diff --git a/fsi/solutions/generativeAi/EnterpriseAIPortal.json b/fsi/solutions/generativeAi/EnterpriseAIPortal.json index 3fc6c52c..29cfef42 100644 --- a/fsi/solutions/generativeAi/EnterpriseAIPortal.json +++ b/fsi/solutions/generativeAi/EnterpriseAIPortal.json @@ -181,6 +181,34 @@ }, "visible": true }, + { + "name": "kvMonSection", + "type": "Microsoft.Common.Section", + "label": "Azure Monitor Settings", + "elements": [], + "visible": true + }, + { + "name": "kvMonCreation", + "type": "Microsoft.Common.OptionsGroup", + "label": "Enable Diagnostic Settings for logging and threat detection", + "defaultValue": "Yes (recommended)", + "toolTip": "", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ], + "required": true + }, + "visible": true + }, { "name": "nwSection", "type": "Microsoft.Common.Section", @@ -461,6 +489,34 @@ "required": true }, "visible": true + }, + { + "name": "stMonSection", + "type": "Microsoft.Common.Section", + "label": "Azure Monitor Settings", + "elements": [], + "visible": true + }, + { + "name": "stMonCreation", + "type": "Microsoft.Common.OptionsGroup", + "label": "Enable Diagnostic Settings for logging and threat detection", + "defaultValue": "Yes (recommended)", + "toolTip": "", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ], + "required": true + }, + "visible": true } ] }, @@ -654,6 +710,34 @@ "required": true }, "visible": true + }, + { + "name": "aiMonSection", + "type": "Microsoft.Common.Section", + "label": "Azure Monitor Settings", + "elements": [], + "visible": true + }, + { + "name": "aiMonCreation", + "type": "Microsoft.Common.OptionsGroup", + "label": "Enable Diagnostic Settings for logging and threat detection", + "defaultValue": "Yes (recommended)", + "toolTip": "", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ], + "required": true + }, + "visible": true } ] }, @@ -1356,24 +1440,61 @@ }, "visible": "[equals(steps('aiAuxiliarySettings').aiUseCaseDeployment, 'Yes')]" }, - { - "name": "aiSearchInfo", - "type": "Microsoft.Common.InfoBox", - "visible": "[equals(steps('aiAuxiliarySettings').aiUseCaseDeployment, 'Yes')]", + "name": "aiUseCaseSampleDeployment", + "type": "Microsoft.Common.OptionsGroup", + "label": "Start an ingestion job for the initial use-case", + "defaultValue": "Yes", + "toolTip": "", + "constraints": { + "allowedValues": [ + { + "label": "Yes", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ], + "required": true + }, + "visible": "[equals(steps('aiAuxiliarySettings').aiUseCaseDeployment, 'Yes')]" + }, + { + "name": "aiFileUpload", + "type": "Microsoft.Common.FileUpload", + "label": "Upload your own files for ingestion", + "toolTip": "", + "constraints": { + "required": true, + "accept": ".doc,.docx,.xml,application/msword" + }, "options": { - "icon": "None", - "text": "Azure AI Search, an AI-powered information retrieval platform, helps developers build rich search experiences and generative AI apps that combine large language models with enterprise data. Implement search functionality for any mobile or search application within your organization or as part of software as a service (SaaS) apps.", - "uri": "https://www.microsoft.com" - } + "multiple": true, + "uploadMode": "file", + "openMode": "text", + "encoding": "UTF-8" + }, + "visible": "[equals(steps('aiAuxiliarySettings').aiUseCaseSampleDeployment, 'Yes')]" }, { - "name": "aiEncryptionSection", + "name": "aSearchSection", "type": "Microsoft.Common.Section", "label": "Azure AI Search", "elements": [], "visible": "[equals(steps('aiAuxiliarySettings').aiUseCaseDeployment, 'Yes')]" }, + { + "name": "aiSearchInfo", + "type": "Microsoft.Common.TextBlock", + "visible": "[equals(steps('aiAuxiliarySettings').aiUseCaseDeployment, 'Yes')]", + "options": { + "icon": "None", + "text": "Azure AI Search, an