From 00eaa704b7eea8df4f864261af39d57783f1fed0 Mon Sep 17 00:00:00 2001 From: Kristian Nese Date: Thu, 1 Feb 2024 08:50:40 +0100 Subject: [PATCH 1/4] rearranging of elements for use-cases --- .../generativeAi/EnterpriseAIPortal.json | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/fsi/solutions/generativeAi/EnterpriseAIPortal.json b/fsi/solutions/generativeAi/EnterpriseAIPortal.json index 3fc6c52c..3ea27130 100644 --- a/fsi/solutions/generativeAi/EnterpriseAIPortal.json +++ b/fsi/solutions/generativeAi/EnterpriseAIPortal.json @@ -1356,10 +1356,16 @@ }, "visible": "[equals(steps('aiAuxiliarySettings').aiUseCaseDeployment, 'Yes')]" }, - + { + "name": "aSearchSection", + "type": "Microsoft.Common.Section", + "label": "Azure AI Search", + "elements": [], + "visible": "[equals(steps('aiAuxiliarySettings').aiUseCaseDeployment, 'Yes')]" + }, { "name": "aiSearchInfo", - "type": "Microsoft.Common.InfoBox", + "type": "Microsoft.Common.TextBlock", "visible": "[equals(steps('aiAuxiliarySettings').aiUseCaseDeployment, 'Yes')]", "options": { "icon": "None", @@ -1367,13 +1373,6 @@ "uri": "https://www.microsoft.com" } }, - { - "name": "aiEncryptionSection", - "type": "Microsoft.Common.Section", - "label": "Azure AI Search", - "elements": [], - "visible": "[equals(steps('aiAuxiliarySettings').aiUseCaseDeployment, 'Yes')]" - }, { "name": "aiSearchNetworkSection", "type": "Microsoft.Common.Section", @@ -1453,7 +1452,7 @@ "constraints": { "required": true }, - "visible": "[and(equals(steps('aiAuxiliarySettings').aiUseCaseDeployment, 'Yes'), equals(steps('aiSettings').aiSearchDisableNetworkAccess, 'Yes'))]" + "visible": "[and(equals(steps('aiAuxiliarySettings').aiUseCaseDeployment, 'Yes'), equals(steps('aiAuxiliarySettings').aiSearchDisableNetworkAccess, 'Yes'))]" }, { "name": "authzSection", From 5436120a58dfa538168f7dfcbb399a71c2303a24 Mon Sep 17 00:00:00 2001 From: Kristian Nese Date: Thu, 1 Feb 2024 16:14:18 +0100 Subject: [PATCH 2/4] adding storage rbac --- fsi/solutions/generativeAi/aoaiArm.json | 62 +++++++++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/fsi/solutions/generativeAi/aoaiArm.json b/fsi/solutions/generativeAi/aoaiArm.json index 109ef0af..981727a7 100644 --- a/fsi/solutions/generativeAi/aoaiArm.json +++ b/fsi/solutions/generativeAi/aoaiArm.json @@ -391,6 +391,8 @@ "rgRbac3DeploymentName": "[take(concat(parameters('prefix'), '-rbac3', variables('deploymentSuffix')), 64)]", "rgRbac4DeploymentName": "[take(concat(parameters('prefix'), '-rbac4', variables('deploymentSuffix')), 64)]", "rgRbac5DeploymentName": "[take(concat(parameters('prefix'), '-rbac5', variables('deploymentSuffix')), 64)]", + "rgRbac6DeploymentName": "[take(concat(parameters('prefix'), '-rbac6', variables('deploymentSuffix')), 64)]", + "rgRbac7DeploymentName": "[take(concat(parameters('prefix'), '-rbac7', variables('deploymentSuffix')), 64)]", "azureOpenAiFinalDeploymentName": "[take(concat(parameters('prefix'), '-aoaicmk', variables('deploymentSuffix')), 64)]", "azureOpenAiModelDeploymentName": "[take(concat(parameters('prefix'), '-aoaiModel', variables('deploymentSuffix')), 64)]", "azureOpenAIContentFilterDeploymentName": "[take(concat(parameters('prefix'), '-aoaiContentFilter', variables('deploymentSuffix')), 64)]", @@ -872,6 +874,66 @@ } } }, + // Creating Role Assignment for AOAI on Storage Account using Storage Blob Data Contributor role + { + "condition": "[equals(parameters('aiSystemIdentity'), 'Yes')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[variables('deploymentNames').rgRbac6DeploymentName]", + "resourceGroup": "[variables('resourceNames').rgName]", + "dependsOn": [ + "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').rgAzureAiObjectIdDeploymentName)]", + "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').storageDeploymentName)]" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('templateUris').rgRbacTemplateUri]" + }, + "parameters": { + "roleDefinitionId": { + "value": "ba92f5b4-2d11-453d-a403-e96b0029c9fe" + }, + "principalType": { + "value": "ServicePrincipal" + }, + "principalId": { + "value": "[if(equals(parameters('aiSystemIdentity'), 'Yes'), reference(variables('deploymentNames').rgAzureAiObjectIdDeploymentName).outputs.systemIdentityId.value, '')]" + } + } + } + }, + // Creating Role Assignment for AI Search on Storage Account using Storage Blob Data Contributor role + { + "condition": "[equals(parameters('aiSearchSystemIdentity'), 'Yes')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[variables('deploymentNames').rgRbac7DeploymentName]", + "resourceGroup": "[variables('resourceNames').rgName]", + "dependsOn": [ + "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').rgAzureAiSearchObjectIdDeploymentName)]", + "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').storageDeploymentName)]" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('templateUris').rgRbacTemplateUri]" + }, + "parameters": { + "roleDefinitionId": { + "value": "ba92f5b4-2d11-453d-a403-e96b0029c9fe" + }, + "principalType": { + "value": "ServicePrincipal" + }, + "principalId": { + "value": "[if(equals(parameters('aiSearchSystemIdentity'), 'Yes'), reference(variables('deploymentNames').rgAzureAiSearchObjectIdDeploymentName).outputs.systemIdentityId.value, '')]" + } + } + } + }, { "condition": "[not(empty(parameters('aiCmkKeyName')))]", "type": "Microsoft.Resources/deployments", From c28a37a390ac942b9636b61af5961761dc1d9662 Mon Sep 17 00:00:00 2001 From: Kristian Nese Date: Thu, 1 Feb 2024 17:56:06 +0100 Subject: [PATCH 3/4] adding azmon --- .../generativeAi/EnterpriseAIPortal.json | 156 +++++++++++++++++- fsi/solutions/generativeAi/aoaiArm.json | 86 +++++++++- fsi/solutions/generativeAi/azMon.json | 107 ++++++++++++ fsi/solutions/generativeAi/azureAiSearch.json | 28 ++++ fsi/solutions/generativeAi/azureOpenAi.json | 29 +++- fsi/solutions/generativeAi/keyVault.json | 28 ++++ 6 files changed, 428 insertions(+), 6 deletions(-) create mode 100644 fsi/solutions/generativeAi/azMon.json diff --git a/fsi/solutions/generativeAi/EnterpriseAIPortal.json b/fsi/solutions/generativeAi/EnterpriseAIPortal.json index 3ea27130..29cfef42 100644 --- a/fsi/solutions/generativeAi/EnterpriseAIPortal.json +++ b/fsi/solutions/generativeAi/EnterpriseAIPortal.json @@ -181,6 +181,34 @@ }, "visible": true }, + { + "name": "kvMonSection", + "type": "Microsoft.Common.Section", + "label": "Azure Monitor Settings", + "elements": [], + "visible": true + }, + { + "name": "kvMonCreation", + "type": "Microsoft.Common.OptionsGroup", + "label": "Enable Diagnostic Settings for logging and threat detection", + "defaultValue": "Yes (recommended)", + "toolTip": "", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ], + "required": true + }, + "visible": true + }, { "name": "nwSection", "type": "Microsoft.Common.Section", @@ -461,6 +489,34 @@ "required": true }, "visible": true + }, + { + "name": "stMonSection", + "type": "Microsoft.Common.Section", + "label": "Azure Monitor Settings", + "elements": [], + "visible": true + }, + { + "name": "stMonCreation", + "type": "Microsoft.Common.OptionsGroup", + "label": "Enable Diagnostic Settings for logging and threat detection", + "defaultValue": "Yes (recommended)", + "toolTip": "", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ], + "required": true + }, + "visible": true } ] }, @@ -654,6 +710,34 @@ "required": true }, "visible": true + }, + { + "name": "aiMonSection", + "type": "Microsoft.Common.Section", + "label": "Azure Monitor Settings", + "elements": [], + "visible": true + }, + { + "name": "aiMonCreation", + "type": "Microsoft.Common.OptionsGroup", + "label": "Enable Diagnostic Settings for logging and threat detection", + "defaultValue": "Yes (recommended)", + "toolTip": "", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ], + "required": true + }, + "visible": true } ] }, @@ -1356,6 +1440,44 @@ }, "visible": "[equals(steps('aiAuxiliarySettings').aiUseCaseDeployment, 'Yes')]" }, + { + "name": "aiUseCaseSampleDeployment", + "type": "Microsoft.Common.OptionsGroup", + "label": "Start an ingestion job for the initial use-case", + "defaultValue": "Yes", + "toolTip": "", + "constraints": { + "allowedValues": [ + { + "label": "Yes", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ], + "required": true + }, + "visible": "[equals(steps('aiAuxiliarySettings').aiUseCaseDeployment, 'Yes')]" + }, + { + "name": "aiFileUpload", + "type": "Microsoft.Common.FileUpload", + "label": "Upload your own files for ingestion", + "toolTip": "", + "constraints": { + "required": true, + "accept": ".doc,.docx,.xml,application/msword" + }, + "options": { + "multiple": true, + "uploadMode": "file", + "openMode": "text", + "encoding": "UTF-8" + }, + "visible": "[equals(steps('aiAuxiliarySettings').aiUseCaseSampleDeployment, 'Yes')]" + }, { "name": "aSearchSection", "type": "Microsoft.Common.Section", @@ -1502,6 +1624,34 @@ "required": true }, "visible": "[equals(steps('aiAuxiliarySettings').aiUseCaseDeployment, 'Yes')]" + }, + { + "name": "aiSearchMonSection", + "type": "Microsoft.Common.Section", + "label": "Azure Monitor Settings", + "elements": [], + "visible": true + }, + { + "name": "aiSearchMonCreation", + "type": "Microsoft.Common.OptionsGroup", + "label": "Enable Diagnostic Settings for logging and threat detection", + "defaultValue": "Yes (recommended)", + "toolTip": "", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ], + "required": true + }, + "visible": true } ] } @@ -1552,7 +1702,11 @@ "aiSearchRbacAuthz": "[steps('aiAuxiliarySettings').aiSearchRbacAuthz]", "aiSearchSubnetId": "[steps('aiAuxiliarySettings').aiSearchSubnetId]", "aiSearchSystemIdentity": "[steps('aiAuxiliarySettings').aiSearchSystemIdentity]", - "aiUseCaseDeployment": "[steps('aiAuxiliarySettings').aiUseCaseDeployment]" + "aiUseCaseDeployment": "[steps('aiAuxiliarySettings').aiUseCaseDeployment]", + "kvMonCreation": "[steps('kvSettings').kvMonCreation]", + "stMonCreation": "[steps('stSettings').stMonCreation]", + "aiMonCreation": "[steps('aiSettings').aiMonCreation]", + "aiSearchMonCreation": "[steps('aiAuxiliarySettings').aiSearchMonCreation]" }, "kind": "Subscription", "location": "[steps('basics').resourceScope.location.name]", diff --git a/fsi/solutions/generativeAi/aoaiArm.json b/fsi/solutions/generativeAi/aoaiArm.json index 981727a7..5826133f 100644 --- a/fsi/solutions/generativeAi/aoaiArm.json +++ b/fsi/solutions/generativeAi/aoaiArm.json @@ -360,11 +360,44 @@ "Yes", "No" ] + }, + "kvMonCreation": { + "type": "string", + "defaultValue": "No", + "allowedValues": [ + "Yes", + "No" + ] + }, + "stMonCreation": { + "type": "string", + "defaultValue": "No", + "allowedValues": [ + "Yes", + "No" + ] + }, + "aiMonCreation": { + "type": "string", + "defaultValue": "No", + "allowedValues": [ + "Yes", + "No" + ] + }, + "aiSearchMonCreation": { + "type": "string", + "defaultValue": "No", + "allowedValues": [ + "Yes", + "No" + ] } }, "variables": { "templateUris": { "managedIdentityUri": "[uri(deployment().properties.templateLink.uri, 'managedIdentity.json')]", + "azMonTemplateUri": "[uri(deployment().properties.templateLink.uri, 'azMon.json')]", "keyVaultTemplateUri": "[uri(deployment().properties.templateLink.uri, 'keyVault.json')]", "storageTemplateUri": "[uri(deployment().properties.templateLink.uri, 'storageAccount.json')]", "azureOpenAiTemplateUri": "[uri(deployment().properties.templateLink.uri, 