Added No Public IP Region Check (#97)
* Added No Public IP Region Check * updated api version for datastore * updated linting rule * Updated frontend
This commit is contained in:
Marvin Buss
GitHub
Родитель
881dbcc3d4
Коммит
8a7c8dce93
|
|
@ -10,5 +10,6 @@
|
|||
'Outputs Must Not Contain Secrets'
|
||||
'IDs Should Be Derived From ResourceIDs'
|
||||
'Parameters Must Be Referenced'
|
||||
'apiVersions Should Be Recent'
|
||||
)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -318,7 +318,7 @@
|
|||
"text": "Specify the external services you want to connect to Machine Learning.",
|
||||
"link": {
|
||||
"label": "Learn more",
|
||||
"uri": "https://docs.microsoft.com/en-us/azure/machine-learning/concept-compute-target"
|
||||
"uri": "https://docs.microsoft.com/azure/machine-learning/concept-compute-target"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
@ -329,7 +329,7 @@
|
|||
"options": {
|
||||
"text": "Two Azure Machine Learning Compute Clusters will automatically be deployed as part of this deployment. The first has CPU and the second has GPU support. Both will be enabled with Private Link.",
|
||||
"style": "Info",
|
||||
"uri": "https://docs.microsoft.com/en-us/azure/machine-learning/how-to-create-attach-compute-cluster"
|
||||
"uri": "https://docs.microsoft.com/azure/machine-learning/how-to-create-attach-compute-cluster"
|
||||
}
|
||||
},
|
||||
{
|
||||
|
|
@ -359,7 +359,7 @@
|
|||
"options": {
|
||||
"text": "Please provide an AAD User Object ID of the user for which you want to deploy an Azure Machine Learning Compute Instance (CI). The public SSH key is optional and allows the user to to connect to the CI using an SSH connection.",
|
||||
"style": "Info",
|
||||
"uri": "https://docs.microsoft.com/en-us/azure/machine-learning/concept-compute-instance"
|
||||
"uri": "https://docs.microsoft.com/azure/machine-learning/concept-compute-instance"
|
||||
}
|
||||
},
|
||||
{
|
||||
|
|
@ -414,7 +414,7 @@
|
|||
"options": {
|
||||
"text": "As per Enterprise Scale Analytics recommendation, we are advising to use shared Databricks workspaces. Please select the shared product Databricks workspace in your Data Landing Zone and provide an access token to connect the workspace with Machine Learning. Leave blank, if you don't want to connect Databricks and Machine Learning.",
|
||||
"style": "Info",
|
||||
"uri": "https://docs.microsoft.com/en-us/azure/machine-learning/how-to-attach-compute-targets#databricks"
|
||||
"uri": "https://docs.microsoft.com/azure/machine-learning/how-to-attach-compute-targets#databricks"
|
||||
}
|
||||
},
|
||||
{
|
||||
|
|
@ -494,7 +494,7 @@
|
|||
"options": {
|
||||
"text": "Select an existing Kubernetes Cluster to connect Machine Learning with the cluster for model deployments. Please be aware that an AKS Cluster can only be connected with a single Machine Learning workspace.",
|
||||
"style": "Info",
|
||||
"uri": "https://docs.microsoft.com/en-us/azure/machine-learning/how-to-create-attach-kubernetes?tabs=python"
|
||||
"uri": "https://docs.microsoft.com/azure/machine-learning/how-to-create-attach-kubernetes?tabs=python"
|
||||
}
|
||||
},
|
||||
{
|
||||
|
|
@ -822,7 +822,7 @@
|
|||
"text": "Select the Purview account to which you want to connect the Synapse workspace or Data Factory.",
|
||||
"link": {
|
||||
"label": "Learn more",
|
||||
"uri": "https://docs.microsoft.com/en-us/azure/purview/overview"
|
||||
"uri": "https://docs.microsoft.com/azure/purview/overview"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
@ -1022,6 +1022,16 @@
|
|||
"style": "Info"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "infoBoxVirtualNetworkNsg",
|
||||
"type": "Microsoft.Common.InfoBox",
|
||||
"visible": "[not(contains(split('australiaeast,eastasia,japaneast,japanwest,francecentral,northeurope,westeurope,centralus,eastus,eastus2,northcentralus,southcentralus,westcentralus,westus,westus2', ','), steps('basics').deploymentDetails.locationName))]",
