diff --git a/docs/CustomizingAzdParameters.md b/docs/CustomizingAzdParameters.md index d8161832..9462898e 100644 --- a/docs/CustomizingAzdParameters.md +++ b/docs/CustomizingAzdParameters.md @@ -10,7 +10,6 @@ By default this template will use the environment name as the prefix to prevent | -------------------------------------- | ------- | ---------------- | ---------------------------------------------------------------------------------------------------- | | `AZURE_ENV_NAME` | string | `azdtemp` | Used as a prefix for all resource names to ensure uniqueness across environments. | | `AZURE_LOCATION` | string | `eastus2` | Location of the Azure resources. Controls where the infrastructure will be deployed. | -| `AZURE_AISERVICE_LOCATION` | string | `japaneast` | Set the Azure AI Service Location. | | `AZURE_ENV_MODEL_DEPLOYMENT_TYPE` | string | `GlobalStandard` | Change the Model Deployment Type (allowed values: Standard, GlobalStandard). | | `AZURE_ENV_MODEL_NAME` | string | `gpt-4o` | Set the Model Name (allowed values: gpt-4o). | | `AZURE_ENV_MODEL_VERSION` | string | `2024-08-06` | Set the Azure model version (allowed values: 2024-08-06) | @@ -18,6 +17,9 @@ By default this template will use the environment name as the prefix to prevent | `AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID` | string | `` | Set this if you want to reuse an existing Log Analytics Workspace instead of creating a new one. | | `AZURE_ENV_IMAGETAG` | string | `latest` | Set the Image tag Like (allowed values: latest, dev, hotfix) | | `AZURE_ENV_JUMPBOX_SIZE` | string | `Standard_DS2_v2` | Specifies the size of the Jumpbox Virtual Machine. Set a custom value if `enablePrivateNetworking` is `true`. | +| `AZURE_ENV_JUMPBOX_ADMIN_USERNAME` | string | `JumpboxAdminUser` | Specifies the administrator username for the Jumpbox Virtual Machine. | +| `AZURE_ENV_JUMPBOX_ADMIN_PASSWORD` | string | `JumpboxAdminP@ssw0rd1234!` | Specifies the administrator password for the Jumpbox Virtual Machine. | +| `AZURE_ENV_COSMOS_SECONDARY_LOCATION` | string | *(not set by default)* | Specifies the secondary region for Cosmos DB. Required if `enableRedundancy` is `true`. | --- ## How to Set a Parameter diff --git a/docs/DeploymentGuide.md b/docs/DeploymentGuide.md index 88c28c06..65d3449c 100644 --- a/docs/DeploymentGuide.md +++ b/docs/DeploymentGuide.md @@ -40,13 +40,15 @@ When you start the deployment, most parameters will have **default values**, but |----------------------------------|------------------------------------------------------------------------------------------------------|----------------------------| | **Azure Region** | The region where resources will be created. | East US | | **Resource Prefix** | Prefix for all resources created by this template. This prefix will be used to create unique names for all resources. The prefix must be unique within the resource group. | azdtemp | -| **AI Location** | Location for all AI services resources. This location can be different from the resource group location. | japaneast | | **Capacity** | Configure capacity for **gpt-4o**. | 200 | | **Model Deployment Type** | Change the Model Deployment Type (allowed values: Standard, GlobalStandard). | GlobalStandard | | **Model Name** | Set the Model Name (allowed values: gpt-4o). | gpt-4o | | **Model Version** | Set the Azure model version (allowed values: 2024-08-06). | 2024-08-06 | | **Image Tag** | Set the Image tag (allowed values: latest, dev, hotfix). | latest | | **Existing Log analytics workspace** | To reuse the existing Log analytics workspace Id. | `` | +| **Jumpbox Admin Username** | Specifies the administrator username for the Jumpbox Virtual Machine. | `JumpboxAdminUser` | +| **Jumpbox Admin Password** | Specifies the administrator password for the Jumpbox Virtual Machine. | `JumpboxAdminP@ssw0rd1234!