Azure-Samples
diff --git a/‎.gitignore‎
Lines changed: 47 additions & 1 deletion b/‎.gitignore‎
Lines changed: 47 additions & 1 deletion
diff --git a/‎README.md‎
Lines changed: 14 additions & 11 deletions b/‎README.md‎
Lines changed: 14 additions & 11 deletions
diff --git a/‎infra/main.ai.tf‎
Lines changed: 19 additions & 0 deletions b/‎infra/main.ai.tf‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎infra/main.app_insights.tf‎
Lines changed: 144 additions & 0 deletions b/‎infra/main.app_insights.tf‎
Lines changed: 144 additions & 0 deletions
diff --git a/‎infra/main.network.tf‎
Lines changed: 103 additions & 0 deletions b/‎infra/main.network.tf‎
Lines changed: 103 additions & 0 deletions
@@ -399,4 +399,50 @@ FodyWeavers.xsd
 # JetBrains Rider
 *.sln.iml
 
-.azure/
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# Ignore Terraform lock file
+.terraform.lock.hcl
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# Plan files
+*.tfplan
+
+# Test binaries and temporary files
+*.test
+*.out
+/test-logs/
+
+# Checkov reports
+checkov_report.*
@@ -1,24 +1,27 @@
 # Project Name
 
-(short, 1-3 sentenced, description of the project)
+This repository provides a baseline architecture for integrating Copilot Studio and Power Platform with Azure AI resources. It addresses challenges in initializing and managing these connections while prioritizing enterprise readiness. Key features include robust network configuration, observability tools, and secure, scalable authentication.
 
 ## Features
 
-This project framework provides the following features:
-
-* Feature 1
-* Feature 2
-* ...
+* Seamless integration of Copilot Studio with Azure AI resources.
+* Enterprise-grade network configuration for secure and scalable deployments.
+* Observability tools for monitoring and troubleshooting.
+* Secure authentication mechanisms aligned with enterprise standards.
+* Modular Terraform code structure for easy customization and reuse.
+* Support for remote state management using Azure Storage.
+* Automated resource tagging for better organization and cost tracking.
+* Validation of input variables to ensure robust deployments.
+* Pre-configured backend setup for remote state storage.
+* Documentation and examples for quick onboarding and usage.
 
 ## Getting Started
 
 ### Prerequisites
 
-(ideally very short, if any)
-
-- OS
-- Library version
-- ...
+To use this example, you must complete the following prerequisites:
+- Set up a service principal with the permissions outlined in the [Power Platform Terraform Provider's documentation](https://microsoft.github.io/terraform-provider-power-platform/guides/app_registration/)
+- Set up an interactive user with sufficient Power Platform licensing to interact with the resources managed by this module.
 
