Merge pull request #220 from microsoft/dev

Roopan-Microsoft · web-flow · commit 0e9dad4a900b · 2025-09-23T15:51:18.000+05:30
feat: added the WAF support like other templates
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -135,7 +135,7 @@ jobs:
                 aiDeploymentsLocation="eastus" \
                 useWafAlignedArchitecture=false \
                 capacity=${{ env.GPT_MIN_CAPACITY }} \
-                imageVersion="${IMAGE_TAG}" \
+                imageVersion="${IMAGE_TAG}"\
                 createdBy="Pipeline" 
       - name: Assign Contributor role to Service Principal
         if: always()
diff --git a/docs/DeploymentGuide.md b/docs/DeploymentGuide.md
@@ -33,27 +33,18 @@ Check the [Azure Products by Region](https://azure.microsoft.com/en-us/explore/g
 
 ### Sandbox or WAF Aligned Deployment Options
 
-The [`infra`](../infra) folder contains the [`main.bicep`](../infra/main.bicep) Bicep script, which defines all Azure infrastructure components for this solution.
+The [`infra`](../infra) folder of the Multi Agent Solution Accelerator contains the [`main.bicep`](../infra/main.bicep) Bicep script, which defines all Azure infrastructure components for this solution.
 
-When running `azd up`, you’ll now be prompted to choose between a **WAF-aligned configuration** and a **sandbox configuration** using a simple selection:
+By default, the `azd up` command uses the [`main.parameters.json`](../infra/main.parameters.json) file to deploy the solution. This file is pre-configured for a **sandbox environment** — ideal for development and proof-of-concept scenarios, with minimal security and cost controls for rapid iteration.
 
-- A **sandbox environment** — ideal for development and proof-of-concept scenarios, with minimal security and cost controls for rapid iteration.
-
-- A **production deployments environment**, which applies a [Well-Architected Framework (WAF) aligned](https://learn.microsoft.com/en-us/azure/well-architected/) configuration. This option enables additional Azure best practices for reliability, security, cost optimization, operational excellence, and performance efficiency, such as:
-  - Enhanced network security (e.g., Network protection with private endpoints)
-  - Stricter access controls and managed identities
-  - Logging, monitoring, and diagnostics enabled by default
-  - Resource tagging and cost management recommendations
+For **production deployments**, the repository also provides [`main.waf.parameters.json`](../infra/main.waf.parameters.json), which applies a [Well-Architected Framework (WAF) aligned](https://learn.microsoft.com/en-us/azure/well-architected/) configuration. This option enables additional Azure best practices for reliability, security, cost optimization, operational excellence, and performance efficiency, such as:
 
 **How to choose your deployment configuration:**
 
-When prompted during `azd up`:
+* Use the default `main.parameters.json` file for a **sandbox/dev environment**
+* For a **WAF-aligned, production-ready deployment**, copy the contents of `main.waf.parameters.json` into `main.parameters.json` before running `azd up`
 
-![useWAFAlignedArchitecture](images/macae_waf_prompt.png)
 
-- Select **`true`** to deploy a **WAF-aligned, production-ready environment**  
-- Select **`false`** to deploy a **lightweight sandbox/dev environment**
-  
 > [!TIP]
 > Always review and adjust parameter values (such as region, capacity, security settings and log analytics workspace configuration) to match your organization’s requirements before deploying. For production, ensure you have sufficient quota and follow the principle of least privilege for all identities and role assignments.
 
diff --git a/infra/main.bicep b/infra/main.bicep
@@ -2,8 +2,6 @@ metadata name = 'Modernize Your Code Solution Accelerator'
 metadata description = '''CSA CTO Gold Standard Solution Accelerator for Modernize Your Code. 
 '''
 
-@description('Set to true if you want to deploy WAF-aligned infrastructure.')
-param useWafAlignedArchitecture bool
 
 @minLength(3)
 @maxLength(16)
@@ -47,10 +45,10 @@ param aiDeploymentsLocation string
 param capacity int = 150
 
 @description('Optional. Enable monitoring for the resources. This will enable Application Insights and Log Analytics. Defaults to false.')
-param enableMonitoring bool = useWafAlignedArchitecture? true : false
+param enableMonitoring bool = false 
 
 @description('Optional. Enable scaling for the container apps. Defaults to false.')
-param enableScaling bool = useWafAlignedArchitecture? true : false
+param enableScaling bool = false 
 
 @description('Optional. Enable redundancy for applicable resources. Defaults to false.')
 param enableRedundancy bool = false
@@ -59,7 +57,7 @@ param enableRedundancy bool = false
 param secondaryLocation string?
 