AI-powered information retrieval platform, helps developers build rich search experiences and generative AI apps that combine large language models with enterprise data. Implement search functionality for any mobile or search application within your organization or as part of software as a service (SaaS) apps.", + "uri": "https://www.microsoft.com" + } + }, { "name": "aiSearchNetworkSection", "type": "Microsoft.Common.Section", @@ -1453,7 +1574,7 @@ "constraints": { "required": true }, - "visible": "[and(equals(steps('aiAuxiliarySettings').aiUseCaseDeployment, 'Yes'), equals(steps('aiSettings').aiSearchDisableNetworkAccess, 'Yes'))]" + "visible": "[and(equals(steps('aiAuxiliarySettings').aiUseCaseDeployment, 'Yes'), equals(steps('aiAuxiliarySettings').aiSearchDisableNetworkAccess, 'Yes'))]" }, { "name": "authzSection", @@ -1503,6 +1624,34 @@ "required": true }, "visible": "[equals(steps('aiAuxiliarySettings').aiUseCaseDeployment, 'Yes')]" + }, + { + "name": "aiSearchMonSection", + "type": "Microsoft.Common.Section", + "label": "Azure Monitor Settings", + "elements": [], + "visible": true + }, + { + "name": "aiSearchMonCreation", + "type": "Microsoft.Common.OptionsGroup", + "label": "Enable Diagnostic Settings for logging and threat detection", + "defaultValue": "Yes (recommended)", + "toolTip": "", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ], + "required": true + }, + "visible": true } ] } @@ -1553,7 +1702,11 @@ "aiSearchRbacAuthz": "[steps('aiAuxiliarySettings').aiSearchRbacAuthz]", "aiSearchSubnetId": "[steps('aiAuxiliarySettings').aiSearchSubnetId]", "aiSearchSystemIdentity": "[steps('aiAuxiliarySettings').aiSearchSystemIdentity]", - "aiUseCaseDeployment": "[steps('aiAuxiliarySettings').aiUseCaseDeployment]" + "aiUseCaseDeployment": "[steps('aiAuxiliarySettings').aiUseCaseDeployment]", + "kvMonCreation": "[steps('kvSettings').kvMonCreation]", + "stMonCreation": "[steps('stSettings').stMonCreation]", + "aiMonCreation": "[steps('aiSettings').aiMonCreation]", + "aiSearchMonCreation": "[steps('aiAuxiliarySettings').aiSearchMonCreation]" }, "kind": "Subscription", "location": "[steps('basics').resourceScope.location.name]", diff --git a/fsi/solutions/generativeAi/aoaiArm.json b/fsi/solutions/generativeAi/aoaiArm.json index 109ef0af..5826133f 100644 --- a/fsi/solutions/generativeAi/aoaiArm.json +++ b/fsi/solutions/generativeAi/aoaiArm.json @@ -360,11 +360,44 @@ "Yes", "No" ] + }, + "kvMonCreation": { + "type": "string", + "defaultValue": "No", + "allowedValues": [ + "Yes", + "No" + ] + }, + "stMonCreation": { + "type": "string", + "defaultValue": "No", + "allowedValues": [ + "Yes", + "No" + ] + }, + "aiMonCreation": { + "type": "string", + "defaultValue": "No", + "allowedValues": [ + "Yes", + "No" + ] + }, + "aiSearchMonCreation": { + "type": "string", + "defaultValue": "No", + "allowedValues": [ + "Yes", + "No" + ] } }, "variables": { "templateUris": { "managedIdentityUri": "[uri(deployment().properties.templateLink.uri, 'managedIdentity.json')]", + "azMonTemplateUri": "[uri(deployment().properties.templateLink.uri, 'azMon.json')]", "keyVaultTemplateUri": "[uri(deployment().properties.templateLink.uri, 'keyVault.json')]", "storageTemplateUri": "[uri(deployment().properties.templateLink.uri, 'storageAccount.json')]", "azureOpenAiTemplateUri": "[uri(deployment().properties.templateLink.uri, 'azureOpenAi.json')]", @@ -380,6 +413,7 @@ "deploymentSuffix": "[concat('-', deployment().location, guid(parameters('prefix')))]", "deploymentNames": { "managedIdentityDeploymentName": "[take(concat(parameters('prefix'), '-mi', variables('deploymentSuffix')), 64)]", + "azMonDeploymentName": "[take(concat(parameters('prefix'), '-azmon', variables('deploymentSuffix')), 64)]", "keyVaultDeploymentName": "[take(concat(parameters('prefix'), '-kv', variables('deploymentSuffix')), 64)]", "storageDeploymentName": "[take(concat(parameters('prefix'), '-sa', variables('deploymentSuffix')), 64)]", "azureOpenAiDeploymentName": "[take(concat(parameters('prefix'), '-aoai', variables('deploymentSuffix')), 64)]", @@ -391,6 +425,8 @@ "rgRbac3DeploymentName": "[take(concat(parameters('prefix'), '-rbac3', variables('deploymentSuffix')), 64)]", "rgRbac4DeploymentName": "[take(concat(parameters('prefix'), '-rbac4', variables('deploymentSuffix')), 64)]", "rgRbac5DeploymentName": "[take(concat(parameters('prefix'), '-rbac5', variables('deploymentSuffix')), 64)]", + "rgRbac6DeploymentName": "[take(concat(parameters('prefix'), '-rbac6', variables('deploymentSuffix')), 64)]", + "rgRbac7DeploymentName": "[take(concat(parameters('prefix'), '-rbac7', variables('deploymentSuffix')), 64)]", "azureOpenAiFinalDeploymentName": "[take(concat(parameters('prefix'), '-aoaicmk', variables('deploymentSuffix')), 64)]", "azureOpenAiModelDeploymentName": "[take(concat(parameters('prefix'), '-aoaiModel', variables('deploymentSuffix')), 64)]", "azureOpenAIContentFilterDeploymentName": "[take(concat(parameters('prefix'), '-aoaiContentFilter', variables('deploymentSuffix')), 64)]", @@ -427,13 +463,42 @@ } }, { + "condition": "[or(equals(parameters('kvMonCreation'), 'Yes'), equals(parameters('stMonCreation'), 'Yes'), equals(parameters('aiMonCreation'), 'Yes'), equals(parameters('aiSearchMonCreation'), 'Yes'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[variables('deploymentNames').keyVaultDeploymentName]", + "name": "[variables('deploymentNames').azMonDeploymentName]", "location": "[parameters('location')]", "dependsOn": [ "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').managedIdentityDeploymentName)]" ], + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('templateUris').azMonTemplateUri]" + }, + "parameters": { + "rgName": { + "value": "[variables('resourceNames').rgName]" + }, + "location": { + "value": "[parameters('location')]" + }, + "prefix": { + "value": "[parameters('prefix')]" + } + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[variables('deploymentNames').keyVaultDeploymentName]", + "location": "[parameters('location')]", + "dependsOn": [ + "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').managedIdentityDeploymentName)]", + "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').azMonDeploymentName)]" + ], "properties": { "mode": "Incremental", "templateLink": { @@ -491,6 +556,9 @@ }, "kvDisableNetworkAccess": { "value": "[parameters('kvDisableNetworkAccess')]" + }, + "kvMonCreation": { + "value": "[parameters('kvMonCreation')]" } } } @@ -528,7 +596,8 @@ "name": "[variables('deploymentNames').storageDeploymentName]", "location": "[parameters('location')]", "dependsOn": [ - "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').keyVaultDeploymentName)]" + "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').keyVaultDeploymentName)]", + "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').azMonDeploymentName)]" ], "properties": { "mode": "Incremental", @@ -566,6 +635,9 @@ }, "stHttpsOnly": { "value": "[parameters('stHttpsOnly')]" + }, + "stMonCreation": { + "value": "[parameters('stMonCreation')]" } } } @@ -577,7 +649,8 @@ "location": "[parameters('location')]", "dependsOn": [ "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').keyVaultDeploymentName)]", - "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').storageDeploymentName)]" + "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').storageDeploymentName)]", + "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').azMonDeploymentName)]" ], "properties": { "mode": "Incremental", @@ -615,6 +688,9 @@ }, "aiRestrictOutboundNetworkAccess": { "value": "[parameters('aiRestrictOutboundNetworkAccess')]" + }, + "aiMonCreation": { + "value": "[parameters('aiMonCreation')]" } } } @@ -629,7 +705,8 @@ "dependsOn": [ "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').keyVaultDeploymentName)]", "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').storageDeploymentName)]", - "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').azureOpenAiDeploymentName)]" + "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').azureOpenAiDeploymentName)]", + "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').azMonDeploymentName)]" ], "properties": { "mode": "Incremental", @@ -667,6 +744,9 @@ }, "aiSearchEncryption": { "value": "[parameters('aiSearchEncryption')]" + }, + "aiSearchMonCreation": { + "value": "[parameters('aiSearchMonCreation')]" } } } @@ -872,6 +952,66 @@ } } }, + // Creating Role Assignment for AOAI on Storage Account using Storage Blob Data Contributor role + { + "condition": "[equals(parameters('aiSystemIdentity'), 'Yes')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[variables('deploymentNames').rgRbac6DeploymentName]", + "resourceGroup": "[variables('resourceNames').rgName]", + "dependsOn": [ + "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').rgAzureAiObjectIdDeploymentName)]", + "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').storageDeploymentName)]" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('templateUris').rgRbacTemplateUri]" + }, + "parameters": { + "roleDefinitionId": { + "value": "ba92f5b4-2d11-453d-a403-e96b0029c9fe" + }, + "principalType": { + "value": "ServicePrincipal" + }, + "principalId": { + "value": "[if(equals(parameters('aiSystemIdentity'), 'Yes'), reference(variables('deploymentNames').rgAzureAiObjectIdDeploymentName).outputs.systemIdentityId.value, '')]" + } + } + } + }, + // Creating Role Assignment for AI Search on Storage Account using Storage Blob Data Contributor role + { + "condition": "[equals(parameters('aiSearchSystemIdentity'), 'Yes')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[variables('deploymentNames').rgRbac7DeploymentName]", + "resourceGroup": "[variables('resourceNames').rgName]", + "dependsOn": [ + "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').rgAzureAiSearchObjectIdDeploymentName)]", + "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').storageDeploymentName)]" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('templateUris').rgRbacTemplateUri]" + }, + "parameters": { + "roleDefinitionId": { + "value": "ba92f5b4-2d11-453d-a403-e96b0029c9fe" + }, + "principalType": { + "value": "ServicePrincipal" + }, + "principalId": { + "value": "[if(equals(parameters('aiSearchSystemIdentity'), 'Yes'), reference(variables('deploymentNames').rgAzureAiSearchObjectIdDeploymentName).outputs.systemIdentityId.value, '')]" + } + } + } + }, { "condition": "[not(empty(parameters('aiCmkKeyName')))]", "type": "Microsoft.Resources/deployments", diff --git a/fsi/solutions/generativeAi/azMon.json b/fsi/solutions/generativeAi/azMon.json new file mode 100644 index 00000000..80873aef --- /dev/null +++ b/fsi/solutions/generativeAi/azMon.json @@ -0,0 +1,107 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "rgName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Provide the name of the resource group where the Azure Open AI instance that will be created" + } + }, + "location": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Select the location for the Azure Open AI instance that will be created" + } + }, + "prefix": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Provide name for the Azure Open AI instance that will be created" + } + } + }, + "variables": { + "name-compliant-azMon": "[concat(parameters('prefix'), '-', parameters('location'), '-azmon')]" + }, + "resources": [ + { + "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2022-09-01", + "name": "[parameters('rgName')]", + "location": "[parameters('location')]" + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "azMon", + "resourceGroup": "[parameters('rgName')]", + "dependsOn": [ + "[resourceId('Microsoft.Resources/resourceGroups/', parameters('rgName'))]" + ], + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": {}, + "resources": [ + { + "type": "Microsoft.OperationalInsights/workspaces", + "apiVersion": "2021-12-01-preview", + "name": "[variables('name-compliant-azMon')]", + "location": "[parameters('location')]", + "sku": { + "name": "PerGB2018" + }, + "properties": { + "retentionInDays": 30, + "features": { + "enableLogAccessUsingOnlyResourcePermissions": true, + "disableLocalAuth": true + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "name": "[concat(variables('name-compliant-azMon'), '/', 'Microsoft.Insights/diag')]", + "location": "[parameters('location')]", + "dependsOn": [ + "[concat('Microsoft.OperationalInsights/workspaces/', variables('name-compliant-azMon'))]" + ], + "properties": { + "workspaceId": "[concat(subscription().id, '/resourceGroups/', parameters('rgName'), '/providers/Microsoft.OperationalInsights/workspaces/', variables('name-compliant-azMon'))]", + "metrics": [ + { + "category": "AllMetrics", + "enabled": true, + "retentionPolicy": { + "days": 0, + "enabled": false + }, + "timeGrain": null + } + ], + "logs": [ + { + "categoryGroup": "allLogs", + "enabled": true + }, + { + "categoryGroup": "audit", + "enabled": true + } + ] + } + } + ] + } + } + } + ], + "outputs": {} +} \ No newline at end of file diff --git a/fsi/solutions/generativeAi/azureAiSearch.json b/fsi/solutions/generativeAi/azureAiSearch.json index 560da56e..1e5efbc1 100644 --- a/fsi/solutions/generativeAi/azureAiSearch.json +++ b/fsi/solutions/generativeAi/azureAiSearch.json @@ -72,6 +72,14 @@ "Yes", "No" ] + }, + "aiSearchMonCreation": { + "type": "string", + "defaultValue": "No", + "allowedValues": [ + "Yes", + "No" + ] } }, "variables": { @@ -79,6 +87,7 @@ "name-compliant-azureAiSearch-pe": "[toLower(concat(parameters('prefix'), '-AzAISearch-pe'))]", "name-compliant-azureAiSearch-asg": "[toLower(concat(parameters('prefix'), '-AzAISearch-asg'))]", "name-compliant-storage": "[toLower(take(concat(replace(replace(parameters('prefix'), '-', ''), '_', ''), parameters('location'), uniqueString(deployment().name)), 23))]", + "name-compliant-azMon": "[concat(parameters('prefix'), '-', parameters('location'), '-azmon')]", "aiSearchIdentity": { "type": "SystemAssigned" }, @@ -132,6 +141,25 @@ } } }, + { + "condition": "[equals(parameters('aiSearchMonCreation'), 'Yes')]", + "type": "Microsoft.Search/searchServices/providers/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "name": "[concat(variables('name-compliant-azureAiSearch'), '/', 'Microsoft.Insights/diag')]", + "location": "[parameters('location')]", + "dependsOn": [ + "[concat('Microsoft.Search/searchServices', variables('name-compliant-azureAiSearch'))]" + ], + "properties": { + "workspaceId": "[concat(subscription().id, '/resourceGroups/', parameters('rgName'), '/providers/Microsoft.OperationalInsights/workspaces/', variables('name-compliant-azMon'))]", + "logs": [ + { + "categoryGroup": "allLogs", + "enabled": true + } + ] + } + }, { "condition": "[and(equals(parameters('aiSearchDisableNetworkAccess'), 'Yes'), not(empty(parameters('aiSearchSubnetId'))))]", "type": "Microsoft.Network/applicationSecurityGroups", diff --git a/fsi/solutions/generativeAi/azureOpenAi.json b/fsi/solutions/generativeAi/azureOpenAi.json index 2b53c53e..e1256ed3 100644 --- a/fsi/solutions/generativeAi/azureOpenAi.json +++ b/fsi/solutions/generativeAi/azureOpenAi.json @@ -71,6 +71,14 @@ "Yes", "No" ] + }, + "aiMonCreation": { + "type": "string", + "defaultValue": "No", + "allowedValues": [ + "Yes", + "No" + ] } }, "variables": { @@ -78,6 +86,7 @@ "name-compliant-openAi-pe": "[concat(parameters('prefix'), '-AzOpenAi-pe')]", "name-compliant-openAi-asg": "[concat(parameters('prefix'), '-AzOpenAi-asg')]", "name-compliant-storage": "[toLower(take(concat(replace(replace(parameters('prefix'), '-', ''), '_', ''), parameters('location'), uniqueString(deployment().name)), 23))]", + "name-compliant-azMon": "[concat(parameters('prefix'), '-', parameters('location'), '-azmon')]", "aiIdentity": { "type": "SystemAssigned" }, @@ -128,6 +137,25 @@ "networkAcls": "[if(equals(parameters('aiDisableNetworkAccess'), 'Yes'), variables('denyFwAcl'), json('null'))]" } }, + { + "condition": "[equals(parameters('aiMonCreation'), 'Yes')]", + "type": "Microsoft.CognitiveServices/accounts/providers/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "name": "[concat(variables('name-compliant-azureOpenAi'), '/', 'Microsoft.Insights/diag')]", + "location": "[parameters('location')]", + "dependsOn": [ + "[concat('Microsoft.CognitiveServices/accounts/', variables('name-compliant-azureOpenAi'))]" + ], + "properties": { + "workspaceId": "[concat(subscription().id, '/resourceGroups/', parameters('rgName'), '/providers/Microsoft.OperationalInsights/workspaces/', variables('name-compliant-azMon'))]", + "logs": [ + { + "categoryGroup": "allLogs", + "enabled": true + } + ] + } + }, { "condition": "[and(equals(parameters('aiDisableNetworkAccess'), 'Yes'), not(empty(parameters('aiSubnetId'))))]", "type": "Microsoft.Network/applicationSecurityGroups", @@ -148,7 +176,6 @@ "dependsOn": [ "[concat('Microsoft.CognitiveServices/accounts/', variables('name-compliant-azureOpenAi'))]", "[concat('Microsoft.Network/applicationSecurityGroups/', variables('name-compliant-openAi-asg'))]" - ], "properties": { "privateLinkServiceConnections": [ diff --git a/fsi/solutions/generativeAi/keyVault.json b/fsi/solutions/generativeAi/keyVault.json index e21993a7..93c1ef5c 100644 --- a/fsi/solutions/generativeAi/keyVault.json +++ b/fsi/solutions/generativeAi/keyVault.json @@ -120,6 +120,14 @@ "metadata": { "description": "Expiration time of the key [dateTimeToEpoch(dateTimeAdd(utcNow(), 'P1Y'))]" } + }, + "kvMonCreation": { + "type": "string", + "allowedValues": [ + "Yes", + "No" + ], + "defaultValue": "No" } }, "variables": { @@ -130,6 +138,7 @@ "no-st-cmk-name": "[format('{0}/{1}', variables('name-compliant-keyvault'), 'nostcmk')]", "name-compliant-keyvault-ai-cmk-name": "[format('{0}/{1}', variables('name-compliant-keyvault'), parameters('aiCmkKeyName'))]", "no-ai-cmk-name": "[format('{0}/{1}', variables('name-compliant-keyvault'), 'noaicmk')]", + "name-compliant-azMon": "[concat(parameters('prefix'), '-', parameters('location'), '-azmon')]", "denyFwAcls": { "bypass": "AzureServices", "defaultAction": "Deny", @@ -182,6 +191,25 @@ "publicNetworkAccess": "[if(equals(parameters('kvDisableNetworkAccess'), 'Yes'), 'Disabled', 'Enabled')]" } }, + { + "condition": "[equals(parameters('kvMonCreation'), 'Yes')]", + "type": "Microsoft.KeyVault/vaults/providers/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "name": "[concat(variables('name-compliant-keyvault'), '/', 'Microsoft.Insights/diag')]", + "location": "[parameters('location')]", + "dependsOn": [ + "[concat('Microsoft.KeyVault/vaults/', variables('name-compliant-keyvault'))]" + ], + "properties": { + "workspaceId": "[concat(subscription().id, '/resourceGroups/', parameters('rgName'), '/providers/Microsoft.OperationalInsights/workspaces/', variables('name-compliant-azMon'))]", + "logs": [ + { + "categoryGroup": "allLogs", + "enabled": true + } + ] + } + }, { "condition": "[not(empty(parameters('userAssignedIdentity')))]", "type": "Microsoft.Authorization/roleAssignments",