Merge pull request #278376 from v-thepet/terraform

v-dirichards · web-flow · commit 54d38c6e23a5 · 2024-06-25T15:54:23.000-05:00
Freshness - Azure Machine Learning 255606 5/6
diff --git a/articles/machine-learning/how-to-manage-workspace-terraform.md b/articles/machine-learning/how-to-manage-workspace-terraform.md
@@ -1,85 +1,88 @@
 ---
-title: Manage workspaces using Terraform
+title: Create workspaces by using Terraform
 titleSuffix: Azure Machine Learning
-description: Learn how to manage Azure Machine Learning workspaces using Terraform.
+description: Learn how to create Azure Machine Learning workspaces with public or private connectivity by using Terraform.
 services: machine-learning
 ms.service: machine-learning
 ms.subservice: enterprise-readiness
 ms.custom: devx-track-terraform
 ms.author: deeikele
 author: denniseik
 ms.reviewer: larryfr
-ms.date: 06/05/2023
+ms.date: 06/25/2024
 ms.topic: how-to
 ms.tool: terraform
 ---
 
-# Manage Azure Machine Learning workspaces using Terraform
+# Manage Azure Machine Learning workspaces by using Terraform
 
-In this article, you learn how to create and manage an Azure Machine Learning workspace using Terraform configuration files. [Terraform](/azure/developer/terraform/)'s template-based configuration files enable you to define, create, and configure Azure resources in a repeatable and predictable manner. Terraform tracks resource state and is able to clean up and destroy resources. 
+In this article, you learn how to create an Azure Machine Learning workspace by using Terraform configuration files. [Terraform](/azure/developer/terraform/) template-based configuration files enable you to define, create, and configure Azure resources in a repeatable and predictable manner. Terraform tracks resource state and can clean up and destroy resources.
 
-A Terraform configuration is a document that defines the resources that are needed for a deployment. It may also specify deployment variables. Variables are used to provide input values when using the configuration.
+A Terraform configuration file is a document that defines the resources needed for a deployment. The Terraform configuration can also specify deployment variables to use to provide input values when you apply the configuration.
 
 ## Prerequisites
 
-* An **Azure subscription**. If you don't have one, try the [free or paid version of Azure Machine Learning](https://azure.microsoft.com/free/).
-* An installed version of the [Azure CLI](/cli/azure/).
-* Configure Terraform: follow the directions in this article and the [Terraform and configure access to Azure](/azure/developer/terraform/get-started-cloud-shell) article.
+- An Azure subscription with a free or paid version of Azure Machine Learning. If you don't have an Azure subscription, [create a free account before you begin](https://azure.microsoft.com/free/).
+- Terraform installed and configured according to the instructions in [Quickstart: Install and configure Terraform](/azure/developer/terraform/quickstart-configure).
+<!--- [Azure CLI](/cli/azure/install-azure-cli) installed.-->
 
 ## Limitations
 
 [!INCLUDE [register-namespace](includes/machine-learning-register-namespace.md)]
 
-[!INCLUDE [application-insight](includes/machine-learning-application-insight.md)]
+- The following limitation applies to the Application Insights instance created during workspace creation:
 
-## Declare the Azure provider
+  [!INCLUDE [application-insight](includes/machine-learning-application-insight.md)]
 
-Create the Terraform configuration file that declares the Azure provider:
+## Create the workspace
 
-1. Create a new file named `main.tf`. If working with Azure Cloud Shell, use bash:
+Create a file named *main.tf* that has the following code.
 
-    ```bash
-    code main.tf
-    ```
+:::code language="terraform" source="~/terraform/quickstart/101-machine-learning/main.tf":::
 
-1. Paste the following code into the editor:
+Declare the Azure provider in a file named *providers.tf* that has the following code.
 
-    **main.tf**:
-    :::code language="terraform" source="~/terraform/quickstart/101-machine-learning/main.tf":::
+:::code language="terraform" source="~/terraform/quickstart/101-machine-learning/providers.tf":::
 
-1. Save the file (**&lt;Ctrl>S**) and exit the editor (**&lt;Ctrl>Q**).
+### Configure the workspace
 
-## Deploy a workspace
+To create an Azure Machine Learning workspace, use one of the following Terraform configurations. An Azure Machine Learning workspace requires various other services as dependencies. The template specifies these [associated resources](./concept-workspace.md#associated-resources). Depending on your needs, you can choose to use a template that creates resources with either public or private network connectivity.
 
