Added two Azure ML quickstart templates

deeikele · deeikele · commit 5e52a3836bc8 · 2021-08-05T14:52:54.000-07:00
diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,7 @@
 ## Ignore terraform provider and state files
 *.terraform
 *.tfstate*
+.terraform.lock.hcl
 
 ## Ignore Visual Studio temporary files, build results, and
 ## files generated by popular Visual Studio add-ons.
diff --git a/quickstart/101-machine-learning/main.tf b/quickstart/101-machine-learning/main.tf
@@ -0,0 +1,11 @@
+provider "azurerm" {
+    version = "~>2.0"
+    features {}
+}
+
+data "azurerm_client_config" "current" {}
+
+resource "azurerm_resource_group" "default" {
+  name     = "${var.name}-${var.environment}-rgp"
+  location = "${var.location}"
+}
diff --git a/quickstart/101-machine-learning/variables.tf b/quickstart/101-machine-learning/variables.tf
@@ -0,0 +1,17 @@
+variable "name" {
+  type        = string
+  description = "Name of the deployment"
+  default     = "azureml999"
+}
+
+variable "environment" {
+  type        = string
+  description = "Name of the environment"
+  default     = "dev"
+}
+
+variable "location" {
+  type        = string
+  description = "Location of the resources"
+  default     = "East US"
+}
diff --git a/quickstart/101-machine-learning/workspace.tf b/quickstart/101-machine-learning/workspace.tf
@@ -0,0 +1,57 @@
+# Dependent resources for Azure Machine Learning
+resource "azurerm_application_insights" "default" {
+  name                = "${var.name}-${var.environment}-ain"
+  location            = azurerm_resource_group.default.location
+  resource_group_name = azurerm_resource_group.default.name
+  application_type    = "web"
+}
+
+resource "azurerm_key_vault" "default" {
+  name                     = "${var.name}${var.environment}kv"
+  location                 = azurerm_resource_group.default.location
+  resource_group_name      = azurerm_resource_group.default.name
+  tenant_id                = data.azurerm_client_config.current.tenant_id
+  sku_name                 = "premium"
+  purge_protection_enabled = false
+  
+  network_acls {
+    default_action = "Deny"
+    bypass = "AzureServices"
+  }
+}
+
+resource "azurerm_storage_account" "default" {
+  name                     = "${var.name}${var.environment}sa"
+  location                 = azurerm_resource_group.default.location
+  resource_group_name      = azurerm_resource_group.default.name
+  account_tier             = "Standard"
+  account_replication_type = "GRS"
+
+  network_rules {
+    default_action = "Deny"
+    bypass = ["AzureServices"]
+  }
+}
+
+resource "azurerm_container_registry" "default" {
+  name                     = "${var.name}${var.environment}cr"
+  location                 = azurerm_resource_group.default.location
+  resource_group_name      = azurerm_resource_group.default.name
+  sku                      = "Premium"
+  admin_enabled            = true
+}
+
+# Machine Learning workspace
+resource "azurerm_machine_learning_workspace" "default" {
+  name                    = "${var.name}-${var.environment}-aml"
+  location                = azurerm_resource_group.default.location
+  resource_group_name     = azurerm_resource_group.default.name
+  application_insights_id = azurerm_application_insights.default.id
+  key_vault_id            = azurerm_key_vault.default.id
+  storage_account_id      = azurerm_storage_account.default.id
+  container_registry_id   = azurerm_container_registry.default.id
+
+  identity {
+    type = "SystemAssigned"
+  }
+}
diff --git a/quickstart/201-machine-learning-private/main.tf b/quickstart/201-machine-learning-private/main.tf
@@ -0,0 +1,11 @@
+provider "azurerm" {
+    version = "~>2.0"
+    features {}
+}
+
+data "azurerm_client_config" "current" {}
+
+resource "azurerm_resource_group" "default" {
+  name     = "${var.name}-${var.environment}-rgp"
+  location = "${var.location}"
+}
diff --git a/quickstart/201-machine-learning-private/variables.tf b/quickstart/201-machine-learning-private/variables.tf
@@ -0,0 +1,17 @@
+variable "name" {
