diff --git a/templates/sample.yml b/arm/.gitkeep
similarity index 100%
rename from templates/sample.yml
rename to arm/.gitkeep
diff --git a/bicep/.gitkeep b/bicep/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/bicep/main.bicep b/bicep/main.bicep
new file mode 100644
index 0000000..8602cb9
--- /dev/null
+++ b/bicep/main.bicep
@@ -0,0 +1,93 @@
+targetScope='subscription'
+
+param location string = 'westus2'
+param env string = 'dev'
+param prefix string 
+param postfix string
+param resourceGroupName string = 'rg-wus-test'
+
+
+var baseName  = '${prefix}${postfix}'
+
+
+resource resgrp 'Microsoft.Resources/resourceGroups@2020-06-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+
+// storage account
+module stoacct './modules/stoacct.bicep' = {
+  name: 'stoacct'
+  scope: resourceGroup(resgrp.name)
+  params: {
+    env: env
+    baseName: baseName
+    location: location
+  }
+}
+
+
+// keyvault
+module kv './modules/kv.bicep' = {
+  name: 'kv'
+  scope: resourceGroup(resgrp.name)
+  params:{
+    env: env
+    location: location
+    baseName: baseName
+  }
+}
+
+
+// appinsights
+module appinsight './modules/appinsight.bicep' = {
+  name: 'appinsight'
+  scope: resourceGroup(resgrp.name)
+  params:{
+    baseName: baseName
+    env: env
+    location: location
+  }
+}
+
+// container registry
+module cr './modules/cr.bicep' = {
+  name: 'cr'
+  scope: resourceGroup(resgrp.name)
+  params:{
+    baseName: baseName
+    env: env
+    location: location
+  }
+}
+
+
+// amls workspace
+module amls './modules/amls.bicep' = {
+  name: 'amls'
+  scope: resourceGroup(resgrp.name)
+  params:{
+    baseName: baseName
+    env: env
+    location: location
+    stoacctid: stoacct.outputs.stoacctOut
+    kvid: kv.outputs.kvOut
+    appinsightid: appinsight.outputs.appinsightOut
+    crid: cr.outputs.crOut
+    
+  }
+}
+
+
+// aml compute instance
+module amlci './modules/amlcomputeinstance.bicep' = {
+  name: 'amlci'
+  scope: resourceGroup(resgrp.name)
+  params:{
+    baseName: baseName
+    env: env
+    location: location
+    workspaceName: amls.outputs.amlsName
+  }
+}
diff --git a/bicep/main.json b/bicep/main.json
new file mode 100644
index 0000000..446693b
--- /dev/null
+++ b/bicep/main.json
@@ -0,0 +1,516 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "metadata": {
+    "_generator": {
+      "name": "bicep",
+      "version": "0.5.6.12127",
+      "templateHash": "11208633954998583577"
+    }
+  },
+  "parameters": {
+    "location": {
+      "type": "string",
+      "defaultValue": "westus2"
+    },
+    "env": {
+      "type": "string",
+      "defaultValue": "dev"
+    },
+    "prefix": {
+      "type": "string"
+    },
+    "postfix": {
+      "type": "string"
+    },
+    "resourceGroupName": {
+      "type": "string",
+      "defaultValue": "rg-wus-test"
+    }
+  },
+  "variables": {
+    "baseName": "[format('{0}{1}', parameters('prefix'), parameters('postfix'))]"
+  },
+  "resources": [
+    {
+      "type": "Microsoft.Resources/resourceGroups",
+      "apiVersion": "2020-06-01",
+      "name": "[parameters('resourceGroupName')]",
+      "location": "[parameters('location')]"
+    },
+    {
+      "type": "Microsoft.Resources/deployments",
+      "apiVersion": "2020-10-01",
+      "name": "stoacct",
+      "resourceGroup": "[parameters('resourceGroupName')]",
+      "properties": {
+        "expressionEvaluationOptions": {
+          "scope": "inner"
+        },
+        "mode": "Incremental",
+        "parameters": {
+          "env": {
+            "value": "[parameters('env')]"
+          },
+          "baseName": {
+            "value": "[variables('baseName')]"
+          },
+          "location": {
+            "value": "[parameters('location')]"
+          }
+        },
+        "template": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "1.0.0.0",
+          "metadata": {
+            "_generator": {
+              "name": "bicep",
+              "version": "0.5.6.12127",
+              "templateHash": "13854706444404712543"
+            }
+          },
+          "parameters": {
+            "env": {
+              "type": "string"
+            },
+            "baseName": {
+              "type": "string"
+            },
+            "location": {
+              "type": "string"
+            }
+          },
+          "resources": [
+            {
+              "type": "Microsoft.Storage/storageAccounts",
+              "apiVersion": "2019-04-01",
+              "name": "[format('{0}{1}sa', parameters('env'), parameters('baseName'))]",
+              "location": "[parameters('location')]",
+              "sku": {
+                "name": "Standard_LRS"
+              },
+              "kind": "StorageV2",
+              "properties": {
+                "encryption": {
+                  "services": {
+                    "blob": {
+                      "enabled": true
+                    },
+                    "file": {
+                      "enabled": true
+                    }
+                  },
+                  "keySource": "Microsoft.Storage"
+                },
+                "supportsHttpsTrafficOnly": true
+              }
+            }
+          ],
+          "outputs": {
+            "stoacctOut": {
+              "type": "string",
+              "value": "[resourceId('Microsoft.Storage/storageAccounts', format('{0}{1}sa', parameters('env'), parameters('baseName')))]"
+            }