-The following Terraform configurations can be used to create an Azure Machine Learning workspace. When you create an Azure Machine Learning workspace, various other services are required as dependencies. The template also specifies these [associated resources to the workspace](./concept-workspace.md#associated-resources). Depending on your needs, you can choose to use the template that creates resources with either public or private network connectivity.
+> [!NOTE]
+> Some resources in Azure require globally unique names. Before deploying your resources, make sure to set `name` variables to unique values.
 
-# [Public network connectivity](#tab/publicworkspace)
+# [Public network](#tab/publicworkspace)
 
-Some resources in Azure require globally unique names. Before deploying your resources using the following templates, set the `name` variable to a value that is unique.
+The following configuration creates a workspace with public network connectivity.
+
+Define the following variables in a file called *variables.tf*.
 
-**variables.tf**:
 :::code language="terraform" source="~/terraform/quickstart/101-machine-learning/variables.tf":::
 
-**workspace.tf**:
+Define the following workspace configuration in a file called *workspace.tf*:
+
 :::code language="terraform" source="~/terraform/quickstart/101-machine-learning/workspace.tf":::
 
-# [Private network connectivity](#tab/privateworkspace)
+# [Private network](#tab/privateworkspace)
+
+The following configuration creates a workspace in an isolated network environment by using Azure Private Link endpoints. The template includes [private Domain Name System (DNS) zones](../dns/private-dns-privatednszone.md) to resolve domain names within the virtual network.
 
-The configuration below creates a workspace in an isolated network environment using Azure Private Link endpoints. [Private DNS zones](../dns/private-dns-privatednszone.md) are included so domain names can be resolved within the virtual network.
+If you use private link endpoints for both Azure Container Registry and Azure Machine Learning, you can't use Container Registry tasks for building [environment](/python/api/azure-ai-ml/azure.ai.ml.entities.environment) images. Instead you must build images by using an Azure Machine Learning compute cluster.
 
-Some resources in Azure require globally unique names. Before deploying your resources using the following templates, set the `resourceprefix` variable to a value that is unique.
+To configure the cluster name to use, set the [image_build_compute_name](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/machine_learning_workspace) argument. You can also [allow public access](./how-to-configure-private-link.md?tabs=python#enable-public-access) to a workspace that has a private link endpoint by using the [public_network_access_enabled](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/machine_learning_workspace) argument.
 
-When using private link endpoints for both Azure Container Registry and Azure Machine Learning, Azure Container Registry tasks cannot be used for building [environment](/python/api/azure-ai-ml/azure.ai.ml.entities.environment) images. Instead you can build images using an Azure Machine Learning compute cluster. To configure the cluster name of use, set the [image_build_compute_name](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/machine_learning_workspace) argument. You can configure to [allow public access](./how-to-configure-private-link.md?tabs=python#enable-public-access) to a workspace that has a private link endpoint using the [public_network_access_enabled](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/machine_learning_workspace) argument.
+Define the following variables in a file called *variables.tf*.
 
-**variables.tf**:
 :::code language="terraform" source="~/terraform/quickstart/201-machine-learning-moderately-secure/variables.tf":::
 
-**workspace.tf**:
+Define the following workspace configuration in a file called *workspace.tf*:
+
 :::code language="terraform" source="~/terraform/quickstart/201-machine-learning-moderately-secure/workspace.tf":::
 
-**network.tf**:
+Define the following network configuration in a file called *network.tf*:
+
 ```terraform
-# Virtual Network
+# Virtual network
 resource "azurerm_virtual_network" "default" {
   name                = "vnet-${var.name}-${var.environment}"
   address_space       = var.vnet_address_space
@@ -110,32 +113,42 @@ resource "azurerm_subnet" "snet-workspace" {
   address_prefixes                               = var.ml_subnet_address_space
   enforce_private_link_endpoint_network_policies = true
 }
-
-# ...
-# For full reference, see: https://github.com/Azure/terraform/blob/master/quickstart/201-machine-learning-moderately-secure/network.tf
 ```
 
-There are several options to connect to your private link endpoint workspace. To learn more about these options, refer to [Securely connect to your workspace](./how-to-secure-workspace-vnet.md#securely-connect-to-your-workspace).
+- For a full reference, see [201: Machine learning workspace, compute, and a set of network components for network isolation](https://github.com/Azure/terraform/blob/master/quickstart/201-machine-learning-moderately-secure/network.tf).
+- To learn more about how to connect to your private link endpoint workspace, see [Securely connect to your workspace](./how-to-secure-workspace-vnet.md#securely-connect-to-your-workspace).
 