 @description('Optional. Enable private networking for the resources. Set to true to enable private networking. Defaults to false.')
-param enablePrivateNetworking bool = useWafAlignedArchitecture? true : false
+param enablePrivateNetworking bool = false 
 
 @description('Optional. Size of the Jumpbox Virtual Machine when created. Set to custom value if enablePrivateNetworking is true.')
 param vmSize string? 
@@ -134,8 +132,9 @@ var modelDeployment = {
 
 var abbrs = loadJsonContent('./abbreviations.json')
 
-@description('Optional created by user name')
-param createdBy string = empty(deployer().userPrincipalName) ? '' : split(deployer().userPrincipalName, '@')[0]
+@description('Tag, Created by user name')
+param createdBy string = contains(deployer(), 'userPrincipalName')? split(deployer().userPrincipalName, '@')[0]: deployer().objectId
+ 
 
 // ========== Resource Group Tag ========== //
 resource resourceGroupTags 'Microsoft.Resources/tags@2021-04-01' = {
diff --git a/infra/main.waf.parameters.json b/infra/main.waf.parameters.json
@@ -0,0 +1,117 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "solutionName": {
+      "value": "${AZURE_ENV_NAME}"
+    },
+    "location": {
+      "value": "${AZURE_LOCATION}"
+    },
+    "deploymentType": {
+      "value": "${AZURE_ENV_MODEL_DEPLOYMENT_TYPE}"
+    },
+    "llmModel": {
+      "value": "${AZURE_ENV_MODEL_NAME}"
+    },
+    "capacity": {
+      "value": "${AZURE_ENV_MODEL_CAPACITY}"
+    },
+    "gptModelVersion": {
+      "value": "${AZURE_ENV_MODEL_VERSION}"
+    },
+    "imageVersion": {
+      "value": "${AZURE_ENV_IMAGETAG=latest}"
+    },
+    "existingLogAnalyticsWorkspaceId": {
+      "value": "${AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID}"
+    },
+    "azureExistingAIProjectResourceId": {
+      "value": "${AZURE_EXISTING_AI_PROJECT_RESOURCE_ID}"
+    },
+    "secondaryLocation": {
+      "value": "${AZURE_ENV_COSMOS_SECONDARY_LOCATION}"
+    },
+    "vmSize": {
+      "value": "${AZURE_ENV_JUMPBOX_SIZE}"
+    },
+    "vmAdminUsername": {
+      "value": "${AZURE_ENV_JUMPBOX_ADMIN_USERNAME}"
+    },
+    "vmAdminPassword": {
+      "value": "${AZURE_ENV_JUMPBOX_ADMIN_PASSWORD}"
+    },
+    "backendExists": {
+      "value": "${SERVICE_BACKEND_RESOURCE_EXISTS=false}"
+    },
+    "enableMonitoring": {
+      "value": true
+    },
+    "enablePrivateNetworking": {
+      "value": true
+    },
+    "enableScaling": {
+      "value": true
+    },
+    "backendDefinition": {
+      "value": {
+        "settings": [
+          {
+            "name": "",
+            "value": "${VAR}",
+            "_comment_name": "The name of the environment variable when running in Azure. If empty, ignored.",
+            "_comment_value": "The value to provide. This can be a fixed literal, or an expression like ${VAR} to use the value of 'VAR' from the current environment."
+          },
+          {
+            "name": "",
+            "value": "${VAR_S}",
+            "secret": true,
+            "_comment_name": "The name of the environment variable when running in Azure. If empty, ignored.",
+            "_comment_value": "The value to provide. This can be a fixed literal, or an expression like ${VAR_S} to use the value of 'VAR_S' from the current environment."
+          }
+        ]
+      }
+    },
+    "frontendExists": {
+      "value": "${SERVICE_FRONTEND_RESOURCE_EXISTS=false}"
+    },
+    "frontendDefinition": {
+      "value": {
+        "settings": [
+          {
+            "name": "",
+            "value": "${VAR}",
+            "_comment_name": "The name of the environment variable when running in Azure. If empty, ignored.",
+            "_comment_value": "The value to provide. This can be a fixed literal, or an expression like ${VAR} to use the value of 'VAR' from the current environment."
+          },
+          {
+            "name": "",
+            "value": "${VAR_S}",
+            "secret": true,
+            "_comment_name": "The name of the environment variable when running in Azure. If empty, ignored.",
+            "_comment_value": "The value to provide. This can be a fixed literal, or an expression like ${VAR_S} to use the value of 'VAR_S' from the current environment."
+          }
+        ]
+      }
+    },
+    "principalId": {
+      "value": "${AZURE_PRINCIPAL_ID}"
+    },
+    "aiModelDeployments": {
+      "value": [
+        {
+          "name": "gpt-4o",
+          "model": {
+            "name": "gpt-4o",
+            "version": "2024-08-06",
+            "format": "OpenAI"
+          },
+          "sku": {
+            "name": "GlobalStandard",
+            "capacity": 50
+          }
+        }
+      ]
+    }
+  }
+}
