Merge pull request microsoft#379 from microsoft/psl-avmwafchanges

Author: Abdul-Microsoft

.github/workflows/deploy-waf.yml

@@ -109,13 +109,15 @@ jobs:
             --resource-group ${{ env.RESOURCE_GROUP_NAME }} \
             --template-file infra/main.bicep \
             --parameters \
-              environmentName=${{ env.SOLUTION_PREFIX }} \
-              useWafAlignedArchitecture=true \
-              aiDeploymentsLocation='${{ env.AZURE_LOCATION }}' \
+              solutionName=${{ env.SOLUTION_PREFIX }} \
+              location="${{ env.AZURE_LOCATION }}" \
+              azureAiServiceLocation='${{ env.AZURE_LOCATION }}' \
               gptModelCapacity=5 \
-              virtualMachineConfiguration='{"adminUsername": "adminuser", "adminPassword": "P@ssw0rd1234"}' \
-              logAnalyticsWorkspaceConfiguration='{"existingWorkspaceResourceId": ""}'
-
+              enableTelemetry=true \
+              enableMonitoring=true \
+              enablePrivateNetworking=true \
+              enableScalability=true \
+              
 
       - name: Send Notification on Failure
         if: failure()

.github/workflows/deploy.yml

@@ -129,19 +129,14 @@ jobs:
             --resource-group ${{ env.RESOURCE_GROUP_NAME }} \
             --template-file infra/main.bicep \
             --parameters \
-              environmentName=${{ env.SOLUTION_PREFIX }} \
-              solutionLocation="${{ env.AZURE_LOCATION }}" \
-              modelDeploymentType="GlobalStandard" \
+              solutionName=${{ env.SOLUTION_PREFIX }} \
+              location="${{ env.AZURE_LOCATION }}" \
+              gptModelDeploymentType="GlobalStandard" \
               gptModelName="gpt-4o" \
               gptModelVersion="2024-08-06" \
               imageTag="${IMAGE_TAG}" \
-              useWafAlignedArchitecture=false \
-              aiDeploymentsLocation='${{ env.AZURE_LOCATION }}' \
+              azureAiServiceLocation='${{ env.AZURE_LOCATION }}' \
               gptModelCapacity=150 \
-              logAnalyticsWorkspaceConfiguration='{"dataRetentionInDays": 30, "existingWorkspaceResourceId": ""}' \
-              applicationInsightsConfiguration='{"retentionInDays": 30}' \
-              virtualNetworkConfiguration='{"enabled": false}' \
-              webServerFarmConfiguration='{"skuCapacity": 1, "skuName": "B2"}' \
             --output json
 
       - name: Extract Web App and API App URLs

docs/DeploymentGuide.md

@@ -153,7 +153,8 @@ When you start the deployment, most parameters will have **default values**, but
 | **GPT Model Capacity**          | Sets the GPT model capacity.                                 | 150        |
 | **Image Tag**                  | Docker image tag used for container deployments.                                    | latest            |
 | **Enable Telemetry**           | Enables telemetry for monitoring and diagnostics.                                    | true              |
-
+| **Existing Log Analytics Workspace**        | To reuse an existing Log Analytics Workspace ID instead of creating a new one.              | *(none)*          |
+| **Existing Azure AI Foundry Project**        | To reuse an existing Azure AI Foundry Project ID instead of creating a new one.              | *(none)*          |
 
 </details>
 
@@ -176,6 +177,14 @@ To adjust quota settings, follow these [steps](./AzureGPTQuotaSettings.md).
 
 </details>
 
+<details>
+
+  <summary><b>Reusing an Existing Azure AI Foundry Project</b></summary>
+
+  Guide to get your [Existing Project ID](/docs/re-use-foundry-project.md)
+
+</details>
+
 ### Deploying with AZD
 
 Once you've opened the project in [Codespaces](#github-codespaces), [Dev Containers](#vs-code-dev-containers), or [locally](#local-environment), you can deploy it to Azure by following these steps:
@@ -206,43 +215,9 @@ Once you've opened the project in [Codespaces](#github-codespaces), [Dev Contain
 
 5. Once the deployment has completed successfully, open the [Azure Portal](https://portal.azure.com/), go to the deployed resource group, find the App Service, and get the app URL from `Default domain`.
 
