{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "10238730798091295870"
}
},
"parameters": {
"prefix": {
"type": "string",
"defaultValue": "[substring(uniqueString(resourceGroup().id), 0, 4)]",
"minLength": 4,
"maxLength": 10,
"metadata": {
"description": "Specifies the name prefix for all the Azure resources."
}
},
"suffix": {
"type": "string",
"defaultValue": "[substring(uniqueString(resourceGroup().id), 0, 4)]",
"minLength": 4,
"maxLength": 10,
"metadata": {
"description": "Specifies the name suffix or all the Azure resources."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location for all the Azure resources."
}
},
"hubName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the name Azure AI Hub workspace."
}
},
"hubFriendlyName": {
"type": "string",
"defaultValue": "Demo AI Hub",
"metadata": {
"description": "Specifies the friendly name of the Azure AI Hub workspace."
}
},
"hubDescription": {
"type": "string",
"defaultValue": "This is a demo hub for use in Azure AI Foundry.",
"metadata": {
"description": "Specifies the description for the Azure AI Hub workspace displayed in Azure AI Foundry."
}
},
"hubIsolationMode": {
"type": "string",
"defaultValue": "AllowInternetOutbound",
"allowedValues": [
"AllowInternetOutbound",
"AllowOnlyApprovedOutbound",
"Disabled"
],
"metadata": {
"description": "Specifies the Isolation mode for the managed network of the Azure AI Hub workspace."
}
},
"hubPublicNetworkAccess": {
"type": "string",
"defaultValue": "Disabled",
"allowedValues": [
"Disabled",
"Enabled"
],
"metadata": {
"description": "Specifies the public network access for the Azure AI Hub workspace."
}
},
"connectionAuthType": {
"type": "string",
"defaultValue": "AAD",
"allowedValues": [
"ApiKey",
"AAD",
"ManagedIdentity",
"None"
],
"metadata": {
"description": "Specifies the authentication method for the OpenAI Service connection."
}
},
"systemDatastoresAuthMode": {
"type": "string",
"defaultValue": "identity",
"allowedValues": [
"identity",
"accessKey"
],
"metadata": {
"description": "Determines whether or not to use credentials for the system datastores of the workspace workspaceblobstore and workspacefilestore. The default value is accessKey, in which case, the workspace will create the system datastores with credentials. If set to identity, the workspace will create the system datastores with no credentials."
}
},
"projectName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the name for the Azure AI Foundry Hub Project workspace."
}
},
"projectFriendlyName": {
"type": "string",
"defaultValue": "AI Foundry Hub Project",
"metadata": {
"description": "Specifies the friendly name for the Azure AI Foundry Hub Project workspace."
}
},
"projectPublicNetworkAccess": {
"type": "string",
"defaultValue": "Disabled",
"allowedValues": [
"Disabled",
"Enabled"
],
"metadata": {
"description": "Specifies the public network access for the Azure AI Project workspace."
}
},
"logAnalyticsName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the name of the Azure Log Analytics resource."
}
},
"logAnalyticsSku": {
"type": "string",
"defaultValue": "PerNode",
"allowedValues": [
"Free",
"Standalone",
"PerNode",
"PerGB2018"
],
"metadata": {
"description": "Specifies the service tier of the workspace: Free, Standalone, PerNode, Per-GB."
}
},
"logAnalyticsRetentionInDays": {
"type": "int",
"defaultValue": 60,
"metadata": {
"description": "Specifies the workspace data retention in days. -1 means Unlimited retention for the Unlimited Sku. 730 days is the maximum allowed for all other Skus."
}
},
"applicationInsightsName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the name of the Azure Application Insights resource."
}
},
"aiServicesName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the name of the Azure AI Services resource."
}
},
"aiServicesSku": {
"type": "object",
"defaultValue": {
"name": "S0"
},
"metadata": {
"description": "Specifies the resource model definition representing SKU."
}
},
"aiServicesIdentity": {
"type": "object",
"defaultValue": {
"type": "SystemAssigned"
},
"metadata": {
"description": "Specifies the identity of the Azure AI Services resource."
}
},
"aiServicesCustomSubDomainName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies an optional subdomain name used for token-based authentication."
}
},
"aiServicesDisableLocalAuth": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Specifies whether disable the local authentication via API key."
}
},
"aiServicesPublicNetworkAccess": {
"type": "string",
"defaultValue": "Enabled",
"allowedValues": [
"Enabled",
"Disabled"
],
"metadata": {
"description": "Specifies whether or not public endpoint access is allowed for this account.."
}
},
"openAiDeployments": {
"type": "array",
"defaultValue": [
{
"model": {
"name": "text-embedding-ada-002",
"version": "2"
},
"sku": {
"name": "Standard",
"capacity": 10
}
},
{
"model": {
"name": "gpt-4o",
"version": "2024-05-13"
},
"sku": {
"name": "Standard",
"capacity": 10
}
}
],
"metadata": {
"description": "Specifies the OpenAI deployments to create."
}
},
"keyVaultName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the name of the Azure Key Vault resource."
}
},
"keyVaultPublicNetworkAccess": {
"type": "string",
"defaultValue": "Disabled",
"allowedValues": [
"Disabled",
"Enabled"
],
"metadata": {
"description": "Specifies whether to allow public network access for Key Vault."
}
},
"keyVaultNetworkAclsDefaultAction": {
"type": "string",
"defaultValue": "Allow",
"allowedValues": [
"Allow",
"Deny"
],
"metadata": {
"description": "Specifies the default action of allow or deny when no other rules match for the Azure Key Vault resource. Allowed values: Allow or Deny"
}
},
"keyVaultEnabledForDeployment": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the Azure Key Vault resource is enabled for deployments."
}
},
"keyVaultEnabledForDiskEncryption": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the Azure Key Vault resource is enabled for disk encryption."
}
},
"keyVaultEnabledForTemplateDeployment": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the Azure Key Vault resource is enabled for template deployment."
}
},
"keyVaultEnableSoftDelete": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the soft delete is enabled for this Azure Key Vault resource."
}
},
"keyVaultEnablePurgeProtection": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether purge protection is enabled for this Azure Key Vault resource."
}
},
"keyVaultEnableRbacAuthorization": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether enable the RBAC authorization for the Azure Key Vault resource."
}
},
"keyVaultSoftDeleteRetentionInDays": {
"type": "int",
"defaultValue": 7,
"metadata": {
"description": "Specifies the soft delete retention in days."
}
},
"acrEnabled": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Specifies whether creating the Azure Container Registry."
}
},
"acrName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the name of the Azure Container Registry resource."
}
},
"acrAdminUserEnabled": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Enable admin user that have push / pull permission to the registry."
}
},
"acrPublicNetworkAccess": {
"type": "string",
"defaultValue": "Disabled",
"allowedValues": [
"Disabled",
"Enabled"
],
"metadata": {
"description": "Whether to allow public network access. Defaults to Enabled."
}
},
"acrSku": {
"type": "string",
"defaultValue": "Premium",
"allowedValues": [
"Basic",
"Standard",
"Premium"
],
"metadata": {
"description": "Tier of your Azure Container Registry."
}
},
"acrAnonymousPullEnabled": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Specifies whether or not registry-wide pull is enabled from unauthenticated clients."
}
},
"acrDataEndpointEnabled": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Specifies whether or not a single data endpoint is enabled per region for serving data."
}
},
"acrNetworkRuleSet": {
"type": "object",
"defaultValue": {
"defaultAction": "Deny"
},
"metadata": {
"description": "Specifies the network rule set for the container registry."
}
},
"acrNetworkRuleBypassOptions": {
"type": "string",
"defaultValue": "AzureServices",
"allowedValues": [
"AzureServices",
"None"
],
"metadata": {
"description": "Specifies ehether to allow trusted Azure services to access a network restricted registry."
}
},
"acrZoneRedundancy": {
"type": "string",
"defaultValue": "Disabled",
"allowedValues": [
"Disabled",
"Enabled"
],
"metadata": {
"description": "Specifies whether or not zone redundancy is enabled for this container registry."
}
},
"storageAccountName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the name of the Azure Azure Storage Account resource resource."
}
},
"storageAccountPublicNetworkAccess": {
"type": "string",
"defaultValue": "Disabled",
"allowedValues": [
"Disabled",
"Enabled"
],
"metadata": {
"description": "Specifies whether to allow public network access for the storage account."
}
},
"storageAccountAccessTier": {
"type": "string",
"defaultValue": "Hot",
"metadata": {
"description": "Specifies the access tier of the Azure Storage Account resource. The default value is Hot."
}
},
"storageAccountAllowBlobPublicAccess": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Specifies whether the Azure Storage Account resource allows public access to blobs. The default value is false."
}
},
"storageAccountAllowSharedKeyAccess": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Specifies whether the Azure Storage Account resource allows shared key access. The default value is true."
}
},
"storageAccountAllowCrossTenantReplication": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Specifies whether the Azure Storage Account resource allows cross-tenant replication. The default value is false."
}
},
"storageAccountMinimumTlsVersion": {
"type": "string",
"defaultValue": "TLS1_2",
"metadata": {
"description": "Specifies the minimum TLS version to be permitted on requests to the Azure Storage Account resource. The default value is TLS1_2."
}
},
"storageAccountANetworkAclsDefaultAction": {
"type": "string",
"defaultValue": "Allow",
"allowedValues": [
"Allow",
"Deny"
],
"metadata": {
"description": "The default action of allow or deny when no other rules match. Allowed values: Allow or Deny"
}
},
"storageAccountSupportsHttpsTrafficOnly": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the Azure Storage Account resource should only support HTTPS traffic."
}
},
"virtualNetworkResourceGroupName": {
"type": "string",
"defaultValue": "[resourceGroup().name]",
"metadata": {
"description": "Specifies the name of the resource group hosting the virtual network and private endpoints."
}
},
"virtualNetworkName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the name of the virtual network."
}
},
"virtualNetworkAddressPrefixes": {
"type": "string",
"defaultValue": "10.0.0.0/8",
"metadata": {
"description": "Specifies the address prefixes of the virtual network."
}
},
"vmSubnetName": {
"type": "string",
"defaultValue": "VmSubnet",
"metadata": {
"description": "Specifies the name of the subnet which contains the virtual machine."
}
},
"vmSubnetAddressPrefix": {
"type": "string",
"defaultValue": "10.3.1.0/24",
"metadata": {
"description": "Specifies the address prefix of the subnet which contains the virtual machine."
}
},
"vmSubnetNsgName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the name of the network security group associated to the subnet hosting the virtual machine."
}
},
"bastionSubnetAddressPrefix": {
"type": "string",
"defaultValue": "10.3.2.0/24",
"metadata": {
"description": "Specifies the Bastion subnet IP prefix. This prefix must be within virtual network IP prefix address space."
}
},
"bastionSubnetNsgName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the name of the network security group associated to the subnet hosting Azure Bastion."
}
},
"bastionHostEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether Azure Bastion should be created."
}
},
"bastionHostName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the name of the Azure Bastion resource."
}
},
"bastionHostDisableCopyPaste": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Enable/Disable Copy/Paste feature of the Bastion Host resource."
}
},
"bastionHostEnableFileCopy": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Enable/Disable File Copy feature of the Bastion Host resource."
}
},
"bastionHostEnableIpConnect": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Enable/Disable IP Connect feature of the Bastion Host resource."
}
},
"bastionHostEnableShareableLink": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Enable/Disable Shareable Link of the Bastion Host resource."
}
},
"bastionHostEnableTunneling": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Enable/Disable Tunneling feature of the Bastion Host resource."
}
},
"bastionPublicIpAddressName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the name of the Azure Public IP Address used by the Azure Bastion Host."
}
},
"bastionHostSkuName": {
"type": "string",
"defaultValue": "Standard",
"metadata": {
"description": "Specifies the name of the Azure Bastion Host SKU."
}
},
"natGatewayName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the name of the Azure NAT Gateway."
}
},
"natGatewayZones": {
"type": "array",
"defaultValue": [],
"metadata": {
"description": "Specifies a list of availability zones denoting the zone in which Nat Gateway should be deployed."
}
},
"natGatewayPublicIps": {
"type": "int",
"defaultValue": 1,
"metadata": {
"description": "Specifies the number of Public IPs to create for the Azure NAT Gateway."
}
},
"natGatewayIdleTimeoutMins": {
"type": "int",
"defaultValue": 30,
"metadata": {
"description": "Specifies the idle timeout in minutes for the Azure NAT Gateway."
}
},
"blobStorageAccountPrivateEndpointName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the name of the private endpoint to the blob storage account."
}
},
"fileStorageAccountPrivateEndpointName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the name of the private endpoint to the file storage account."
}
},
"keyVaultPrivateEndpointName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the name of the private endpoint to the Key Vault."
}
},
"acrPrivateEndpointName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the name of the private endpoint to the Azure Container Registry."
}
},
"hubWorkspacePrivateEndpointName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the name of the private endpoint to the Azure Hub Workspace."
}
},
"aiServicesPrivateEndpointName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the name of the private endpoint to the Azure AI Services."
}
},
"vmName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the name of the virtual machine."
}
},
"vmSize": {
"type": "string",
"defaultValue": "Standard_D2ds_v4",
"metadata": {
"description": "Specifies the size of the virtual machine."
}
},
"imagePublisher": {
"type": "string",
"defaultValue": "MicrosoftWindowsDesktop",
"metadata": {
"description": "Specifies the image publisher of the disk image used to create the virtual machine."
}
},
"imageOffer": {
"type": "string",
"defaultValue": "Windows-11",
"metadata": {
"description": "Specifies the offer of the platform image or marketplace image used to create the virtual machine."
}
},
"imageSku": {
"type": "string",
"defaultValue": "win11-23h2-ent",
"metadata": {
"description": "Specifies the image version for the virtual machine."
}
},
"authenticationType": {
"type": "string",
"defaultValue": "password",
"allowedValues": [
"sshPublicKey",
"password"
],
"metadata": {
"description": "Specifies the type of authentication when accessing the Virtual Machine. SSH key is recommended."
}
},
"vmAdminUsername": {
"type": "string",
"metadata": {
"description": "Specifies the name of the administrator account of the virtual machine."
}
},
"vmAdminPasswordOrKey": {
"type": "securestring",
"metadata": {
"description": "Specifies the SSH Key or password for the virtual machine. SSH key is recommended."
}
},
"diskStorageAccountType": {
"type": "string",
"defaultValue": "Premium_LRS",
"allowedValues": [
"Premium_LRS",
"StandardSSD_LRS",
"Standard_LRS",
"UltraSSD_LRS"
],
"metadata": {
"description": "Specifies the storage account type for OS and data disk."
}
},
"numDataDisks": {
"type": "int",
"defaultValue": 1,
"minValue": 0,
"maxValue": 64,
"metadata": {
"description": "Specifies the number of data disks of the virtual machine."
}
},
"osDiskSize": {
"type": "int",
"defaultValue": 128,
"metadata": {
"description": "Specifies the size in GB of the OS disk of the VM."
}
},
"dataDiskSize": {
"type": "int",
"defaultValue": 50,
"metadata": {
"description": "Specifies the size in GB of the OS disk of the virtual machine."
}
},
"dataDiskCaching": {
"type": "string",
"defaultValue": "ReadWrite",
"metadata": {
"description": "Specifies the caching requirements for the data disks."
}
},
"enableMicrosoftEntraIdAuth": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether enabling Microsoft Entra ID authentication on the virtual machine."
}
},
"enableAcceleratedNetworking": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether enabling accelerated networking on the virtual machine."
}
},
"tags": {
"type": "object",
"defaultValue": {},
"metadata": {
"description": "Specifies the resource tags for all the resoources."
}
},
"userObjectId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the object id of a Microsoft Entra ID user. In general, this the object id of the system administrator who deploys the Azure resources."