|
||||
"options": {
|
||||
"text": "Please make sure to assign the '{prefix}-{environment}-aml-nsg' Network Security Group (NSG) to the subnet selected below, as the 'no public ip' feature for Azure Machine Learning Compute Clusters and Compute Instances is not available in the selected region. The NSG was deployed as part of your Data Landing Zone deployment and exists in the '{prefix}-{environment}-network' resource group. Please follow the link to learn more.",
|
||||
"style": "Warning",
|
||||
"uri": "https://docs.microsoft.com/azure/machine-learning/how-to-secure-training-vnet?tabs=azure-studio%2Cipaddress#no-public-ip-amlcompute"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "virtualNetworkApi",
|
||||
"type": "Microsoft.Solutions.ArmApiControl",
|
||||
|
|
@ -1099,7 +1109,7 @@
|
|||
"options": {
|
||||
"text": "We are deploying all services with private endpoints and disabled public network access to reduce the data exfiltration risk. For each private endpoint, DNS A-records need to be created in a Private DNS Zones. Therefore, these either need to deployed through Azure Policies or you have to provide the Private DNS Zones that should be used for this deployment. We are assuming that all Private DNS Zones are created in the same subscription. Deploying DNS A-Records through Private Endpoints is the recommended solution.",
|
||||
"style": "Info",
|
||||
"uri": "https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/private-link-and-dns-integration-at-scale"
|
||||
"uri": "https://docs.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/private-link-and-dns-integration-at-scale"
|
||||
}
|
||||
},
|
||||
{
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"_generator": {
|
||||
"name": "bicep",
|
||||
"version": "0.4.1008.15138",
|
||||
"templateHash": "16937890963334191807"
|
||||
"templateHash": "5105924520370151573"
|
||||
}
|
||||
},
|
||||
"parameters": {
|
||||
|
|
@ -2306,7 +2306,7 @@
|
|||
"_generator": {
|
||||
"name": "bicep",
|
||||
"version": "0.4.1008.15138",
|
||||
"templateHash": "16875803617108340223"
|
||||
"templateHash": "1748291190649650709"
|
||||
}
|
||||
},
|
||||
"parameters": {
|
||||
|
|
@ -2385,7 +2385,24 @@
|
|||
},
|
||||
"functions": [],
|
||||
"variables": {
|
||||
"machineLearningPrivateEndpointName": "[format('{0}-private-endpoint', parameters('machineLearningName'))]"
|
||||
"machineLearningPrivateEndpointName": "[format('{0}-private-endpoint', parameters('machineLearningName'))]",
|
||||
"noPublicIpRegions": [
|
||||
"australiaeast",
|
||||
"eastasia",
|
||||
"japaneast",
|
||||
"japanwest",
|
||||
"francecentral",
|
||||
"northeurope",
|
||||
"westeurope",
|
||||
"centralus",
|
||||
"eastus",
|
||||
"eastus2",
|
||||
"northcentralus",
|
||||
"southcentralus",
|
||||
"westcentralus",
|
||||
"westus",
|
||||
"westus2"
|
||||
]
|
||||
},
|
||||
"resources": [
|
||||
{
|
||||
|
|
@ -2513,7 +2530,7 @@
|
|||
"description": "Machine Learning cluster 001",
|
||||
"disableLocalAuth": true,
|
||||
"properties": {
|
||||
"enableNodePublicIp": false,
|
||||
"enableNodePublicIp": "[if(contains(variables('noPublicIpRegions'), parameters('location')), false(), true())]",
|
||||
"isolatedNetwork": false,
|
||||
"osType": "Linux",
|
||||
"remoteLoginPortPublicAccess": "Disabled",
|
||||
|
|
@ -2550,7 +2567,7 @@
|
|||
"description": "Machine Learning cluster 001",
|
||||
"disableLocalAuth": true,
|
||||
"properties": {
|
||||
"enableNodePublicIp": false,
|
||||
"enableNodePublicIp": "[if(contains(variables('noPublicIpRegions'), parameters('location')), false(), true())]",
|
||||
"isolatedNetwork": false,
|
||||
"osType": "Linux",
|
||||
"remoteLoginPortPublicAccess": "Disabled",
|
||||
|
|
@ -2590,7 +2607,7 @@
|
|||
"properties": {
|
||||
"applicationSharingPolicy": "Personal",
|
||||
