be0f44b8f1
* Placeholders created for terraform version * Vnet added * Terraform baseline networking added * Activated subscription * feat: Add outputs for private DNS zone, event hub, virtual network, and private endpoint modules * chore: Update default values for location and storage account in Terraform variables * chore: Remove commented out code and unused variables in eventhub module * Fixed apim policies * Update * Fixed policies * fix(fragments): update the name of the named value * chore: Update Terraform backend configuration for apim-baseline * Added managed identity * Added managed identity to scenario 3 * feat: add OPENAI_PUBLIC_NETWORK_ACCESS_ENABLED variable and enhance deploy-apim-baseline script - Added `OPENAI_PUBLIC_NETWORK_ACCESS_ENABLED` variable to `sample.tf.env` with default value `false`. - Enhanced `deploy-apim-baseline.sh` script to retrieve subscription keys and display test command. - Updated `main.tf` in `workload-genai` to use `identifier` for `resourceSuffix` and removed `random_string`. - Commented out `public_network_access_enabled` variable usage in `openai` modules within `workload-genai`. - Added `identifier` variable in `workload-genai/variables.tf` and cleaned up redundant variables. - Commented out the `azurerm` backend configuration in `provider.tf` for local testing flexibility. * chore: Remove dev.tfvars.example file * chore: Update .gitignore to ignore backend-*.hcl file * rename files * Remove unnecessary files after terraform deployment * chore: Update Terraform backend configuration for workload-genai * feat(scenarios): update terraform scripts for APIM baseline and GenAI deployment - Commented out the checks for TF_BACKEND_KEY environment variable in deploy-apim-baseline.sh and deploy-workload-genai.sh scripts. - Updated terraform backend configuration keys for APIM baseline and GenAI deployments to use ENVIRONMENT_TAG-based naming. - Adjusted spacing and indentation in terraform variable assignments for improved readability. - Fixed inconsistent use of `azurerm_user_assigned_identity` data source name in genai main.tf. - Standardized the naming convention for resources and data sources in APIM policies and OpenAI modules. These changes improve the modularity and readability of the terraform scripts and ensure better handling of environment-specific configurations. * feat(scenarios): update GenAI deployment script with correct API endpoint The GenAI deployment script has been updated to use the correct API endpoint for chat completions. This ensures that the AI assistant functions properly and provides accurate information to users. ``` * feat(scenarios): update GenAI deployment script with correct API endpoint * feat: Add tags to resource groups in APIM baseline deployment * feat: Add tags to resource groups in APIM baseline deployment * feat: update devcontainer, bicep, and terraform scripts - Removed commented out `updateContentCommand` from devcontainer.json - Updated README.md in apim-baseline to include link to Terraform-based deployment guide - Corrected file name in bicep/README.md for copying `.env` - Updated deployment script path in bicep/README.md - Fixed formatting issues in bicep/main.bicep for better readability - Enhanced deploy-apim-baseline.sh script with additional echo statements and local state file deletion command - Corrected deployment script path in workload-functions/bicep/README.md - Added link to Terraform-based deployment guide in workload-genai README.md - Updated deployment script path in workload-genai/bicep/README.md - Fixed formatting issues in workload-genai/bicep/main.bicep for better readability - Un-commented `text-embedding-ada-002` model in workload-genai/terraform/variables.tf * General cleanup * feat: Update Terraform backend configuration for APIM baseline deployment * fix(terraform): correct backend configuration patterns and key vault references - Updated `.gitignore` to ignore backend files with correct pattern. - Fixed incorrect references to `keyVaultName` in Terraform modules. - Removed redundant validation and resource creation for Terraform backend in scripts. - Adjusted deployment instructions to ensure correct file handling for environment-specific backend configurations. * feat: Add azurerm_resource_group resource for openaiResourceGroupName * feat: Add private DNS zone module for APIM baseline and GenAI deployment * feat: Update Terraform modules for APIM baseline deployment - Add dependency on networking module in shared module - Comment out unused code in shared module - Remove unnecessary local variables in shared module - Update key vault resource in shared module to match Bicep configuration - Update private DNS zone module in APIM policies module - Remove sensitive output for primary access key in OpenAI module * feat: Update Terraform modules for APIM baseline deployment * chore: Remove unnecessary local variables and tags in Terraform main.tf * certificate