 ### Installation
 
 
@@ -0,0 +1,19 @@
+module "azure_open_ai" {
+  source                = "Azure/avm-res-cognitiveservices-account/azurerm"
+  version               = "0.6.0"
+  kind                  = "OpenAI"
+  location              = var.location
+  name                  = "aoai${random_string.name.id}"
+  resource_group_name   = azurerm_resource_group.this.name
+  enable_telemetry      = true
+  sku_name              = "S0"
+  local_auth_enabled    = true
+  cognitive_deployments = var.cognitive_deployments
+  network_acls = {
+    default_action = "Deny"
+  }
+  managed_identities = {
+    system_assigned = true
+  }
+  tags = var.tags
+}
@@ -0,0 +1,144 @@
+resource "random_uuid" "uid" {}
+
+resource "azurerm_application_insights" "insights" {
+  count = var.include_app_insights ? 1 : 0
+
+  application_type    = "web"
+  location            = azurerm_resource_group.this.location
+  name                = "${var.resource_prefix}-appinsights-${var.resource_suffix}"
+  resource_group_name = azurerm_resource_group.this.name
+}
+
+resource "azurerm_application_insights_workbook" "workbook" {
+  count = var.include_app_insights ? 1 : 0
+
+  data_json = jsonencode({
+    "version" : "Notebook/1.0",
+    "items" : [
+      {
+        "type" : 1,
+        "content" : {
+          "json" : "${var.app_insights_workbook_description}",
+          "style" : "info"
+        },
+        "name" : "Notebook description"
+      },
+      {
+        "type" : 3,
+        "content" : {
+          "version" : "KqlItem/1.0",
+          "query" : "${var.app_insights_sections["section_1"].query}",
+          "size" : 0,
+          "timeContext" : {
+            "durationMs" : 1800000
+          },
+          "queryType" : 0,
+          "resourceType" : "microsoft.insights/components",
+          "crossComponentResources" : [
+            "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${azurerm_resource_group.this.name}/providers/Microsoft.Insights/components/${azurerm_application_insights.insights[0].name}"
+          ],
+          "visualization" : "${var.app_insights_sections["section_1"].chart}"
+        },
+        "name" : "${var.app_insights_sections["section_1"].name}"
+      },
+      {
+        "type" : 3,
+        "content" : {
+          "version" : "KqlItem/1.0",
+          "query" : "${var.app_insights_sections["section_2"].query}",
+          "size" : 0,
+          "timeContext" : {
+            "durationMs" : 1800000
+          },
+          "queryType" : 0,
+          "resourceType" : "microsoft.insights/components",
+          "crossComponentResources" : [
+            "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${azurerm_resource_group.this.name}/providers/Microsoft.Insights/components/${azurerm_application_insights.insights[0].name}"
+          ],
+          "visualization" : "${var.app_insights_sections["section_2"].chart}"
+        },
+        "name" : "${var.app_insights_sections["section_2"].name}"
+      },
+      {
+        "type" : 3,
+        "content" : {
+          "version" : "KqlItem/1.0",
+          "query" : "${var.app_insights_sections["section_3"].query}",
+          "size" : 0,
+          "timeContext" : {
+            "durationMs" : 1800000
+          },
+          "queryType" : 0,
+          "resourceType" : "microsoft.insights/components",
+          "crossComponentResources" : [
+            "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${azurerm_resource_group.this.name}/providers/Microsoft.Insights/components/${azurerm_application_insights.insights[0].name}"
+          ],
+          "visualization" : "${var.app_insights_sections["section_3"].chart}"
+        },
+        "name" : "${var.app_insights_sections["section_3"].name}"
+      },
+      {
+        "type" : 3,
+        "content" : {
+          "version" : "KqlItem/1.0",
+          "query" : "${var.app_insights_sections["section_4"].query}",
+          "size" : 0,
+          "timeContext" : {
+            "durationMs" : 1800000
+          },
+          "queryType" : 0,
+          "resourceType" : "microsoft.insights/components",
+          "crossComponentResources" : [
+            "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${azurerm_resource_group.this.name}/providers/Microsoft.Insights/components/${azurerm_application_insights.insights[0].name}"
+          ],
+          "visualization" : "${var.app_insights_sections["section_4"].chart}"
+        },
+        "name" : "${var.app_insights_sections["section_4"].name}"
+      },
+      {
+        "type" : 3,
+        "content" : {
+          "version" : "KqlItem/1.0",
+          "query" : "${var.app_insights_sections["section_5"].query}",
+          "size" : 0,
+          "timeContext" : {
+            "durationMs" : 1800000
+          },
+          "queryType" : 0,
+          "resourceType" : "microsoft.insights/components",
+          "crossComponentResources" : [