+          }
+        }
+      },
+      "dependsOn": [
+        "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('resourceGroupName'))]"
+      ]
+    },
+    {
+      "type": "Microsoft.Resources/deployments",
+      "apiVersion": "2020-10-01",
+      "name": "kv",
+      "resourceGroup": "[parameters('resourceGroupName')]",
+      "properties": {
+        "expressionEvaluationOptions": {
+          "scope": "inner"
+        },
+        "mode": "Incremental",
+        "parameters": {
+          "env": {
+            "value": "[parameters('env')]"
+          },
+          "location": {
+            "value": "[parameters('location')]"
+          },
+          "baseName": {
+            "value": "[variables('baseName')]"
+          }
+        },
+        "template": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "1.0.0.0",
+          "metadata": {
+            "_generator": {
+              "name": "bicep",
+              "version": "0.5.6.12127",
+              "templateHash": "3960831692549416869"
+            }
+          },
+          "parameters": {
+            "baseName": {
+              "type": "string"
+            },
+            "env": {
+              "type": "string"
+            },
+            "location": {
+              "type": "string"
+            }
+          },
+          "resources": [
+            {
+              "type": "Microsoft.KeyVault/vaults",
+              "apiVersion": "2019-09-01",
+              "name": "[format('{0}-{1}-kv', parameters('env'), parameters('baseName'))]",
+              "location": "[parameters('location')]",
+              "properties": {
+                "tenantId": "[subscription().tenantId]",
+                "sku": {
+                  "name": "standard",
+                  "family": "A"
+                },
+                "accessPolicies": []
+              }
+            }
+          ],
+          "outputs": {
+            "kvOut": {
+              "type": "string",
+              "value": "[resourceId('Microsoft.KeyVault/vaults', format('{0}-{1}-kv', parameters('env'), parameters('baseName')))]"
+            }
+          }
+        }
+      },
+      "dependsOn": [
+        "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('resourceGroupName'))]"
+      ]
+    },
+    {
+      "type": "Microsoft.Resources/deployments",
+      "apiVersion": "2020-10-01",
+      "name": "appinsight",
+      "resourceGroup": "[parameters('resourceGroupName')]",
+      "properties": {
+        "expressionEvaluationOptions": {
+          "scope": "inner"
+        },
+        "mode": "Incremental",
+        "parameters": {
+          "baseName": {
+            "value": "[variables('baseName')]"
+          },
+          "env": {
+            "value": "[parameters('env')]"
+          },
+          "location": {
+            "value": "[parameters('location')]"
+          }
+        },
+        "template": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "1.0.0.0",
+          "metadata": {
+            "_generator": {
+              "name": "bicep",
+              "version": "0.5.6.12127",
+              "templateHash": "2591061638125956638"
+            }
+          },
+          "parameters": {
+            "baseName": {
+              "type": "string"
+            },
+            "env": {
+              "type": "string"
+            },
+            "location": {
+              "type": "string"
+            }
+          },
+          "resources": [
+            {
+              "type": "Microsoft.Insights/components",
+              "apiVersion": "2020-02-02-preview",
+              "name": "[format('{0}{1}-appin', parameters('env'), parameters('baseName'))]",
+              "location": "[parameters('location')]",
+              "kind": "web",
+              "properties": {
+                "Application_Type": "web"
+              }
+            }
+          ],
+          "outputs": {
+            "appinsightOut": {
+              "type": "string",
+              "value": "[resourceId('Microsoft.Insights/components', format('{0}{1}-appin', parameters('env'), parameters('baseName')))]"
+            }
+          }
+        }
+      },
+      "dependsOn": [
+        "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('resourceGroupName'))]"
+      ]
+    },
+    {
+      "type": "Microsoft.Resources/deployments",
+      "apiVersion": "2020-10-01",
+      "name": "cr",
+      "resourceGroup": "[parameters('resourceGroupName')]",
+      "properties": {
+        "expressionEvaluationOptions": {
+          "scope": "inner"
+        },
+        "mode": "Incremental",
+        "parameters": {
+          "baseName": {
+            "value": "[variables('baseName')]"
+          },
+          "env": {
+            "value": "[parameters('env')]"
+          },
+          "location": {
+            "value": "[parameters('location')]"
+          }
+        },
+        "template": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "1.0.0.0",
+          "metadata": {
+            "_generator": {
+              "name": "bicep",
+              "version": "0.5.6.12127",
+              "templateHash": "12155558635582316098"
+            }
+          },
+          "parameters": {
+            "env": {
+              "type": "string"
+            },
+            "baseName": {
+              "type": "string"
+            },
+            "location": {
+              "type": "string"
+            }