'azureOpenAi.json')]", @@ -380,6 +413,7 @@ "deploymentSuffix": "[concat('-', deployment().location, guid(parameters('prefix')))]", "deploymentNames": { "managedIdentityDeploymentName": "[take(concat(parameters('prefix'), '-mi', variables('deploymentSuffix')), 64)]", + "azMonDeploymentName": "[take(concat(parameters('prefix'), '-azmon', variables('deploymentSuffix')), 64)]", "keyVaultDeploymentName": "[take(concat(parameters('prefix'), '-kv', variables('deploymentSuffix')), 64)]", "storageDeploymentName": "[take(concat(parameters('prefix'), '-sa', variables('deploymentSuffix')), 64)]", "azureOpenAiDeploymentName": "[take(concat(parameters('prefix'), '-aoai', variables('deploymentSuffix')), 64)]", @@ -429,13 +463,42 @@ } }, { + "condition": "[or(equals(parameters('kvMonCreation'), 'Yes'), equals(parameters('stMonCreation'), 'Yes'), equals(parameters('aiMonCreation'), 'Yes'), equals(parameters('aiSearchMonCreation'), 'Yes'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[variables('deploymentNames').keyVaultDeploymentName]", + "name": "[variables('deploymentNames').azMonDeploymentName]", "location": "[parameters('location')]", "dependsOn": [ "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').managedIdentityDeploymentName)]" ], + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('templateUris').azMonTemplateUri]" + }, + "parameters": { + "rgName": { + "value": "[variables('resourceNames').rgName]" + }, + "location": { + "value": "[parameters('location')]" + }, + "prefix": { + "value": "[parameters('prefix')]" + } + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[variables('deploymentNames').keyVaultDeploymentName]", + "location": "[parameters('location')]", + "dependsOn": [ + "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').managedIdentityDeploymentName)]", + "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').azMonDeploymentName)]" + ], "properties": { "mode": "Incremental", "templateLink": { @@ -493,6 +556,9 @@ }, "kvDisableNetworkAccess": { "value": "[parameters('kvDisableNetworkAccess')]" + }, + "kvMonCreation": { + "value": "[parameters('kvMonCreation')]" } } } @@ -530,7 +596,8 @@ "name": "[variables('deploymentNames').storageDeploymentName]", "location": "[parameters('location')]", "dependsOn": [ - "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').keyVaultDeploymentName)]" + "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').keyVaultDeploymentName)]", + "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').azMonDeploymentName)]" ], "properties": { "mode": "Incremental", @@ -568,6 +635,9 @@ }, "stHttpsOnly": { "value": "[parameters('stHttpsOnly')]" + }, + "stMonCreation": { + "value": "[parameters('stMonCreation')]" } } } @@ -579,7 +649,8 @@ "location": "[parameters('location')]", "dependsOn": [ "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').keyVaultDeploymentName)]", - "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').storageDeploymentName)]" + "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').storageDeploymentName)]", + "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').azMonDeploymentName)]" ], "properties": { "mode": "Incremental", @@ -617,6 +688,9 @@ }, "aiRestrictOutboundNetworkAccess": { "value": "[parameters('aiRestrictOutboundNetworkAccess')]" + }, + "aiMonCreation": { + "value": "[parameters('aiMonCreation')]" } } } @@ -631,7 +705,8 @@ "dependsOn": [ "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').keyVaultDeploymentName)]", "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').storageDeploymentName)]", - "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').azureOpenAiDeploymentName)]" + "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').azureOpenAiDeploymentName)]", + "[concat('Microsoft.Resources/deployments/', variables('deploymentNames').azMonDeploymentName)]" ], "properties": { "mode": "Incremental", @@ -669,6 +744,9 @@ }, "aiSearchEncryption": { "value": "[parameters('aiSearchEncryption')]" + }, + "aiSearchMonCreation": { + "value": "[parameters('aiSearchMonCreation')]" } } } diff --git a/fsi/solutions/generativeAi/azMon.json b/fsi/solutions/generativeAi/azMon.json new file mode 100644 index 00000000..80873aef --- /dev/null +++ b/fsi/solutions/generativeAi/azMon.json @@ -0,0 +1,107 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "rgName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Provide the name of the resource group where the Azure Open AI instance that will be created" + } + }, + "location": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Select the location for the Azure Open AI instance that will be created" + } + }, + "prefix": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Provide name for the Azure Open AI instance that will be created" + } + } + }, + "variables": { + "name-compliant-azMon": "[concat(parameters('prefix'), '-', parameters('location'), '-azmon')]" + }, + "resources": [ + { + "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2022-09-01", + "name": "[parameters('rgName')]", + "location": "[parameters('location')]" + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "azMon", + "resourceGroup": "[parameters('rgName')]", + "dependsOn": [ + "[resourceId('Microsoft.Resources/resourceGroups/', parameters('rgName'))]" + ], + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": {}, + "resources": [ + { + "type": "Microsoft.OperationalInsights/workspaces", + "apiVersion": "2021-12-01-preview", + "name": "[variables('name-compliant-azMon')]", + "location": "[parameters('location')]", + "sku": { + "name": "PerGB2018" + }, + "properties": { + "retentionInDays": 30, + "features": { + "enableLogAccessUsingOnlyResourcePermissions": true, + "disableLocalAuth": true + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "name": "[concat(variables('name-compliant-azMon'), '/', 'Microsoft.Insights/diag')]", + "location": "[parameters('location')]", + "dependsOn": [ + "[concat('Microsoft.OperationalInsights/workspaces/', variables('name-compliant-azMon'))]" + ], + "properties": { + "workspaceId": "[concat(subscription().id, '/resourceGroups/', parameters('rgName'), '/providers/Microsoft.OperationalInsights/workspaces/', variables('name-compliant-azMon'))]", + "metrics": [ + { + "category": "AllMetrics", + "enabled": true, + "retentionPolicy": { + "days": 0, + "enabled": false + }, + "timeGrain": null + } + ], + "logs": [ + { + "categoryGroup": "allLogs", + "enabled": true + }, + { + "categoryGroup": "audit", + "enabled": true + } + ] + } + } + ] + } + } + } + ], + "outputs": {} +} \ No newline at end of file diff --git a/fsi/solutions/generativeAi/azureAiSearch.json b/fsi/solutions/generativeAi/azureAiSearch.json index 560da56e..39d579c9 100644 --- a/fsi/solutions/generativeAi/azureAiSearch.json +++ b/fsi/solutions/generativeAi/azureAiSearch.json @@ -72,6 +72,14 @@ "Yes", "No" ] + }, + "aiSearchMonCreation": { + "type": "string", + "defaultValue": "No", + "allowedValues": [ + "Yes", + "No" + ] } }, "variables": { @@ -79,6 +87,7 @@ "name-compliant-azureAiSearch-pe": "[toLower(concat(parameters('prefix'), '-AzAISearch-pe'))]", "name-compliant-azureAiSearch-asg": "[toLower(concat(parameters('prefix'), '-AzAISearch-asg'))]", "name-compliant-storage": "[toLower(take(concat(replace(replace(parameters('prefix'), '-', ''), '_', ''), parameters('location'), uniqueString(deployment().name)), 23))]", + "name-compliant-azMon": "[concat(parameters('prefix'), '-', parameters('location'), '-azmon')]", "aiSearchIdentity": { "type": "SystemAssigned" }, @@ -132,6 +141,25 @@ } } }, + { + "condition": "[equals(parameters('aiSearchMonCreation'), 'Yes')]", + "type": "Microsoft.Search/searchServices/providers/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "name": "[concat(variables('name-compliant-azMon'), '/', 'Microsoft.Insights/diag')]", + "location": "[parameters('location')]", + "dependsOn": [ + "[concat('Microsoft.Search/searchServices', variables('name-compliant-azureAiSearch'))]" + ], + "properties": { + "workspaceId": "[concat(subscription().id, '/resourceGroups/', parameters('rgName'), '/providers/Microsoft.OperationalInsights/workspaces/', variables('name-compliant-azMon'))]", + "logs": [ + { + "categoryGroup": "allLogs", + "enabled": true + } + ] + } + }, { "condition": "[and(equals(parameters('aiSearchDisableNetworkAccess'), 'Yes'), not(empty(parameters('aiSearchSubnetId'))))]", "type": "Microsoft.Network/applicationSecurityGroups", diff --git a/fsi/solutions/generativeAi/azureOpenAi.json b/fsi/solutions/generativeAi/azureOpenAi.json index 2b53c53e..13360a9e 100644 --- a/fsi/solutions/generativeAi/azureOpenAi.json +++ b/fsi/solutions/generativeAi/azureOpenAi.json @@ -71,6 +71,14 @@ "Yes", "No" ] + }, + "aiMonCreation": { + "type": "string", + "defaultValue": "No", + "allowedValues": [ + "Yes", + "No" + ] } }, "variables": { @@ -78,6 +86,7 @@ "name-compliant-openAi-pe": "[concat(parameters('prefix'), '-AzOpenAi-pe')]", "name-compliant-openAi-asg": "[concat(parameters('prefix'), '-AzOpenAi-asg')]", "name-compliant-storage": "[toLower(take(concat(replace(replace(parameters('prefix'), '-', ''), '_', ''), parameters('location'), uniqueString(deployment().name)), 23))]", + "name-compliant-azMon": "[concat(parameters('prefix'), '-', parameters('location'), '-azmon')]", "aiIdentity": { "type": "SystemAssigned" }, @@ -128,6 +137,25 @@ "networkAcls": "[if(equals(parameters('aiDisableNetworkAccess'), 'Yes'), variables('denyFwAcl'), json('null'))]" } }, + { + "condition": "[equals(parameters('aiMonCreation'), 'Yes')]", + "type": "Microsoft.CognitiveServices/accounts/providers/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "name": "[concat(variables('name-compliant-azMon'), '/', 'Microsoft.Insights/diag')]", + "location": "[parameters('location')]", + "dependsOn": [ + "[concat('Microsoft.CognitiveServices/accounts/', variables('name-compliant-azureOpenAi'))]" + ], + "properties": { + "workspaceId": "[concat(subscription().id, '/resourceGroups/', parameters('rgName'), '/providers/Microsoft.OperationalInsights/workspaces/', variables('name-compliant-azMon'))]", + "logs": [ + { + "categoryGroup": "allLogs", + "enabled": true + } + ] + } + }, { "condition": "[and(equals(parameters('aiDisableNetworkAccess'), 'Yes'), not(empty(parameters('aiSubnetId'))))]", "type": "Microsoft.Network/applicationSecurityGroups", @@ -148,7 +176,6 @@ "dependsOn": [ "[concat('Microsoft.CognitiveServices/accounts/', variables('name-compliant-azureOpenAi'))]", "[concat('Microsoft.Network/applicationSecurityGroups/', variables('name-compliant-openAi-asg'))]" - ], "properties": { "privateLinkServiceConnections": [ diff --git a/fsi/solutions/generativeAi/keyVault.json b/fsi/solutions/generativeAi/keyVault.json index e21993a7..ddef97d6 100644 --- a/fsi/solutions/generativeAi/keyVault.json +++ b/fsi/solutions/generativeAi/keyVault.json @@ -120,6 +120,14 @@ "metadata": { "description": "Expiration time of the key [dateTimeToEpoch(dateTimeAdd(utcNow(), 'P1Y'))]" } + }, + "kvMonCreation": { + "type": "string", + "allowedValues": [ + "Yes", + "No" + ], + "defaultValue": "No" } }, "variables": { @@ -130,6 +138,7 @@ "no-st-cmk-name": "[format('{0}/{1}', variables('name-compliant-keyvault'), 'nostcmk')]", "name-compliant-keyvault-ai-cmk-name": "[format('{0}/{1}', variables('name-compliant-keyvault'), parameters('aiCmkKeyName'))]", "no-ai-cmk-name": "[format('{0}/{1}', variables('name-compliant-keyvault'), 'noaicmk')]", + "name-compliant-azMon": "[concat(parameters('prefix'), '-', parameters('location'), '-azmon')]", "denyFwAcls": { "bypass": "AzureServices", "defaultAction": "Deny", @@ -182,6 +191,25 @@ "publicNetworkAccess": "[if(equals(parameters('kvDisableNetworkAccess'), 'Yes'), 'Disabled', 'Enabled')]" } }, + { + "condition": "[equals(parameters('kvMonCreation'), 'Yes')]", + "type": "Microsoft.KeyVault/vaults/providers/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "name": "[concat(variables('name-compliant-azMon'), '/', 'Microsoft.Insights/diag')]", + "location": "[parameters('location')]", + "dependsOn": [ + "[concat('Microsoft.KeyVault/vaults/', variables('name-compliant-keyvault'))]" + ], + "properties": { + "workspaceId": "[concat(subscription().id, '/resourceGroups/', parameters('rgName'), '/providers/Microsoft.OperationalInsights/workspaces/', variables('name-compliant-azMon'))]", + "logs": [ + { + "categoryGroup": "allLogs", + "enabled": true + } + ] + } + }, { "condition": "[not(empty(parameters('userAssignedIdentity')))]", "type": "Microsoft.Authorization/roleAssignments", From b100e7a9e72b86e7e4c151624901871f95f45b8f Mon Sep 17 00:00:00 2001 From: Kristian Nese Date: Thu, 1 Feb 2024 18:25:20 +0100 Subject: [PATCH 4/4] updated variable --- fsi/solutions/generativeAi/azureAiSearch.json | 2 +- fsi/solutions/generativeAi/azureOpenAi.json | 2 +- fsi/solutions/generativeAi/keyVault.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/fsi/solutions/generativeAi/azureAiSearch.json b/fsi/solutions/generativeAi/azureAiSearch.json index 39d579c9..1e5efbc1 100644 --- a/fsi/solutions/generativeAi/azureAiSearch.json +++ b/fsi/solutions/generativeAi/azureAiSearch.json @@ -145,7 +145,7 @@ "condition": "[equals(parameters('aiSearchMonCreation'), 'Yes')]", "type": "Microsoft.Search/searchServices/providers/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "name": "[concat(variables('name-compliant-azMon'), '/', 'Microsoft.Insights/diag')]", + "name": "[concat(variables('name-compliant-azureAiSearch'), '/', 'Microsoft.Insights/diag')]", "location": "[parameters('location')]", "dependsOn": [ "[concat('Microsoft.Search/searchServices', variables('name-compliant-azureAiSearch'))]" diff --git a/fsi/solutions/generativeAi/azureOpenAi.json b/fsi/solutions/generativeAi/azureOpenAi.json index 13360a9e..e1256ed3 100644 --- a/fsi/solutions/generativeAi/azureOpenAi.json +++ b/fsi/solutions/generativeAi/azureOpenAi.json @@ -141,7 +141,7 @@ "condition": "[equals(parameters('aiMonCreation'), 'Yes')]", "type": "Microsoft.CognitiveServices/accounts/providers/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "name": "[concat(variables('name-compliant-azMon'), '/', 'Microsoft.Insights/diag')]", + "name": "[concat(variables('name-compliant-azureOpenAi'), '/', 'Microsoft.Insights/diag')]", "location": "[parameters('location')]", "dependsOn": [ "[concat('Microsoft.CognitiveServices/accounts/', variables('name-compliant-azureOpenAi'))]" diff --git a/fsi/solutions/generativeAi/keyVault.json b/fsi/solutions/generativeAi/keyVault.json index ddef97d6..93c1ef5c 100644 --- a/fsi/solutions/generativeAi/keyVault.json +++ b/fsi/solutions/generativeAi/keyVault.json @@ -195,7 +195,7 @@ "condition": "[equals(parameters('kvMonCreation'), 'Yes')]", "type": "Microsoft.KeyVault/vaults/providers/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "name": "[concat(variables('name-compliant-azMon'), '/', 'Microsoft.Insights/diag')]", + "name": "[concat(variables('name-compliant-keyvault'), '/', 'Microsoft.Insights/diag')]", "location": "[parameters('location')]", "dependsOn": [ "[concat('Microsoft.KeyVault/vaults/', variables('name-compliant-keyvault'))]"