-6. If you are done trying out the application, you can delete the resources by running `azd down`.
-
-### Publishing Local Build Container to Azure Container Registry
-
-If you need to rebuild the source code and push the updated container to the deployed Azure Container Registry, follow these steps:
-
-1. Set the environment variable `USE_LOCAL_BUILD` to `True`:
-
-   - **Linux/macOS**:
-
-     ```bash
-     export USE_LOCAL_BUILD=True
-     ```
-
-   - **Windows (PowerShell)**:
-     ```powershell
-     $env:USE_LOCAL_BUILD = $true
-     ```
-
-2. Run the `az login` command
-
-   ```bash
-   az login
-   ```
-
-3. Run the `azd up` command again to rebuild and push the updated container:
-   ```bash
-   azd up
-   ```
-
-This will rebuild the source code, package it into a container, and push it to the Azure Container Registry associated with your deployment.
-
-This guide provides step-by-step instructions for deploying your application using Azure Container Registry (ACR) and Azure Container Apps.
-
-There are several ways to deploy the solution. You can deploy to run in Azure in one click, or manually, or you can deploy locally.
+6. When Deployment is complete, follow steps in [Set Up Authentication in Azure App Service](../docs/azure_app_service_auth_setup.md) to add app authentication to your web app running on Azure App Service
 
-When Deployment is complete, follow steps in [Set Up Authentication in Azure App Service](../docs/azure_app_service_auth_setup.md) to add app authentication to your web app running on Azure App Service
+7. If you are done trying out the application, you can delete the resources by running `azd down`.
 
 # Local setup
 

docs/images/re_use_foundry_project/azure_ai_foundry_list.png

@@ -0,0 +1,44 @@
+[← Back to *DEPLOYMENT* guide](/docs/DeploymentGuide.md#deployment-steps)
+
+# Reusing an Existing Azure AI Foundry Project
+To configure your environment to use an existing Azure AI Foundry Project, follow these steps:
+---
+### 1. Go to Azure Portal
+Go to https://portal.azure.com
+
+### 2. Search for Azure AI Foundry
+In the search bar at the top, type "Azure AI Foundry" and click on it. Then select the Foundry service instance where your project exists.
+
+![alt text](../docs/images/re_use_foundry_project/azure_ai_foundry_list.png)
+
+### 3. Navigate to Projects under Resource Management
+On the left sidebar of the Foundry service blade:
+
+- Expand the Resource Management section
+- Click on Projects (this refers to the active Foundry project tied to the service)
+
+### 4. Click on the Project
+From the Projects view: Click on the project name to open its details
+
+    Note: You will see only one project listed here, as each Foundry service maps to a single project in this accelerator
+
+![alt text](../docs/images/re_use_foundry_project/navigate_to_projects.png)
+
+### 5. Copy Resource ID
+In the left-hand menu of the project blade: 
+
+- Click on Properties under Resource Management
+- Locate the Resource ID field
+- Click on the copy icon next to the Resource ID value
+
+![alt text](../docs/images/re_use_foundry_project/project_resource_id.png)
+
+### 6. Set the Foundry Project Resource ID in Your Environment
+Run the following command in your terminal
+```bash
+azd env set AZURE_ENV_FOUNDRY_PROJECT_ID '<Existing Foundry Project Resource ID>'
+```
+Replace `<Existing Foundry Project Resource ID>` with the value obtained from Step 5.
+
+### 7. Continue Deployment
+Proceed with the next steps in the [deployment guide](/docs/DeploymentGuide.md#deployment-steps).

docs/images/re_use_foundry_project/navigate_to_projects.png

@@ -1,4 +1,4 @@
-[← Back to *DEPLOYMENT* guide](/docs/DeploymentGuide.md#deployment-options--steps)
+[← Back to *DEPLOYMENT* guide](/docs/DeploymentGuide.md#deployment-steps)
 
 # Reusing an Existing Log Analytics Workspace
 To configure your environment to use an existing Log Analytics Workspace, follow these steps:
@@ -28,4 +28,4 @@ azd env set AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID '<Existing Log Analytics Worksp
 Replace `<Existing Log Analytics Workspace Id>` with the value obtained from Step 3.
 
 ### 5. Continue Deployment
-Proceed with the next steps in the [deployment guide](/docs/DeploymentGuide.md#deployment-options--steps).
+Proceed with the next steps in the [deployment guide](/docs/DeploymentGuide.md#deployment-steps).

docs/images/re_use_foundry_project/project_resource_id.png

@@ -17,7 +17,7 @@ param solutionName string = 'macae'
 param solutionUniqueText string = take(uniqueString(subscription().id, resourceGroup().name, solutionName), 5)
 
 @metadata({ azd: { type: 'location' } })
-@description('Optional. Azure region for all services. Regions are restricted to guarantee compatibility with paired regions and replica locations for data redundancy and failover scenarios based on articles [Azure regions list](https://learn.microsoft.com/azure/reliability/regions-list) and [Azure Database for MySQL Flexible Server - Azure Regions](https://learn.microsoft.com/azure/mysql/flexible-server/overview#azure-regions).')
+@description('Required. Azure region for all services. Regions are restricted to guarantee compatibility with paired regions and replica locations for data redundancy and failover scenarios based on articles [Azure regions list](https://learn.microsoft.com/azure/reliability/regions-list) and [Azure Database for MySQL Flexible Server - Azure Regions](https://learn.microsoft.com/azure/mysql/flexible-server/overview#azure-regions).')
 @allowed([
   'australiaeast'
   'centralus'
@@ -30,13 +30,38 @@ param solutionUniqueText string = take(uniqueString(subscription().id, resourceG
   'westeurope'
   'uksouth'
 ])
-param location string = 'australiaeast'
+param location string
 
