Skip to content

Commit 81e718c

Browse files
dharakumarmsftdharakumarmsft
committed
Fix Link
1 parent 660ca43 commit 81e718c

File tree

1 file changed

+15
-3
lines changed
  • scenarios/Agents/setup/network-secured-agent-thread-storage

1 file changed

+15
-3
lines changed

scenarios/Agents/setup/network-secured-agent-thread-storage/README.md

Lines changed: 15 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -21,11 +21,11 @@ languages:
2121
![Best Practice Check](https://azurequickstartsservice.blob.core.windows.net/badges/quickstarts/microsoft.azure-ai-agent-service/network-secured-agent/BestPracticeResult.svg)
2222
![Cred Scan Check](https://azurequickstartsservice.blob.core.windows.net/badges/quickstarts/microsoft.azure-ai-agent-service/network-secured-agent/CredScanResult.svg)
2323

24-
![Bicep Version](https://azurequickstartsservice.blob.core.windows.net/badges/quickstarts/microsoft.azure-ai-agent-service/network-secured-agent/BicepVersion.svg)
24+
![Bicep Version](https://azurequickstartsservice.blob.core.windows.net/badges/quickstarts/microsoft.azure-ai-agent-service/network-secured-agent-thread/BicepVersion.svg)
2525

26-
[![Deploy To Azure](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/deploytoazure.svg?sanitize=true)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fdharakumarmsft%2Fazureai-samples%2Fthread-storage%2Fscenarios%2FAgents%2Fsetup%2Fnetwork-secured-agent-thread-storage%2Fazuredeploy.json)
26+
[![Deploy To Azure](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/deploytoazure.svg?sanitize=true)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure-Samples%2Fazureai-samples%2Fmain%2Fscenarios%2FAgents%2Fsetup%2Fnetwork-secured-agent-thread-storage%2Fazuredeploy.json)
2727

28-
[![Visualize](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/visualizebutton.svg?sanitize=true)](http://armviz.io/#/?load=https%3A%2F%2Fraw.githubusercontent.com%2FAzure-Samples%2Fazureai-samples%2Fmain%2Fscenarios%2FAgents%2Fsetup%2Fnetwork-secured-agent%2Fazuredeploy.json)
28+
[![Visualize](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/visualizebutton.svg?sanitize=true)](http://armviz.io/#/?load=https%3A%2F%2Fraw.githubusercontent.com%2FAzure-Samples%2Fazureai-samples%2Fmain%2Fscenarios%2FAgents%2Fsetup%2Fnetwork-secured-agent-thread-storage%2Fazuredeploy.json)
2929

3030
This infrastructure-as-code (IaC) solution deploys a network-secured Azure AI agent environment with private networking, managed identities, and role-based access control (RBAC).
3131

@@ -79,6 +79,7 @@ The deployment creates an isolated network environment:
7979
- privatelink.azureml.ms
8080
- privatelink.search.windows.net
8181
- privatelink.blob.core.windows.net
82+
- privatelink.documents.azure.com
8283

8384
### Core Components
8485

@@ -97,6 +98,7 @@ The deployment creates an isolated network environment:
9798
- Azure AI Search
9899
- Key Vault
99100
- Storage Account
101+
- Cosmos DB Account
100102

101103
## Security Features
102104

@@ -112,6 +114,7 @@ The deployment creates an isolated network environment:
112114
- AI Search: Index Data Contributor, Service Contributor
113115
- Key Vault: Contributor, Secrets Officer
114116
- Storage: Blob Data Owner, Queue Data Contributor
117+
- Cosmos DB: DocumentDB Account Operator Role, Cosmos DB Built-In Data Contributor
115118

116119
### Network Security
117120

@@ -148,7 +151,10 @@ modules-network-secured/
148151
├── network-secured-dependent-resources.bicep # Core infrastructure
149152
├── network-secured-identity.bicep # Managed identity
150153
├── private-endpoint-and-dns.bicep # Network security
154+
├── cosmos-account-role-assignments.bicep # Cosmos Account RBAC
155+
├── cosmos-container-role-assignments.bice # Cosmos Container RBAC
151156
└── storage-role-assignments.bicep # Storage RBAC configuration
157+
152158
```
153159

154160
## Role Assignments
@@ -185,6 +191,10 @@ The deployment configures the following RBAC permissions:
185191
* Queue operations
186192
* Message management
187193

194+
### Cosmos DB Account
195+
- DocumentDB Account Operator Role(230815da-be43-4aae-9cb4-875f7bd000aa)
196+
- Cosmos DB Built-In Data Contributor Role (00000000-0000-0000-0000-000000000002)
197+
188198
## Networking Details
189199

190200
### Private Endpoints
@@ -194,6 +204,7 @@ Each service is deployed with a private endpoint in the Customer Hub subnet:
194204
AI Services: account
195205
AI Search: searchService
196206
Storage: blob
207+
Cosmos DB: sql
197208
```
198209

199210
### DNS Configuration
@@ -203,6 +214,7 @@ Private DNS zones are created and linked to the VNet:
203214
AI Services: privatelink.azureml.ms
204215
AI Search: privatelink.search.windows.net
205216
Storage: privatelink.blob.core.windows.net
217+
Cosmos DB: privatelink.documents.azure.com
206218
```
207219

208220
## Security Considerations

0 commit comments

Comments
 (0)