working * feat: Add azapi-vscode extension for Azure API Management development * feat: Update APIM policies module for LB pool and backends This commit adds new files and modifies existing files in the APIM policies module to implement load balancing with a circuit breaker policy. It introduces the `lb_pool` and `backends` directories, which contain the necessary Terraform code for configuring the LB pool and backends. The `providers.tf` files in both directories define the required provider for the Azure API Management service. The `apimanagement.tf` file is updated to use the new `lb_pool` module and pass the necessary parameters. The `lb-pool.tf` file, which was previously located in the `load-balancing` directory, is deleted as it is no longer needed. Co-authored-by: Prasanna Nagarajan <prasanna.nagarajan@microsoft.com> * feat: Implement load balancing with circuit breaker policy This commit modifies the APIM policies module to implement load balancing with a circuit breaker policy. It introduces the `lb_pool` and `backends` directories in the Terraform module, which contain the necessary code for configuring the LB pool and backends. The `apimanagement.tf` file is updated to use the new `lb_pool` module and pass the required parameters. The `lb-pool.tf` file, previously located in the `load-balancing` directory, is deleted as it is no longer needed. * Minor changes to terraform README files as per PR comments * Updated terraform following update of apim policies from main branch * Add outbound security rule for Azure Monitor in networking.tf --------- Co-authored-by: RussSmi <russell_smith@hotmail.com> Co-authored-by: jsburckhardt <jsburckhardt@gmail.com> Co-authored-by: Prasanna Nagarajan <prasanna.nagarajan@microsoft.com> |
||
|---|---|---|
| .devcontainer | ||
| docs | ||
| scenarios | ||
| .gitattributes | ||
| .gitignore | ||
| .pre-commit-config.yaml | ||
| CODEOWNERS | ||
| CODE_OF_CONDUCT.md | ||
| LICENSE | ||
| README.md | ||
| SECURITY.md | ||
| SUPPORT.md | ||
README.md
Azure API Management Landing Zone Accelerator
Azure API Management Landing Zone Accelerator provides packaged guidance with reference architecture and reference implementation along with design guidance recommendations and considerations on critical design areas for provisioning APIM with a secure baseline. They are aligned with industry proven practices, such as those presented in Azure landing zones guidance in the Cloud Adoption Framework.
Reference Architecture
🔍 Design areas
The enterprise architecture is broken down into six different design areas, where you can find the links to each at:
| Design Area | Considerations | Recommendations |
|---|---|---|
| Identity and Access Management | Design Considerations | Design Recommendations |
| Network Topology and Connectivity | Design Considerations | Design Recommendations |
| Security | Design Considerations | Design Recommendations |
| Management | Design Considerations | Design Recommendations |
| Governance | Design Considerations | Design Recommendations |
| Platform Automation and DevOps | Design Considerations | Design Recommendations |
🚀 Deployment scenarios
This repo contains the Azure landing zone accelerator's reference implementations, all with supporting Infrastructure as Code artifacts. The scenarios covered are:
▶️ Scenario 1: Azure API Management - Secure Baseline
Deploys APIM with a secure baseline configuration with no backends and a sample API.
▶️ Scenario 2: Azure API Management - Function Backend
On top of the secure baseline, deploys a private Azure function as a backend and provision APIs in APIM to access the function.
▶️ Scenario 3: Azure API Management - Gen AI Backend
On top of the secure baseline, deploys private Azure OpenAI endpoints (3 endpoints) as backend and provision API that can handle multiple use cases.
More reference implementation scenarios will be added as they become available.
Supported Regions
Some of the new Azure OpenAI policies are not available in al the regions yet. If you see the deployment failures, try chosing a different region. The following regions are more likely to work.
australiacentral, australiaeast, australiasoutheast, brazilsouth, eastasia, francecentral, germanywestcentral, koreacentral, northeurope, southeastasia, southcentralus, uksouth, ukwest, westeurope, westus2, westus3
Got a feedback
Please leverage issues if you have any feedback or request on how we can improve on this repository.
Data Collection
The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft's privacy statement. Our privacy statement is located at https://go.microsoft.com/fwlink/?LinkId=521839. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.
Telemetry Configuration
Telemetry collection is on by default.
To opt-out, set the variable ENABLE_TELEMETRY to false in .env file.
Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
Trademarks
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.