` | +| **Cosmos DB Secondary Location** | Specifies the secondary region for Cosmos DB. Set this if redundancy (`enableRedundancy`) is enabled. | `` | This accelerator can be configured to use authentication. diff --git a/infra/main.bicep b/infra/main.bicep index c5e88934..c275188f 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -129,6 +129,8 @@ var modelDeployment = { raiPolicyName: 'Microsoft.Default' } +var abbrs = loadJsonContent('./abbreviations.json') + #disable-next-line no-deployments-resources resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableTelemetry) { name: take( @@ -154,7 +156,7 @@ resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableT module appIdentity 'br/public:avm/res/managed-identity/user-assigned-identity:0.4.1' = { name: take('identity-app-${resourcesName}-deployment', 64) params: { - name: 'id-app-${resourcesName}' + name: '${abbrs.security.managedIdentity}${resourcesName}' location: location tags: allTags enableTelemetry: enableTelemetry @@ -176,7 +178,7 @@ resource existingLogAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces module logAnalyticsWorkspace 'br/public:avm/res/operational-insights/workspace:0.11.2' = if ((enableMonitoring || enablePrivateNetworking) && !useExistingLogAnalytics) { name: take('log-analytics-${resourcesName}-deployment', 64) params: { - name: 'log-${resourcesName}' + name: '${abbrs.managementGovernance.logAnalyticsWorkspace}${resourcesName}' location: location skuName: 'PerGB2018' dataRetention: 30 @@ -194,7 +196,7 @@ var LogAnalyticsWorkspaceId = useExistingLogAnalytics? existingLogAnalyticsWorks module applicationInsights 'br/public:avm/res/insights/component:0.6.0' = if (enableMonitoring) { name: take('app-insights-${resourcesName}-deployment', 64) params: { - name: 'appi-${resourcesName}' + name: '${abbrs.managementGovernance.applicationInsights}${resourcesName}' location: location workspaceResourceId: logAnalyticsWorkspaceResourceId diagnosticSettings: [{ workspaceResourceId: logAnalyticsWorkspaceResourceId }] @@ -223,12 +225,12 @@ module aiServices 'modules/ai-foundry/main.bicep' = { #disable-next-line no-unnecessary-dependson dependsOn: [logAnalyticsWorkspace, network] // required due to optional flags that could change dependency params: { - name: 'ais-${resourcesName}' + name: '${abbrs.ai.aiFoundry}${resourcesName}' location: aiDeploymentsLocation sku: 'S0' kind: 'AIServices' deployments: [modelDeployment] - projectName: 'proj-${resourcesName}' + projectName: '${abbrs.ai.aiFoundryProject}${resourcesName}' logAnalyticsWorkspaceResourceId: enableMonitoring ? logAnalyticsWorkspaceResourceId : '' privateNetworking: enablePrivateNetworking ? { @@ -265,7 +267,7 @@ module storageAccount 'modules/storageAccount.bicep' = { #disable-next-line no-unnecessary-dependson dependsOn: [logAnalyticsWorkspace, network] // required due to optional flags that could change dependency params: { - name: take('st${resourcesName}', 24) + name: take('${abbrs.storage.storageAccount}${resourcesName}', 24) location: location tags: allTags skuName: enableRedundancy ? 'Standard_GZRS' : 'Standard_LRS' @@ -300,7 +302,7 @@ module keyVault 'modules/keyVault.bicep' = { #disable-next-line no-unnecessary-dependson dependsOn: [logAnalyticsWorkspace, network] // required due to optional flags that could change dependency params: { - name: take('kv-${resourcesName}', 24) + name: take('${abbrs.security.keyVault}${resourcesName}', 24) location: location sku: 'standard' logAnalyticsWorkspaceResourceId: enableMonitoring ? logAnalyticsWorkspaceResourceId : '' @@ -327,7 +329,7 @@ module cosmosDb 'modules/cosmosDb.bicep' = { #disable-next-line no-unnecessary-dependson dependsOn: [logAnalyticsWorkspace, network] // required due to optional flags that could change dependency params: { - name: take('cosmos-${resourcesName}', 44) + name: take('${abbrs.databases.cosmosDBDatabase}${resourcesName}', 44) location: location dataAccessIdentityPrincipalId: appIdentity.outputs.principalId logAnalyticsWorkspaceResourceId: enableMonitoring ? logAnalyticsWorkspaceResourceId : '' @@ -344,7 +346,7 @@ module cosmosDb 'modules/cosmosDb.bicep' = { } } -var containerAppsEnvironmentName = 'cae-${resourcesName}' +var containerAppsEnvironmentName = '${abbrs.containers.containerAppsEnvironment}${resourcesName}' module containerAppsEnvironment 'br/public:avm/res/app/managed-environment:0.11.2' = { name: take('container-env-${resourcesName}-deployment', 64) @@ -391,7 +393,7 @@ module containerAppBackend 'br/public:avm/res/app/container-app:0.17.0' = { #disable-next-line no-unnecessary-dependson dependsOn: [applicationInsights] // required due to optional flags that could change dependency params: { - name: take('ca-${resourcesName}backend', 32) + name: take('${abbrs.containers.containerApp}backend-${resourcesName}', 32) location: location environmentResourceId: containerAppsEnvironment.outputs.resourceId managedIdentities: { @@ -556,7 +558,7 @@ module containerAppBackend 'br/public:avm/res/app/container-app:0.17.0' = { module containerAppFrontend 'br/public:avm/res/app/container-app:0.17.0' = { name: take('container-app-frontend-${resourcesName}-deployment', 64) params: { - name: take('ca-${resourcesName}frontend', 32) + name: take('${abbrs.containers.containerApp}frontend-${resourcesName}', 32) location: location environmentResourceId: containerAppsEnvironment.outputs.resourceId managedIdentities: { diff --git a/infra/modules/ai-foundry/main.bicep b/infra/modules/ai-foundry/main.bicep index 1058d2cc..c3b9580a 100644 --- a/infra/modules/ai-foundry/main.bicep +++ b/infra/modules/ai-foundry/main.bicep @@ -155,8 +155,8 @@ module cognitiveService 'ai-services.bicep' = { privateEndpoints: privateNetworking != null ? [ { - name:'pep-${name}-aiservices' // private endpoint name - customNetworkInterfaceName: 'nic-${name}-aiservices' + name:'pep-${name}' // private endpoint name + customNetworkInterfaceName: 'nic-${name}' subnetResourceId: privateNetworking.?subnetResourceId ?? '' privateDnsZoneGroup: { privateDnsZoneGroupConfigs: [ diff --git a/infra/modules/cosmosDb.bicep b/infra/modules/cosmosDb.bicep index 2fdb19c0..d7fef90a 100644 --- a/infra/modules/cosmosDb.bicep +++ b/infra/modules/cosmosDb.bicep @@ -97,6 +97,8 @@ module cosmosAccount 'br/public:avm/res/document-db/database-account:0.15.0' = { privateEndpoints: privateNetworking != null ? [ { + name: 'pep-${name}' + customNetworkInterfaceName: 'nic-${name}' privateDnsZoneGroup: { privateDnsZoneGroupConfigs: [ { diff --git a/infra/modules/keyVault.bicep b/infra/modules/keyVault.bicep index 880f3d0e..72379fa5 100644 --- a/infra/modules/keyVault.bicep +++ b/infra/modules/keyVault.bicep @@ -78,6 +78,8 @@ module keyvault 'br/public:avm/res/key-vault/vault:0.12.1' = { privateEndpoints: privateNetworking != null ? [ { + name: 'pep-${name}' + customNetworkInterfaceName: 'nic-${name}' privateDnsZoneGroup: { privateDnsZoneGroupConfigs: [ { diff --git a/infra/modules/network.bicep b/infra/modules/network.bicep index f2fb473c..138eb981 100644 --- a/infra/modules/network.bicep +++ b/infra/modules/network.bicep @@ -78,7 +78,7 @@ module network 'network/main.bicep' = { name: 'web' addressPrefixes: ['10.0.0.0/23'] // /23 (10.0.0.0 - 10.0.1.255), 512 addresses networkSecurityGroup: { - name: 'web-nsg' + name: 'nsg-web' securityRules: [ { name: 'AllowHttpsInbound' @@ -131,7 +131,7 @@ module network 'network/main.bicep' = { } ] bastionConfiguration: { - name: 'bastion-${resourcesName}' + name: 'bas-${resourcesName}' subnetAddressPrefixes: ['10.0.10.0/26'] } jumpboxConfiguration: { @@ -143,7 +143,7 @@ module network 'network/main.bicep' = { name: 'jumpbox' addressPrefixes: ['10.0.12.0/23'] // /23 (10.0.12.0 - 10.0.13.255), 512 addresses networkSecurityGroup: { - name: 'jumpbox-nsg' + name: 'nsg-jumbox' securityRules: [ { name: 'AllowRdpFromBastion' diff --git a/infra/modules/network/bastionHost.bicep b/infra/modules/network/bastionHost.bicep index 423fe57b..f955a486 100644 --- a/infra/modules/network/bastionHost.bicep +++ b/infra/modules/network/bastionHost.bicep @@ -62,6 +62,10 @@ module bastionHost 'br/public:avm/res/network/bastion-host:0.6.1' = { ] tags: tags enableTelemetry: enableTelemetry + publicIPAddressObject: { + name: 'pip-${name}' + zones:[] + } } } diff --git a/infra/modules/network/jumpbox.bicep b/infra/modules/network/jumpbox.bicep index b1280a95..50143d8e 100644 --- a/infra/modules/network/jumpbox.bicep +++ b/infra/modules/network/jumpbox.bicep @@ -40,7 +40,7 @@ param enableTelemetry bool = true module nsg 'br/public:avm/res/network/network-security-group:0.5.1' = if (!empty(subnet)) { name: '${vnetName}-${subnet.?networkSecurityGroup.name}' params: { - name: '${vnetName}-${subnet.?networkSecurityGroup.name}' + name: '${subnet.?networkSecurityGroup.name}-${vnetName}' location: location securityRules: subnet.?networkSecurityGroup.securityRules tags: tags @@ -76,7 +76,7 @@ module vm 'br/public:avm/res/compute/virtual-machine:0.15.0' = { adminUsername: username adminPassword: password tags: tags - zone: 2 + zone: 0 imageReference: { offer: 'WindowsServer' publisher: 'MicrosoftWindowsServer' @@ -86,13 +86,14 @@ module vm 'br/public:avm/res/compute/virtual-machine:0.15.0' = { osType: 'Windows' osDisk: { managedDisk: { + name: 'osdisk-${vmName}' storageAccountType: 'Standard_LRS' } } encryptionAtHost: false // Some Azure subscriptions do not support encryption at host nicConfigurations: [ { - name: '${vmName}-nic' + name: 'nic-${vmName}' ipConfigurations: [ { name: 'ipconfig1' diff --git a/infra/modules/network/main.bicep b/infra/modules/network/main.bicep index 9b616267..bf5a4fd9 100644 --- a/infra/modules/network/main.bicep +++ b/infra/modules/network/main.bicep @@ -30,7 +30,7 @@ param tags object = {} @description('Optional. Enable/Disable usage telemetry for module.') param enableTelemetry bool = true - + // /****************************************************************************************************************************/ // Networking - NSGs, VNET and Subnets. Each subnet has its own NSG // /****************************************************************************************************************************/ @@ -55,7 +55,7 @@ module virtualNetwork 'virtualNetwork.bicep' = { module bastionHost 'bastionHost.bicep' = if (!empty(bastionConfiguration)) { name: '${resourcesName}-bastionHost' params: { - name: bastionConfiguration.?name ?? 'bastion-${resourcesName}' + name: bastionConfiguration.?name ?? 'bas-${resourcesName}' vnetId: virtualNetwork.outputs.resourceId vnetName: virtualNetwork.outputs.name location: location diff --git a/infra/modules/network/virtualNetwork.bicep b/infra/modules/network/virtualNetwork.bicep index c017850f..6b502974 100644 --- a/infra/modules/network/virtualNetwork.bicep +++ b/infra/modules/network/virtualNetwork.bicep @@ -31,7 +31,7 @@ module nsgs 'br/public:avm/res/network/network-security-group:0.5.1' = [ for (subnet, i) in subnets: if (!empty(subnet.?networkSecurityGroup)) { name: take('${name}-${subnet.?networkSecurityGroup.name}-networksecuritygroup', 64) params: { - name: '${name}-${subnet.?networkSecurityGroup.name}' + name: '${subnet.?networkSecurityGroup.name}-${name}' location: location securityRules: subnet.?networkSecurityGroup.securityRules tags: tags diff --git a/infra/modules/storageAccount.bicep b/infra/modules/storageAccount.bicep index b109de49..c8d118fd 100644 --- a/infra/modules/storageAccount.bicep +++ b/infra/modules/storageAccount.bicep @@ -103,6 +103,8 @@ module storageAccount 'br/public:avm/res/storage/storage-account:0.20.0' = { privateEndpoints: privateNetworking != null ? [ { + name: 'pep-blob-${name}' + customNetworkInterfaceName: 'nic-blob-${name}' privateDnsZoneGroup: { privateDnsZoneGroupConfigs: [ { @@ -114,6 +116,8 @@ module storageAccount 'br/public:avm/res/storage/storage-account:0.20.0' = { subnetResourceId: privateNetworking.?subnetResourceId ?? '' } { + name: 'pep-file-${name}' + customNetworkInterfaceName: 'nic-file-${name}' privateDnsZoneGroup: { privateDnsZoneGroupConfigs: [ {