}
}
},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "workspace",
"properties": {
"expressionEvaluationOptions": {
"scope": "inner"
},
"mode": "Incremental",
"parameters": {
"name": "[if(empty(parameters('logAnalyticsName')), createObject('value', toLower(format('{0}-log-analytics-{1}', parameters('prefix'), parameters('suffix')))), createObject('value', parameters('logAnalyticsName')))]",
"location": {
"value": "[parameters('location')]"
},
"tags": {
"value": "[parameters('tags')]"
},
"sku": {
"value": "[parameters('logAnalyticsSku')]"
},
"retentionInDays": {
"value": "[parameters('logAnalyticsRetentionInDays')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "15011575035651084123"
}
},
"parameters": {
"name": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Log Analytics workspace."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location."
}
},
"sku": {
"type": "string",
"defaultValue": "PerNode",
"allowedValues": [
"Free",
"Standalone",
"PerNode",
"PerGB2018"
],
"metadata": {
"description": "Specifies the service tier of the workspace: Free, Standalone, PerNode, Per-GB."
}
},
"retentionInDays": {
"type": "int",
"defaultValue": 60,
"metadata": {
"description": "Specifies the workspace data retention in days. -1 means Unlimited retention for the Unlimited Sku. 730 days is the maximum allowed for all other Skus."
}
},
"tags": {
"type": "object",
"metadata": {
"description": "Specifies the resource tags."
}
}
},
"resources": [
{
"type": "Microsoft.OperationalInsights/workspaces",
"apiVersion": "2021-12-01-preview",
"name": "[parameters('name')]",
"tags": "[parameters('tags')]",
"location": "[parameters('location')]",
"properties": {
"sku": {
"name": "[parameters('sku')]"
},
"retentionInDays": "[parameters('retentionInDays')]"
}
}
],
"outputs": {
"id": {
"type": "string",
"value": "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('name'))]"
},
"name": {
"type": "string",
"value": "[parameters('name')]"
},
"customerId": {
"type": "string",
"value": "[reference(resourceId('Microsoft.OperationalInsights/workspaces', parameters('name')), '2021-12-01-preview').customerId]"
}
}
}
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "applicationInsights",
"properties": {
"expressionEvaluationOptions": {
"scope": "inner"
},
"mode": "Incremental",
"parameters": {
"name": "[if(empty(parameters('applicationInsightsName')), createObject('value', toLower(format('{0}-app-insights-{1}', parameters('prefix'), parameters('suffix')))), createObject('value', parameters('applicationInsightsName')))]",
"location": {
"value": "[parameters('location')]"
},
"tags": {
"value": "[parameters('tags')]"
},
"workspaceId": {
"value": "[reference(resourceId('Microsoft.Resources/deployments', 'workspace'), '2022-09-01').outputs.id.value]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "2449936469884480574"
}
},
"parameters": {
"name": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Azure Application Insights."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location."
}
},
"workspaceId": {
"type": "string",
"metadata": {
"description": "Specifies the Azure Log Analytics workspace ID."
}
},
"tags": {
"type": "object",
"metadata": {
"description": "Specifies the resource tags."
}
}
},
"resources": [
{
"type": "Microsoft.Insights/components",
"apiVersion": "2020-02-02",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"tags": "[parameters('tags')]",
"kind": "web",
"properties": {
"Application_Type": "web",
"DisableIpMasking": false,
"DisableLocalAuth": false,
"Flow_Type": "Bluefield",
"ForceCustomerStorageForProfiler": false,
"ImmediatePurgeDataOn30Days": true,
"WorkspaceResourceId": "[parameters('workspaceId')]",
"IngestionMode": "LogAnalytics",
"publicNetworkAccessForIngestion": "Enabled",
"publicNetworkAccessForQuery": "Disabled",
"Request_Source": "rest"
}
}
],
"outputs": {
"id": {
"type": "string",
"value": "[resourceId('Microsoft.Insights/components', parameters('name'))]"
},
"name": {
"type": "string",
"value": "[parameters('name')]"
}
}
}
},
"dependsOn": [
"[resourceId('Microsoft.Resources/deployments', 'workspace')]"
]
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "keyVault",
"properties": {
"expressionEvaluationOptions": {
"scope": "inner"
},
"mode": "Incremental",
"parameters": {
"name": "[if(empty(parameters('keyVaultName')), createObject('value', format('{0}-key-vault-{1}', parameters('prefix'), parameters('suffix'))), createObject('value', parameters('keyVaultName')))]",
"location": {
"value": "[parameters('location')]"
},
"tags": {
"value": "[parameters('tags')]"
},
"publicNetworkAccess": {
"value": "[parameters('keyVaultPublicNetworkAccess')]"
},
"networkAclsDefaultAction": {
"value": "[parameters('keyVaultNetworkAclsDefaultAction')]"
},
"enabledForDeployment": {
"value": "[parameters('keyVaultEnabledForDeployment')]"
},
"enabledForDiskEncryption": {
"value": "[parameters('keyVaultEnabledForDiskEncryption')]"
},
"enabledForTemplateDeployment": {
"value": "[parameters('keyVaultEnabledForTemplateDeployment')]"
},
"enablePurgeProtection": {
"value": "[parameters('keyVaultEnablePurgeProtection')]"
},
"enableRbacAuthorization": {
"value": "[parameters('keyVaultEnableRbacAuthorization')]"
},
"enableSoftDelete": {
"value": "[parameters('keyVaultEnableSoftDelete')]"
},
"softDeleteRetentionInDays": {
"value": "[parameters('keyVaultSoftDeleteRetentionInDays')]"
},
"workspaceId": {
"value": "[reference(resourceId('Microsoft.Resources/deployments', 'workspace'), '2022-09-01').outputs.id.value]"
},
"userObjectId": {
"value": "[parameters('userObjectId')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "3295916758709040861"
}
},
"parameters": {
"name": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Key Vault resource."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location."
}
},
"skuName": {
"type": "string",
"defaultValue": "standard",
"allowedValues": [
"premium",
"standard"
],
"metadata": {
"description": "Specifies the sku name of the Key Vault resource."
}
},
"tenantId": {
"type": "string",
"defaultValue": "[subscription().tenantId]",
"metadata": {
"description": "Specifies the Azure Active Directory tenant ID that should be used for authenticating requests to the key vault."
}
},
"publicNetworkAccess": {
"type": "string",
"defaultValue": "Disabled",
"allowedValues": [
"Disabled",
"Enabled"
],
"metadata": {
"description": "Specifies whether to allow public network access for Key Vault."
}
},
"networkAclsDefaultAction": {
"type": "string",
"defaultValue": "Deny",
"allowedValues": [
"Allow",
"Deny"
],
"metadata": {
"description": "The default action of allow or deny when no other rules match. Allowed values: Allow or Deny"
}
},
"enabledForDeployment": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the Azure Key Vault resource is enabled for deployments."
}
},
"enabledForDiskEncryption": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the Azure Key Vault resource is enabled for disk encryption."
}
},
"enabledForTemplateDeployment": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the Azure Key Vault resource is enabled for template deployment."
}
},
"enablePurgeProtection": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether purge protection is enabled for this Azure Key Vault resource."
}
},
"enableRbacAuthorization": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether enable the RBAC authorization for the Azure Key Vault resource."
}
},
"enableSoftDelete": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the soft deelete is enabled for this Azure Key Vault resource."
}
},
"softDeleteRetentionInDays": {
"type": "int",
"defaultValue": 7,
"metadata": {
"description": "Specifies the soft delete retention in days."
}
},
"workspaceId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the Log Analytics workspace."
}
},
"userObjectId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the object id of a Miccrosoft Entra ID user. In general, this the object id of the system administrator who deploys the Azure resources."
}
},
"tags": {
"type": "object",
"metadata": {
"description": "Specifies the resource tags."
}
}
},
"variables": {
"copy": [
{
"name": "logs",
"count": "[length(variables('logCategories'))]",
"input": {
"category": "[variables('logCategories')[copyIndex('logs')]]",
"enabled": true,
"retentionPolicy": {
"enabled": true,
"days": 0
}
}
},
{
"name": "metrics",
"count": "[length(variables('metricCategories'))]",
"input": {
"category": "[variables('metricCategories')[copyIndex('metrics')]]",
"enabled": true,
"retentionPolicy": {
"enabled": true,
"days": 0
}
}
}
],
"diagnosticSettingsName": "diagnosticSettings",
"logCategories": [
"AuditEvent",
"AzurePolicyEvaluationDetails"
],
"metricCategories": [
"AllMetrics"
]
},
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "2023-07-01",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"tags": "[parameters('tags')]",
"properties": {
"createMode": "default",
"sku": {
"family": "A",
"name": "[parameters('skuName')]"
},
"tenantId": "[parameters('tenantId')]",
"networkAcls": {
"bypass": "AzureServices",
"defaultAction": "[parameters('networkAclsDefaultAction')]"
},
"enabledForDeployment": "[parameters('enabledForDeployment')]",
"enabledForDiskEncryption": "[parameters('enabledForDiskEncryption')]",
"enabledForTemplateDeployment": "[parameters('enabledForTemplateDeployment')]",
"enablePurgeProtection": "[if(parameters('enablePurgeProtection'), parameters('enablePurgeProtection'), null())]",
"enableRbacAuthorization": "[parameters('enableRbacAuthorization')]",
"enableSoftDelete": "[parameters('enableSoftDelete')]",
"softDeleteRetentionInDays": "[parameters('softDeleteRetentionInDays')]",
"publicNetworkAccess": "[parameters('publicNetworkAccess')]"
}
},
{
"condition": "[not(empty(parameters('userObjectId')))]",
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "2022-04-01",
"scope": "[format('Microsoft.KeyVault/vaults/{0}', parameters('name'))]",
"name": "[guid(resourceId('Microsoft.KeyVault/vaults', parameters('name')), subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483'), parameters('userObjectId'))]",
"properties": {
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483')]",
"principalType": "User",
"principalId": "[parameters('userObjectId')]"
},
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', parameters('name'))]"
]
},
{
"type": "Microsoft.Insights/diagnosticSettings",
"apiVersion": "2021-05-01-preview",
"scope": "[format('Microsoft.KeyVault/vaults/{0}', parameters('name'))]",
"name": "[variables('diagnosticSettingsName')]",
"properties": {
"workspaceId": "[parameters('workspaceId')]",
"logs": "[variables('logs')]",
"metrics": "[variables('metrics')]"
},
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', parameters('name'))]"
]
}
],
"outputs": {
"id": {
"type": "string",
"value": "[resourceId('Microsoft.KeyVault/vaults', parameters('name'))]"
},
"name": {
"type": "string",
"value": "[parameters('name')]"
}
}
}
},
"dependsOn": [
"[resourceId('Microsoft.Resources/deployments', 'workspace')]"
]
},
{
"condition": "[parameters('acrEnabled')]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "containerRegistry",
"properties": {
"expressionEvaluationOptions": {
"scope": "inner"
},
"mode": "Incremental",
"parameters": {
"name": "[if(empty(parameters('acrName')), createObject('value', toLower(format('{0}acr{1}', parameters('prefix'), parameters('suffix')))), createObject('value', parameters('acrName')))]",
"location": {
"value": "[parameters('location')]"
},
"tags": {
"value": "[parameters('tags')]"
},
"sku": {
"value": "[parameters('acrSku')]"
},
"adminUserEnabled": {
"value": "[parameters('acrAdminUserEnabled')]"
},
"anonymousPullEnabled": {
"value": "[parameters('acrAnonymousPullEnabled')]"
},
"dataEndpointEnabled": {
"value": "[parameters('acrDataEndpointEnabled')]"
},
"networkRuleBypassOptions": {
"value": "[parameters('acrNetworkRuleBypassOptions')]"
},
"networkRuleSet": {
"value": "[parameters('acrNetworkRuleSet')]"
},
"publicNetworkAccess": {
"value": "[parameters('acrPublicNetworkAccess')]"
},
"zoneRedundancy": {
"value": "[parameters('acrZoneRedundancy')]"
},
"workspaceId": {
"value": "[reference(resourceId('Microsoft.Resources/deployments', 'workspace'), '2022-09-01').outputs.id.value]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "17789558764629441746"
}
},
"parameters": {
"name": {
"type": "string",
"defaultValue": "[format('acr{0}', uniqueString(resourceGroup().id))]",
"minLength": 5,
"maxLength": 50,
"metadata": {
"description": "Name of your Azure Container Registry"
}
},
"adminUserEnabled": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Enable admin user that have push / pull permission to the registry."
}
},
"publicNetworkAccess": {
"type": "string",
"defaultValue": "Disabled",
"allowedValues": [
"Disabled",
"Enabled"
],
"metadata": {
"description": "Specifies whether to allow public network access for the container registry."
}
},
"sku": {
"type": "string",
"defaultValue": "Premium",
"allowedValues": [
"Basic",
"Standard",
"Premium"
],
"metadata": {
"description": "Tier of your Azure Container Registry."
}
},
"anonymousPullEnabled": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Specifies whether or not registry-wide pull is enabled from unauthenticated clients."
}
},
"dataEndpointEnabled": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Specifies whether or not a single data endpoint is enabled per region for serving data."
}
},
"networkRuleSet": {
"type": "object",
"defaultValue": {
"defaultAction": "Deny"
},
"metadata": {
"description": "Specifies the network rule set for the container registry."
}
},
"networkRuleBypassOptions": {
"type": "string",
"defaultValue": "AzureServices",
"allowedValues": [
"AzureServices",
"None"
],
"metadata": {
"description": "Specifies ehether to allow trusted Azure services to access a network restricted registry."
}
},
"zoneRedundancy": {
"type": "string",
"defaultValue": "Disabled",
"allowedValues": [
"Disabled",
"Enabled"
],
"metadata": {
"description": "Specifies whether or not zone redundancy is enabled for this container registry."
}
},
"workspaceId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the Log Analytics workspace."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location."
}
},
"tags": {
"type": "object",
"metadata": {
"description": "Specifies the resource tags."