"computeInstanceAuthorizationType": "personal",
|
||||
"enableNodePublicIp": false,
|
||||
"enableNodePublicIp": "[if(contains(variables('noPublicIpRegions'), parameters('location')), false(), true())]",
|
||||
"isolatedNetwork": false,
|
||||
"personalComputeInstanceSettings": {
|
||||
"assignedUser": {
|
||||
|
|
@ -2627,7 +2644,7 @@
|
|||
"count": "[length(parameters('datalakeFileSystemIds'))]"
|
||||
},
|
||||
"type": "Microsoft.MachineLearningServices/workspaces/datastores",
|
||||
"apiVersion": "2021-10-01",
|
||||
"apiVersion": "2021-03-01-preview",
|
||||
"name": "[format('{0}/{1}', parameters('machineLearningName'), format('{0}{1}', if(lessOrEquals(length(parameters('datalakeFileSystemIds')), 0), format('undefined{0}', copyIndex()), split(parameters('datalakeFileSystemIds')[copyIndex()], '/')[8]), if(lessOrEquals(length(parameters('datalakeFileSystemIds')), 0), format('undefined{0}', copyIndex()), last(split(parameters('datalakeFileSystemIds')[copyIndex()], '/')))))]",
|
||||
"properties": {
|
||||
"tags": "[parameters('tags')]",
|
||||
|
|
|
|||
|
|
@ -30,6 +30,23 @@ param enableRoleAssignments bool = false
|
|||
|
||||
// Variables
|
||||
var machineLearningPrivateEndpointName = '${machineLearning.name}-private-endpoint'
|
||||
var noPublicIpRegions = [
|
||||
'australiaeast'
|
||||
'eastasia'
|
||||
'japaneast'
|
||||
'japanwest'
|
||||
'francecentral'
|
||||
'northeurope'
|
||||
'westeurope'
|
||||
'centralus'
|
||||
'eastus'
|
||||
'eastus2'
|
||||
'northcentralus'
|
||||
'southcentralus'
|
||||
'westcentralus'
|
||||
'westus'
|
||||
'westus2'
|
||||
]
|
||||
|
||||
// Resources
|
||||
resource machineLearning 'Microsoft.MachineLearningServices/workspaces@2021-07-01' = {
|
||||
|
|
@ -145,7 +162,7 @@ resource machineLearningCpuCluster001 'Microsoft.MachineLearningServices/workspa
|
|||
description: 'Machine Learning cluster 001'
|
||||
disableLocalAuth: true
|
||||
properties: {
|
||||
enableNodePublicIp: false
|
||||
enableNodePublicIp: contains(noPublicIpRegions, location) ? false : true
|
||||
isolatedNetwork: false
|
||||
osType: 'Linux'
|
||||
remoteLoginPortPublicAccess: 'Disabled'
|
||||
|
|
@ -181,7 +198,7 @@ resource machineLearningGpuCluster001 'Microsoft.MachineLearningServices/workspa
|
|||
description: 'Machine Learning cluster 001'
|
||||
disableLocalAuth: true
|
||||
properties: {
|
||||
enableNodePublicIp: false
|
||||
enableNodePublicIp: contains(noPublicIpRegions, location) ? false : true
|
||||
isolatedNetwork: false
|
||||
osType: 'Linux'
|
||||
remoteLoginPortPublicAccess: 'Disabled'
|
||||
|
|
@ -219,7 +236,7 @@ resource machineLearningComputeInstance001 'Microsoft.MachineLearningServices/wo
|
|||
properties: {
|
||||
applicationSharingPolicy: 'Personal'
|
||||
computeInstanceAuthorizationType: 'personal'
|
||||
enableNodePublicIp: false
|
||||
enableNodePublicIp: contains(noPublicIpRegions, location) ? false : true
|
||||
isolatedNetwork: false
|
||||
personalComputeInstanceSettings: {
|
||||
assignedUser: {
|
||||
|
|
@ -245,7 +262,7 @@ resource machineLearningComputeInstance001 'Microsoft.MachineLearningServices/wo
|
|||
}
|
||||
}
|
||||
|
||||
resource machineLearningDatastores 'Microsoft.MachineLearningServices/workspaces/datastores@2021-10-01' = [for (datalakeFileSystemId, i) in datalakeFileSystemIds : if(length(split(datalakeFileSystemId, '/')) == 13) {
|
||||
resource machineLearningDatastores 'Microsoft.MachineLearningServices/workspaces/datastores@2021-03-01-preview' = [for (datalakeFileSystemId, i) in datalakeFileSystemIds : if(length(split(datalakeFileSystemId, '/')) == 13) {
|
||||
parent: machineLearning
|
||||
name: '${length(datalakeFileSystemIds) <= 0 ? 'undefined${i}' : split(datalakeFileSystemId, '/')[8]}${length(datalakeFileSystemIds) <= 0 ? 'undefined${i}' : last(split(datalakeFileSystemId, '/'))}'
|
||||
properties: {
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче