From 6c8a4e170c9c94265f86580016c7e79bebdb8830 Mon Sep 17 00:00:00 2001 From: Abdul-Microsoft Date: Tue, 6 May 2025 16:59:32 +0530 Subject: [PATCH 1/2] Refactor the bicep code to enhance resource naming conventions and parameter handling --- infra/abbreviations.json | 361 ++++++++++------ infra/deploy_ai_foundry.bicep | 21 +- infra/deploy_keyvault.bicep | 8 +- infra/deploy_managed_identity.bicep | 9 +- infra/main.bicep | 71 +-- infra/main.bicepparam | 4 + infra/main.json | 646 +++++++++++++++++++++++----- 7 files changed, 827 insertions(+), 293 deletions(-) create mode 100644 infra/main.bicepparam diff --git a/infra/abbreviations.json b/infra/abbreviations.json index 1533dee56..93b95656b 100644 --- a/infra/abbreviations.json +++ b/infra/abbreviations.json @@ -1,136 +1,227 @@ { - "analysisServicesServers": "as", - "apiManagementService": "apim-", - "appConfigurationStores": "appcs-", - "appManagedEnvironments": "cae-", - "appContainerApps": "ca-", - "authorizationPolicyDefinitions": "policy-", - "automationAutomationAccounts": "aa-", - "blueprintBlueprints": "bp-", - "blueprintBlueprintsArtifacts": "bpa-", - "cacheRedis": "redis-", - "cdnProfiles": "cdnp-", - "cdnProfilesEndpoints": "cdne-", - "cognitiveServicesAccounts": "cog-", - "cognitiveServicesFormRecognizer": "cog-fr-", - "cognitiveServicesTextAnalytics": "cog-ta-", - "computeAvailabilitySets": "avail-", - "computeCloudServices": "cld-", - "computeDiskEncryptionSets": "des", - "computeDisks": "disk", - "computeDisksOs": "osdisk", - "computeGalleries": "gal", - "computeSnapshots": "snap-", - "computeVirtualMachines": "vm", - "computeVirtualMachineScaleSets": "vmss-", - "containerInstanceContainerGroups": "ci", - "containerRegistryRegistries": "cr", - "containerServiceManagedClusters": "aks-", - "databricksWorkspaces": "dbw-", - "dataFactoryFactories": "adf-", - "dataLakeAnalyticsAccounts": "dla", - "dataLakeStoreAccounts": "dls", - "dataMigrationServices": "dms-", - "dBforMySQLServers": "mysql-", - "dBforPostgreSQLServers": "psql-", - "devicesIotHubs": "iot-", - "devicesProvisioningServices": "provs-", - "devicesProvisioningServicesCertificates": "pcert-", - "documentDBDatabaseAccounts": "cosmos-", - "documentDBMongoDatabaseAccounts": "cosmon-", - "eventGridDomains": "evgd-", - "eventGridDomainsTopics": "evgt-", - "eventGridEventSubscriptions": "evgs-", - "eventHubNamespaces": "evhns-", - "eventHubNamespacesEventHubs": "evh-", - "hdInsightClustersHadoop": "hadoop-", - "hdInsightClustersHbase": "hbase-", - "hdInsightClustersKafka": "kafka-", - "hdInsightClustersMl": "mls-", - "hdInsightClustersSpark": "spark-", - "hdInsightClustersStorm": "storm-", - "hybridComputeMachines": "arcs-", - "insightsActionGroups": "ag-", - "insightsComponents": "appi-", - "keyVaultVaults": "kv-", - "kubernetesConnectedClusters": "arck", - "kustoClusters": "dec", - "kustoClustersDatabases": "dedb", - "logicIntegrationAccounts": "ia-", - "logicWorkflows": "logic-", - "machineLearningServicesWorkspaces": "mlw-", - "managedIdentityUserAssignedIdentities": "id-", - "managementManagementGroups": "mg-", - "migrateAssessmentProjects": "migr-", - "networkApplicationGateways": "agw-", - "networkApplicationSecurityGroups": "asg-", - "networkAzureFirewalls": "afw-", - "networkBastionHosts": "bas-", - "networkConnections": "con-", - "networkDnsZones": "dnsz-", - "networkExpressRouteCircuits": "erc-", - "networkFirewallPolicies": "afwp-", - "networkFirewallPoliciesWebApplication": "waf", - "networkFirewallPoliciesRuleGroups": "wafrg", - "networkFrontDoors": "fd-", - "networkFrontdoorWebApplicationFirewallPolicies": "fdfp-", - "networkLoadBalancersExternal": "lbe-", - "networkLoadBalancersInternal": "lbi-", - "networkLoadBalancersInboundNatRules": "rule-", - "networkLocalNetworkGateways": "lgw-", - "networkNatGateways": "ng-", - "networkNetworkInterfaces": "nic-", - "networkNetworkSecurityGroups": "nsg-", - "networkNetworkSecurityGroupsSecurityRules": "nsgsr-", - "networkNetworkWatchers": "nw-", - "networkPrivateDnsZones": "pdnsz-", - "networkPrivateLinkServices": "pl-", - "networkPublicIPAddresses": "pip-", - "networkPublicIPPrefixes": "ippre-", - "networkRouteFilters": "rf-", - "networkRouteTables": "rt-", - "networkRouteTablesRoutes": "udr-", - "networkTrafficManagerProfiles": "traf-", - "networkVirtualNetworkGateways": "vgw-", - "networkVirtualNetworks": "vnet-", - "networkVirtualNetworksSubnets": "snet-", - "networkVirtualNetworksVirtualNetworkPeerings": "peer-", - "networkVirtualWans": "vwan-", - "networkVpnGateways": "vpng-", - "networkVpnGatewaysVpnConnections": "vcn-", - "networkVpnGatewaysVpnSites": "vst-", - "notificationHubsNamespaces": "ntfns-", - "notificationHubsNamespacesNotificationHubs": "ntf-", - "operationalInsightsWorkspaces": "log-", - "portalDashboards": "dash-", - "powerBIDedicatedCapacities": "pbi-", - "purviewAccounts": "pview-", - "recoveryServicesVaults": "rsv-", - "resourcesResourceGroups": "rg-", - "searchSearchServices": "srch-", - "serviceBusNamespaces": "sb-", - "serviceBusNamespacesQueues": "sbq-", - "serviceBusNamespacesTopics": "sbt-", - "serviceEndPointPolicies": "se-", - "serviceFabricClusters": "sf-", - "signalRServiceSignalR": "sigr", - "sqlManagedInstances": "sqlmi-", - "sqlServers": "sql-", - "sqlServersDataWarehouse": "sqldw-", - "sqlServersDatabases": "sqldb-", - "sqlServersDatabasesStretch": "sqlstrdb-", - "storageStorageAccounts": "st", - "storageStorageAccountsVm": "stvm", - "storSimpleManagers": "ssimp", - "streamAnalyticsCluster": "asa-", - "synapseWorkspaces": "syn", - "synapseWorkspacesAnalyticsWorkspaces": "synw", - "synapseWorkspacesSqlPoolsDedicated": "syndp", - "synapseWorkspacesSqlPoolsSpark": "synsp", - "timeSeriesInsightsEnvironments": "tsi-", - "webServerFarms": "plan-", - "webSitesAppService": "app-", - "webSitesAppServiceEnvironment": "ase-", - "webSitesFunctions": "func-", - "webStaticSites": "stapp-" -} + "ai": { + "aiSearch": "srch-", + "aiServices": "aisa-", + "aiVideoIndexer": "avi-", + "machineLearningWorkspace": "mlw-", + "openAIService": "oai-", + "botService": "bot-", + "computerVision": "cv-", + "contentModerator": "cm-", + "contentSafety": "cs-", + "customVisionPrediction": "cstv-", + "customVisionTraining": "cstvt-", + "documentIntelligence": "di-", + "faceApi": "face-", + "healthInsights": "hi-", + "immersiveReader": "ir-", + "languageService": "lang-", + "speechService": "spch-", + "translator": "trsl-", + "aiHub": "aih-", + "aiHubProject": "aihp-" + }, + "analytics": { + "analysisServicesServer": "as", + "databricksWorkspace": "dbw-", + "dataExplorerCluster": "dec", + "dataExplorerClusterDatabase": "dedb", + "dataFactory": "adf-", + "digitalTwin": "dt-", + "streamAnalytics": "asa-", + "synapseAnalyticsPrivateLinkHub": "synplh-", + "synapseAnalyticsSQLDedicatedPool": "syndp", + "synapseAnalyticsSparkPool": "synsp", + "synapseAnalyticsWorkspaces": "synw", + "dataLakeStoreAccount": "dls", + "dataLakeAnalyticsAccount": "dla", + "eventHubsNamespace": "evhns-", + "eventHub": "evh-", + "eventGridDomain": "evgd-", + "eventGridSubscriptions": "evgs-", + "eventGridTopic": "evgt-", + "eventGridSystemTopic": "egst-", + "hdInsightHadoopCluster": "hadoop-", + "hdInsightHBaseCluster": "hbase-", + "hdInsightKafkaCluster": "kafka-", + "hdInsightSparkCluster": "spark-", + "hdInsightStormCluster": "storm-", + "hdInsightMLServicesCluster": "mls-", + "iotHub": "iot-", + "provisioningServices": "provs-", + "provisioningServicesCertificate": "pcert-", + "powerBIEmbedded": "pbi-", + "timeSeriesInsightsEnvironment": "tsi-" + }, + "compute": { + "appServiceEnvironment": "ase-", + "appServicePlan": "asp-", + "loadTesting": "lt-", + "availabilitySet": "avail-", + "arcEnabledServer": "arcs-", + "arcEnabledKubernetesCluster": "arck", + "batchAccounts": "ba-", + "cloudService": "cld-", + "communicationServices": "acs-", + "diskEncryptionSet": "des", + "functionApp": "func-", + "gallery": "gal", + "hostingEnvironment": "host-", + "imageTemplate": "it-", + "managedDiskOS": "osdisk", + "managedDiskData": "disk", + "notificationHubs": "ntf-", + "notificationHubsNamespace": "ntfns-", + "proximityPlacementGroup": "ppg-", + "restorePointCollection": "rpc-", + "snapshot": "snap-", + "staticWebApp": "stapp-", + "virtualMachine": "vm", + "virtualMachineScaleSet": "vmss-", + "virtualMachineMaintenanceConfiguration": "mc-", + "virtualMachineStorageAccount": "stvm", + "webApp": "app-" + }, + "containers": { + "aksCluster": "aks-", + "aksSystemNodePool": "npsystem-", + "aksUserNodePool": "np-", + "containerApp": "ca-", + "containerAppsEnvironment": "cae-", + "containerRegistry": "cr", + "containerInstance": "ci", + "serviceFabricCluster": "sf-", + "serviceFabricManagedCluster": "sfmc-" + }, + "databases": { + "cosmosDBDatabase": "cosmos-", + "cosmosDBApacheCassandra": "coscas-", + "cosmosDBMongoDB": "cosmon-", + "cosmosDBNoSQL": "cosno-", + "cosmosDBTable": "costab-", + "cosmosDBGremlin": "cosgrm-", + "cosmosDBPostgreSQL": "cospos-", + "cacheForRedis": "redis-", + "sqlDatabaseServer": "sql-", + "sqlDatabase": "sqldb-", + "sqlElasticJobAgent": "sqlja-", + "sqlElasticPool": "sqlep-", + "mariaDBServer": "maria-", + "mariaDBDatabase": "mariadb-", + "mySQLDatabase": "mysql-", + "postgreSQLDatabase": "psql-", + "sqlServerStretchDatabase": "sqlstrdb-", + "sqlManagedInstance": "sqlmi-" + }, + "developerTools": { + "appConfigurationStore": "appcs-", + "mapsAccount": "map-", + "signalR": "sigr", + "webPubSub": "wps-" + }, + "devOps": { + "managedGrafana": "amg-" + }, + "integration": { + "apiManagementService": "apim-", + "integrationAccount": "ia-", + "logicApp": "logic-", + "serviceBusNamespace": "sbns-", + "serviceBusQueue": "sbq-", + "serviceBusTopic": "sbt-", + "serviceBusTopicSubscription": "sbts-" + }, + "managementGovernance": { + "automationAccount": "aa-", + "applicationInsights": "appi-", + "monitorActionGroup": "ag-", + "monitorDataCollectionRules": "dcr-", + "monitorAlertProcessingRule": "apr-", + "blueprint": "bp-", + "blueprintAssignment": "bpa-", + "dataCollectionEndpoint": "dce-", + "logAnalyticsWorkspace": "log-", + "logAnalyticsQueryPacks": "pack-", + "managementGroup": "mg-", + "purviewInstance": "pview-", + "resourceGroup": "rg-", + "templateSpecsName": "ts-" + }, + "migration": { + "migrateProject": "migr-", + "databaseMigrationService": "dms-", + "recoveryServicesVault": "rsv-" + }, + "networking": { + "applicationGateway": "agw-", + "applicationSecurityGroup": "asg-", + "cdnProfile": "cdnp-", + "cdnEndpoint": "cdne-", + "connections": "con-", + "dnsForwardingRuleset": "dnsfrs-", + "dnsPrivateResolver": "dnspr-", + "dnsPrivateResolverInboundEndpoint": "in-", + "dnsPrivateResolverOutboundEndpoint": "out-", + "firewall": "afw-", + "firewallPolicy": "afwp-", + "expressRouteCircuit": "erc-", + "expressRouteGateway": "ergw-", + "frontDoorProfile": "afd-", + "frontDoorEndpoint": "fde-", + "frontDoorFirewallPolicy": "fdfp-", + "ipGroups": "ipg-", + "loadBalancerInternal": "lbi-", + "loadBalancerExternal": "lbe-", + "loadBalancerRule": "rule-", + "localNetworkGateway": "lgw-", + "natGateway": "ng-", + "networkInterface": "nic-", + "networkSecurityGroup": "nsg-", + "networkSecurityGroupSecurityRules": "nsgsr-", + "networkWatcher": "nw-", + "privateLink": "pl-", + "privateEndpoint": "pep-", + "publicIPAddress": "pip-", + "publicIPAddressPrefix": "ippre-", + "routeFilter": "rf-", + "routeServer": "rtserv-", + "routeTable": "rt-", + "serviceEndpointPolicy": "se-", + "trafficManagerProfile": "traf-", + "userDefinedRoute": "udr-", + "virtualNetwork": "vnet-", + "virtualNetworkGateway": "vgw-", + "virtualNetworkManager": "vnm-", + "virtualNetworkPeering": "peer-", + "virtualNetworkSubnet": "snet-", + "virtualWAN": "vwan-", + "virtualWANHub": "vhub-" + }, + "security": { + "bastion": "bas-", + "keyVault": "kv-", + "keyVaultManagedHSM": "kvmhsm-", + "managedIdentity": "id-", + "sshKey": "sshkey-", + "vpnGateway": "vpng-", + "vpnConnection": "vcn-", + "vpnSite": "vst-", + "webApplicationFirewallPolicy": "waf", + "webApplicationFirewallPolicyRuleGroup": "wafrg" + }, + "storage": { + "storSimple": "ssimp", + "backupVault": "bvault-", + "backupVaultPolicy": "bkpol-", + "fileShare": "share-", + "storageAccount": "st", + "storageSyncService": "sss-" + }, + "virtualDesktop": { + "labServicesPlan": "lp-", + "virtualDesktopHostPool": "vdpool-", + "virtualDesktopApplicationGroup": "vdag-", + "virtualDesktopWorkspace": "vdws-", + "virtualDesktopScalingPlan": "vdscaling-" + } + } \ No newline at end of file diff --git a/infra/deploy_ai_foundry.bicep b/infra/deploy_ai_foundry.bicep index ee9b3b37b..1b6262a91 100644 --- a/infra/deploy_ai_foundry.bicep +++ b/infra/deploy_ai_foundry.bicep @@ -9,18 +9,21 @@ param aiServicesEndpoint string param aiServicesKey string param aiServicesId string -var storageName = '${solutionName}hubstorage' +// Load the abbrevations file required to name the azure resources. +var abbrs = loadJsonContent('./abbreviations.json') + +var storageName = '${abbrs.storage.storageAccount}${solutionName}hub' var storageSkuName = 'Standard_LRS' -var aiServicesName = '${solutionName}-aiservices' -var workspaceName = '${solutionName}-workspace' -var keyvaultName = '${solutionName}-kv' +var aiServicesName = '${abbrs.ai.aiServices}${solutionName}' +var workspaceName = '${abbrs.managementGovernance.logAnalyticsWorkspace}${solutionName}hub' +//var keyvaultName = '${abbrs.security.keyVault}${solutionName}' var location = solutionLocation -var aiHubName = '${solutionName}-aihub' +var aiHubName = '${abbrs.ai.aiHub}${solutionName}' var aiHubFriendlyName = aiHubName -var aiHubDescription = 'AI Hub for KM template' -var aiProjectName = '${solutionName}-aiproject' +var aiHubDescription = 'AI Hub for MACAE template' +var aiProjectName = '${abbrs.ai.aiHubProject}${solutionName}' var aiProjectFriendlyName = aiProjectName -var aiSearchName = '${solutionName}-search' +var aiSearchName = '${abbrs.ai.aiSearch}${solutionName}' resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = { @@ -287,7 +290,7 @@ resource azureLocatioEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-preview } } -output keyvaultName string = keyvaultName +output keyvaultName string = keyVaultName output keyvaultId string = keyVault.id output aiServicesName string = aiServicesName diff --git a/infra/deploy_keyvault.bicep b/infra/deploy_keyvault.bicep index 5222a9f89..56e41bd8c 100644 --- a/infra/deploy_keyvault.bicep +++ b/infra/deploy_keyvault.bicep @@ -1,11 +1,8 @@ -@minLength(3) -@maxLength(15) -@description('Solution Name') -param solutionName string param solutionLocation string param managedIdentityObjectId string -var keyvaultName = '${solutionName}-kv' +@description('KeyVault Name') +param keyvaultName string resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = { name: keyvaultName @@ -37,7 +34,6 @@ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = { enabledForTemplateDeployment: true enableSoftDelete: false enableRbacAuthorization: true - enablePurgeProtection: true publicNetworkAccess: 'enabled' sku: { family: 'A' diff --git a/infra/deploy_managed_identity.bicep b/infra/deploy_managed_identity.bicep index 08a2b51a8..5288872cb 100644 --- a/infra/deploy_managed_identity.bicep +++ b/infra/deploy_managed_identity.bicep @@ -1,18 +1,13 @@ // ========== Managed Identity ========== // targetScope = 'resourceGroup' -@minLength(3) -@maxLength(15) -@description('Solution Name') -param solutionName string - @description('Solution Location') //param solutionLocation string param managedIdentityId string param managedIdentityPropPrin string param managedIdentityLocation string -@description('Name') -param miName string = '${ solutionName }-managed-identity' +@description('Managed Identity Name') +param miName string // resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = { // name: miName diff --git a/infra/main.bicep b/infra/main.bicep index bea374423..50755e289 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -1,6 +1,4 @@ targetScope = 'resourceGroup' -@description('Location for all resources.') -param location string @allowed([ 'australiaeast' @@ -34,10 +32,17 @@ param azureOpenAILocation string = 'eastus2' // The location used for all deploy @maxLength(20) @description('A unique prefix for all resources in this deployment. This should be 3-20 characters long:') param environmentName string - -var uniqueId = toLower(uniqueString(subscription().id, environmentName, resourceGroup().location)) + +@description('Set this if you want to deploy to a different region than the resource group. Otherwise, it will use the resource group location by default.') +param AZURE_LOCATION string='' +var solutionLocation = empty(AZURE_LOCATION) ? resourceGroup().location : AZURE_LOCATION + +var uniqueId = toLower(uniqueString(subscription().id, environmentName, solutionLocation)) var solutionPrefix = 'ma${padLeft(take(uniqueId, 12), 12, '0')}' +// Load the abbrevations file required to name the azure resources. +var abbrs = loadJsonContent('./abbreviations.json') + @description('Tags to apply to all deployed resources') param tags object = {} @@ -62,7 +67,7 @@ param resourceSize { param capacity int = 140 var modelVersion = '2024-08-06' -var aiServicesName = '${solutionPrefix}-aiservices' +var aiServicesName = '${abbrs.ai.aiServices}${solutionPrefix}' var deploymentType = 'GlobalStandard' var gptModelVersion = 'gpt-4o' var appVersion = 'fnd01' @@ -73,12 +78,12 @@ var dockerRegistryUrl = 'https://${resgistryName}.azurecr.io' var backendDockerImageURL = '${resgistryName}.azurecr.io/macaebackend:${appVersion}' var frontendDockerImageURL = '${resgistryName}.azurecr.io/macaefrontend:${appVersion}' -var uniqueNameFormat = '${solutionPrefix}-{0}-${uniqueString(resourceGroup().id, solutionPrefix)}' +//var uniqueNameFormat = '${solutionPrefix}-{0}-${uniqueString(resourceGroup().id, solutionPrefix)}' var aoaiApiVersion = '2025-01-01-preview' resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2023-09-01' = { - name: format(uniqueNameFormat, 'logs') - location: location + name: '${abbrs.managementGovernance.logAnalyticsWorkspace}${solutionPrefix}' + location: solutionLocation tags: tags properties: { retentionInDays: 30 @@ -89,8 +94,8 @@ resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2023-09-01' = { } resource appInsights 'Microsoft.Insights/components@2020-02-02-preview' = { - name: format(uniqueNameFormat, 'appins') - location: location + name: '${abbrs.managementGovernance.applicationInsights}${solutionPrefix}' + location: solutionLocation kind: 'web' properties: { Application_Type: 'web' @@ -113,7 +118,7 @@ var aiModelDeployments = [ resource aiServices 'Microsoft.CognitiveServices/accounts@2024-04-01-preview' = { name: aiServicesName - location: location + location: azureOpenAILocation sku: { name: 'S0' } @@ -149,9 +154,9 @@ resource aiServicesDeployments 'Microsoft.CognitiveServices/accounts/deployments module kvault 'deploy_keyvault.bicep' = { name: 'deploy_keyvault' params: { - solutionName: solutionPrefix - solutionLocation: location + solutionLocation: solutionLocation managedIdentityObjectId: managedIdentityModule.outputs.managedIdentityOutput.objectId + keyvaultName: '${abbrs.security.keyVault}${solutionPrefix}' } scope: resourceGroup(resourceGroup().name) } @@ -191,8 +196,8 @@ resource acaAoaiRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04- } resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2024-05-15' = { - name: format(uniqueNameFormat, 'cosmos') - location: location + name: '${abbrs.databases.cosmosDBDatabase}${solutionPrefix}' + location: solutionLocation tags: tags kind: 'GlobalDocumentDB' properties: { @@ -201,7 +206,7 @@ resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2024-05-15' = { locations: [ { failoverPriority: 0 - locationName: location + locationName: solutionLocation } ] capabilities: [{ name: 'EnableServerless' }] @@ -241,13 +246,13 @@ resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2024-05-15' = { // Define existing ACR resource resource pullIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-07-31-preview' = { - name: format(uniqueNameFormat, 'containerapp-pull') - location: location + name: '${abbrs.security.managedIdentity}${solutionPrefix}-containerapp-pull' + location: solutionLocation } resource containerAppEnv 'Microsoft.App/managedEnvironments@2024-03-01' = { - name: format(uniqueNameFormat, 'containerapp') - location: location + name: '${abbrs.containers.containerAppsEnvironment}${solutionPrefix}' + location: solutionLocation tags: tags properties: { daprAIConnectionString: appInsights.properties.ConnectionString @@ -279,8 +284,8 @@ resource acaCosomsRoleAssignment 'Microsoft.DocumentDB/databaseAccounts/sqlRoleA @description('') resource containerApp 'Microsoft.App/containerApps@2024-03-01' = { - name: '${solutionPrefix}-backend' - location: location + name: '${abbrs.containers.containerApp}${solutionPrefix}-backend' + location: solutionLocation tags: tags identity: { type: 'SystemAssigned, UserAssigned' @@ -296,8 +301,8 @@ resource containerApp 'Microsoft.App/containerApps@2024-03-01' = { external: true corsPolicy: { allowedOrigins: [ - 'https://${format(uniqueNameFormat, 'frontend')}.azurewebsites.net' - 'http://${format(uniqueNameFormat, 'frontend')}.azurewebsites.net' + 'https://${abbrs.compute.webApp}${solutionPrefix}-frontend.azurewebsites.net' + 'http://${abbrs.compute.webApp}${solutionPrefix}-frontend.azurewebsites.net' ] } } @@ -381,7 +386,7 @@ resource containerApp 'Microsoft.App/containerApps@2024-03-01' = { } { name: 'FRONTEND_SITE_NAME' - value: 'https://${format(uniqueNameFormat, 'frontend')}.azurewebsites.net' + value: 'https://${abbrs.compute.webApp}${solutionPrefix}-frontend.azurewebsites.net' } ] } @@ -390,8 +395,8 @@ resource containerApp 'Microsoft.App/containerApps@2024-03-01' = { } } resource frontendAppServicePlan 'Microsoft.Web/serverfarms@2021-02-01' = { - name: format(uniqueNameFormat, 'frontend-plan') - location: location + name: '${abbrs.compute.appServicePlan}${solutionPrefix}-frontend' + location: solutionLocation tags: tags sku: { name: 'P1v2' @@ -405,8 +410,8 @@ resource frontendAppServicePlan 'Microsoft.Web/serverfarms@2021-02-01' = { } resource frontendAppService 'Microsoft.Web/sites@2021-02-01' = { - name: format(uniqueNameFormat, 'frontend') - location: location + name: '${abbrs.compute.webApp}${solutionPrefix}-frontend' + location: solutionLocation tags: tags kind: 'app,linux,container' properties: { @@ -440,7 +445,7 @@ resource frontendAppService 'Microsoft.Web/sites@2021-02-01' = { } dependsOn: [containerApp] identity: { - type: 'SystemAssigned,UserAssigned' + type: 'SystemAssigned, UserAssigned' userAssignedIdentities: { '${pullIdentity.id}': {} } @@ -448,7 +453,7 @@ resource frontendAppService 'Microsoft.Web/sites@2021-02-01' = { } resource aiHubProject 'Microsoft.MachineLearningServices/workspaces@2024-01-01-preview' existing = { - name: '${solutionPrefix}-aiproject' // aiProjectName must be calculated - available at main start. + name: '${abbrs.ai.aiHubProject}${solutionPrefix}' // aiProjectName must be calculated - available at main start. } resource aiDeveloper 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = { @@ -469,11 +474,11 @@ var cosmosAssignCli = 'az cosmosdb sql role assignment create --resource-group " module managedIdentityModule 'deploy_managed_identity.bicep' = { name: 'deploy_managed_identity' params: { - solutionName: solutionPrefix //solutionLocation: location managedIdentityId: pullIdentity.id managedIdentityPropPrin: pullIdentity.properties.principalId managedIdentityLocation: pullIdentity.location + miName: '${abbrs.security.managedIdentity}${solutionPrefix}' } scope: resourceGroup(resourceGroup().name) } @@ -486,7 +491,7 @@ module deploymentScriptCLI 