}
}
},
"variables": {
"copy": [
{
"name": "logs",
"count": "[length(variables('logCategories'))]",
"input": {
"category": "[variables('logCategories')[copyIndex('logs')]]",
"enabled": true,
"retentionPolicy": {
"enabled": true,
"days": 0
}
}
},
{
"name": "metrics",
"count": "[length(variables('metricCategories'))]",
"input": {
"category": "[variables('metricCategories')[copyIndex('metrics')]]",
"enabled": true,
"retentionPolicy": {
"enabled": true,
"days": 0
}
}
}
],
"diagnosticSettingsName": "diagnosticSettings",
"logCategories": [
"ContainerRegistryRepositoryEvents",
"ContainerRegistryLoginEvents"
],
"metricCategories": [
"AllMetrics"
]
},
"resources": [
{
"type": "Microsoft.ContainerRegistry/registries",
"apiVersion": "2023-01-01-preview",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"tags": "[parameters('tags')]",
"sku": {
"name": "[parameters('sku')]"
},
"properties": {
"adminUserEnabled": "[parameters('adminUserEnabled')]",
"anonymousPullEnabled": "[parameters('anonymousPullEnabled')]",
"dataEndpointEnabled": "[parameters('dataEndpointEnabled')]",
"networkRuleBypassOptions": "[parameters('networkRuleBypassOptions')]",
"networkRuleSet": "[parameters('networkRuleSet')]",
"policies": {
"quarantinePolicy": {
"status": "disabled"
},
"retentionPolicy": {
"status": "enabled",
"days": 7
},
"trustPolicy": {
"status": "enabled",
"type": "Notary"
}
},
"publicNetworkAccess": "[parameters('publicNetworkAccess')]",
"zoneRedundancy": "[parameters('zoneRedundancy')]"
}
},
{
"type": "Microsoft.Insights/diagnosticSettings",
"apiVersion": "2021-05-01-preview",
"scope": "[format('Microsoft.ContainerRegistry/registries/{0}', parameters('name'))]",
"name": "[variables('diagnosticSettingsName')]",
"properties": {
"workspaceId": "[parameters('workspaceId')]",
"logs": "[variables('logs')]",
"metrics": "[variables('metrics')]"
},
"dependsOn": [
"[resourceId('Microsoft.ContainerRegistry/registries', parameters('name'))]"
]
}
],
"outputs": {
"id": {
"type": "string",
"value": "[resourceId('Microsoft.ContainerRegistry/registries', parameters('name'))]"
},
"name": {
"type": "string",
"value": "[parameters('name')]"
},
"sku": {
"type": "string",
"value": "[reference(resourceId('Microsoft.ContainerRegistry/registries', parameters('name')), '2023-01-01-preview', 'full').sku.name]"
}
}
}
},
"dependsOn": [
"[resourceId('Microsoft.Resources/deployments', 'workspace')]"
]
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "storageAccount",
"properties": {
"expressionEvaluationOptions": {
"scope": "inner"
},
"mode": "Incremental",
"parameters": {
"name": "[if(empty(parameters('storageAccountName')), createObject('value', toLower(format('{0}datastore{1}', parameters('prefix'), parameters('suffix')))), createObject('value', parameters('storageAccountName')))]",
"location": {
"value": "[parameters('location')]"
},
"tags": {
"value": "[parameters('tags')]"
},
"publicNetworkAccess": {
"value": "[parameters('storageAccountPublicNetworkAccess')]"
},
"accessTier": {
"value": "[parameters('storageAccountAccessTier')]"
},
"allowBlobPublicAccess": {
"value": "[parameters('storageAccountAllowBlobPublicAccess')]"
},
"allowSharedKeyAccess": {
"value": "[parameters('storageAccountAllowSharedKeyAccess')]"
},
"allowCrossTenantReplication": {
"value": "[parameters('storageAccountAllowCrossTenantReplication')]"
},
"minimumTlsVersion": {
"value": "[parameters('storageAccountMinimumTlsVersion')]"
},
"networkAclsDefaultAction": {
"value": "[parameters('storageAccountANetworkAclsDefaultAction')]"
},
"supportsHttpsTrafficOnly": {
"value": "[parameters('storageAccountSupportsHttpsTrafficOnly')]"
},
"workspaceId": {
"value": "[reference(resourceId('Microsoft.Resources/deployments', 'workspace'), '2022-09-01').outputs.id.value]"
},
"userObjectId": {
"value": "[parameters('userObjectId')]"
},
"aiServicesPrincipalId": {
"value": "[reference(resourceId('Microsoft.Resources/deployments', 'aiServices'), '2022-09-01').outputs.principalId.value]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "3084934495017073591"
}
},
"parameters": {
"name": {
"type": "string",
"metadata": {
"description": "Specifies the globally unique name for the storage account used to store the blob logs of the virtual machine."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location."
}
},
"publicNetworkAccess": {
"type": "string",
"defaultValue": "Disabled",
"allowedValues": [
"Disabled",
"Enabled"
],
"metadata": {
"description": "Specifies whether to allow public network access for the storage account."
}
},
"workspaceId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the Log Analytics workspace."
}
},
"skuName": {
"type": "string",
"defaultValue": "Standard_LRS",
"allowedValues": [
"Standard_LRS",
"Standard_ZRS",
"Standard_GRS",
"Standard_GZRS",
"Standard_RAGRS",
"Standard_RAGZRS",
"Premium_LRS",
"Premium_ZRS"
],
"metadata": {
"description": "Specifies the the storage SKU."
}
},
"accessTier": {
"type": "string",
"defaultValue": "Hot",
"metadata": {
"description": "Specifies the access tier of the storage account. The default value is Hot."
}
},
"allowBlobPublicAccess": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Specifies whether the storage account allows public access to blobs. The default value is false."
}
},
"allowSharedKeyAccess": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Specifies whether the storage account allows shared key access. The default value is false."
}
},
"allowCrossTenantReplication": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Specifies whether the storage account allows cross-tenant replication. The default value is false."
}
},
"minimumTlsVersion": {
"type": "string",
"defaultValue": "TLS1_2",
"metadata": {
"description": "Specifies the minimum TLS version to be permitted on requests to storage. The default value is TLS1_2."
}
},
"networkAclsDefaultAction": {
"type": "string",
"defaultValue": "Deny",
"allowedValues": [
"Allow",
"Deny"
],
"metadata": {
"description": "The default action of allow or deny when no other rules match. Allowed values: Allow or Deny"
}
},
"isHnsEnabled": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Specifies whether Hierarchical Namespace is enabled."
}
},
"isNfsV3Enabled": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Specifies whether NFSv3 is enabled."
}
},
"keyExpirationPeriodInDays": {
"type": "int",
"defaultValue": 7,
"metadata": {
"description": "Specifies the key expiration period in days."
}
},
"supportsHttpsTrafficOnly": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether the storage account should only support HTTPS traffic."
}
},
"largeFileSharesState": {
"type": "string",
"defaultValue": "Disabled",
"allowedValues": [
"Disabled",
"Enabled"
],
"metadata": {
"description": "Specifies whether large file shares are enabled. The default value is Disabled."
}
},
"userObjectId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the object id of a Miccrosoft Entra ID user. In general, this the object id of the system administrator who deploys the Azure resources."
}
},
"aiServicesPrincipalId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the principal id of the Azure AI Services resource."
}
},
"tags": {
"type": "object",
"metadata": {
"description": "Specifies the resource tags."
}
},
"createContainers": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Specifies whether to create containers."
}
},
"containerNames": {
"type": "array",
"defaultValue": [],
"metadata": {
"description": "Specifies an array of containers to create."
}
}
},
"variables": {
"copy": [
{
"name": "logs",
"count": "[length(variables('logCategories'))]",
"input": {
"category": "[variables('logCategories')[copyIndex('logs')]]",
"enabled": true,
"retentionPolicy": {
"enabled": true,
"days": 0
}
}
},
{
"name": "metrics",
"count": "[length(variables('metricCategories'))]",
"input": {
"category": "[variables('metricCategories')[copyIndex('metrics')]]",
"enabled": true,
"retentionPolicy": {
"enabled": true,
"days": 0
}
}
}
],
"diagnosticSettingsName": "diagnosticSettings",
"logCategories": [
"StorageRead",
"StorageWrite",
"StorageDelete"
],
"metricCategories": [
"Transaction"
]
},
"resources": [
{
"copy": {
"name": "containers",
"count": "[length(parameters('containerNames'))]"
},
"condition": "[parameters('createContainers')]",
"type": "Microsoft.Storage/storageAccounts/blobServices/containers",
"apiVersion": "2023-01-01",
"name": "[format('{0}/{1}/{2}', parameters('name'), 'default', parameters('containerNames')[copyIndex()])]",
"properties": {
"publicAccess": "None"
},
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/blobServices', parameters('name'), 'default')]"
]
},
{
"type": "Microsoft.Storage/storageAccounts/blobServices",
"apiVersion": "2023-01-01",
"name": "[format('{0}/{1}', parameters('name'), 'default')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', parameters('name'))]"
]
},
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2023-01-01",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"tags": "[parameters('tags')]",
"sku": {
"name": "[parameters('skuName')]"
},
"kind": "StorageV2",
"properties": {
"publicNetworkAccess": "[parameters('publicNetworkAccess')]",
"accessTier": "[parameters('accessTier')]",
"allowBlobPublicAccess": "[parameters('allowBlobPublicAccess')]",
"allowCrossTenantReplication": "[parameters('allowCrossTenantReplication')]",
"allowSharedKeyAccess": "[parameters('allowSharedKeyAccess')]",
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": false,
"services": {
"blob": {
"enabled": true,
"keyType": "Account"
},
"file": {
"enabled": true,
"keyType": "Account"
},
"queue": {
"enabled": true,
"keyType": "Service"
},
"table": {
"enabled": true,
"keyType": "Service"
}
}
},
"isHnsEnabled": "[parameters('isHnsEnabled')]",
"isNfsV3Enabled": "[parameters('isNfsV3Enabled')]",
"keyPolicy": {
"keyExpirationPeriodInDays": "[parameters('keyExpirationPeriodInDays')]"
},
"largeFileSharesState": "[parameters('largeFileSharesState')]",
"minimumTlsVersion": "[parameters('minimumTlsVersion')]",
"networkAcls": {
"bypass": "AzureServices",
"defaultAction": "[parameters('networkAclsDefaultAction')]"
},
"supportsHttpsTrafficOnly": "[parameters('supportsHttpsTrafficOnly')]"
}
},
{
"condition": "[not(empty(parameters('userObjectId')))]",
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "2022-04-01",
"scope": "[format('Microsoft.Storage/storageAccounts/{0}', parameters('name'))]",
"name": "[guid(resourceId('Microsoft.Storage/storageAccounts', parameters('name')), subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab'), parameters('userObjectId'))]",
"properties": {
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab')]",
"principalType": "User",
"principalId": "[parameters('userObjectId')]"
},
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', parameters('name'))]"
]
},
{
"condition": "[not(empty(parameters('userObjectId')))]",
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "2022-04-01",
"scope": "[format('Microsoft.Storage/storageAccounts/{0}', parameters('name'))]",
"name": "[guid(resourceId('Microsoft.Storage/storageAccounts', parameters('name')), subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'), parameters('userObjectId'))]",
"properties": {
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')]",
"principalType": "User",
"principalId": "[parameters('userObjectId')]"
},
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', parameters('name'))]"
]
},
{
"condition": "[not(empty(parameters('userObjectId')))]",
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "2022-04-01",
"scope": "[format('Microsoft.Storage/storageAccounts/{0}', parameters('name'))]",
"name": "[guid(resourceId('Microsoft.Storage/storageAccounts', parameters('name')), subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '69566ab7-960f-475b-8e7c-b3118f30c6bd'), parameters('userObjectId'))]",
"properties": {
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '69566ab7-960f-475b-8e7c-b3118f30c6bd')]",
"principalType": "User",
"principalId": "[parameters('userObjectId')]"
},
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', parameters('name'))]"
]
},
{
"condition": "[not(empty(parameters('userObjectId')))]",
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "2022-04-01",
"scope": "[format('Microsoft.Storage/storageAccounts/{0}', parameters('name'))]",
"name": "[guid(resourceId('Microsoft.Storage/storageAccounts', parameters('name')), subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3'), parameters('userObjectId'))]",
"properties": {
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3')]",
"principalType": "User",
"principalId": "[parameters('userObjectId')]"
},
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', parameters('name'))]"
]
},
{
"condition": "[not(empty(parameters('aiServicesPrincipalId')))]",
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "2022-04-01",
"scope": "[format('Microsoft.Storage/storageAccounts/{0}', parameters('name'))]",
"name": "[guid(resourceId('Microsoft.Storage/storageAccounts', parameters('name')), subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'), parameters('aiServicesPrincipalId'))]",
"properties": {
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')]",
"principalType": "ServicePrincipal",
"principalId": "[parameters('aiServicesPrincipalId')]"
},
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', parameters('name'))]"
]
},
{
"type": "Microsoft.Insights/diagnosticSettings",
"apiVersion": "2021-05-01-preview",
"scope": "[format('Microsoft.Storage/storageAccounts/{0}/blobServices/{1}', parameters('name'), 'default')]",
"name": "[variables('diagnosticSettingsName')]",
"properties": {
"workspaceId": "[parameters('workspaceId')]",
"logs": "[variables('logs')]",
"metrics": "[variables('metrics')]"
},
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/blobServices', parameters('name'), 'default')]"
]
}
],
"outputs": {
"id": {
"type": "string",
"value": "[resourceId('Microsoft.Storage/storageAccounts', parameters('name'))]"
},
"name": {
"type": "string",
"value": "[parameters('name')]"
}
}
}
},
"dependsOn": [
"[resourceId('Microsoft.Resources/deployments', 'aiServices')]",
"[resourceId('Microsoft.Resources/deployments', 'workspace')]"
]
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "aiServices",
"properties": {
"expressionEvaluationOptions": {
"scope": "inner"
},
"mode": "Incremental",
"parameters": {
"name": "[if(empty(parameters('aiServicesName')), createObject('value', toLower(format('{0}-ai-services-{1}', parameters('prefix'), parameters('suffix')))), createObject('value', parameters('aiServicesName')))]",
"location": {
"value": "[parameters('location')]"
},
"tags": {
"value": "[parameters('tags')]"
},
"sku": {
"value": "[parameters('aiServicesSku')]"
},
"identity": {
"value": "[parameters('aiServicesIdentity')]"
},
"customSubDomainName": "[if(empty(parameters('aiServicesCustomSubDomainName')), createObject('value', toLower(format('{0}-ai-services-{1}', parameters('prefix'), parameters('suffix')))), createObject('value', parameters('aiServicesCustomSubDomainName')))]",
"disableLocalAuth": {
"value": "[parameters('aiServicesDisableLocalAuth')]"
},
"publicNetworkAccess": {
"value": "[parameters('aiServicesPublicNetworkAccess')]"
},
"deployments": {
"value": "[parameters('openAiDeployments')]"
},
"workspaceId": {
"value": "[reference(resourceId('Microsoft.Resources/deployments', 'workspace'), '2022-09-01').outputs.id.value]"
},
"userObjectId": {
"value": "[parameters('userObjectId')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "10455543948683405160"
}
},
"parameters": {
"name": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Azure AI Services account."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location."
}
},
"sku": {
"type": "object",
"defaultValue": {
"name": "S0"
},
"metadata": {
"description": "Specifies the resource model definition representing SKU."
}
},
"identity": {
"type": "object",
"defaultValue": {
"type": "SystemAssigned"
},
"metadata": {
"description": "Specifies the identity of the aiServices resource."
}
},
"tags": {
"type": "object",
"metadata": {
"description": "Specifies the resource tags."
}
},
"customSubDomainName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies an optional subdomain name used for token-based authentication."
}
},
"disableLocalAuth": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether disable the local authentication via API key."
}
},
"publicNetworkAccess": {
"type": "string",
"defaultValue": "Enabled",
"allowedValues": [
"Enabled",
"Disabled"
],
"metadata": {
"description": "Specifies whether or not public endpoint access is allowed for this account.."
}
},
"deployments": {
"type": "array",
"defaultValue": [],
"metadata": {
"description": "Specifies the OpenAI deployments to create."
}
},
"workspaceId": {
"type": "string",
"metadata": {
"description": "Specifies the workspace id of the Log Analytics used to monitor the Application Gateway."
}
},
"userObjectId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the object id of a Miccrosoft Entra ID user. In general, this the object id of the system administrator who deploys the Azure resources."
