetworkAccess: publicNetworkAccess
storageAccount: storageAccountId
keyVault: keyVaultId
applicationInsights: applicationInsightsId
containerRegistry: containerRegistryId
systemDatastoresAuthMode: systemDatastoresAuthMode
primaryUserAssignedIdentity: identityId
}
resource aiServicesConnection 'connections@2024-04-01-preview' = {
name: '${aiServicesName}-connection'
properties: {
category: 'AIServices'
target: aiServices.properties.endpoint
authType: 'AAD'
isSharedToAll: true
metadata: {
ApiType: 'Azure'
ResourceId: aiServices.id
}
}
}
}
module aiHubConnections 'ai-hub-connection.bicep' = [
for connection in connections: {
name: connection.name
params: {
aiHubName: aiHub.name
connection: connection
}
}
]
module serverlessModelEndpoints 'ai-hub-model-serverless-endpoint.bicep' = [
for serverlessModel in serverlessModels: {
name: serverlessModel.name
params: {
name: serverlessModel.name
aiHubName: aiHub.name
model: serverlessModel.model
keyVaultConfig: serverlessModel.keyVaultConfig
}
}
]
resource assignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [
for roleAssignment in roleAssignments: {
name: guid(aiHub.id, roleAssignment.principalId, roleAssignment.roleDefinitionId)
scope: aiHub
properties: {
principalId: roleAssignment.principalId
roleDefinitionId: roleAssignment.roleDefinitionId
principalType: roleAssignment.principalType
}
}
]
resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2023-09-01' existing = if (logAnalyticsWorkspaceName != null) {
name: logAnalyticsWorkspaceName!
}
resource aiHubDiagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (logAnalyticsWorkspaceName != null) {
name: '${aiHub.name}-diagnostic-settings'
scope: aiHub
properties: {
workspaceId: logAnalyticsWorkspace.id
logs: diagnosticSettings!.logs
metrics: diagnosticSettings!.metrics
}
}
@description('The deployed AI Hub resource.')
output resource resource = aiHub
@description('ID for the deployed AI Hub resource.')
output id string = aiHub.id
@description('Name for the deployed AI Hub resource.')
output name string = aiHub.name
@description('Identity principal ID for the deployed AI Hub resource.')
output identityPrincipalId string? = identityId == null ? aiHub.identity.principalId : identityId
@description('AI Services connection name for the deployed AI Hub resource.')
output aiServicesConnectionName string = aiHub::aiServicesConnection.name
@description('OpenAI specific connection name for the deployed AI Hub resource.')
output openAIServicesConnectionName string = '${aiHub::aiServicesConnection.name}_aoai'
@description('Serverless model deployments for the AI Hub.')
output serverlessModelDeployments serverlessModelDeploymentOutputInfo[] = [
for (item, index) in serverlessModels: {
id: serverlessModelEndpoints[index].outputs.id
name: serverlessModelEndpoints[index].outputs.name
endpoint: serverlessModelEndpoints[index].outputs.endpoint
primaryKeySecretName: serverlessModelEndpoints[index].outputs.primaryKeySecretName
secondaryKeySecretName: serverlessModelEndpoints[index].outputs.secondaryKeySecretName
}
]