+  type        = string
+  description = "Name of the deployment"
+  default     = "mlple999"
+}
+
+variable "environment" {
+  type        = string
+  description = "Name of the environment"
+  default     = "dev"
+}
+
+variable "location" {
+  type        = string
+  description = "Location of the resources"
+  default     = "East US"
+}
diff --git a/quickstart/201-machine-learning-private/workspace.tf b/quickstart/201-machine-learning-private/workspace.tf
@@ -0,0 +1,203 @@
+# Dependent resources for Azure Machine Learning
+resource "azurerm_application_insights" "default" {
+  name                = "${var.name}-${var.environment}-ain"
+  location            = azurerm_resource_group.default.location
+  resource_group_name = azurerm_resource_group.default.name
+  application_type    = "web"
+}
+
+resource "azurerm_key_vault" "default" {
+  name                     = "${var.name}${var.environment}kv"
+  location                 = azurerm_resource_group.default.location
+  resource_group_name      = azurerm_resource_group.default.name
+  tenant_id                = data.azurerm_client_config.current.tenant_id
+  sku_name                 = "premium"
+  purge_protection_enabled = false
+  
+  network_acls {
+    default_action = "Deny"
+    bypass = "AzureServices"
+  }
+}
+
+resource "azurerm_storage_account" "default" {
+  name                     = "${var.name}${var.environment}sa"
+  location                 = azurerm_resource_group.default.location
+  resource_group_name      = azurerm_resource_group.default.name
+  account_tier             = "Standard"
+  account_replication_type = "GRS"
+
+  network_rules {
+    default_action = "Deny"
+    bypass = ["AzureServices"]
+  }
+}
+
+resource "azurerm_container_registry" "default" {
+  name                     = "${var.name}${var.environment}cr"
+  location                 = azurerm_resource_group.default.location
+  resource_group_name      = azurerm_resource_group.default.name
+  sku                      = "Premium"
+  admin_enabled            = true
+}
+
+# Machine Learning workspace
+resource "azurerm_machine_learning_workspace" "default" {
+  name                    = "${var.name}-${var.environment}-aml"
+  location                = azurerm_resource_group.default.location
+  resource_group_name     = azurerm_resource_group.default.name
+  application_insights_id = azurerm_application_insights.default.id
+  key_vault_id            = azurerm_key_vault.default.id
+  storage_account_id      = azurerm_storage_account.default.id
+  container_registry_id   = azurerm_container_registry.default.id
+
+  identity {
+    type = "SystemAssigned"
+  }
+}
+
+# Virtual network
+resource "azurerm_virtual_network" "default" {
+  name                = "${var.name}-${var.environment}-vnet"
+  address_space       = ["10.0.0.0/16"]
+  location            = azurerm_resource_group.default.location
+  resource_group_name = azurerm_resource_group.default.name
+}
+
+resource "azurerm_subnet" "mlsubnet" {
+  name                 = "mlsubnet"
+  resource_group_name  = azurerm_resource_group.default.name
+  virtual_network_name = azurerm_virtual_network.default.name
+  address_prefixes     = ["10.0.1.0/24"]
+  enforce_private_link_endpoint_network_policies = true
+}
+
+# DNS zones
+resource "azurerm_private_dns_zone" "dnsvault" {
+  name                = "privatelink.vaultcore.azure.net"
+  resource_group_name = azurerm_resource_group.default.name
+}
+
+resource "azurerm_private_dns_zone" "dnsstorageblob" {
+  name                = "privatelink.blob.core.windows.net"
+  resource_group_name = azurerm_resource_group.default.name
+}
+
+resource "azurerm_private_dns_zone" "dnsstoragefile" {
+  name                = "privatelink.file.core.windows.net"
+  resource_group_name = azurerm_resource_group.default.name
+}
+
+resource "azurerm_private_dns_zone" "dnscontainerregistry" {
+  name                = "privatelink.azurecr.io"
+  resource_group_name = azurerm_resource_group.default.name
+}
+
+resource "azurerm_private_dns_zone" "dnsazureml" {