}
}
},
"variables": {
"copy": [
{
"name": "aiServicesLogs",
"count": "[length(variables('aiServicesLogCategories'))]",
"input": {
"category": "[variables('aiServicesLogCategories')[copyIndex('aiServicesLogs')]]",
"enabled": true
}
},
{
"name": "aiServicesMetrics",
"count": "[length(variables('aiServicesMetricCategories'))]",
"input": {
"category": "[variables('aiServicesMetricCategories')[copyIndex('aiServicesMetrics')]]",
"enabled": true
}
}
],
"diagnosticSettingsName": "diagnosticSettings",
"aiServicesLogCategories": [
"Audit",
"RequestResponse",
"Trace"
],
"aiServicesMetricCategories": [
"AllMetrics"
]
},
"resources": [
{
"type": "Microsoft.CognitiveServices/accounts",
"apiVersion": "2024-04-01-preview",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"sku": "[parameters('sku')]",
"kind": "AIServices",
"identity": "[parameters('identity')]",
"tags": "[parameters('tags')]",
"properties": {
"customSubDomainName": "[parameters('customSubDomainName')]",
"disableLocalAuth": "[parameters('disableLocalAuth')]",
"publicNetworkAccess": "[parameters('publicNetworkAccess')]"
}
},
{
"copy": {
"name": "model",
"count": "[length(parameters('deployments'))]",
"mode": "serial",
"batchSize": 1
},
"type": "Microsoft.CognitiveServices/accounts/deployments",
"apiVersion": "2023-05-01",
"name": "[format('{0}/{1}', parameters('name'), parameters('deployments')[copyIndex()].model.name)]",
"sku": {
"capacity": "[coalesce(parameters('deployments')[copyIndex()].sku.capacity, 100)]",
"name": "[if(empty(parameters('deployments')[copyIndex()].sku.name), 'Standard', parameters('deployments')[copyIndex()].sku.name)]"
},
"properties": {
"model": {
"format": "OpenAI",
"name": "[parameters('deployments')[copyIndex()].model.name]",
"version": "[parameters('deployments')[copyIndex()].model.version]"
}
},
"dependsOn": [
"[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]"
]
},
{
"condition": "[not(empty(parameters('userObjectId')))]",
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "2022-04-01",
"scope": "[format('Microsoft.CognitiveServices/accounts/{0}', parameters('name'))]",
"name": "[guid(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68'), parameters('userObjectId'))]",
"properties": {
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68')]",
"principalType": "User",
"principalId": "[parameters('userObjectId')]"
},
"dependsOn": [
"[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]"
]
},
{
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "2022-04-01",
"scope": "[format('Microsoft.CognitiveServices/accounts/{0}', parameters('name'))]",
"name": "[guid(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a97b65f3-24c7-4388-baec-2e87135dc908'), 'aiServices')]",
"properties": {
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a97b65f3-24c7-4388-baec-2e87135dc908')]",
"principalType": "ServicePrincipal",
"principalId": "[reference(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), '2024-04-01-preview', 'full').identity.principalId]"
},
"dependsOn": [
"[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]"
]
},
{
"condition": "[not(empty(parameters('userObjectId')))]",
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "2022-04-01",
"scope": "[format('Microsoft.CognitiveServices/accounts/{0}', parameters('name'))]",
"name": "[guid(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a97b65f3-24c7-4388-baec-2e87135dc908'), parameters('userObjectId'))]",
"properties": {
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a97b65f3-24c7-4388-baec-2e87135dc908')]",
"principalType": "User",
"principalId": "[parameters('userObjectId')]"
},
"dependsOn": [
"[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]"
]
},
{
"type": "Microsoft.Insights/diagnosticSettings",
"apiVersion": "2021-05-01-preview",
"scope": "[format('Microsoft.CognitiveServices/accounts/{0}', parameters('name'))]",
"name": "[variables('diagnosticSettingsName')]",
"properties": {
"workspaceId": "[parameters('workspaceId')]",
"logs": "[variables('aiServicesLogs')]",
"metrics": "[variables('aiServicesMetrics')]"
},
"dependsOn": [
"[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]"
]
}
],
"outputs": {
"id": {
"type": "string",
"value": "[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]"
},
"name": {
"type": "string",
"value": "[parameters('name')]"
},
"endpoint": {
"type": "string",
"value": "[reference(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), '2024-04-01-preview').endpoint]"
},
"openAiEndpoint": {
"type": "string",
"value": "[reference(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), '2024-04-01-preview').endpoints['OpenAI Language Model Instance API']]"
},
"principalId": {
"type": "string",
"value": "[reference(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), '2024-04-01-preview', 'full').identity.principalId]"
}
}
}
},
"dependsOn": [
"[resourceId('Microsoft.Resources/deployments', 'workspace')]"
]
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "network",
"resourceGroup": "[parameters('virtualNetworkResourceGroupName')]",
"properties": {
"expressionEvaluationOptions": {
"scope": "inner"
},
"mode": "Incremental",
"parameters": {
"virtualNetworkName": "[if(empty(parameters('virtualNetworkName')), createObject('value', toLower(format('{0}-vnet-{1}', parameters('prefix'), parameters('suffix')))), createObject('value', parameters('virtualNetworkName')))]",
"virtualNetworkAddressPrefixes": {
"value": "[parameters('virtualNetworkAddressPrefixes')]"
},
"vmSubnetName": {
"value": "[parameters('vmSubnetName')]"
},
"vmSubnetAddressPrefix": {
"value": "[parameters('vmSubnetAddressPrefix')]"
},
"vmSubnetNsgName": "[if(empty(parameters('vmSubnetNsgName')), createObject('value', toLower(format('{0}-vm-subnet-nsg-{1}', parameters('prefix'), parameters('suffix')))), createObject('value', parameters('vmSubnetNsgName')))]",
"bastionHostEnabled": {
"value": "[parameters('bastionHostEnabled')]"
},
"bastionSubnetAddressPrefix": {
"value": "[parameters('bastionSubnetAddressPrefix')]"
},
"bastionSubnetNsgName": "[if(empty(parameters('bastionSubnetNsgName')), createObject('value', toLower(format('{0}-bastion-subnet-nsg-{1}', parameters('prefix'), parameters('suffix')))), createObject('value', parameters('bastionSubnetNsgName')))]",
"bastionHostName": "[if(empty(parameters('bastionHostName')), createObject('value', toLower(format('{0}-bastion-host-{1}', parameters('prefix'), parameters('suffix')))), createObject('value', parameters('bastionHostName')))]",
"bastionHostDisableCopyPaste": {
"value": "[parameters('bastionHostDisableCopyPaste')]"
},
"bastionHostEnableFileCopy": {
"value": "[parameters('bastionHostEnableFileCopy')]"
},
"bastionHostEnableIpConnect": {
"value": "[parameters('bastionHostEnableIpConnect')]"
},
"bastionHostEnableShareableLink": {
"value": "[parameters('bastionHostEnableShareableLink')]"
},
"bastionHostEnableTunneling": {
"value": "[parameters('bastionHostEnableTunneling')]"
},
"bastionPublicIpAddressName": "[if(empty(parameters('bastionPublicIpAddressName')), createObject('value', toLower(format('{0}-bastion-host-pip-{1}', parameters('prefix'), parameters('suffix')))), createObject('value', parameters('bastionPublicIpAddressName')))]",
"bastionHostSkuName": {
"value": "[parameters('bastionHostSkuName')]"
},
"natGatewayName": "[if(empty(parameters('natGatewayName')), createObject('value', toLower(format('{0}-nat-gateway-{1}', parameters('prefix'), parameters('suffix')))), createObject('value', parameters('natGatewayName')))]",
"natGatewayZones": {
"value": "[parameters('natGatewayZones')]"
},
"natGatewayPublicIps": {
"value": "[parameters('natGatewayPublicIps')]"
},
"natGatewayIdleTimeoutMins": {
"value": "[parameters('natGatewayIdleTimeoutMins')]"
},
"workspaceId": {
"value": "[reference(resourceId('Microsoft.Resources/deployments', 'workspace'), '2022-09-01').outputs.id.value]"
},
"location": {
"value": "[parameters('location')]"
},
"tags": {
"value": "[parameters('tags')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "7099221884005845855"
}
},
"parameters": {
"virtualNetworkName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the virtual network."
}
},
"virtualNetworkAddressPrefixes": {
"type": "string",
"defaultValue": "10.0.0.0/8",
"metadata": {
"description": "Specifies the address prefixes of the virtual network."
}
},
"vmSubnetName": {
"type": "string",
"defaultValue": "VmSubnet",
"metadata": {
"description": "Specifies the name of the subnet which contains the virtual machine."
}
},
"vmSubnetAddressPrefix": {
"type": "string",
"defaultValue": "10.3.1.0/24",
"metadata": {
"description": "Specifies the address prefix of the subnet which contains the virtual machine."
}
},
"vmSubnetNsgName": {
"type": "string",
"defaultValue": "VmSubnetNsg",
"metadata": {
"description": "Specifies the name of the network security group associated to the subnet hosting the virtual machine."
}
},
"bastionSubnetAddressPrefix": {
"type": "string",
"defaultValue": "10.3.2.0/24",
"metadata": {
"description": "Specifies the Bastion subnet IP prefix. This prefix must be within vnet IP prefix address space."
}
},
"bastionSubnetNsgName": {
"type": "string",
"defaultValue": "AzureBastionNsg",
"metadata": {
"description": "Specifies the name of the network security group associated to the subnet hosting Azure Bastion."
}
},
"bastionHostEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether Azure Bastion should be created."
}
},
"bastionHostName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Azure Bastion resource."
}
},
"bastionHostDisableCopyPaste": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Enable/Disable Copy/Paste feature of the Bastion Host resource."
}
},
"bastionHostEnableFileCopy": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Enable/Disable File Copy feature of the Bastion Host resource."
}
},
"bastionHostEnableIpConnect": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Enable/Disable IP Connect feature of the Bastion Host resource."
}
},
"bastionHostEnableShareableLink": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Enable/Disable Shareable Link of the Bastion Host resource."
}
},
"bastionHostEnableTunneling": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Enable/Disable Tunneling feature of the Bastion Host resource."
}
},
"bastionPublicIpAddressName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Azure Public IP Address used by the Azure Bastion Host."
}
},
"bastionHostSkuName": {
"type": "string",
"defaultValue": "Standard",
"metadata": {
"description": "Specifies the name of the Azure Bastion Host SKU."
}
},
"natGatewayName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Azure NAT Gateway."
}
},
"natGatewayZones": {
"type": "array",
"defaultValue": [],
"metadata": {
"description": "Specifies a list of availability zones denoting the zone in which Nat Gateway should be deployed."
}
},
"natGatewayPublicIps": {
"type": "int",
"defaultValue": 1,
"metadata": {
"description": "Specifies the number of Public IPs to create for the Azure NAT Gateway."
}
},
"natGatewayIdleTimeoutMins": {
"type": "int",
"defaultValue": 30,
"metadata": {
"description": "Specifies the idle timeout in minutes for the Azure NAT Gateway."
}
},
"workspaceId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the Log Analytics workspace."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location."
}
},
"tags": {
"type": "object",
"metadata": {
"description": "Specifies the resource tags."
}
}
},
"variables": {
"copy": [
{
"name": "nsgLogs",
"count": "[length(variables('nsgLogCategories'))]",
"input": {
"category": "[variables('nsgLogCategories')[copyIndex('nsgLogs')]]",
"enabled": true,
"retentionPolicy": {
"enabled": true,
"days": 0
}
}
},
{
"name": "vnetLogs",
"count": "[length(variables('vnetLogCategories'))]",
"input": {
"category": "[variables('vnetLogCategories')[copyIndex('vnetLogs')]]",
"enabled": true,
"retentionPolicy": {
"enabled": true,
"days": 0
}
}
},
{
"name": "vnetMetrics",
"count": "[length(variables('vnetMetricCategories'))]",
"input": {
"category": "[variables('vnetMetricCategories')[copyIndex('vnetMetrics')]]",
"enabled": true,
"retentionPolicy": {
"enabled": true,
"days": 0
}
}
},
{
"name": "bastionLogs",
"count": "[length(variables('bastionLogCategories'))]",
"input": {
"category": "[variables('bastionLogCategories')[copyIndex('bastionLogs')]]",
"enabled": true,
"retentionPolicy": {
"enabled": true,
"days": 0
}
}
},
{
"name": "bastionMetrics",
"count": "[length(variables('bastionMetricCategories'))]",
"input": {
"category": "[variables('bastionMetricCategories')[copyIndex('bastionMetrics')]]",
"enabled": true,
"retentionPolicy": {
"enabled": true,
"days": 0
}
}
}
],
"diagnosticSettingsName": "diagnosticSettings",
"nsgLogCategories": [
"NetworkSecurityGroupEvent",
"NetworkSecurityGroupRuleCounter"
],
"vnetLogCategories": [
"VMProtectionAlerts"
],
"vnetMetricCategories": [
"AllMetrics"
],
"bastionLogCategories": [
"BastionAuditLogs"
],
"bastionMetricCategories": [
"AllMetrics"
],
"bastionSubnetName": "AzureBastionSubnet"
},
"resources": [
{
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2024-03-01",
"name": "[parameters('virtualNetworkName')]",
"location": "[parameters('location')]",
"tags": "[parameters('tags')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('virtualNetworkAddressPrefixes')]"
]
},
"subnets": [
{
"name": "[parameters('vmSubnetName')]",
"properties": {
"addressPrefix": "[parameters('vmSubnetAddressPrefix')]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('vmSubnetNsgName'))]"
},
"privateEndpointNetworkPolicies": "Disabled",
"privateLinkServiceNetworkPolicies": "Disabled",
"natGateway": {
"id": "[resourceId('Microsoft.Network/natGateways', parameters('natGatewayName'))]"
}
}
},
{
"name": "[variables('bastionSubnetName')]",
"properties": {
"addressPrefix": "[parameters('bastionSubnetAddressPrefix')]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('bastionSubnetNsgName'))]"
}
}
}
]
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups', parameters('bastionSubnetNsgName'))]",
"[resourceId('Microsoft.Network/natGateways', parameters('natGatewayName'))]",
"[resourceId('Microsoft.Network/networkSecurityGroups', parameters('vmSubnetNsgName'))]"
]
},
{
"condition": "[parameters('bastionHostEnabled')]",
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2023-04-01",
"name": "[parameters('bastionSubnetNsgName')]",
"location": "[parameters('location')]",
"tags": "[parameters('tags')]",
"properties": {
"securityRules": [
{