'br/public:avm/res/resources/deployment-script:0.5.1' name: 'rdsmin001' // Non-required parameters azCliVersion: '2.69.0' - location: location + location: solutionLocation managedIdentities: { userAssignedResourceIds: [ managedIdentityModule.outputs.managedIdentityId diff --git a/infra/main.bicepparam b/infra/main.bicepparam new file mode 100644 index 000000000..d835b2f3a --- /dev/null +++ b/infra/main.bicepparam @@ -0,0 +1,4 @@ +using './main.bicep' + +param environmentName = readEnvironmentVariable('AZURE_ENV_NAME', 'macaetemplate') +param AZURE_LOCATION = readEnvironmentVariable('AZURE_ENV_LOCATION', '') diff --git a/infra/main.json b/infra/main.json index 6c40552d5..400442e78 100644 --- a/infra/main.json +++ b/infra/main.json @@ -6,16 +6,10 @@ "_generator": { "name": "bicep", "version": "0.34.44.8038", - "templateHash": "7719893060553487435" + "templateHash": "17550717161725705246" } }, "parameters": { - "location": { - "type": "string", - "metadata": { - "description": "Location for all resources." - } - }, "azureOpenAILocation": { "type": "string", "defaultValue": "eastus2", @@ -48,13 +42,19 @@ "description": "Location for all Ai services resources. This location can be different from the resource group location." } }, - "prefix": { + "environmentName": { "type": "string", - "defaultValue": "macae", "minLength": 3, "maxLength": 20, "metadata": { - "description": "Prefix for all resources created by this template. This prefix will be used to create unique names for all resources. The prefix must be unique within the resource group." + "description": "A unique prefix for all resources in this deployment. This should be 3-20 characters long:" + } + }, + "AZURE_LOCATION": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Set this if you want to deploy to a different region than the resource group. Otherwise, it will use the resource group location by default." } }, "tags": { @@ -107,8 +107,239 @@ } }, "variables": { + "$fxv#0": { + "ai": { + "aiSearch": "srch-", + "aiServices": "aisa-", + "aiVideoIndexer": "avi-", + "machineLearningWorkspace": "mlw-", + "openAIService": "oai-", + "botService": "bot-", + "computerVision": "cv-", + "contentModerator": "cm-", + "contentSafety": "cs-", + "customVisionPrediction": "cstv-", + "customVisionTraining": "cstvt-", + "documentIntelligence": "di-", + "faceApi": "face-", + "healthInsights": "hi-", + "immersiveReader": "ir-", + "languageService": "lang-", + "speechService": "spch-", + "translator": "trsl-", + "aiHub": "aih-", + "aiHubProject": "aihp-" + }, + "analytics": { + "analysisServicesServer": "as", + "databricksWorkspace": "dbw-", + "dataExplorerCluster": "dec", + "dataExplorerClusterDatabase": "dedb", + "dataFactory": "adf-", + "digitalTwin": "dt-", + "streamAnalytics": "asa-", + "synapseAnalyticsPrivateLinkHub": "synplh-", + "synapseAnalyticsSQLDedicatedPool": "syndp", + "synapseAnalyticsSparkPool": "synsp", + "synapseAnalyticsWorkspaces": "synw", + "dataLakeStoreAccount": "dls", + "dataLakeAnalyticsAccount": "dla", + "eventHubsNamespace": "evhns-", + "eventHub": "evh-", + "eventGridDomain": "evgd-", + "eventGridSubscriptions": "evgs-", + "eventGridTopic": "evgt-", + "eventGridSystemTopic": "egst-", + "hdInsightHadoopCluster": "hadoop-", + "hdInsightHBaseCluster": "hbase-", + "hdInsightKafkaCluster": "kafka-", + "hdInsightSparkCluster": "spark-", + "hdInsightStormCluster": "storm-", + "hdInsightMLServicesCluster": "mls-", + "iotHub": "iot-", + "provisioningServices": "provs-", + "provisioningServicesCertificate": "pcert-", + "powerBIEmbedded": "pbi-", + "timeSeriesInsightsEnvironment": "tsi-" + }, + "compute": { + "appServiceEnvironment": "ase-", + "appServicePlan": "asp-", + "loadTesting": "lt-", + "availabilitySet": "avail-", + "arcEnabledServer": "arcs-", + "arcEnabledKubernetesCluster": "arck", + "batchAccounts": "ba-", + "cloudService": "cld-", + "communicationServices": "acs-", + "diskEncryptionSet": "des", + "functionApp": "func-", + "gallery": "gal", + "hostingEnvironment": "host-", + "imageTemplate": "it-", + "managedDiskOS": "osdisk", + "managedDiskData": "disk", + "notificationHubs": "ntf-", + "notificationHubsNamespace": "ntfns-", + "proximityPlacementGroup": "ppg-", + "restorePointCollection": "rpc-", + "snapshot": "snap-", + "staticWebApp": "stapp-", + "virtualMachine": "vm", + "virtualMachineScaleSet": "vmss-", + "virtualMachineMaintenanceConfiguration": "mc-", + "virtualMachineStorageAccount": "stvm", + "webApp": "app-" + }, + "containers": { + "aksCluster": "aks-", + "aksSystemNodePool": "npsystem-", + "aksUserNodePool": "np-", + "containerApp": "ca-", + "containerAppsEnvironment": "cae-", + "containerRegistry": "cr", + "containerInstance": "ci", + "serviceFabricCluster": "sf-", + "serviceFabricManagedCluster": "sfmc-" + }, + "databases": { + "cosmosDBDatabase": "cosmos-", + "cosmosDBApacheCassandra": "coscas-", + "cosmosDBMongoDB": "cosmon-", + "cosmosDBNoSQL": "cosno-", + "cosmosDBTable": "costab-", + "cosmosDBGremlin": "cosgrm-", + "cosmosDBPostgreSQL": "cospos-", + "cacheForRedis": "redis-", + "sqlDatabaseServer": "sql-", + "sqlDatabase": "sqldb-", + "sqlElasticJobAgent": "sqlja-", + "sqlElasticPool": "sqlep-", + "mariaDBServer": "maria-", + "mariaDBDatabase": "mariadb-", + "mySQLDatabase": "mysql-", + "postgreSQLDatabase": "psql-", + "sqlServerStretchDatabase": "sqlstrdb-", + "sqlManagedInstance": "sqlmi-" + }, + "developerTools": { + "appConfigurationStore": "appcs-", + "mapsAccount": "map-", + "signalR": "sigr", + "webPubSub": "wps-" + }, + "devOps": { + "managedGrafana": "amg-" + }, + "integration": { + "apiManagementService": "apim-", + "integrationAccount": "ia-", + "logicApp": "logic-", + "serviceBusNamespace": "sbns-", + "serviceBusQueue": "sbq-", + "serviceBusTopic": "sbt-", + "serviceBusTopicSubscription": "sbts-" + }, + "managementGovernance": { + "automationAccount": "aa-", + "applicationInsights": "appi-", + "monitorActionGroup": "ag-", + "monitorDataCollectionRules": "dcr-", + "monitorAlertProcessingRule": "apr-", + "blueprint": "bp-", + "blueprintAssignment": "bpa-", + "dataCollectionEndpoint": "dce-", + "logAnalyticsWorkspace": "log-", + "logAnalyticsQueryPacks": "pack-", + "managementGroup": "mg-", + "purviewInstance": "pview-", + "resourceGroup": "rg-", + "templateSpecsName": "ts-" + }, + "migration": { + "migrateProject": "migr-", + "databaseMigrationService": "dms-", + "recoveryServicesVault": "rsv-" + }, + "networking": { + "applicationGateway": "agw-", + "applicationSecurityGroup": "asg-", + "cdnProfile": "cdnp-", + "cdnEndpoint": "cdne-", + "connections": "con-", + "dnsForwardingRuleset": "dnsfrs-", + "dnsPrivateResolver": "dnspr-", + "dnsPrivateResolverInboundEndpoint": "in-", + "dnsPrivateResolverOutboundEndpoint": "out-", + "firewall": "afw-", + "firewallPolicy": "afwp-", + "expressRouteCircuit": "erc-", + "expressRouteGateway": "ergw-", + "frontDoorProfile": "afd-", + "frontDoorEndpoint": "fde-", + "frontDoorFirewallPolicy": "fdfp-", + "ipGroups": "ipg-", + "loadBalancerInternal": "lbi-", + "loadBalancerExternal": "lbe-", + "loadBalancerRule": "rule-", + "localNetworkGateway": "lgw-", + "natGateway": "ng-", + "networkInterface": "nic-", + "networkSecurityGroup": "nsg-", + "networkSecurityGroupSecurityRules": "nsgsr-", + "networkWatcher": "nw-", + "privateLink": "pl-", + "privateEndpoint": "pep-", + "publicIPAddress": "pip-", + "publicIPAddressPrefix": "ippre-", + "routeFilter": "rf-", + "routeServer": "rtserv-", + "routeTable": "rt-", + "serviceEndpointPolicy": "se-", + "trafficManagerProfile": "traf-", + "userDefinedRoute": "udr-", + "virtualNetwork": "vnet-", + "virtualNetworkGateway": "vgw-", + "virtualNetworkManager": "vnm-", + "virtualNetworkPeering": "peer-", + "virtualNetworkSubnet": "snet-", + "virtualWAN": "vwan-", + "virtualWANHub": "vhub-" + }, + "security": { + "bastion": "bas-", + "keyVault": "kv-", + "keyVaultManagedHSM": "kvmhsm-", + "managedIdentity": "id-", + "sshKey": "sshkey-", + "vpnGateway": "vpng-", + "vpnConnection": "vcn-", + "vpnSite": "vst-", + "webApplicationFirewallPolicy": "waf", + "webApplicationFirewallPolicyRuleGroup": "wafrg" + }, + "storage": { + "storSimple": "ssimp", + "backupVault": "bvault-", + "backupVaultPolicy": "bkpol-", + "fileShare": "share-", + "storageAccount": "st", + "storageSyncService": "sss-" + }, + "virtualDesktop": { + "labServicesPlan": "lp-", + "virtualDesktopHostPool": "vdpool-", + "virtualDesktopApplicationGroup": "vdag-", + "virtualDesktopWorkspace": "vdws-", + "virtualDesktopScalingPlan": "vdscaling-" + } + }, + "solutionLocation": "[if(empty(parameters('AZURE_LOCATION')), resourceGroup().location, parameters('AZURE_LOCATION'))]", + "uniqueId": "[toLower(uniqueString(subscription().id, parameters('environmentName'), variables('solutionLocation')))]", + "solutionPrefix": "[format('ma{0}', padLeft(take(variables('uniqueId'), 