Skip to content

Commit 662b501

Browse files
Update DeploymentGuide.md
1 parent 9288614 commit 662b501

1 file changed

Lines changed: 13 additions & 9 deletions

File tree

docs/DeploymentGuide.md

Lines changed: 13 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -66,24 +66,28 @@ To adjust quota settings, follow these [steps](../docs/AzureGPTQuotaSettings.md)
6666

6767
The [`infra`](../infra) folder contains the [`main.bicep`](../infra/main.bicep) Bicep script, which defines all Azure infrastructure components for this solution.
6868

69-
By default, the `azd up` command uses the [`main.bicepparam`](../infra/main.bicepparam) file to deploy the solution. This file is pre-configured for a **sandbox environment** — ideal for development and proof-of-concept scenarios, with minimal security and cost controls for rapid iteration.
69+
When running `azd up`, you’ll now be prompted to choose between a **WAF-aligned configuration** and a **sandbox configuration** using a simple selection:
7070

71-
For **production deployments**, the repository also provides [`main.waf-aligned.bicepparam`](../infra/main.waf-aligned.bicepparam), which applies a [WAF-aligned](https://learn.microsoft.com/en-us/azure/well-architected/) configuration. This option enables additional Azure best practices for reliability, security, cost optimization, operational excellence, and performance efficiency, such as:
71+
- A **sandbox environment** — ideal for development and proof-of-concept scenarios, with minimal security and cost controls for rapid iteration.
7272

73-
- Enhanced network security (e.g., Network protection with private endpoints)
74-
- Stricter access controls and managed identities
75-
- Logging, monitoring, and diagnostics enabled by default
76-
- Resource tagging and cost management recommendations
73+
- A **production deployments environment**, which applies a [Well-Architected Framework (WAF) aligned](https://learn.microsoft.com/en-us/azure/well-architected/) configuration. This option enables additional Azure best practices for reliability, security, cost optimization, operational excellence, and performance efficiency, such as:
74+
- Enhanced network security (e.g., Network protection with private endpoints)
75+
- Stricter access controls and managed identities
76+
- Logging, monitoring, and diagnostics enabled by default
77+
- Resource tagging and cost management recommendations
7778

7879
**How to choose your deployment configuration:**
7980

80-
- Use the default [`main.bicepparam`](../infra/main.bicepparam) for a sandbox/dev environment.
81-
- For a WAF-aligned, production-ready deployment, copy the contents of [`main.waf-aligned.bicepparam`](../infra/main.waf-aligned.bicepparam) into `main.bicepparam` before running `azd up`.
81+
When prompted during `azd up`:
8282

83+
![useWAFAlignedArchitecture](images/macae_waf_prompt.png)
84+
85+
- Select **`true`** to deploy a **WAF-aligned, production-ready environment**
86+
- Select **`false`** to deploy a **lightweight sandbox/dev environment**
87+
-
8388
> [!TIP]
8489
> Always review and adjust parameter values (such as region, capacity, security settings and log analytics workspace configuration) to match your organization’s requirements before deploying. For production, ensure you have sufficient quota and follow the principle of least privilege for all identities and role assignments.
8590
86-
8791
Pick from the options below to see step-by-step instructions for: GitHub Codespaces, VS Code Dev Containers, Local Environments, and Bicep deployments.
8892

8993
<details>

0 commit comments

Comments
 (0)