"name": "AllowHttpsInBound",
"properties": {
"protocol": "Tcp",
"sourcePortRange": "*",
"sourceAddressPrefix": "Internet",
"destinationPortRange": "443",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 100,
"direction": "Inbound"
}
},
{
"name": "AllowGatewayManagerInBound",
"properties": {
"protocol": "Tcp",
"sourcePortRange": "*",
"sourceAddressPrefix": "GatewayManager",
"destinationPortRange": "443",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 110,
"direction": "Inbound"
}
},
{
"name": "AllowLoadBalancerInBound",
"properties": {
"protocol": "Tcp",
"sourcePortRange": "*",
"sourceAddressPrefix": "AzureLoadBalancer",
"destinationPortRange": "443",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 120,
"direction": "Inbound"
}
},
{
"name": "AllowBastionHostCommunicationInBound",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"sourceAddressPrefix": "VirtualNetwork",
"destinationPortRanges": [
"8080",
"5701"
],
"destinationAddressPrefix": "VirtualNetwork",
"access": "Allow",
"priority": 130,
"direction": "Inbound"
}
},
{
"name": "DenyAllInBound",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"sourceAddressPrefix": "*",
"destinationPortRange": "*",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 1000,
"direction": "Inbound"
}
},
{
"name": "AllowSshRdpOutBound",
"properties": {
"protocol": "Tcp",
"sourcePortRange": "*",
"sourceAddressPrefix": "*",
"destinationPortRanges": [
"22",
"3389"
],
"destinationAddressPrefix": "VirtualNetwork",
"access": "Allow",
"priority": 100,
"direction": "Outbound"
}
},
{
"name": "AllowAzureCloudCommunicationOutBound",
"properties": {
"protocol": "Tcp",
"sourcePortRange": "*",
"sourceAddressPrefix": "*",
"destinationPortRange": "443",
"destinationAddressPrefix": "AzureCloud",
"access": "Allow",
"priority": 110,
"direction": "Outbound"
}
},
{
"name": "AllowBastionHostCommunicationOutBound",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"sourceAddressPrefix": "VirtualNetwork",
"destinationPortRanges": [
"8080",
"5701"
],
"destinationAddressPrefix": "VirtualNetwork",
"access": "Allow",
"priority": 120,
"direction": "Outbound"
}
},
{
"name": "AllowGetSessionInformationOutBound",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "Internet",
"destinationPortRanges": [
"80",
"443"
],
"access": "Allow",
"priority": 130,
"direction": "Outbound"
}
},
{
"name": "DenyAllOutBound",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 1000,
"direction": "Outbound"
}
}
]
}
},
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2023-04-01",
"name": "[parameters('vmSubnetNsgName')]",
"location": "[parameters('location')]",
"tags": "[parameters('tags')]",
"properties": {
"securityRules": [
{
"name": "AllowSshInbound",
"properties": {
"priority": 100,
"access": "Allow",
"direction": "Inbound",
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "22",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*"
}
},
{
"name": "AllowRDP",
"properties": {
"priority": 101,
"access": "Allow",
"direction": "Inbound",
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "3389",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*"
}
}
]
}
},
{
"copy": {
"name": "natGatewayPublicIp",
"count": "[length(range(0, parameters('natGatewayPublicIps')))]"
},
"type": "Microsoft.Network/publicIPAddresses",
"apiVersion": "2023-04-01",
"name": "[if(equals(parameters('natGatewayPublicIps'), 1), format('{0}PublicIp', parameters('natGatewayName')), format('{0}PublicIp{1}', parameters('natGatewayName'), add(range(0, parameters('natGatewayPublicIps'))[copyIndex()], 1)))]",
"location": "[parameters('location')]",
"sku": {
"name": "Standard"
},
"zones": "[if(not(empty(parameters('natGatewayZones'))), parameters('natGatewayZones'), createArray())]",
"properties": {
"publicIPAllocationMethod": "Static"
}
},
{
"type": "Microsoft.Network/natGateways",
"apiVersion": "2024-03-01",
"name": "[parameters('natGatewayName')]",
"location": "[parameters('location')]",
"sku": {
"name": "Standard"
},
"zones": "[if(not(empty(parameters('natGatewayZones'))), parameters('natGatewayZones'), createArray())]",
"properties": {
"copy": [
{
"name": "publicIpAddresses",
"count": "[length(range(0, parameters('natGatewayPublicIps')))]",
"input": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses', if(equals(parameters('natGatewayPublicIps'), 1), format('{0}PublicIp', parameters('natGatewayName')), format('{0}PublicIp{1}', parameters('natGatewayName'), add(range(0, parameters('natGatewayPublicIps'))[range(0, parameters('natGatewayPublicIps'))[copyIndex('publicIpAddresses')]], 1))))]"
}
}
],
"idleTimeoutInMinutes": "[parameters('natGatewayIdleTimeoutMins')]"
},
"dependsOn": [
"natGatewayPublicIp"
]
},
{
"condition": "[parameters('bastionHostEnabled')]",
"type": "Microsoft.Network/publicIPAddresses",
"apiVersion": "2023-04-01",
"name": "[parameters('bastionPublicIpAddressName')]",
"location": "[parameters('location')]",
"tags": "[parameters('tags')]",
"sku": {
"name": "Standard"
},
"properties": {
"publicIPAllocationMethod": "Static"
}
},
{
"condition": "[parameters('bastionHostEnabled')]",
"type": "Microsoft.Network/bastionHosts",
"apiVersion": "2023-04-01",
"name": "[parameters('bastionHostName')]",
"location": "[parameters('location')]",
"tags": "[parameters('tags')]",
"sku": {
"name": "[parameters('bastionHostSkuName')]"
},
"properties": {
"disableCopyPaste": "[parameters('bastionHostDisableCopyPaste')]",
"enableFileCopy": "[parameters('bastionHostEnableFileCopy')]",
"enableIpConnect": "[parameters('bastionHostEnableIpConnect')]",
"enableShareableLink": "[parameters('bastionHostEnableShareableLink')]",
"enableTunneling": "[parameters('bastionHostEnableTunneling')]",
"ipConfigurations": [
{
"name": "IpConf",
"properties": {
"subnet": {
"id": "[format('{0}/subnets/{1}', resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName')), variables('bastionSubnetName'))]"
},
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('bastionPublicIpAddressName'))]"
}
}
}
]
},
"dependsOn": [
"[resourceId('Microsoft.Network/publicIPAddresses', parameters('bastionPublicIpAddressName'))]",
"[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]"
]
},
{
"type": "Microsoft.Insights/diagnosticSettings",
"apiVersion": "2021-05-01-preview",
"scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('vmSubnetNsgName'))]",
"name": "[variables('diagnosticSettingsName')]",
"properties": {
"workspaceId": "[parameters('workspaceId')]",
"logs": "[variables('nsgLogs')]"
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups', parameters('vmSubnetNsgName'))]"
]
},
{
"condition": "[parameters('bastionHostEnabled')]",
"type": "Microsoft.Insights/diagnosticSettings",
"apiVersion": "2021-05-01-preview",
"scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('bastionSubnetNsgName'))]",
"name": "[variables('diagnosticSettingsName')]",
"properties": {
"workspaceId": "[parameters('workspaceId')]",
"logs": "[variables('nsgLogs')]"
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups', parameters('bastionSubnetNsgName'))]"
]
},
{
"type": "Microsoft.Insights/diagnosticSettings",
"apiVersion": "2021-05-01-preview",
"scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('virtualNetworkName'))]",
"name": "[variables('diagnosticSettingsName')]",
"properties": {
"workspaceId": "[parameters('workspaceId')]",
"logs": "[variables('vnetLogs')]",
"metrics": "[variables('vnetMetrics')]"
},
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]"
]
},
{
"condition": "[parameters('bastionHostEnabled')]",
"type": "Microsoft.Insights/diagnosticSettings",
"apiVersion": "2021-05-01-preview",
"scope": "[format('Microsoft.Network/bastionHosts/{0}', parameters('bastionHostName'))]",
"name": "[variables('diagnosticSettingsName')]",
"properties": {
"workspaceId": "[parameters('workspaceId')]",
"logs": "[variables('bastionLogs')]",
"metrics": "[variables('bastionMetrics')]"
},
"dependsOn": [
"[resourceId('Microsoft.Network/bastionHosts', parameters('bastionHostName'))]"
]
}
],
"outputs": {
"virtualNetworkId": {
"type": "string",
"value": "[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]"
},
"virtualNetworkName": {
"type": "string",
"value": "[parameters('virtualNetworkName')]"
},
"vmSubnetId": {
"type": "string",
"value": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('vmSubnetName'))]"
},
"bastionSubnetId": {
"type": "string",
"value": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), variables('bastionSubnetName'))]"
},
"vmSubnetName": {
"type": "string",
"value": "[parameters('vmSubnetName')]"
},
"bastionSubnetName": {
"type": "string",
"value": "[variables('bastionSubnetName')]"
}
}
}
},
"dependsOn": [
"[resourceId('Microsoft.Resources/deployments', 'workspace')]"
]
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "privateEndpoints",
"resourceGroup": "[parameters('virtualNetworkResourceGroupName')]",
"properties": {
"expressionEvaluationOptions": {
"scope": "inner"
},
"mode": "Incremental",
"parameters": {
"subnetId": {
"value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('virtualNetworkResourceGroupName')), 'Microsoft.Resources/deployments', 'network'), '2022-09-01').outputs.vmSubnetId.value]"
},
"blobStorageAccountPrivateEndpointName": "[if(empty(parameters('blobStorageAccountPrivateEndpointName')), createObject('value', toLower(format('{0}-blob-storage-pe-{1}', parameters('prefix'), parameters('suffix')))), createObject('value', parameters('blobStorageAccountPrivateEndpointName')))]",
"fileStorageAccountPrivateEndpointName": "[if(empty(parameters('fileStorageAccountPrivateEndpointName')), createObject('value', toLower(format('{0}-file-storage-pe-{1}', parameters('prefix'), parameters('suffix')))), createObject('value', parameters('fileStorageAccountPrivateEndpointName')))]",
"keyVaultPrivateEndpointName": "[if(empty(parameters('keyVaultPrivateEndpointName')), createObject('value', toLower(format('{0}-key-vault-pe-{1}', parameters('prefix'), parameters('suffix')))), createObject('value', parameters('keyVaultPrivateEndpointName')))]",
"acrPrivateEndpointName": "[if(empty(parameters('acrPrivateEndpointName')), createObject('value', toLower(format('{0}-container-registry-pe-{1}', parameters('prefix'), parameters('suffix')))), createObject('value', parameters('acrPrivateEndpointName')))]",
"storageAccountId": {
"value": "[reference(resourceId('Microsoft.Resources/deployments', 'storageAccount'), '2022-09-01').outputs.id.value]"
},
"keyVaultId": {
"value": "[reference(resourceId('Microsoft.Resources/deployments', 'keyVault'), '2022-09-01').outputs.id.value]"
},
"acrId": {
"value": "[reference(resourceId('Microsoft.Resources/deployments', 'containerRegistry'), '2022-09-01').outputs.id.value]"
},
"createAcrPrivateEndpoint": {
"value": "[equals(reference(resourceId('Microsoft.Resources/deployments', 'containerRegistry'), '2022-09-01').outputs.sku.value, 'Premium')]"
},
"hubWorkspacePrivateEndpointName": "[if(empty(parameters('hubWorkspacePrivateEndpointName')), createObject('value', toLower(format('{0}-hub-workspace-pe-{1}', parameters('prefix'), parameters('suffix')))), createObject('value', parameters('hubWorkspacePrivateEndpointName')))]",
"hubWorkspaceId": {
"value": "[reference(resourceId('Microsoft.Resources/deployments', 'hub'), '2022-09-01').outputs.id.value]"
},
"aiServicesPrivateEndpointName": "[if(empty(parameters('aiServicesPrivateEndpointName')), createObject('value', toLower(format('{0}-ai-services-pe-{1}', parameters('prefix'), parameters('suffix')))), createObject('value', parameters('aiServicesPrivateEndpointName')))]",
"aiServicesId": {
"value": "[reference(resourceId('Microsoft.Resources/deployments', 'aiServices'), '2022-09-01').outputs.id.value]"
},
"location": {
"value": "[parameters('location')]"
},
"tags": {
"value": "[parameters('tags')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"languageVersion": "2.0",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "3761506525173421636"
}
},
"functions": [
{
"namespace": "__bicep",
"members": {
"getVirtualNetworkIdFromSubnetId": {
"parameters": [
{
"type": "string",
"name": "subnetId"
}
],
"output": {
"type": "string",
"value": "[join(take(split(parameters('subnetId'), '/'), 9), '/')]"
},
"metadata": {
"description": "Gets the virtual network resource ID from the subnet resource ID",
"__bicep_imported_from!": {
"sourceTemplate": "functions.bicep"
}
}
},
"getVirtualNetworkNameFromSubnetId": {
"parameters": [
{
"type": "string",
"name": "subnetId"
}
],
"output": {
"type": "string",
"value": "[split(parameters('subnetId'), '/')[8]]"
},
"metadata": {
"description": "Gets the virtual network resource ID from the subnet resource ID",
"__bicep_imported_from!": {
"sourceTemplate": "functions.bicep"
}
}
}
}
}
],
"parameters": {
"subnetId": {
"type": "string",
"metadata": {
"description": "Specifies the resource ID of the subnet where private endpoints will be created."
}
},
"blobStorageAccountPrivateEndpointName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the private endpoint to the blob storage account."
}
},
"fileStorageAccountPrivateEndpointName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the private endpoint to the file storage account."
}
},
"storageAccountId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the Azure Storage Account."
}
},
"keyVaultPrivateEndpointName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the private endpoint to the Key Vault."
}
},
"keyVaultId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the Azure Key vault."
}
},
"hubWorkspaceId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the Azure Hub Workspace."
}
},
"aiServicesId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the Azure AI Services."
}
},
"createAcrPrivateEndpoint": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Specifies whether to create a private endpoint for the Azure Container Registry"
}
},
"acrPrivateEndpointName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the private endpoint to the Azure Container Registry."
}
},
"acrId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the Azure Container Registry."
}
},
"hubWorkspacePrivateEndpointName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the private endpoint to the Azure Hub Workspace."
}
},
"aiServicesPrivateEndpointName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the private endpoint to the Azure AI Services."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location."
}
},
"tags": {
"type": "object",
"metadata": {
"description": "Specifies the resource tags."
