EOD code upload

Author: DocGailZhou

infra/main.bicep

@@ -46,7 +46,7 @@ param location string = resourceGroup().location
 param azureAiServiceLocation string = location
 
 @description('Optional. AI model deployment token capacity. Defaults to 5K tokens per minute.')
-param capacity int = 100 // was 5 before = 5K
+param capacity int = 5 // was 5 before = 5K
 
 @description('Optional. Enable monitoring for the resources. This will enable Application Insights and Log Analytics. Defaults to false.')
 param enableMonitoring bool = false
@@ -192,12 +192,13 @@ module aiServices 'modules/ai-services/main.bicep' = {
     deployments: [modelDeployment]
     projectName: 'proj-${resourcesName}'
     logAnalyticsWorkspaceResourceId: enableMonitoring ? logAnalyticsWorkspace.outputs.resourceId : ''
-    // privateNetworking: enablePrivateNetworking
-    //   ? {
-    //       virtualNetworkResourceId: network.outputs.vnetResourceId
-    //       subnetResourceId: network.outputs.subnetPrivateEndpointsResourceId
-    //     }
-    //   : null
+    // Enable privateNetworking. See infra/modules/ai-services/main.bicep for addtional configurations.
+    privateNetworking: enablePrivateNetworking
+      ? {
+          virtualNetworkResourceId: network.outputs.vnetResourceId
+          subnetResourceId: network.outputs.subnetPrivateEndpointsResourceId
+        }
+      : null
     roleAssignments: [
       {
         principalId: appIdentity.outputs.principalId

infra/main.bicepparam

@@ -10,12 +10,13 @@ param location = readEnvironmentVariable('AZURE_LOCATION')
 //      Refer to infra/main.waf-aligned.bicep for the WAF-aligned configuration
 // //*******************************************************************************
 
-// param enableMonitoring = true
-// param enableScaling = true
-// param enableRedundancy = true
+param enableMonitoring = true
+param enableScaling = true
+param enableRedundancy = true
+//param secondaryLocation = 'uksouth' // TODO - test this
+
+param enablePrivateNetworking = true
+param vmAdminUsername = 'JumpboxAdminUser'
+param vmAdminPassword = 'JumpboxAdminP@ssw0rd1234!'
 
-// param enablePrivateNetworking = true
-// param vmAdminUsername = 'JumpboxAdminUser'
-// param vmAdminPassword = 'JumpboxAdminP@ssw0rd1234!'
 
-//param secondaryLocation = 'uksouth' // TODO - test this

infra/main.waf-aligned.bicepparam

@@ -10,9 +10,10 @@ param location = readEnvironmentVariable('AZURE_LOCATION')
 param enableMonitoring = true
 param enableScaling = true
 param enableRedundancy = true
+//param secondaryLocation = 'uksouth' // TODO - test this
 
 param enablePrivateNetworking = true
 param vmAdminUsername = 'JumpboxAdminUser'
 param vmAdminPassword = 'JumpboxAdminP@ssw0rd1234!'
 
-//param secondaryLocation = 'uksouth' // TODO - test this
+

infra/modules/ai-services/main.bicep

@@ -118,6 +118,7 @@ module cognitiveService 'br/public:avm/res/cognitive-services/account:0.11.0' =
     tags: tags
     sku: sku
     kind: kind
+ 
     allowProjectManagement: true
     managedIdentities: {
       systemAssigned: true
@@ -126,6 +127,17 @@ module cognitiveService 'br/public:avm/res/cognitive-services/account:0.11.0' =
     customSubDomainName: name
     disableLocalAuth: false
     publicNetworkAccess: privateNetworking != null ? 'Disabled' : 'Enabled'
+    // rules to allow firewall and virtual network access
+    networkAcls: {
+      defaultAction: 'Deny'
+      bypass: 'AzureServices'
+      virtualNetworkRules: privateNetworking != null ? [
+        {
+          id: privateNetworking!.subnetResourceId
+        }
+      ] : []
+      ipRules: []
+    } // end of rules to allow firewall and virtual network access
     diagnosticSettings: !empty(logAnalyticsWorkspaceResourceId)
       ? [
           {

infra/modules/aiServices.bicep

@@ -80,7 +80,7 @@ module cosmosAccount 'br/public:avm/res/document-db/database-account:0.15.0' = {
             locationName: location
           }
           {
-            failoverPriority: 0
+            failoverPriority: 1
             isZoneRedundant: zoneRedundant
             locationName: secondaryLocation!
           }