 ---
 
-## Troubleshooting
+## Create and apply the plan
+
+To create the workspace, run the following code:
+
+```terraform
+terraform init
+
+terraform plan \
+        # -var <any of the variables set in variables.tf> \
+          -out demo.tfplan
+
+terraform apply "demo.tfplan"
+```
 
-### Resource provider errors
+## Troubleshoot resource provider errors
 
 [!INCLUDE [machine-learning-resource-provider](includes/machine-learning-resource-provider.md)]
 
-## Next steps
+## Related resources
 
-* To learn more about Terraform support on Azure, see [Terraform on Azure documentation](/azure/developer/terraform/).
-* For details on the Terraform Azure provider and Machine Learning module, see [Terraform Registry Azure Resource Manager Provider](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/machine_learning_workspace).
-* To find "quick start" template examples for Terraform, see [Azure Terraform QuickStart Templates](https://github.com/Azure/terraform/tree/master/quickstart):
+- To learn more about Terraform support on Azure, see [Terraform on Azure documentation](/azure/developer/terraform/).
+- For details on the Terraform Azure provider and Machine Learning module, see [Terraform Registry Azure Resource Manager provider](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/machine_learning_workspace).
+- To find quickstart template examples for Terraform, see the following [Azure Terraform quickstart templates](https://github.com/Azure/terraform/tree/master/quickstart).
   
-  * [101: Machine learning workspace and compute](https://github.com/Azure/terraform/tree/master/quickstart/101-machine-learning) – the minimal set of resources needed to get started with Azure Machine Learning.
-  * [201: Machine learning workspace, compute, and a set of network components for network isolation](https://github.com/Azure/terraform/tree/master/quickstart/201-machine-learning-moderately-secure) – all resources that are needed to create a production-pilot environment for use with HBI data.
-  * [202: Similar to 201, but with the option to bring existing network components.](https://github.com/Azure/terraform/tree/master/quickstart/202-machine-learning-moderately-secure-existing-VNet).
-  * [301:  Machine Learning workspace (Secure Hub and Spoke with Firewall)](https://github.com/azure/terraform/tree/master/quickstart/301-machine-learning-hub-spoke-secure).
+  - [101: Machine learning workspace and compute](https://github.com/Azure/terraform/tree/master/quickstart/101-machine-learning) provides the minimal set of resources needed to get started with Azure Machine Learning.
+  - [201: Machine learning workspace, compute, and a set of network components for network isolation](https://github.com/Azure/terraform/tree/master/quickstart/201-machine-learning-moderately-secure) provides all resources needed to create a production-pilot environment for use with high business impact (HBI) data.
+  - [202: Similar to 201, but with the option to bring existing network components](https://github.com/Azure/terraform/tree/master/quickstart/202-machine-learning-moderately-secure-existing-VNet).
+  - [301: Machine Learning workspace (secure hub and spoke with firewall)](https://github.com/azure/terraform/tree/master/quickstart/301-machine-learning-hub-spoke-secure).
   
-* To learn more about network configuration options, see [Secure Azure Machine Learning workspace resources using virtual networks (VNets)](./how-to-network-security-overview.md).
-* For alternative Azure Resource Manager template-based deployments, see [Deploy resources with Resource Manager templates and Resource Manager REST API](../azure-resource-manager/templates/deploy-rest.md).
-* For information on how to keep your Azure Machine Learning up to date with the latest security updates, see [Vulnerability management](concept-vulnerability-management.md).
+- To learn more about network configuration options, see [Secure Azure Machine Learning workspace resources using virtual networks](./how-to-network-security-overview.md).
+- For alternative Azure Resource Manager template-based deployments, see [Deploy resources with Resource Manager templates and Resource Manager REST API](/azure/azure-resource-manager/templates/deploy-rest).
+- For information on how to keep your Azure Machine Learning workspace up to date with the latest security updates, see [Vulnerability management](concept-vulnerability-management.md).