+            "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${azurerm_resource_group.this.name}/providers/Microsoft.Insights/components/${azurerm_application_insights.insights[0].name}"
+          ],
+          "visualization" : "${var.app_insights_sections["section_5"].chart}"
+        },
+        "name" : "${var.app_insights_sections["section_5"].name}"
+      },
+      {
+        "type" : 3,
+        "content" : {
+          "version" : "KqlItem/1.0",
+          "query" : "${var.app_insights_sections["section_6"].query}",
+          "size" : 0,
+          "timeContext" : {
+            "durationMs" : 1800000
+          },
+          "queryType" : 0,
+          "resourceType" : "microsoft.insights/components",
+          "crossComponentResources" : [
+            "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${azurerm_resource_group.this.name}/providers/Microsoft.Insights/components/${azurerm_application_insights.insights[0].name}"
+          ],
+          "visualization" : "${var.app_insights_sections["section_6"].chart}"
+        },
+        "name" : "${var.app_insights_sections["section_6"].name}"
+      }
+    ],
+    "fallbackResourceIds" : [
+      "azure monitor"
+    ],
+    "$schema" : "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
+  })
+  display_name        = "Azure Monitor Workbook"
+  location            = azurerm_resource_group.this.location
+  name                = random_uuid.uid.result
+  resource_group_name = azurerm_resource_group.this.name
+}
@@ -0,0 +1,103 @@
+module "primary_virtual_network" {
+  source              = "Azure/avm-res-network-virtualnetwork/azurerm"
+  version             = "0.8.0"
+  resource_group_name = azurerm_resource_group.this.name
+  subnets = merge(
+    {
+      "${var.primary_subnet_name}" = {
+        name              = var.primary_subnet_name
+        address_prefixes  = var.primary_subnet_address_spaces
+        service_endpoints = ["Microsoft.Storage"]
+        delegation = [{
+          name = "Microsoft.PowerPlatform/enterprisePolicies"
+          service_delegation = {
+            name    = "Microsoft.PowerPlatform/enterprisePolicies"
+            actions = ["Microsoft.Network/virtualNetworks/subnets/join/action"]
+          }
+          }
+        ]
+        nat_gateway = {
+          id = azurerm_nat_gateway.primary_nat_gateway.id
+        }
+      }
+    },
+    {
+      ai-search-primary-subnet = {
+        name             = "ai-search-primary-subnet"
+        address_prefixes = var.primary_ai_search_subnet_address_spaces
+        nat_gateway = {
+          id = azurerm_nat_gateway.primary_nat_gateway.id
+        }
+      }
+    }
+  )
+  address_space = var.primary_vnet_address_spaces
+  location      = var.primary_location
+  name          = "power-platform-primary-vnet-${random_string.name.id}"
+  tags          = var.tags
+}
+
+module "failover_virtual_network" {
+  source              = "Azure/avm-res-network-virtualnetwork/azurerm"
+  version             = "0.8.0"
+  resource_group_name = azurerm_resource_group.this.name
+  subnets = merge(
+    {
+      "${var.failover_subnet_name}" = {
+        name              = var.failover_subnet_name
+        address_prefixes  = var.failover_subnet_address_spaces
+        service_endpoints = ["Microsoft.Storage"]
+        delegation = [{
+          name = "Microsoft.PowerPlatform/enterprisePolicies"
+          service_delegation = {
+            name    = "Microsoft.PowerPlatform/enterprisePolicies"
+            actions = ["Microsoft.Network/virtualNetworks/subnets/join/action"]
+          }
+          }
+        ]
+        nat_gateway = {
+          id = azurerm_nat_gateway.failover_nat_gateway.id
+        }
+      }
+    },
+    {
+      ai-search-failover-subnet = {
+        name             = "ai-search-failover-subnet"
+        address_prefixes = var.failover_ai_search_subnet_address_spaces
+        nat_gateway = {
+          id = azurerm_nat_gateway.failover_nat_gateway.id
+        }
+      }
+    }
+  )
+  address_space = var.failover_vnet_address_spaces
+  location      = var.failover_location
+  name          = "power-platform-failover-vnet-${random_string.name.id}"
+  tags          = var.tags
+}
+
+#---- Set up NAT gateways, which are not initialized by the AVM ----
+
+# Primary VNet NAT gateway
+resource "azurerm_nat_gateway" "primary_nat_gateway" {
+  location            = var.primary_location
+  name                = "primary-nat-gateway"
+  resource_group_name = azurerm_resource_group.this.name
+  sku_name            = "Standard"
+}
+
+# Secondary VNet NAT gateway
+
+resource "azurerm_nat_gateway" "failover_nat_gateway" {
+  location            = var.failover_location
+  name                = "failover-nat-gateway"
+  resource_group_name = azurerm_resource_group.this.name
+  sku_name            = "Standard"
+}
+
+# TODO add a proper polling mechanism instead of wait
+resource "time_sleep" "wait_for_network" {
+  create_duration = "30s" # Wait for 30 seconds
+
+  depends_on = [module.primary_virtual_network, module.failover_virtual_network]
+}