+  name                = "privatelink.api.azureml.ms"
+  resource_group_name = azurerm_resource_group.default.name
+}
+
+resource "azurerm_private_dns_zone" "dnsnotebooks" {
+  name                = "privatelink.azureml.notebooks.net"
+  resource_group_name = azurerm_resource_group.default.name
+}
+
+# Private endpoints
+resource "azurerm_private_endpoint" "keyvault_ple" {
+  name                = "${var.name}-${var.environment}-kv-ple"
+  location            = azurerm_resource_group.default.location
+  resource_group_name = azurerm_resource_group.default.name
+  subnet_id           = azurerm_subnet.mlsubnet.id
+
+  private_dns_zone_group {
+    name                 = "private-dns-zone-group"
+    private_dns_zone_ids = [azurerm_private_dns_zone.dnsvault.id]
+  }
+
+  private_service_connection {
+    name                           = "${var.name}kv-psc"
+    private_connection_resource_id = azurerm_key_vault.default.id
+    subresource_names              = [ "vault" ]
+    is_manual_connection           = false
+  }
+}
+
+resource "azurerm_private_endpoint" "storage_ple_blob" {
+  name                = "${var.name}-${var.environment}-sa-ple-blob"
+  location            = azurerm_resource_group.default.location
+  resource_group_name = azurerm_resource_group.default.name
+  subnet_id           = azurerm_subnet.mlsubnet.id
+
+  private_dns_zone_group {
+    name                 = "private-dns-zone-group"
+    private_dns_zone_ids = [azurerm_private_dns_zone.dnsstorageblob.id]
+  }
+
+  private_service_connection {
+    name                           = "${var.name}sa-psc"
+    private_connection_resource_id = azurerm_storage_account.default.id
+    subresource_names              = [ "blob" ]
+    is_manual_connection           = false
+  }
+}
+
+resource "azurerm_private_endpoint" "storage_ple_file" {
+  name                = "${var.name}-${var.environment}-sa-ple-file"
+  location            = azurerm_resource_group.default.location
+  resource_group_name = azurerm_resource_group.default.name
+  subnet_id           = azurerm_subnet.mlsubnet.id
+
+  private_dns_zone_group {
+    name                 = "private-dns-zone-group"
+    private_dns_zone_ids = [azurerm_private_dns_zone.dnsstoragefile.id]
+  }
+
+  private_service_connection {
+    name                           = "${var.name}sa-psc"
+    private_connection_resource_id = azurerm_storage_account.default.id
+    subresource_names              = [ "file" ]
+    is_manual_connection           = false
+  }
+}
+
+resource "azurerm_private_endpoint" "cr_ple" {
+  name                = "${var.name}-${var.environment}-cr-ple"
+  location            = azurerm_resource_group.default.location
+  resource_group_name = azurerm_resource_group.default.name
+  subnet_id           = azurerm_subnet.mlsubnet.id
+
+  private_dns_zone_group {
+    name                 = "private-dns-zone-group"
+    private_dns_zone_ids = [azurerm_private_dns_zone.dnscontainerregistry.id]
+  }
+
+  private_service_connection {
+    name                           = "${var.name}cr-psc"
+    private_connection_resource_id = azurerm_container_registry.default.id
+    subresource_names              = [ "registry" ]
+    is_manual_connection           = false
+  }
+}
+
+resource "azurerm_private_endpoint" "ml_ple" {
+  name                = "${var.name}-${var.environment}-ple"
+  location            = azurerm_resource_group.default.location
+  resource_group_name = azurerm_resource_group.default.name
+  subnet_id           = azurerm_subnet.mlsubnet.id
+
+  private_dns_zone_group {
+    name                 = "private-dns-zone-group"
+    private_dns_zone_ids = [
+      azurerm_private_dns_zone.dnsazureml.id,
+      azurerm_private_dns_zone.dnsnotebooks.id
+    ]
+  }
+
+  private_service_connection {
+    name                           = "${var.name}ml-psc"
+    private_connection_resource_id = azurerm_machine_learning_workspace.default.id
+    subresource_names              = [ "amlworkspace" ]
+    is_manual_connection           = false
+  }
+}