12), 12, '0'))]", + "abbrs": "[variables('$fxv#0')]", "modelVersion": "2024-08-06", - "aiServicesName": "[format('{0}-aiservices', parameters('prefix'))]", + "aiServicesName": "[format('{0}{1}', variables('abbrs').ai.aiServices, variables('solutionPrefix'))]", "deploymentType": "GlobalStandard", "gptModelVersion": "gpt-4o", "appVersion": "fnd01", @@ -116,7 +347,6 @@ "dockerRegistryUrl": "[format('https://{0}.azurecr.io', variables('resgistryName'))]", "backendDockerImageURL": "[format('{0}.azurecr.io/macaebackend:{1}', variables('resgistryName'), variables('appVersion'))]", "frontendDockerImageURL": "[format('{0}.azurecr.io/macaefrontend:{1}', variables('resgistryName'), variables('appVersion'))]", - "uniqueNameFormat": "[format('{0}-{{0}}-{1}', parameters('prefix'), uniqueString(resourceGroup().id, parameters('prefix')))]", "aoaiApiVersion": "2025-01-01-preview", "aiModelDeployments": [ { @@ -135,7 +365,7 @@ "cosmos::autogenDb::memoryContainer": { "type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers", "apiVersion": "2024-05-15", - "name": "[format('{0}/{1}/{2}', format(variables('uniqueNameFormat'), 'cosmos'), 'autogen', 'memory')]", + "name": "[format('{0}/{1}/{2}', format('{0}{1}', variables('abbrs').databases.cosmosDBDatabase, variables('solutionPrefix')), 'autogen', 'memory')]", "properties": { "resource": { "id": "memory", @@ -156,7 +386,7 @@ "existing": true, "type": "Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions", "apiVersion": "2024-05-15", - "name": "[format('{0}/{1}', format(variables('uniqueNameFormat'), 'cosmos'), '00000000-0000-0000-0000-000000000002')]", + "name": "[format('{0}/{1}', format('{0}{1}', variables('abbrs').databases.cosmosDBDatabase, variables('solutionPrefix')), '00000000-0000-0000-0000-000000000002')]", "dependsOn": [ "cosmos" ] @@ -164,7 +394,7 @@ "cosmos::autogenDb": { "type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases", "apiVersion": "2024-05-15", - "name": "[format('{0}/{1}', format(variables('uniqueNameFormat'), 'cosmos'), 'autogen')]", + "name": "[format('{0}/{1}', format('{0}{1}', variables('abbrs').databases.cosmosDBDatabase, variables('solutionPrefix')), 'autogen')]", "properties": { "resource": { "id": "autogen", @@ -178,7 +408,7 @@ "containerAppEnv::aspireDashboard": { "type": "Microsoft.App/managedEnvironments/dotNetComponents", "apiVersion": "2024-02-02-preview", - "name": "[format('{0}/{1}', format(variables('uniqueNameFormat'), 'containerapp'), 'aspire-dashboard')]", + "name": "[format('{0}/{1}', format('{0}{1}', variables('abbrs').containers.containerAppsEnvironment, variables('solutionPrefix')), 'aspire-dashboard')]", "properties": { "componentType": "AspireDashboard" }, @@ -189,8 +419,8 @@ "logAnalytics": { "type": "Microsoft.OperationalInsights/workspaces", "apiVersion": "2023-09-01", - "name": "[format(variables('uniqueNameFormat'), 'logs')]", - "location": "[parameters('location')]", + "name": "[format('{0}{1}', variables('abbrs').managementGovernance.logAnalyticsWorkspace, variables('solutionPrefix'))]", + "location": "[variables('solutionLocation')]", "tags": "[parameters('tags')]", "properties": { "retentionInDays": 30, @@ -202,12 +432,12 @@ "appInsights": { "type": "Microsoft.Insights/components", "apiVersion": "2020-02-02-preview", - "name": "[format(variables('uniqueNameFormat'), 'appins')]", - "location": "[parameters('location')]", + "name": "[format('{0}{1}', variables('abbrs').managementGovernance.applicationInsights, variables('solutionPrefix'))]", + "location": "[variables('solutionLocation')]", "kind": "web", "properties": { "Application_Type": "web", - "WorkspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces', format(variables('uniqueNameFormat'), 'logs'))]" + "WorkspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces', format('{0}{1}', variables('abbrs').managementGovernance.logAnalyticsWorkspace, variables('solutionPrefix')))]" }, "dependsOn": [ "logAnalytics" @@ -217,15 +447,14 @@ "type": "Microsoft.CognitiveServices/accounts", "apiVersion": "2024-04-01-preview", "name": "[variables('aiServicesName')]", - "location": "[parameters('location')]", + "location": "[parameters('azureOpenAILocation')]", "sku": { "name": "S0" }, "kind": "AIServices", "properties": { "customSubDomainName": "[variables('aiServicesName')]", - "apiProperties": {}, - "disableLocalAuth": true + "apiProperties": {} } }, "aiServicesDeployments": { @@ -262,7 +491,7 @@ "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "scope": "[format('Microsoft.CognitiveServices/accounts/{0}', variables('aiServicesName'))]", - "name": "[guid(resourceId('Microsoft.App/containerApps', format('{0}-backend', parameters('prefix'))), resourceId('Microsoft.CognitiveServices/accounts', variables('aiServicesName')), resourceId('Microsoft.Authorization/roleDefinitions', '5e0bd9bd-7b93-4f28-af87-19fc36ad61bd'))]", + "name": "[guid(resourceId('Microsoft.App/containerApps', format('{0}{1}-backend', variables('abbrs').containers.containerApp, variables('solutionPrefix'))), resourceId('Microsoft.CognitiveServices/accounts', variables('aiServicesName')), resourceId('Microsoft.Authorization/roleDefinitions', '5e0bd9bd-7b93-4f28-af87-19fc36ad61bd'))]", "properties": { "principalId": "[reference('containerApp', '2024-03-01', 'full').identity.principalId]", "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '5e0bd9bd-7b93-4f28-af87-19fc36ad61bd')]", @@ -276,8 +505,8 @@ "cosmos": { "type": "Microsoft.DocumentDB/databaseAccounts", "apiVersion": "2024-05-15", - "name": "[format(variables('uniqueNameFormat'), 'cosmos')]", - "location": "[parameters('location')]", + "name": "[format('{0}{1}', variables('abbrs').databases.cosmosDBDatabase, variables('solutionPrefix'))]", + "location": "[variables('solutionLocation')]", "tags": "[parameters('tags')]", "kind": "GlobalDocumentDB", "properties": { @@ -286,28 +515,27 @@ "locations": [ { "failoverPriority": 0, - "locationName": "[parameters('location')]" + "locationName": "[variables('solutionLocation')]" } ], "capabilities": [ { "name": "EnableServerless" } - ], - "disableLocalAuth": true + ] } }, "pullIdentity": { "type": "Microsoft.ManagedIdentity/userAssignedIdentities", "apiVersion": "2023-07-31-preview", - "name": "[format(variables('uniqueNameFormat'), 'containerapp-pull')]", - "location": "[parameters('location')]" + "name": "[format('{0}{1}-containerapp-pull', variables('abbrs').security.managedIdentity, variables('solutionPrefix'))]", + "location": "[variables('solutionLocation')]" }, "containerAppEnv": { "type": "Microsoft.App/managedEnvironments", "apiVersion": "2024-03-01", - "name": "[format(variables('uniqueNameFormat'), 'containerapp')]", - "location": "[parameters('location')]", + "name": "[format('{0}{1}', variables('abbrs').containers.containerAppsEnvironment, variables('solutionPrefix'))]", + "location": "[variables('solutionLocation')]", "tags": "[parameters('tags')]", "properties": { "daprAIConnectionString": "[reference('appInsights').ConnectionString]", @@ -315,7 +543,7 @@ "destination": "log-analytics", "logAnalyticsConfiguration": { "customerId": "[reference('logAnalytics').customerId]", - "sharedKey": "[listKeys(resourceId('Microsoft.OperationalInsights/workspaces', format(variables('uniqueNameFormat'), 'logs')), '2023-09-01').primarySharedKey]" + "sharedKey": "[listKeys(resourceId('Microsoft.OperationalInsights/workspaces', format('{0}{1}', variables('abbrs').managementGovernance.logAnalyticsWorkspace, variables('solutionPrefix'))), '2023-09-01').primarySharedKey]" } } }, @@ -327,11 +555,11 @@ "acaCosomsRoleAssignment": { "type": "Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments", "apiVersion": "2024-05-15", - "name": "[format('{0}/{1}', format(variables('uniqueNameFormat'), 'cosmos'), guid(resourceId('Microsoft.App/containerApps', format('{0}-backend', parameters('prefix'))), resourceId('Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions', format(variables('uniqueNameFormat'), 'cosmos'), '00000000-0000-0000-0000-000000000002')))]", + "name": "[format('{0}/{1}', format('{0}{1}', variables('abbrs').databases.cosmosDBDatabase, variables('solutionPrefix')), guid(resourceId('Microsoft.App/containerApps', format('{0}{1}-backend', variables('abbrs').containers.containerApp, variables('solutionPrefix'))), resourceId('Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions', format('{0}{1}', variables('abbrs').databases.cosmosDBDatabase, variables('solutionPrefix')), '00000000-0000-0000-0000-000000000002')))]", "properties": { "principalId": "[reference('containerApp', '2024-03-01', 'full').identity.principalId]", - "roleDefinitionId": "[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions', format(variables('uniqueNameFormat'), 'cosmos'), '00000000-0000-0000-0000-000000000002')]", - "scope": "[resourceId('Microsoft.DocumentDB/databaseAccounts', format(variables('uniqueNameFormat'), 'cosmos'))]" + "roleDefinitionId": "[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions', format('{0}{1}', variables('abbrs').databases.cosmosDBDatabase, variables('solutionPrefix')), '00000000-0000-0000-0000-000000000002')]", + "scope": "[resourceId('Microsoft.DocumentDB/databaseAccounts', format('{0}{1}', variables('abbrs').databases.cosmosDBDatabase, variables('solutionPrefix')))]" }, "dependsOn": [ "containerApp", @@ -341,25 +569,25 @@ "containerApp": { "type": "Microsoft.App/containerApps", "apiVersion": "2024-03-01", - "name": "[format('{0}-backend', parameters('prefix'))]", - "location": "[parameters('location')]", + "name": "[format('{0}{1}-backend', variables('abbrs').containers.containerApp, variables('solutionPrefix'))]", + "location": "[variables('solutionLocation')]", "tags": "[parameters('tags')]", "identity": { "type": "SystemAssigned, UserAssigned", "userAssignedIdentities": { - "[format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format(variables('uniqueNameFormat'), 'containerapp-pull')))]": {} + "[format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}{1}-containerapp-pull', variables('abbrs').security.managedIdentity, variables('solutionPrefix'))))]": {} } }, "properties": { - "managedEnvironmentId": "[resourceId('Microsoft.App/managedEnvironments', format(variables('uniqueNameFormat'), 'containerapp'))]", + "managedEnvironmentId": "[resourceId('Microsoft.App/managedEnvironments', format('{0}{1}', variables('abbrs').containers.containerAppsEnvironment, variables('solutionPrefix')))]", "configuration": { "ingress": { "targetPort": 8000, "external": true, "corsPolicy": { "allowedOrigins": [ - "[format('https://{0}.azurewebsites.net', format(variables('uniqueNameFormat'), 'frontend'))]", - "[format('http://{0}.azurewebsites.net', format(variables('uniqueNameFormat'), 'frontend'))]" + "[format('https://{0}{1}-frontend.azurewebsites.net', variables('abbrs').compute.webApp, variables('solutionPrefix'))]", + "[format('http://{0}{1}-frontend.azurewebsites.net', variables('abbrs').compute.webApp, variables('solutionPrefix'))]" ] } }, @@ -443,7 +671,7 @@ }, { "name": "FRONTEND_SITE_NAME", - "value": "[format('https://{0}.azurewebsites.net', format(variables('uniqueNameFormat'), 'frontend'))]" + "value": "[format('https://{0}{1}-frontend.azurewebsites.net', variables('abbrs').compute.webApp, variables('solutionPrefix'))]" } ] } @@ -467,8 +695,8 @@ "frontendAppServicePlan": { "type": "Microsoft.Web/serverfarms", "apiVersion": "2021-02-01", - "name": "[format(variables('uniqueNameFormat'), 'frontend-plan')]", - "location": "[parameters('location')]", + "name": "[format('{0}{1}-frontend', variables('abbrs').compute.appServicePlan, variables('solutionPrefix'))]", + "location": "[variables('solutionLocation')]", "tags": "[parameters('tags')]", "sku": { "name": "P1v2", @@ -483,12 +711,12 @@ "frontendAppService": { "type": "Microsoft.Web/sites", "apiVersion": "2021-02-01", - "name": "[format(variables('uniqueNameFormat'), 'frontend')]", - "location": "[parameters('location')]", + "name": "[format('{0}{1}-frontend', variables('abbrs').compute.webApp, variables('solutionPrefix'))]", + "location": "[variables('solutionLocation')]", "tags": "[parameters('tags')]", "kind": "app,linux,container", "properties": { - "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', format(variables('uniqueNameFormat'), 'frontend-plan'))]", + "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', format('{0}{1}-frontend', variables('abbrs').compute.appServicePlan, variables('solutionPrefix')))]", "reserved": true, "siteConfig": { "linuxFxVersion": "[format('DOCKER|{0}', variables('frontendDockerImageURL'))]", @@ -517,9 +745,9 @@ } }, "identity": { - "type": "SystemAssigned,UserAssigned", + "type": "SystemAssigned, UserAssigned", "userAssignedIdentities": { - "[format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format(variables('uniqueNameFormat'), 'containerapp-pull')))]": {} + "[format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}{1}-containerapp-pull', variables('abbrs').security.managedIdentity, variables('solutionPrefix'))))]": {} } }, "dependsOn": [ @@ -532,7 +760,7 @@ "existing": true, "type": "Microsoft.MachineLearningServices/workspaces", "apiVersion": "2024-01-01-preview", - "name": "[format('{0}-aiproject', parameters('prefix'))]" + "name": "[format('{0}{1}', variables('abbrs').ai.aiHubProject, variables('solutionPrefix'))]" }, "aiDeveloper": { "existing": true, @@ -543,8 +771,8 @@ "aiDeveloperAccessProj": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.MachineLearningServices/workspaces/{0}', format('{0}-aiproject', parameters('prefix')))]", - "name": "[guid(format('{0}-backend', parameters('prefix')), resourceId('Microsoft.MachineLearningServices/workspaces', format('{0}-aiproject', parameters('prefix'))), resourceId('Microsoft.Authorization/roleDefinitions', '64702f94-c441-49e6-a78b-ef80e0188fee'))]", + "scope": "[format('Microsoft.MachineLearningServices/workspaces/{0}', format('{0}{1}', variables('abbrs').ai.aiHubProject, variables('solutionPrefix')))]", + "name": "[guid(format('{0}{1}-backend', variables('abbrs').containers.containerApp, variables('solutionPrefix')), resourceId('Microsoft.MachineLearningServices/workspaces', format('{0}{1}', variables('abbrs').ai.aiHubProject, variables('solutionPrefix'))), resourceId('Microsoft.Authorization/roleDefinitions', '64702f94-c441-49e6-a78b-ef80e0188fee'))]", "properties": { "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '64702f94-c441-49e6-a78b-ef80e0188fee')]", "principalId": "[reference('containerApp', '2024-03-01', 'full').identity.principalId]" @@ -564,14 +792,14 @@ }, "mode": "Incremental", "parameters": { - "solutionName": { - "value": "[parameters('prefix')]" - }, "solutionLocation": { - "value": "[parameters('location')]" + "value": "[variables('solutionLocation')]" }, "managedIdentityObjectId": { "value": "[reference('managedIdentityModule').outputs.managedIdentityOutput.value.objectId]" + }, + "keyvaultName": { + "value": "[format('{0}{1}', variables('abbrs').security.keyVault, variables('solutionPrefix'))]" } }, "template": { @@ -581,33 +809,28 @@ "_generator": { "name": "bicep", "version": "0.34.44.8038", - "templateHash": "10664495342911727649" + "templateHash": "6018596764344872545" } }, "parameters": { - "solutionName": { - "type": "string", - "minLength": 3, - "maxLength": 15, - "metadata": { - "description": "Solution Name" - } - }, "solutionLocation": { "type": "string" }, "managedIdentityObjectId": { "type": "string" + }, + "keyvaultName": { + "type": "string", + "metadata": { + "description": "KeyVault Name" + } } }, - "variables": { - "keyvaultName": "[format('{0}-kv', parameters('solutionName'))]" - }, "resources": [ { "type": "Microsoft.KeyVault/vaults", "apiVersion": "2022-07-01", - "name": "[variables('keyvaultName')]", + "name": "[parameters('keyvaultName')]", "location": "[parameters('solutionLocation')]", "properties": { "createMode": "default", @@ -636,7 +859,6 @@ "enabledForTemplateDeployment": true, "enableSoftDelete": false, "enableRbacAuthorization": true, - "enablePurgeProtection": true, "publicNetworkAccess": "enabled", "sku": { "family": "A", @@ -660,11 +882,11 @@ "outputs": { "keyvaultName": { "type": "string", - "value": "[variables('keyvaultName')]" + "value": "[parameters('keyvaultName')]" }, "keyvaultId": { "type": "string", - "value": "[resourceId('Microsoft.KeyVault/vaults', variables('keyvaultName'))]" + "value": "[resourceId('Microsoft.KeyVault/vaults', parameters('keyvaultName'))]" } } } @@ -685,7 +907,7 @@ "mode": "Incremental", "parameters": { "solutionName": { - "value": "[parameters('prefix')]" + "value": "[variables('solutionPrefix')]" }, "solutionLocation": { "value": "[parameters('azureOpenAILocation')]" @@ -719,7 +941,7 @@ "_generator": { "name": "bicep", "version": "0.34.44.8038", - "templateHash": "8087543237770345715" + "templateHash": "4169059378107378993" } }, "parameters": { @@ -752,18 +974,245 @@ } }, "variables": { - "storageName": "[format('{0}hubstorage', parameters('solutionName'))]", + "$fxv#0": { + "ai": { + "aiSearch": "srch-", + "aiServices": "aisa-", + "aiVideoIndexer": "avi-", + "machineLearningWorkspace": "mlw-", + "openAIService": "oai-", + "botService": "bot-", + "computerVision": "cv-", + "contentModerator": "cm-", + "contentSafety": "cs-", + "customVisionPrediction": "cstv-", + "customVisionTraining": "cstvt-", + "documentIntelligence": "di-", + "faceApi": "face-", + "healthInsights": "hi-", + "immersiveReader": "ir-", + "languageService": "lang-", + "speechService": "spch-", + "translator": "trsl-", + "aiHub": "aih-", + "aiHubProject": "aihp-" + }, + "analytics": { + "analysisServicesServer": "as", + "databricksWorkspace": "dbw-", + "dataExplorerCluster": "dec", + "dataExplorerClusterDatabase": "dedb", + "dataFactory": "adf-", + "digitalTwin": "dt-", + "streamAnalytics": "asa-", + "synapseAnalyticsPrivateLinkHub": "synplh-", + "synapseAnalyticsSQLDedicatedPool": "syndp", + "synapseAnalyticsSparkPool": "synsp", + "synapseAnalyticsWorkspaces": "synw", + "dataLakeStoreAccount": "dls", + "dataLakeAnalyticsAccount": "dla", + "eventHubsNamespace": "evhns-", + "eventHub": "evh-", + "eventGridDomain": "evgd-", + "eventGridSubscriptions": "evgs-", + "eventGridTopic": "evgt-", + "eventGridSystemTopic": "egst-", + "hdInsightHadoopCluster": "hadoop-", + "hdInsightHBaseCluster": "hbase-", + "hdInsightKafkaCluster": "kafka-", + "hdInsightSparkCluster": "spark-", + "hdInsightStormCluster": "storm-", + "hdInsightMLServicesCluster": "mls-", + "iotHub": "iot-", + "provisioningServices": "provs-", + "provisioningServicesCertificate": "pcert-", + "powerBIEmbedded": "pbi-", + "timeSeriesInsightsEnvironment": "tsi-" + }, + "compute": { + "appServiceEnvironment": "ase-", + "appServicePlan": "asp-", + "loadTesting": "lt-", + "availabilitySet": "avail-", + "arcEnabledServer": "arcs-", + "arcEnabledKubernetesCluster": "arck", + "batchAccounts": "ba-", + "cloudService": "cld-", + "communicationServices": "acs-", + "diskEncryptionSet": "des", + "functionApp": "func-", + "gallery": "gal", + "hostingEnvironment": "host-", + "imageTemplate": "it-", + "managedDiskOS": "osdisk", + "managedDiskData": "disk", + "notificationHubs": "ntf-", + "notificationHubsNamespace": "ntfns-", + "proximityPlacementGroup": "ppg-", + "restorePointCollection": "rpc-", + "snapshot": "snap-", + "staticWebApp": "stapp-", + "virtualMachine": "vm", + "virtualMachineScaleSet": "vmss-", + "virtualMachineMaintenanceConfiguration": "mc-", + "virtualMachineStorageAccount": "stvm", + "webApp": "app-" + }, + "containers": { + "aksCluster": "aks-", + "aksSystemNodePool": "npsystem-", + "aksUserNodePool": "np-", + "containerApp": "ca-", + "containerAppsEnvironment": "cae-", + "containerRegistry": "cr", + "containerInstance": "ci", + "serviceFabricCluster": "sf-", + "serviceFabricManagedCluster": "sfmc-" + }, + "databases": { + "cosmosDBDatabase": "cosmos-", + "cosmosDBApacheCassandra": "coscas-", + "cosmosDBMongoDB": "cosmon-", + "cosmosDBNoSQL": "cosno-", + "cosmosDBTable": "costab-", + "cosmosDBGremlin": "cosgrm-", + "cosmosDBPostgreSQL": "cospos-", + "cacheForRedis": "redis-", + "sqlDatabaseServer": "sql-", + "sqlDatabase": "sqldb-", + "sqlElasticJobAgent": "sqlja-", + "sqlElasticPool": "sqlep-", + "mariaDBServer": "maria-", + "mariaDBDatabase": "mariadb-", + "mySQLDatabase": "mysql-", + "postgreSQLDatabase": "psql-", + "sqlServerStretchDatabase": "sqlstrdb-", + "sqlManagedInstance": "sqlmi-" + }, + "developerTools": { + "appConfigurationStore": "appcs-", + "mapsAccount": "map-", + "signalR": "sigr", + "webPubSub": "wps-" + }, + "devOps": { + "managedGrafana": "amg-" + }, + "integration": { + "apiManagementService": "apim-", + "integrationAccount": "ia-", + "logicApp": "logic-", + "serviceBusNamespace": "sbns-", + "serviceBusQueue": "sbq-", + "serviceBusTopic": "sbt-", + "serviceBusTopicSubscription": "sbts-" + }, + "managementGovernance": { + "automationAccount": "aa-", + "applicationInsights": "appi-", + "monitorActionGroup": "ag-", + "monitorDataCollectionRules": "dcr-", + "monitorAlertProcessingRule": "apr-", + "blueprint": "bp-", + "blueprintAssignment": "bpa-", + "dataCollectionEndpoint": "dce-", + "logAnalyticsWorkspace": "log-", + "logAnalyticsQueryPacks": "pack-", + "managementGroup": "mg-", + "purviewInstance": "pview-", + "resourceGroup": "rg-", + "templateSpecsName": "ts-" + }, + "migration": { + "migrateProject": "migr-", + "databaseMigrationService": "dms-", + "recoveryServicesVault": "rsv-" + }, + "networking": { + "applicationGateway": "agw-", + "applicationSecurityGroup": "asg-", + "cdnProfile": "cdnp-", + "cdnEndpoint": "cdne-", + "connections": "con-", + "dnsForwardingRuleset": "dnsfrs-", + "dnsPrivateResolver": "dnspr-", + "dnsPrivateResolverInboundEndpoint": "in-", + "dnsPrivateResolverOutboundEndpoint": "out-", + "firewall": "afw-", + "firewallPolicy": "afwp-", + "expressRouteCircuit": "erc-", + "expressRouteGateway": "ergw-", + "frontDoorProfile": "afd-", + "frontDoorEndpoint": "fde-", + "frontDoorFirewallPolicy": "fdfp-", + "ipGroups": "ipg-", + "loadBalancerInternal": "lbi-", + "loadBalancerExternal": "lbe-", + "loadBalancerRule": "rule-", + "localNetworkGateway": "lgw-", + "natGateway": "ng-", + "networkInterface": "nic-", + "networkSecurityGroup": "nsg-", + "networkSecurityGroupSecurityRules": "nsgsr-", + "networkWatcher": "nw-", + "privateLink": "pl-", + "privateEndpoint": "pep-", + "publicIPAddress": "pip-", + "publicIPAddressPrefix": "ippre-", + "routeFilter": "rf-", + "routeServer": "rtserv-", + "routeTable": "rt-", + "serviceEndpointPolicy": "se-", + "trafficManagerProfile": "traf-", + "userDefinedRoute": "udr-", + "virtualNetwork": "vnet-", + "virtualNetworkGateway": "vgw-", + "virtualNetworkManager": "vnm-", + "virtualNetworkPeering": "peer-", + "virtualNetworkSubnet": "snet-", + "virtualWAN": "vwan-", + "virtualWANHub": "vhub-" + }, + "security