 // Restricting deployment to only supported Azure OpenAI regions validated with GPT-4o model
 @allowed(['australiaeast', 'eastus2', 'francecentral', 'japaneast', 'norwayeast', 'swedencentral', 'uksouth', 'westus'])
-@metadata({ azd: { type: 'location' } })
-@description('Optional. Location for all AI service resources. This should be one of the supported Azure AI Service locations.')
-param azureAiServiceLocation string = 'australiaeast'
+@metadata({
+  azd : {
+    type: 'location'
+    usageName : [
+      'OpenAI.GlobalStandard.gpt-4o, 150'
+    ]
+  }
+})
+@description('Required. Location for all AI service resources. This should be one of the supported Azure AI Service locations.')
+param azureAiServiceLocation string
+
+@minLength(1)
+@description('Optional. Name of the GPT model to deploy:')
+param gptModelName string = 'gpt-4o'
+
+@description('Optional. Version of the GPT model to deploy. Defaults to 2024-08-06.')
+param gptModelVersion string = '2024-08-06'
+
+@minLength(1)
+@allowed([
+  'Standard'
+  'GlobalStandard'
+])
+@description('Optional. GPT model deployment type. Defaults to GlobalStandard.')
+param gptModelDeploymentType string = 'GlobalStandard'
+
+@description('Optional. AI model deployment token capacity. Defaults to 150 for optimal performance.')
+param gptModelCapacity int = 150
 
 @description('Optional. The tags to apply to all deployed Azure resources.')
 param tags resourceInput<'Microsoft.Resources/resourceGroups@2025-04-01'>.tags = {}
@@ -86,7 +111,15 @@ param enableTelemetry bool = true
 // Variables      //
 // ============== //
 
-var solutionSuffix = '${solutionName}${solutionUniqueText}'
+var solutionSuffix = toLower(trim(replace(
+  replace(
+    replace(replace(replace(replace('${solutionName}${solutionUniqueText}', '-', ''), '_', ''), '.', ''), '/', ''),
+    ' ',
+    ''
+  ),
+  '*',
+  ''
+)))
 
 // Region pairs list based on article in [Azure regions list](https://learn.microsoft.com/azure/reliability/regions-list)
 // var azureRegionPairs = {
@@ -895,12 +928,11 @@ var aiFoundryAiServicesAiProjectResourceName = 'proj-${solutionSuffix}'
 var aiFoundryAIservicesEnabled = true
 var aiFoundryAiServicesModelDeployment = {
   format: 'OpenAI'
-  name: 'gpt-4o'
-  version: '2024-08-06'
+  name: gptModelName
+  version: gptModelVersion
   sku: {
-    name: 'GlobalStandard'
-    //Currently the capacity is set to 140 for optimal performance.
-    capacity: 140
+    name: gptModelDeploymentType
+    capacity: gptModelCapacity
   }
   raiPolicyName: 'Microsoft.Default'
 }
@@ -1141,7 +1173,7 @@ module containerAppEnvironment 'br/public:avm/res/app/managed-environment:0.11.2
           destination: 'log-analytics'
           logAnalyticsConfiguration: {
             customerId: logAnalyticsWorkspace!.outputs.logAnalyticsWorkspaceId
-            sharedKey: logAnalyticsWorkspace!.outputs.primarySharedKey
+            sharedKey: logAnalyticsWorkspace.outputs.primarySharedKey
           }
         }
       : null
@@ -1331,6 +1363,10 @@ module containerApp 'br/public:avm/res/app/container-app:0.18.1' = {
             name: 'AZURE_AI_AGENT_MODEL_DEPLOYMENT_NAME'
             value: aiFoundryAiServicesModelDeployment.name
           }
+          {
+            name: 'AZURE_CLIENT_ID'
+            value: userAssignedIdentity.outputs.clientId // NOTE: This is the client ID of the managed identity, not the Entra application, and is needed for the App Service to access the Cosmos DB account.
+          }
         ]
       }
     ]

docs/re-use-foundry-project.md

@@ -11,6 +11,18 @@
     "azureAiServiceLocation": {
       "value": "${AZURE_ENV_OPENAI_LOCATION}"
     },
+    "gptModelDeploymentType": {
+      "value": "${AZURE_ENV_MODEL_DEPLOYMENT_TYPE}"
+    },
+    "gptModelName": {
+      "value": "${AZURE_ENV_MODEL_NAME}"
+    },
+    "gptModelVersion": {
+      "value": "${AZURE_ENV_MODEL_VERSION}"
+    },
+    "gptModelCapacity": {
+      "value": "${AZURE_ENV_MODEL_CAPACITY}"
+    },
     "backendContainerImageTag": {
       "value": "${AZURE_ENV_IMAGE_TAG}"
     },