}
}
},
"variables": {
"virtualNetworkName": "[__bicep.getVirtualNetworkNameFromSubnetId(parameters('subnetId'))]"
},
"resources": {
"vnet": {
"existing": true,
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2023-04-01",
"name": "[variables('virtualNetworkName')]"
},
"acrPrivateDnsZone": {
"type": "Microsoft.Network/privateDnsZones",
"apiVersion": "2020-06-01",
"name": "[format('privatelink.{0}', if(equals(toLower(environment().name), 'azureusgovernment'), 'azurecr.us', 'azurecr.io'))]",
"location": "global",
"tags": "[parameters('tags')]"
},
"blobPrivateDnsZone": {
"type": "Microsoft.Network/privateDnsZones",
"apiVersion": "2020-06-01",
"name": "[format('privatelink.blob.{0}', environment().suffixes.storage)]",
"location": "global",
"tags": "[parameters('tags')]"
},
"filePrivateDnsZone": {
"type": "Microsoft.Network/privateDnsZones",
"apiVersion": "2020-06-01",
"name": "[format('privatelink.file.{0}', environment().suffixes.storage)]",
"location": "global",
"tags": "[parameters('tags')]"
},
"keyVaultPrivateDnsZone": {
"type": "Microsoft.Network/privateDnsZones",
"apiVersion": "2020-06-01",
"name": "[format('privatelink.{0}', if(equals(toLower(environment().name), 'azureusgovernment'), 'vaultcore.usgovcloudapi.net', 'vaultcore.azure.net'))]",
"location": "global",
"tags": "[parameters('tags')]"
},
"mlApiPrivateDnsZone": {
"type": "Microsoft.Network/privateDnsZones",
"apiVersion": "2020-06-01",
"name": "[format('privatelink.api.{0}', if(equals(toLower(environment().name), 'azureusgovernment'), 'ml.azure.us', 'azureml.ms'))]",
"location": "global",
"tags": "[parameters('tags')]"
},
"mlNotebooksPrivateDnsZone": {
"type": "Microsoft.Network/privateDnsZones",
"apiVersion": "2020-06-01",
"name": "[format('privatelink.notebooks.{0}', if(equals(toLower(environment().name), 'azureusgovernment'), 'usgovcloudapi.net', 'azureml.net'))]",
"location": "global",
"tags": "[parameters('tags')]"
},
"cognitiveServicesPrivateDnsZone": {
"type": "Microsoft.Network/privateDnsZones",
"apiVersion": "2020-06-01",
"name": "[format('privatelink.cognitiveservices.{0}', if(equals(toLower(environment().name), 'azureusgovernment'), 'azure.us', 'azure.com'))]",
"location": "global",
"tags": "[parameters('tags')]"
},
"openAiPrivateDnsZone": {
"type": "Microsoft.Network/privateDnsZones",
"apiVersion": "2020-06-01",
"name": "[format('privatelink.openai.{0}', if(equals(toLower(environment().name), 'azureusgovernment'), 'azure.us', 'azure.com'))]",
"location": "global",
"tags": "[parameters('tags')]"
},
"acrPrivateDnsZoneVirtualNetworkLink": {
"type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks",
"apiVersion": "2020-06-01",
"name": "[format('{0}/{1}', format('privatelink.{0}', if(equals(toLower(environment().name), 'azureusgovernment'), 'azurecr.us', 'azurecr.io')), format('link_to_{0}', toLower(variables('virtualNetworkName'))))]",
"location": "global",
"properties": {
"registrationEnabled": false,
"virtualNetwork": {
"id": "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]"
}
},
"dependsOn": [
"acrPrivateDnsZone",
"vnet"
]
},
"blobPrivateDnsZoneVirtualNetworkLink": {
"type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks",
"apiVersion": "2020-06-01",
"name": "[format('{0}/{1}', format('privatelink.blob.{0}', environment().suffixes.storage), format('link_to_{0}', toLower(variables('virtualNetworkName'))))]",
"location": "global",
"properties": {
"registrationEnabled": false,
"virtualNetwork": {
"id": "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]"
}
},
"dependsOn": [
"blobPrivateDnsZone",
"vnet"
]
},
"filePrivateDnsZoneVirtualNetworkLink": {
"type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks",
"apiVersion": "2020-06-01",
"name": "[format('{0}/{1}', format('privatelink.file.{0}', environment().suffixes.storage), format('link_to_{0}', toLower(variables('virtualNetworkName'))))]",
"location": "global",
"properties": {
"registrationEnabled": false,
"virtualNetwork": {
"id": "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]"
}
},
"dependsOn": [
"filePrivateDnsZone",
"vnet"
]
},
"keyVaultPrivateDnsZoneVirtualNetworkLink": {
"type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks",
"apiVersion": "2020-06-01",
"name": "[format('{0}/{1}', format('privatelink.{0}', if(equals(toLower(environment().name), 'azureusgovernment'), 'vaultcore.usgovcloudapi.net', 'vaultcore.azure.net')), format('link_to_{0}', toLower(variables('virtualNetworkName'))))]",
"location": "global",
"properties": {
"registrationEnabled": false,
"virtualNetwork": {
"id": "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]"
}
},
"dependsOn": [
"keyVaultPrivateDnsZone",
"vnet"
]
},
"mlApiPrivateDnsZoneVirtualNetworkLink": {
"type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks",
"apiVersion": "2020-06-01",
"name": "[format('{0}/{1}', format('privatelink.api.{0}', if(equals(toLower(environment().name), 'azureusgovernment'), 'ml.azure.us', 'azureml.ms')), format('link_to_{0}', toLower(variables('virtualNetworkName'))))]",
"location": "global",
"properties": {
"registrationEnabled": false,
"virtualNetwork": {
"id": "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]"
}
},
"dependsOn": [
"mlApiPrivateDnsZone",
"vnet"
]
},
"mlNotebooksPrivateDnsZoneVirtualNetworkLink": {
"type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks",
"apiVersion": "2020-06-01",
"name": "[format('{0}/{1}', format('privatelink.notebooks.{0}', if(equals(toLower(environment().name), 'azureusgovernment'), 'usgovcloudapi.net', 'azureml.net')), format('link_to_{0}', toLower(variables('virtualNetworkName'))))]",
"location": "global",
"properties": {
"registrationEnabled": false,
"virtualNetwork": {
"id": "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]"
}
},
"dependsOn": [
"mlNotebooksPrivateDnsZone",
"vnet"
]
},
"cognitiveServicesPrivateDnsZoneVirtualNetworkLink": {
"type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks",
"apiVersion": "2020-06-01",
"name": "[format('{0}/{1}', format('privatelink.cognitiveservices.{0}', if(equals(toLower(environment().name), 'azureusgovernment'), 'azure.us', 'azure.com')), format('link_to_{0}', toLower(variables('virtualNetworkName'))))]",
"location": "global",
"properties": {
"registrationEnabled": false,
"virtualNetwork": {
"id": "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]"
}
},
"dependsOn": [
"cognitiveServicesPrivateDnsZone",
"vnet"
]
},
"openAiPrivateDnsZoneVirtualNetworkLink": {
"type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks",
"apiVersion": "2020-06-01",
"name": "[format('{0}/{1}', format('privatelink.openai.{0}', if(equals(toLower(environment().name), 'azureusgovernment'), 'azure.us', 'azure.com')), format('link_to_{0}', toLower(variables('virtualNetworkName'))))]",
"location": "global",
"properties": {
"registrationEnabled": false,
"virtualNetwork": {
"id": "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]"
}
},
"dependsOn": [
"openAiPrivateDnsZone",
"vnet"
]
},
"blobStorageAccountPrivateEndpoint": {
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2023-04-01",
"name": "[parameters('blobStorageAccountPrivateEndpointName')]",
"location": "[parameters('location')]",
"tags": "[parameters('tags')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[parameters('blobStorageAccountPrivateEndpointName')]",
"properties": {
"privateLinkServiceId": "[parameters('storageAccountId')]",
"groupIds": [
"blob"
]
}
}
],
"subnet": {
"id": "[parameters('subnetId')]"
}
}
},
"blobStorageAccountPrivateDnsZoneGroupName": {
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2023-04-01",
"name": "[format('{0}/{1}', parameters('blobStorageAccountPrivateEndpointName'), 'PrivateDnsZoneGroupName')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "dnsConfig",
"properties": {
"privateDnsZoneId": "[resourceId('Microsoft.Network/privateDnsZones', format('privatelink.blob.{0}', environment().suffixes.storage))]"
}
}
]
},
"dependsOn": [
"blobPrivateDnsZone",
"blobStorageAccountPrivateEndpoint"
]
},
"fileStorageAccountPrivateEndpoint": {
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2023-04-01",
"name": "[parameters('fileStorageAccountPrivateEndpointName')]",
"location": "[parameters('location')]",
"tags": "[parameters('tags')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[parameters('fileStorageAccountPrivateEndpointName')]",
"properties": {
"privateLinkServiceId": "[parameters('storageAccountId')]",
"groupIds": [
"file"
]
}
}
],
"subnet": {
"id": "[parameters('subnetId')]"
}
}
},
"fileStorageAccountPrivateDnsZoneGroupName": {
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2023-04-01",
"name": "[format('{0}/{1}', parameters('fileStorageAccountPrivateEndpointName'), 'PrivateDnsZoneGroupName')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "dnsConfig",
"properties": {
"privateDnsZoneId": "[resourceId('Microsoft.Network/privateDnsZones', format('privatelink.file.{0}', environment().suffixes.storage))]"
}
}
]
},
"dependsOn": [
"filePrivateDnsZone",
"fileStorageAccountPrivateEndpoint"
]
},
"keyVaultPrivateEndpoint": {
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2023-04-01",
"name": "[parameters('keyVaultPrivateEndpointName')]",
"location": "[parameters('location')]",
"tags": "[parameters('tags')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[parameters('keyVaultPrivateEndpointName')]",
"properties": {
"privateLinkServiceId": "[parameters('keyVaultId')]",
"groupIds": [
"vault"
]
}
}
],
"subnet": {
"id": "[parameters('subnetId')]"
}
}
},
"keyVaultPrivateDnsZoneGroupName": {
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2023-04-01",
"name": "[format('{0}/{1}', parameters('keyVaultPrivateEndpointName'), 'PrivateDnsZoneGroupName')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "dnsConfig",
"properties": {
"privateDnsZoneId": "[resourceId('Microsoft.Network/privateDnsZones', format('privatelink.{0}', if(equals(toLower(environment().name), 'azureusgovernment'), 'vaultcore.usgovcloudapi.net', 'vaultcore.azure.net')))]"
}
}
]
},
"dependsOn": [
"keyVaultPrivateDnsZone",
"keyVaultPrivateEndpoint"
]
},
"acrPrivateEndpoint": {
"condition": "[parameters('createAcrPrivateEndpoint')]",
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2023-04-01",
"name": "[parameters('acrPrivateEndpointName')]",
"location": "[parameters('location')]",
"tags": "[parameters('tags')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[parameters('acrPrivateEndpointName')]",
"properties": {
"privateLinkServiceId": "[parameters('acrId')]",
"groupIds": [
"registry"
]
}
}
],
"subnet": {
"id": "[parameters('subnetId')]"
}
}
},
"acrPrivateDnsZoneGroup": {
"condition": "[parameters('createAcrPrivateEndpoint')]",
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2023-04-01",
"name": "[format('{0}/{1}', parameters('acrPrivateEndpointName'), 'acrPrivateDnsZoneGroup')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "dnsConfig",
"properties": {
"privateDnsZoneId": "[resourceId('Microsoft.Network/privateDnsZones', format('privatelink.{0}', if(equals(toLower(environment().name), 'azureusgovernment'), 'azurecr.us', 'azurecr.io')))]"
}
}
]
},
"dependsOn": [
"acrPrivateDnsZone",
"acrPrivateEndpoint"
]
},
"hubWorkspacePrivateEndpoint": {
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2023-11-01",
"name": "[parameters('hubWorkspacePrivateEndpointName')]",
"location": "[parameters('location')]",
"tags": "[parameters('tags')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[parameters('hubWorkspacePrivateEndpointName')]",
"properties": {
"privateLinkServiceId": "[parameters('hubWorkspaceId')]",
"groupIds": [
"amlworkspace"
]
}
}
],
"subnet": {
"id": "[parameters('subnetId')]"
}
}
},
"hubWorkspacePrivateDnsZoneGroup": {
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2023-11-01",
"name": "[format('{0}/{1}', parameters('hubWorkspacePrivateEndpointName'), 'hubWorkspacePrivateDnsZoneGroup')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[replace(format('privatelink.api.{0}', if(equals(toLower(environment().name), 'azureusgovernment'), 'ml.azure.us', 'azureml.ms')), '.', '-')]",
"properties": {
"privateDnsZoneId": "[resourceId('Microsoft.Network/privateDnsZones', format('privatelink.api.{0}', if(equals(toLower(environment().name), 'azureusgovernment'), 'ml.azure.us', 'azureml.ms')))]"
}
},
{
"name": "[replace(format('privatelink.notebooks.{0}', if(equals(toLower(environment().name), 'azureusgovernment'), 'usgovcloudapi.net', 'azureml.net')), '.', '-')]",
"properties": {
"privateDnsZoneId": "[resourceId('Microsoft.Network/privateDnsZones', format('privatelink.notebooks.{0}', if(equals(toLower(environment().name), 'azureusgovernment'), 'usgovcloudapi.net', 'azureml.net')))]"
}
}
]
},
"dependsOn": [
"hubWorkspacePrivateEndpoint",
"mlApiPrivateDnsZone",
"mlApiPrivateDnsZoneVirtualNetworkLink",
"mlNotebooksPrivateDnsZone",
"mlNotebooksPrivateDnsZoneVirtualNetworkLink"
]
},
"aiServicesPrivateEndpoint": {
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2023-11-01",
"name": "[parameters('aiServicesPrivateEndpointName')]",
"location": "[parameters('location')]",
"tags": "[parameters('tags')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[parameters('aiServicesPrivateEndpointName')]",
"properties": {
"privateLinkServiceId": "[parameters('aiServicesId')]",
"groupIds": [
"account"
]
}
}
],
"subnet": {
"id": "[parameters('subnetId')]"
}
}
},
"aiServicesPrivateDnsZoneGroup": {
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2023-11-01",
"name": "[format('{0}/{1}', parameters('aiServicesPrivateEndpointName'), 'default')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[replace(format('privatelink.cognitiveservices.{0}', if(equals(toLower(environment().name), 'azureusgovernment'), 'azure.us', 'azure.com')), '.', '-')]",
"properties": {
"privateDnsZoneId": "[resourceId('Microsoft.Network/privateDnsZones', format('privatelink.cognitiveservices.{0}', if(equals(toLower(environment().name), 'azureusgovernment'), 'azure.us', 'azure.com')))]"
}
},
{
"name": "[replace(format('privatelink.openai.{0}', if(equals(toLower(environment().name), 'azureusgovernment'), 'azure.us', 'azure.com')), '.', '-')]",
"properties": {
"privateDnsZoneId": "[resourceId('Microsoft.Network/privateDnsZones', format('privatelink.openai.{0}', if(equals(toLower(environment().name), 'azureusgovernment'), 'azure.us', 'azure.com')))]"
}
}
]
},
"dependsOn": [
"aiServicesPrivateEndpoint",
"cognitiveServicesPrivateDnsZone",
"openAiPrivateDnsZone"
]
}
}
}
},
"dependsOn": [
"[resourceId('Microsoft.Resources/deployments', 'aiServices')]",
"[resourceId('Microsoft.Resources/deployments', 'containerRegistry')]",
"[resourceId('Microsoft.Resources/deployments', 'hub')]",
"[resourceId('Microsoft.Resources/deployments', 'keyVault')]",
"[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('virtualNetworkResourceGroupName')), 'Microsoft.Resources/deployments', 'network')]",
"[resourceId('Microsoft.Resources/deployments', 'storageAccount')]"
]
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "virtualMachine",
"properties": {
"expressionEvaluationOptions": {
"scope": "inner"
},
"mode": "Incremental",
"parameters": {
"vmName": "[if(empty(parameters('vmName')), createObject('value', toLower(format('{0}-jb-vm-{1}', parameters('prefix'), parameters('suffix')))), createObject('value', parameters('vmName')))]",
"vmNicName": "[if(empty(parameters('vmName')), createObject('value', toLower(format('{0}-jb-nic-{1}', parameters('prefix'), parameters('suffix')))), createObject('value', parameters('vmName')))]",
"vmSize": {
"value": "[parameters('vmSize')]"
},
"vmSubnetId": {
"value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('virtualNetworkResourceGroupName')), 'Microsoft.Resources/deployments', 'network'), '2022-09-01').outputs.vmSubnetId.value]"
},
"storageAccountName": {
"value": "[reference(resourceId('Microsoft.Resources/deployments', 'storageAccount'), '2022-09-01').outputs.name.value]"
},
"imagePublisher": {
"value": "[parameters('imagePublisher')]"
},
"imageOffer": {
"value": "[parameters('imageOffer')]"
},
"imageSku": {
"value": "[parameters('imageSku')]"
},
"authenticationType": {
"value": "[parameters('authenticationType')]"
},
"vmAdminUsername": {
"value": "[parameters('vmAdminUsername')]"
},
"vmAdminPasswordOrKey": {
"value": "[parameters('vmAdminPasswordOrKey')]"
},
"diskStorageAccountType": {
"value": "[parameters('diskStorageAccountType')]"
},
"numDataDisks": {
"value": "[parameters('numDataDisks')]"
},
"osDiskSize": {
"value": "[parameters('osDiskSize')]"
},
"dataDiskSize": {
"value": "[parameters('dataDiskSize')]"
},
"dataDiskCaching": {
"value": "[parameters('dataDiskCaching')]"
},
"enableAcceleratedNetworking": {
"value": "[parameters('enableAcceleratedNetworking')]"
},
"enableMicrosoftEntraIdAuth": {
"value": "[parameters('enableMicrosoftEntraIdAuth')]"
},
"userObjectId": {
"value": "[parameters('userObjectId')]"
},
"workspaceId": {
"value": "[reference(resourceId('Microsoft.Resources/deployments', 'workspace'), '2022-09-01').outputs.id.value]"
},
"location": {
"value": "[parameters('location')]"
},
"tags": {
"value": "[parameters('tags')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "5598995007635718824"
}
},
"parameters": {
"vmName": {
"type": "string",
"defaultValue": "TestVm",
"metadata": {
"description": "Specifies the name of the virtual machine."
}
},
"vmSize": {
"type": "string",
"defaultValue": "Standard_DS3_v2",
"metadata": {
"description": "Specifies the size of the virtual machine."
}
},
"vmSubnetId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the subnet hosting the virtual machine."
}
},
"storageAccountName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the storage account where the bootstrap diagnostic logs of the virtual machine are stored."
}
},
"imagePublisher": {
"type": "string",
"defaultValue": "MicrosoftWindowsServer",
"metadata": {
"description": "Specifies the image publisher of the disk image used to create the virtual machine."
}
},
"imageOffer": {
"type": "string",
"defaultValue": "WindowsServer",
"metadata": {
"description": "Specifies the offer of the platform image or marketplace image used to create the virtual machine."
}
},
"imageSku": {
"type": "string",
"defaultValue": "2022-datacenter-azure-edition",
"metadata": {
"description": "Specifies the image version for the virtual machine."
}
},
"authenticationType": {
"type": "string",
"defaultValue": "password",
"allowedValues": [
"sshPublicKey",
"password"
],
"metadata": {
"description": "Specifies the type of authentication when accessing the Virtual Machine. SSH key is recommended."
}
},
"vmAdminUsername": {
"type": "string",
"metadata": {
"description": "Specifies the name of the administrator account of the virtual machine."
}
},
"vmAdminPasswordOrKey": {
"type": "securestring",
"metadata": {
"description": "Specifies the SSH Key or password for the virtual machine. SSH key is recommended."
}
},
"diskStorageAccountType": {
"type": "string",
"defaultValue": "Premium_LRS",
"allowedValues": [
"Premium_LRS",
"StandardSSD_LRS",
"Standard_LRS",
"UltraSSD_LRS"
],
"metadata": {
"description": "Specifies the storage account type for OS and data disk."