": { + "bastion": "bas-", + "keyVault": "kv-", + "keyVaultManagedHSM": "kvmhsm-", + "managedIdentity": "id-", + "sshKey": "sshkey-", + "vpnGateway": "vpng-", + "vpnConnection": "vcn-", + "vpnSite": "vst-", + "webApplicationFirewallPolicy": "waf", + "webApplicationFirewallPolicyRuleGroup": "wafrg" + }, + "storage": { + "storSimple": "ssimp", + "backupVault": "bvault-", + "backupVaultPolicy": "bkpol-", + "fileShare": "share-", + "storageAccount": "st", + "storageSyncService": "sss-" + }, + "virtualDesktop": { + "labServicesPlan": "lp-", + "virtualDesktopHostPool": "vdpool-", + "virtualDesktopApplicationGroup": "vdag-", + "virtualDesktopWorkspace": "vdws-", + "virtualDesktopScalingPlan": "vdscaling-" + } + }, + "abbrs": "[variables('$fxv#0')]", + "storageName": "[format('{0}{1}hub', variables('abbrs').storage.storageAccount, parameters('solutionName'))]", "storageSkuName": "Standard_LRS", - "aiServicesName": "[format('{0}-aiservices', parameters('solutionName'))]", - "workspaceName": "[format('{0}-workspace', parameters('solutionName'))]", - "keyvaultName": "[format('{0}-kv', parameters('solutionName'))]", + "aiServicesName": "[format('{0}{1}', variables('abbrs').ai.aiServices, parameters('solutionName'))]", + "workspaceName": "[format('{0}{1}hub', variables('abbrs').managementGovernance.logAnalyticsWorkspace, parameters('solutionName'))]", "location": "[parameters('solutionLocation')]", - "aiHubName": "[format('{0}-aihub', parameters('solutionName'))]", + "aiHubName": "[format('{0}{1}', variables('abbrs').ai.aiHub, parameters('solutionName'))]", "aiHubFriendlyName": "[variables('aiHubName')]", - "aiHubDescription": "AI Hub for KM template", - "aiProjectName": "[format('{0}-aiproject', parameters('solutionName'))]", + "aiHubDescription": "AI Hub for MACAE template", + "aiProjectName": "[format('{0}{1}', variables('abbrs').ai.aiHubProject, parameters('solutionName'))]", "aiProjectFriendlyName": "[variables('aiProjectName')]", - "aiSearchName": "[format('{0}-search', parameters('solutionName'))]", + "aiSearchName": "[format('{0}{1}', variables('abbrs').ai.aiSearch, parameters('solutionName'))]", "storageNameCleaned": "[replace(variables('storageName'), '-', '')]" }, "resources": [ @@ -1039,7 +1488,7 @@ "outputs": { "keyvaultName": { "type": "string", - "value": "[variables('keyvaultName')]" + "value": "[parameters('keyVaultName')]" }, "keyvaultId": { "type": "string", @@ -1093,17 +1542,17 @@ }, "mode": "Incremental", "parameters": { - "solutionName": { - "value": "[parameters('prefix')]" - }, "managedIdentityId": { - "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format(variables('uniqueNameFormat'), 'containerapp-pull'))]" + "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('{0}{1}-containerapp-pull', variables('abbrs').security.managedIdentity, variables('solutionPrefix')))]" }, "managedIdentityPropPrin": { "value": "[reference('pullIdentity').principalId]" }, "managedIdentityLocation": { "value": "[reference('pullIdentity', '2023-07-31-preview', 'full').location]" + }, + "miName": { + "value": "[format('{0}{1}', variables('abbrs').security.managedIdentity, variables('solutionPrefix'))]" } }, "template": { @@ -1113,18 +1562,10 @@ "_generator": { "name": "bicep", "version": "0.34.44.8038", - "templateHash": "11364190519186458619" + "templateHash": "225360114294826340" } }, "parameters": { - "solutionName": { - "type": "string", - "minLength": 3, - "maxLength": 15, - "metadata": { - "description": "Solution Name" - } - }, "managedIdentityId": { "type": "string", "metadata": { @@ -1139,9 +1580,8 @@ }, "miName": { "type": "string", - "defaultValue": "[format('{0}-managed-identity', parameters('solutionName'))]", "metadata": { - "description": "Name" + "description": "Managed Identity Name" } } }, @@ -1199,7 +1639,7 @@ "value": "2.69.0" }, "location": { - "value": "[parameters('location')]" + "value": "[variables('solutionLocation')]" }, "managedIdentities": { "value": { @@ -1209,7 +1649,7 @@ } }, "scriptContent": { - "value": "[format('az cosmosdb sql role assignment create --resource-group \"{0}\" --account-name \"{1}\" --role-definition-id \"{2}\" --scope \"{3}\" --principal-id \"{4}\"', resourceGroup().name, format(variables('uniqueNameFormat'), 'cosmos'), resourceId('Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions', format(variables('uniqueNameFormat'), 'cosmos'), '00000000-0000-0000-0000-000000000002'), resourceId('Microsoft.DocumentDB/databaseAccounts', format(variables('uniqueNameFormat'), 'cosmos')), reference('containerApp', '2024-03-01', 'full').identity.principalId)]" + "value": "[format('az cosmosdb sql role assignment create --resource-group \"{0}\" --account-name \"{1}\" --role-definition-id \"{2}\" --scope \"{3}\" --principal-id \"{4}\"', resourceGroup().name, format('{0}{1}', variables('abbrs').databases.cosmosDBDatabase, variables('solutionPrefix')), resourceId('Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions', format('{0}{1}', variables('abbrs').databases.cosmosDBDatabase, variables('solutionPrefix')), '00000000-0000-0000-0000-000000000002'), resourceId('Microsoft.DocumentDB/databaseAccounts', format('{0}{1}', variables('abbrs').databases.cosmosDBDatabase, variables('solutionPrefix'))), reference('containerApp', '2024-03-01', 'full').identity.principalId)]" } }, "template": { From 67225f2c44da440973fc91164a584d5d19753896 Mon Sep 17 00:00:00 2001 From: Abdul-Microsoft Date: Wed, 14 May 2025 17:51:54 +0530 Subject: [PATCH 2/2] fix: update Key Vault and AI Services configurations for public network access --- infra/deploy_keyvault.bicep | 1 - infra/main.bicep | 3 ++- infra/main.json | 9 +++++---- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/infra/deploy_keyvault.bicep b/infra/deploy_keyvault.bicep index 56e41bd8c..3a5c1f761 100644 --- a/infra/deploy_keyvault.bicep +++ b/infra/deploy_keyvault.bicep @@ -32,7 +32,6 @@ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = { enabledForDeployment: true enabledForDiskEncryption: true enabledForTemplateDeployment: true - enableSoftDelete: false enableRbacAuthorization: true publicNetworkAccess: 'enabled' sku: { diff --git a/infra/main.bicep b/infra/main.bicep index f87f7efff..2dc2db9e8 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -26,7 +26,7 @@ targetScope = 'resourceGroup' 'westus3' ]) @description('Location for all Ai services resources. This location can be different from the resource group location.') -param azureOpenAILocation string = 'eastus2' // The location used for all deployed resources. This location must be in the same region as the resource group. +param azureOpenAILocation string = 'eastus2' @minLength(3) @maxLength(20) @@ -129,6 +129,7 @@ resource aiServices 'Microsoft.CognitiveServices/accounts@2024-04-01-preview' = //statisticsEnabled: false } disableLocalAuth: true + publicNetworkAccess: 'Enabled' } } diff --git a/infra/main.json b/infra/main.json index 9b6d845b5..016be4e7a 100644 --- a/infra/main.json +++ b/infra/main.json @@ -6,12 +6,13 @@ "_generator": { "name": "bicep", "version": "0.35.1.17967", - "templateHash": "4208201882676728802" + "templateHash": "2907054203534234249" } }, "parameters": { "azureOpenAILocation": { "type": "string", + "defaultValue": "eastus2", "allowedValues": [ "australiaeast", "brazilsouth", @@ -454,7 +455,8 @@ "properties": { "customSubDomainName": "[variables('aiServicesName')]", "apiProperties": {}, - "disableLocalAuth": true + "disableLocalAuth": true, + "publicNetworkAccess": "Enabled" } }, "aiServicesDeployments": { @@ -810,7 +812,7 @@ "_generator": { "name": "bicep", "version": "0.35.1.17967", - "templateHash": "4587248441449388111" + "templateHash": "7119862929918770475" } }, "parameters": { @@ -858,7 +860,6 @@ "enabledForDeployment": true, "enabledForDiskEncryption": true, "enabledForTemplateDeployment": true, - "enableSoftDelete": false, "enableRbacAuthorization": true, "publicNetworkAccess": "enabled", "sku": {