}
},
"numDataDisks": {
"type": "int",
"defaultValue": 1,
"minValue": 0,
"maxValue": 64,
"metadata": {
"description": "Specifies the number of data disks of the virtual machine."
}
},
"osDiskSize": {
"type": "int",
"defaultValue": 128,
"metadata": {
"description": "Specifies the size in GB of the OS disk of the VM."
}
},
"dataDiskSize": {
"type": "int",
"defaultValue": 50,
"metadata": {
"description": "Specifies the size in GB of the OS disk of the virtual machine."
}
},
"dataDiskCaching": {
"type": "string",
"defaultValue": "ReadWrite",
"metadata": {
"description": "Specifies the caching requirements for the data disks."
}
},
"enableMicrosoftEntraIdAuth": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether enabling Microsoft Entra ID authentication on the virtual machine."
}
},
"enableAcceleratedNetworking": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Specifies whether enabling accelerated networking on the virtual machine."
}
},
"vmNicName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the network interface of the virtual machine."
}
},
"userObjectId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the object id of a Miccrosoft Entra ID user. In general, this the object id of the system administrator who deploys the Azure resources."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location."
}
},
"workspaceId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the Log Analytics workspace."
}
},
"tags": {
"type": "object",
"metadata": {
"description": "Specifies the resource tags."
}
}
},
"variables": {
"linuxConfiguration": {
"disablePasswordAuthentication": true,
"ssh": {
"publicKeys": [
{
"path": "[format('/home/{0}/.ssh/authorized_keys', parameters('vmAdminUsername'))]",
"keyData": "[parameters('vmAdminPasswordOrKey')]"
}
]
},
"provisionVMAgent": true
}
},
"resources": [
{
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "2021-08-01",
"name": "[parameters('vmNicName')]",
"location": "[parameters('location')]",
"tags": "[parameters('tags')]",
"properties": {
"enableAcceleratedNetworking": "[parameters('enableAcceleratedNetworking')]",
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[parameters('vmSubnetId')]"
}
}
}
]
}
},
{
"type": "Microsoft.Compute/virtualMachines",
"apiVersion": "2021-11-01",
"name": "[parameters('vmName')]",
"location": "[parameters('location')]",
"tags": "[parameters('tags')]",
"properties": {
"hardwareProfile": {
"vmSize": "[parameters('vmSize')]"
},
"osProfile": {
"computerName": "[parameters('vmName')]",
"adminUsername": "[parameters('vmAdminUsername')]",
"adminPassword": "[parameters('vmAdminPasswordOrKey')]",
"linuxConfiguration": "[if(equals(parameters('authenticationType'), 'password'), null(), variables('linuxConfiguration'))]"
},
"storageProfile": {
"copy": [
{
"name": "dataDisks",
"count": "[length(range(0, parameters('numDataDisks')))]",
"input": {
"caching": "[parameters('dataDiskCaching')]",
"diskSizeGB": "[parameters('dataDiskSize')]",
"lun": "[range(0, parameters('numDataDisks'))[copyIndex('dataDisks')]]",
"name": "[format('{0}-DataDisk{1}', parameters('vmName'), range(0, parameters('numDataDisks'))[copyIndex('dataDisks')])]",
"createOption": "Empty",
"managedDisk": {
"storageAccountType": "[parameters('diskStorageAccountType')]"
}
}
}
],
"imageReference": {
"publisher": "[parameters('imagePublisher')]",
"offer": "[parameters('imageOffer')]",
"sku": "[parameters('imageSku')]",
"version": "latest"
},
"osDisk": {
"name": "[format('{0}_OSDisk', parameters('vmName'))]",
"caching": "ReadWrite",
"createOption": "FromImage",
"diskSizeGB": "[parameters('osDiskSize')]",
"managedDisk": {
"storageAccountType": "[parameters('diskStorageAccountType')]"
}
}
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('vmNicName'))]"
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": true,
"storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2021-09-01').primaryEndpoints.blob]"
}
}
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkInterfaces', parameters('vmNicName'))]"
]
},
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"apiVersion": "2023-09-01",
"name": "[format('{0}/{1}', parameters('vmName'), 'DependencyAgentWindows')]",
"location": "[parameters('location')]",
"properties": {
"publisher": "Microsoft.Azure.Monitoring.DependencyAgent",
"type": "DependencyAgentWindows",
"typeHandlerVersion": "9.4",
"autoUpgradeMinorVersion": true,
"enableAutomaticUpgrade": true
},
"dependsOn": [
"[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]"
]
},
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"apiVersion": "2023-09-01",
"name": "[format('{0}/{1}', parameters('vmName'), 'AzureMonitorWindowsAgent')]",
"location": "[parameters('location')]",
"properties": {
"publisher": "Microsoft.Azure.Monitor",
"type": "AzureMonitorWindowsAgent",
"typeHandlerVersion": "1.0",
"autoUpgradeMinorVersion": true,
"enableAutomaticUpgrade": true
},
"dependsOn": [
"[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('vmName'), 'DependencyAgentWindows')]",
"[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]"
]
},
{
"condition": "[parameters('enableMicrosoftEntraIdAuth')]",
"type": "Microsoft.Compute/virtualMachines/extensions",
"apiVersion": "2023-09-01",
"name": "[format('{0}/{1}', parameters('vmName'), 'AADLoginForWindows')]",
"location": "[parameters('location')]",
"properties": {
"publisher": "Microsoft.Azure.ActiveDirectory",
"type": "AADLoginForWindows",
"typeHandlerVersion": "1.0",
"autoUpgradeMinorVersion": false,
"enableAutomaticUpgrade": false
},
"dependsOn": [
"[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('vmName'), 'AzureMonitorWindowsAgent')]",
"[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]"
]
},
{
"type": "Microsoft.Insights/dataCollectionRules",
"apiVersion": "2022-06-01",
"name": "DCR-Win-Event-Logs-to-LAW",
"location": "[parameters('location')]",
"kind": "Windows",
"properties": {
"dataFlows": [
{
"destinations": [
"logAnalytics"
],
"streams": [
"Microsoft-Event"
]
}
],
"dataSources": {
"windowsEventLogs": [
{
"streams": [
"Microsoft-Event"
],
"xPathQueries": [
"Application!*[System[(Level=1 or Level=2 or Level=3 or or Level=0) ]]",
"Security!*[System[(band(Keywords,13510798882111488))]]",
"System!*[System[(Level=1 or Level=2 or Level=3 or or Level=0)]]"
],
"name": "eventLogsDataSource"
}
]
},
"description": "Collect Windows Event Logs and send to Azure Monitor Logs",
"destinations": {
"logAnalytics": [
{
"name": "logAnalytics",
"workspaceResourceId": "[parameters('workspaceId')]"
}
]
}
},
"dependsOn": [
"[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('vmName'), 'AADLoginForWindows')]"
]
},
{
"type": "Microsoft.Insights/dataCollectionRules",
"apiVersion": "2022-06-01",
"name": "DCR-Win-Perf-to-LAW",
"location": "[parameters('location')]",
"kind": "Windows",
"properties": {
"dataFlows": [
{
"destinations": [
"logAnalytics"
],
"streams": [
"Microsoft-Perf"
]
}
],
"dataSources": {
"performanceCounters": [
{
"counterSpecifiers": [
"\\Processor Information(_Total)\\% Processor Time",
"\\Processor Information(_Total)\\% Privileged Time",
"\\Processor Information(_Total)\\% User Time",
"\\Processor Information(_Total)\\Processor Frequency",
"\\System\\Processes",
"\\Process(_Total)\\Thread Count",
"\\Process(_Total)\\Handle Count",
"\\System\\System Up Time",
"\\System\\Context Switches/sec",
"\\System\\Processor Queue Length",
"\\Memory\\% Committed Bytes In Use",
"\\Memory\\Available Bytes",
"\\Memory\\Committed Bytes",
"\\Memory\\Cache Bytes",
"\\Memory\\Pool Paged Bytes",
"\\Memory\\Pool Nonpaged Bytes",
"\\Memory\\Pages/sec",
"\\Memory\\Page Faults/sec",
"\\Process(_Total)\\Working Set",
"\\Process(_Total)\\Working Set - Private",
"\\LogicalDisk(_Total)\\% Disk Time",
"\\LogicalDisk(_Total)\\% Disk Read Time",
"\\LogicalDisk(_Total)\\% Disk Write Time",
"\\LogicalDisk(_Total)\\% Idle Time",
"\\LogicalDisk(_Total)\\Disk Bytes/sec",
"\\LogicalDisk(_Total)\\Disk Read Bytes/sec",
"\\LogicalDisk(_Total)\\Disk Write Bytes/sec",
"\\LogicalDisk(_Total)\\Disk Transfers/sec",
"\\LogicalDisk(_Total)\\Disk Reads/sec",
"\\LogicalDisk(_Total)\\Disk Writes/sec",
"\\LogicalDisk(_Total)\\Avg. Disk sec/Transfer",
"\\LogicalDisk(_Total)\\Avg. Disk sec/Read",
"\\LogicalDisk(_Total)\\Avg. Disk sec/Write",
"\\LogicalDisk(_Total)\\Avg. Disk Queue Length",
"\\LogicalDisk(_Total)\\Avg. Disk Read Queue Length",
"\\LogicalDisk(_Total)\\Avg. Disk Write Queue Length",
"\\LogicalDisk(_Total)\\% Free Space",
"\\LogicalDisk(_Total)\\Free Megabytes",
"\\Network Interface(*)\\Bytes Total/sec",
"\\Network Interface(*)\\Bytes Sent/sec",
"\\Network Interface(*)\\Bytes Received/sec",
"\\Network Interface(*)\\Packets/sec",
"\\Network Interface(*)\\Packets Sent/sec",
"\\Network Interface(*)\\Packets Received/sec",
"\\Network Interface(*)\\Packets Outbound Errors",
"\\Network Interface(*)\\Packets Received Errors"
],
"name": "perfCounterDataSource60",
"samplingFrequencyInSeconds": 60,
"streams": [
"Microsoft-Perf"
]
}
]
},
"description": "Collect Performance Counters and send to Azure Monitor Logs.",
"destinations": {
"logAnalytics": [
{
"name": "logAnalytics",
"workspaceResourceId": "[parameters('workspaceId')]"
}
]
}
},
"dependsOn": [
"[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('vmName'), 'AADLoginForWindows')]"
]
},
{
"type": "Microsoft.Insights/dataCollectionRuleAssociations",
"apiVersion": "2022-06-01",
"scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('vmName'))]",
"name": "DCRA-VMSS-WEL-LAW",
"properties": {
"description": "Association of data collection rule. Deleting this association will break the data collection for this virtual machine.",
"dataCollectionRuleId": "[resourceId('Microsoft.Insights/dataCollectionRules', 'DCR-Win-Event-Logs-to-LAW')]"
},
"dependsOn": [
"[resourceId('Microsoft.Insights/dataCollectionRules', 'DCR-Win-Event-Logs-to-LAW')]",
"[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]"
]
},
{
"type": "Microsoft.Insights/dataCollectionRuleAssociations",
"apiVersion": "2022-06-01",
"scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('vmName'))]",
"name": "DCRA-VM-PC-LAW",
"properties": {
"description": "Association of data collection rule. Deleting this association will break the data collection for this virtual machine.",
"dataCollectionRuleId": "[resourceId('Microsoft.Insights/dataCollectionRules', 'DCR-Win-Perf-to-LAW')]"
},
"dependsOn": [
"[resourceId('Microsoft.Insights/dataCollectionRules', 'DCR-Win-Perf-to-LAW')]",
"[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]"
]
},
{
"condition": "[and(parameters('enableMicrosoftEntraIdAuth'), not(empty(parameters('userObjectId'))))]",
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "2022-04-01",
"scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('vmName'))]",
"name": "[guid(resourceId('Microsoft.Compute/virtualMachines', parameters('vmName')), subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4'), parameters('userObjectId'))]",
"properties": {
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]",
"principalType": "User",
"principalId": "[parameters('userObjectId')]"
},
"dependsOn": [
"[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]"
]
}
]
}
},
"dependsOn": [
"[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('virtualNetworkResourceGroupName')), 'Microsoft.Resources/deployments', 'network')]",
"[resourceId('Microsoft.Resources/deployments', 'storageAccount')]",
"[resourceId('Microsoft.Resources/deployments', 'workspace')]"
]
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "hub",
"properties": {
"expressionEvaluationOptions": {
"scope": "inner"
},
"mode": "Incremental",
"parameters": {
"name": "[if(empty(parameters('hubName')), createObject('value', toLower(format('{0}-hub-{1}', parameters('prefix'), parameters('suffix')))), createObject('value', parameters('hubName')))]",
"friendlyName": {
"value": "[parameters('hubFriendlyName')]"
},
"description_": {
"value": "[parameters('hubDescription')]"
},
"location": {
"value": "[parameters('location')]"
},
"tags": {
"value": "[parameters('tags')]"
},
"aiServicesName": {
"value": "[reference(resourceId('Microsoft.Resources/deployments', 'aiServices'), '2022-09-01').outputs.name.value]"
},
"applicationInsightsId": {
"value": "[reference(resourceId('Microsoft.Resources/deployments', 'applicationInsights'), '2022-09-01').outputs.id.value]"
},
"containerRegistryId": "[if(parameters('acrEnabled'), createObject('value', reference(resourceId('Microsoft.Resources/deployments', 'containerRegistry'), '2022-09-01').outputs.id.value), createObject('value', ''))]",
"keyVaultId": {
"value": "[reference(resourceId('Microsoft.Resources/deployments', 'keyVault'), '2022-09-01').outputs.id.value]"
},
"storageAccountId": {
"value": "[reference(resourceId('Microsoft.Resources/deployments', 'storageAccount'), '2022-09-01').outputs.id.value]"
},
"connectionAuthType": {
"value": "[parameters('connectionAuthType')]"
},
"systemDatastoresAuthMode": {
"value": "[parameters('systemDatastoresAuthMode')]"
},
"publicNetworkAccess": {
"value": "[parameters('hubPublicNetworkAccess')]"
},
"isolationMode": {
"value": "[parameters('hubIsolationMode')]"
},
"workspaceId": {
"value": "[reference(resourceId('Microsoft.Resources/deployments', 'workspace'), '2022-09-01').outputs.id.value]"
},
"userObjectId": {
"value": "[parameters('userObjectId')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "16154832487940214165"
}
},
"parameters": {
"name": {
"type": "string",
"metadata": {
"description": "Specifies the name"
}
},
"location": {
"type": "string",
"metadata": {
"description": "Specifies the location."
}
},
"tags": {
"type": "object",
"metadata": {
"description": "Specifies the resource tags."
}
},
"skuName": {
"type": "string",
"defaultValue": "Basic",
"metadata": {
"description": "The SKU name to use for the AI Foundry Hub Resource"
}
},
"skuTier": {
"type": "string",
"defaultValue": "Basic",
"allowedValues": [
"Basic",
"Free",
"Premium",
"Standard"
],
"metadata": {
"description": "The SKU tier to use for the AI Foundry Hub Resource"
}
},
"friendlyName": {
"type": "string",
"defaultValue": "[parameters('name')]",
"metadata": {
"description": "Specifies the display name"
}
},
"description_": {
"type": "string",
"metadata": {
"description": "Specifies the description"
}
},
"isolationMode": {
"type": "string",
"defaultValue": "AllowInternetOutbound",
"allowedValues": [
"AllowInternetOutbound",
"AllowOnlyApprovedOutbound",
"Disabled"
],
"metadata": {
"description": "Specifies the Isolation mode for the managed network of a machine learning workspace."
}
},
"publicNetworkAccess": {
"type": "string",
"defaultValue": "Enabled",
"allowedValues": [
"Disabled",
"Enabled"
],
"metadata": {
"description": "Specifies the public network access for the machine learning workspace."
}
},
"applicationInsightsId": {
"type": "string",
"metadata": {
"description": "Specifies the resource ID of the application insights resource for storing diagnostics logs"
}
},
"containerRegistryId": {
"type": "string",
"metadata": {
"description": "Specifies the resource ID of the container registry resource for storing docker images"
}
},
"keyVaultId": {
"type": "string",
"metadata": {
"description": "Specifies the resource ID of the key vault resource for storing connection strings"
}
},
"storageAccountId": {
"type": "string",
"metadata": {
"description": "Specifies the resource ID of the storage account resource for storing experimentation outputs"
}
},
"aiServicesName": {
"type": "string",
"metadata": {
"description": "Specifies thename of the Azure AI Services resource"
}
},
"connectionAuthType": {
"type": "string",
"defaultValue": "AAD",
"allowedValues": [
"ApiKey",
"AAD",
"ManagedIdentity",
"None"
],
"metadata": {
"description": "Specifies the authentication method for the OpenAI Service connection."
}
},
"aiServicesConnectionName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the name for the Azure OpenAI Service connection."
}
},
"workspaceId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the Log Analytics workspace."
}
},
"userObjectId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the object id of a Miccrosoft Entra ID user. In general, this the object id of the system administrator who deploys the Azure resources."
}
},
"logsToEnable": {
"type": "array",
"defaultValue": [
"ComputeInstanceEvent"
],
"allowedValues": [
"ComputeInstanceEvent"
],
"metadata": {
"description": "Optional. The name of logs that will be streamed."
}
},
"metricsToEnable": {
"type": "array",
"defaultValue": [
"AllMetrics"
],
"allowedValues": [
"AllMetrics"
],
"metadata": {
"description": "Optional. The name of metrics that will be streamed."
}
},
"systemDatastoresAuthMode": {
"type": "string",
"defaultValue": "identity",
"allowedValues": [
"identity",
"accessKey"
],
"metadata": {
"description": "Determines whether or not to use credentials for the system datastores of the workspace workspaceblobstore and workspacefilestore. The default value is accessKey, in which case, the workspace will create the system datastores with credentials. If set to identity, the workspace will create the system datastores with no credentials."
}
}
},
"variables": {
"copy": [
{
"name": "logs",
"count": "[length(parameters('logsToEnable'))]",
"input": {
"category": "[parameters('logsToEnable')[copyIndex('logs')]]",
"enabled": true,
"retentionPolicy": {
"enabled": true,
"days": 0
}
}
},
{
"name": "metrics",
"count": "[length(parameters('metricsToEnable'))]",
"input": {
"category": "[parameters('metricsToEnable')[copyIndex('metrics')]]",
"timeGrain": null,
"enabled": true,
"retentionPolicy": {
"enabled": true,
"days": 0
}
}
}
],
"diagnosticSettingsName": "diagnosticSettings"
},
"resources": [
{
"type": "Microsoft.MachineLearningServices/workspaces/connections",
"apiVersion": "2024-01-01-preview",
"name": "[format('{0}/{1}', parameters('name'), if(not(empty(parameters('aiServicesConnectionName'))), parameters('aiServicesConnectionName'), toLower(format('{0}-connection', parameters('aiServicesName')))))]",
"properties": {
"category": "AIServices",
"target": "[reference(resourceId('Microsoft.CognitiveServices/accounts', parameters('aiServicesName')), '2024-04-01-preview').endpoint]",
"authType": "[parameters('connectionAuthType')]",
"isSharedToAll": true,
"metadata": {
"ApiType": "Azure",
"ResourceId": "[resourceId('Microsoft.CognitiveServices/accounts', parameters('aiServicesName'))]"
},
"credentials": "[if(equals(parameters('connectionAuthType'), 'ApiKey'), createObject('key', listKeys(resourceId('Microsoft.CognitiveServices/accounts', parameters('aiServicesName')), '2024-04-01-preview').key1), null())]"
},
"dependsOn": [
"[resourceId('Microsoft.MachineLearningServices/workspaces', parameters('name'))]"
]
},
{
"type": "Microsoft.MachineLearningServices/workspaces",
"apiVersion": "2024-04-01-preview",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"tags": "[parameters('tags')]",
"sku": {
"name": "[parameters('skuName')]",
"tier": "[parameters('skuTier')]"
},
"kind": "Hub",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"friendlyName": "[parameters('friendlyName')]",
"description": "[parameters('description_')]",
"managedNetwork": {
"isolationMode": "[parameters('isolationMode')]"
},
"publicNetworkAccess": "[parameters('publicNetworkAccess')]",
"keyVault": "[parameters('keyVaultId')]",
"storageAccount": "[parameters('storageAccountId')]",
"applicationInsights": "[parameters('applicationInsightsId')]",
"containerRegistry": "[if(equals(parameters('containerRegistryId'), ''), null(), parameters('containerRegistryId'))]",
"systemDatastoresAuthMode": "[parameters('systemDatastoresAuthMode')]"
}
},
{
"condition": "[not(empty(parameters('userObjectId')))]",
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "2022-04-01",
"scope": "[format('Microsoft.MachineLearningServices/workspaces/{0}', parameters('name'))]",
"name": "[guid(resourceId('Microsoft.MachineLearningServices/workspaces', parameters('name')), subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f6c7c914-8db3-469d-8ca1-694a8f32e121'), parameters('userObjectId'))]",
"properties": {
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f6c7c914-8db3-469d-8ca1-694a8f32e121')]",
"principalType": "User",
"principalId": "[parameters('userObjectId')]"
},
"dependsOn": [
"[resourceId('Microsoft.MachineLearningServices/workspaces', parameters('name'))]"
]
},
{
"type": "Microsoft.Insights/diagnosticSettings",
"apiVersion": "2021-05-01-preview",
"scope": "[format('Microsoft.MachineLearningServices/workspaces/{0}', parameters('name'))]",
"name": "[variables('diagnosticSettingsName')]",
"properties": {
"workspaceId": "[parameters('workspaceId')]",
"logs": "[variables('logs')]",
"metrics": "[variables('metrics')]"
},
"dependsOn": [
"[resourceId('Microsoft.MachineLearningServices/workspaces', parameters('name'))]"
]
}
],
"outputs": {
"name": {
"type": "string",
"value": "[parameters('name')]"
},
"id": {
"type": "string",
"value": "[resourceId('Microsoft.MachineLearningServices/workspaces', parameters('name'))]"
}
}
}
},
"dependsOn": [
"[resourceId('Microsoft.Resources/deployments', 'aiServices')]",
"[resourceId('Microsoft.Resources/deployments', 'applicationInsights')]",
"[resourceId('Microsoft.Resources/deployments', 'containerRegistry')]",
"[resourceId('Microsoft.Resources/deployments', 'keyVault')]",
"[resourceId('Microsoft.Resources/deployments', 'storageAccount')]",
"[resourceId('Microsoft.Resources/deployments', 'workspace')]"
]
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "project",
"properties": {
"expressionEvaluationOptions": {
"scope": "inner"
},
"mode": "Incremental",
"parameters": {
"name": "[if(empty(parameters('projectName')), createObject('value', toLower(format('{0}-project-{1}', parameters('prefix'), parameters('suffix')))), createObject('value', parameters('projectName')))]",
"friendlyName": {
"value": "[parameters('projectFriendlyName')]"
},
"location": {
"value": "[parameters('location')]"
},
"tags": {
"value": "[parameters('tags')]"
},
"publicNetworkAccess": {
"value": "[parameters('projectPublicNetworkAccess')]"
},
"hubId": {
"value": "[reference(resourceId('Microsoft.Resources/deployments', 'hub'), '2022-09-01').outputs.id.value]"
},
"workspaceId": {
"value": "[reference(resourceId('Microsoft.Resources/deployments', 'workspace'), '2022-09-01').outputs.id.value]"
},
"userObjectId": {
"value": "[parameters('userObjectId')]"
},
"aiServicesPrincipalId": {
"value": "[reference(resourceId('Microsoft.Resources/deployments', 'aiServices'), '2022-09-01').outputs.principalId.value]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "2388901736986180342"
}
},
"parameters": {
"name": {
"type": "string",
"metadata": {
"description": "Specifies the name"
}
},
"location": {
"type": "string",
"metadata": {
"description": "Specifies the location."
}
},
"tags": {
"type": "object",
"metadata": {
"description": "Specifies the resource tags."
}
},
"friendlyName": {
"type": "string",
"defaultValue": "[parameters('name')]",
"metadata": {
"description": "Specifies the display name"
}
},
"publicNetworkAccess": {
"type": "string",
"defaultValue": "Enabled",
"metadata": {
"description": "Specifies the public network access for the machine learning workspace."
}
},
"hubId": {
"type": "string",
"metadata": {
"description": "Specifies the AI hub resource id"
}
},
"workspaceId": {
"type": "string",
"metadata": {
"description": "Specifies the resource id of the Log Analytics workspace."
}
},
"userObjectId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the object id of a Miccrosoft Entra ID user. In general, this the object id of the system administrator who deploys the Azure resources."
}
},
"aiServicesPrincipalId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Specifies the principal id of the Azure AI Services."
}
},
"logsToEnable": {
"type": "array",
"defaultValue": [
"AmlComputeClusterEvent",
"AmlComputeClusterNodeEvent",
"AmlComputeJobEvent",
"AmlComputeCpuGpuUtilization",
"AmlRunStatusChangedEvent",
"ModelsChangeEvent",
"ModelsReadEvent",
"ModelsActionEvent",
"DeploymentReadEvent",
"DeploymentEventACI",
"DeploymentEventAKS",
"InferencingOperationAKS",
"InferencingOperationACI",
"EnvironmentChangeEvent",
"EnvironmentReadEvent",
"DataLabelChangeEvent",
"DataLabelReadEvent",
"DataSetChangeEvent",
"DataSetReadEvent",
"PipelineChangeEvent",
"PipelineReadEvent",
"RunEvent",
"RunReadEvent"
],
"allowedValues": [
"AmlComputeClusterEvent",
"AmlComputeClusterNodeEvent",
"AmlComputeJobEvent",
"AmlComputeCpuGpuUtilization",
"AmlRunStatusChangedEvent",
"ModelsChangeEvent",
"ModelsReadEvent",
"ModelsActionEvent",
"DeploymentReadEvent",
"DeploymentEventACI",
"DeploymentEventAKS",
"InferencingOperationAKS",
"InferencingOperationACI",
"EnvironmentChangeEvent",
"EnvironmentReadEvent",
"DataLabelChangeEvent",
"DataLabelReadEvent",
"DataSetChangeEvent",
"DataSetReadEvent",
"PipelineChangeEvent",
"PipelineReadEvent",
"RunEvent",
"RunReadEvent"
],
"metadata": {
"description": "Optional. The name of logs that will be streamed."
}
},
"metricsToEnable": {
"type": "array",
"defaultValue": [
"AllMetrics"
],
"allowedValues": [
"AllMetrics"
],
"metadata": {
"description": "Optional. The name of metrics that will be streamed."
}
}
},
"variables": {
"copy": [
{
"name": "logs",
"count": "[length(parameters('logsToEnable'))]",
"input": {
"category": "[parameters('logsToEnable')[copyIndex('logs')]]",
"enabled": true,
"retentionPolicy": {
"enabled": true,
"days": 0
}
}
},
{
"name": "metrics",
"count": "[length(parameters('metricsToEnable'))]",
"input": {
"category": "[parameters('metricsToEnable')[copyIndex('metrics')]]",
"timeGrain": null,
"enabled": true,
"retentionPolicy": {
"enabled": true,
"days": 0
}
}
}
],
"diagnosticSettingsName": "diagnosticSettings"
},
"resources": [
{
"type": "Microsoft.MachineLearningServices/workspaces",
"apiVersion": "2024-04-01-preview",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"tags": "[parameters('tags')]",
"kind": "Project",
"sku": {
"name": "Basic",
"tier": "Basic"
},
"identity": {
"type": "SystemAssigned"
},
"properties": {
"friendlyName": "[parameters('friendlyName')]",
"hbiWorkspace": false,
"v1LegacyMode": false,
"publicNetworkAccess": "[parameters('publicNetworkAccess')]",
"hubResourceId": "[parameters('hubId')]",
"systemDatastoresAuthMode": "identity"
}
},
{
"condition": "[not(empty(parameters('userObjectId')))]",
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "2022-04-01",
"scope": "[format('Microsoft.MachineLearningServices/workspaces/{0}', parameters('name'))]",
"name": "[guid(resourceId('Microsoft.MachineLearningServices/workspaces', parameters('name')), subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f6c7c914-8db3-469d-8ca1-694a8f32e121'), parameters('userObjectId'))]",
"properties": {
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f6c7c914-8db3-469d-8ca1-694a8f32e121')]",
"principalType": "User",
"principalId": "[parameters('userObjectId')]"
},
"dependsOn": [
"[resourceId('Microsoft.MachineLearningServices/workspaces', parameters('name'))]"
]
},
{
"condition": "[not(empty(parameters('aiServicesPrincipalId')))]",
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "2022-04-01",
"scope": "[format('Microsoft.MachineLearningServices/workspaces/{0}', parameters('name'))]",
"name": "[guid(resourceId('Microsoft.MachineLearningServices/workspaces', parameters('name')), subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f6c7c914-8db3-469d-8ca1-694a8f32e121'), parameters('aiServicesPrincipalId'))]",
"properties": {
"roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f6c7c914-8db3-469d-8ca1-694a8f32e121')]",
"principalType": "ServicePrincipal",
"principalId": "[parameters('aiServicesPrincipalId')]"
},
"dependsOn": [
"[resourceId('Microsoft.MachineLearningServices/workspaces', parameters('name'))]"
]
},
{
"type": "Microsoft.Insights/diagnosticSettings",
"apiVersion": "2021-05-01-preview",
"scope": "[format('Microsoft.MachineLearningServices/workspaces/{0}', parameters('name'))]",
"name": "[variables('diagnosticSettingsName')]",
"properties": {
"workspaceId": "[parameters('workspaceId')]",
"logs": "[variables('logs')]",
"metrics": "[variables('metrics')]"
},
"dependsOn": [
"[resourceId('Microsoft.MachineLearningServices/workspaces', parameters('name'))]"
]
}
],
"outputs": {
"name": {
"type": "string",
"value": "[parameters('name')]"
},
"id": {
"type": "string",
"value": "[resourceId('Microsoft.MachineLearningServices/workspaces', parameters('name'))]"
},
"principalId": {
"type": "string",
"value": "[reference(resourceId('Microsoft.MachineLearningServices/workspaces', parameters('name')), '2024-04-01-preview', 'full').identity.principalId]"
}
}
}
},
"dependsOn": [
"[resourceId('Microsoft.Resources/deployments', 'aiServices')]",
"[resourceId('Microsoft.Resources/deployments', 'hub')]",
"[resourceId('Microsoft.Resources/deployments', 'workspace')]"
]
}
],
"outputs": {
"deploymentInfo": {
"type": "object",
"value": {
"subscriptionId": "[subscription().subscriptionId]",
"resourceGroupName": "[resourceGroup().name]",
"location": "[parameters('location')]",
"storageAccountName": "[reference(resourceId('Microsoft.Resources/deployments', 'storageAccount'), '2022-09-01').outputs.name.value]",
"aiServicesName": "[reference(resourceId('Microsoft.Resources/deployments', 'aiServices'), '2022-09-01').outputs.name.value]",
"aiServicesEndpoint": "[reference(resourceId('Microsoft.Resources/deployments', 'aiServices'), '2022-09-01').outputs.endpoint.value]",
"hubName": "[reference(resourceId('Microsoft.Resources/deployments', 'hub'), '2022-09-01').outputs.name.value]",
"projectName": "[reference(resourceId('Microsoft.Resources/deployments', 'project'), '2022-09-01').outputs.name.value]"
}
}
}
}