+          },
+          "resources": [
+            {
+              "type": "Microsoft.ContainerRegistry/registries",
+              "apiVersion": "2020-11-01-preview",
+              "name": "[format('{0}{1}cr', parameters('env'), parameters('baseName'))]",
+              "location": "[parameters('location')]",
+              "sku": {
+                "name": "Standard"
+              },
+              "properties": {
+                "adminUserEnabled": true
+              }
+            }
+          ],
+          "outputs": {
+            "crOut": {
+              "type": "string",
+              "value": "[resourceId('Microsoft.ContainerRegistry/registries', format('{0}{1}cr', parameters('env'), parameters('baseName')))]"
+            }
+          }
+        }
+      },
+      "dependsOn": [
+        "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('resourceGroupName'))]"
+      ]
+    },
+    {
+      "type": "Microsoft.Resources/deployments",
+      "apiVersion": "2020-10-01",
+      "name": "amls",
+      "resourceGroup": "[parameters('resourceGroupName')]",
+      "properties": {
+        "expressionEvaluationOptions": {
+          "scope": "inner"
+        },
+        "mode": "Incremental",
+        "parameters": {
+          "baseName": {
+            "value": "[variables('baseName')]"
+          },
+          "env": {
+            "value": "[parameters('env')]"
+          },
+          "location": {
+            "value": "[parameters('location')]"
+          },
+          "stoacctid": {
+            "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'stoacct')).outputs.stoacctOut.value]"
+          },
+          "kvid": {
+            "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'kv')).outputs.kvOut.value]"
+          },
+          "appinsightid": {
+            "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'appinsight')).outputs.appinsightOut.value]"
+          },
+          "crid": {
+            "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'cr')).outputs.crOut.value]"
+          }
+        },
+        "template": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "1.0.0.0",
+          "metadata": {
+            "_generator": {
+              "name": "bicep",
+              "version": "0.5.6.12127",
+              "templateHash": "18023230433604735324"
+            }
+          },
+          "parameters": {
+            "location": {
+              "type": "string"
+            },
+            "baseName": {
+              "type": "string"
+            },
+            "env": {
+              "type": "string"
+            },
+            "stoacctid": {
+              "type": "string"
+            },
+            "kvid": {
+              "type": "string"
+            },
+            "appinsightid": {
+              "type": "string"
+            },
+            "crid": {
+              "type": "string"
+            }
+          },
+          "resources": [
+            {
+              "type": "Microsoft.MachineLearningServices/workspaces",
+              "apiVersion": "2020-09-01-preview",
+              "name": "[format('{0}{1}-ws', parameters('env'), parameters('baseName'))]",
+              "location": "[parameters('location')]",
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "sku": {
+                "tier": "basic",
+                "name": "basic"
+              },
+              "properties": {
+                "friendlyName": "[format('{0}{1}-ws', parameters('env'), parameters('baseName'))]",
+                "storageAccount": "[parameters('stoacctid')]",
+                "keyVault": "[parameters('kvid')]",
+                "applicationInsights": "[parameters('appinsightid')]",
+                "containerRegistry": "[parameters('crid')]",
+                "encryption": {
+                  "status": "Disabled",
+                  "keyVaultProperties": {
+                    "keyIdentifier": "",
+                    "keyVaultArmId": ""
+                  }
+                }
+              }
+            }
+          ],
+          "outputs": {
+            "amlsName": {
+              "type": "string",
+              "value": "[format('{0}{1}-ws', parameters('env'), parameters('baseName'))]"
+            }
+          }
+        }
+      },
+      "dependsOn": [
+        "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'appinsight')]",
+        "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'cr')]",
+        "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'kv')]",
+        "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('resourceGroupName'))]",
+        "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'stoacct')]"
+      ]
+    },
+    {
+      "type": "Microsoft.Resources/deployments",
+      "apiVersion": "2020-10-01",
+      "name": "amlci",
+      "resourceGroup": "[parameters('resourceGroupName')]",
+      "properties": {
+        "expressionEvaluationOptions": {
+          "scope": "inner"
+        },
+        "mode": "Incremental",
+        "parameters": {
+          "baseName": {
+            "value": "[variables('baseName')]"
+          },
+          "env": {
+            "value": "[parameters('env')]"
+          },
+          "location": {
+            "value": "[parameters('location')]"
+          },
+          "workspaceName": {
+            "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'amls')).outputs.amlsName.value]"
+          }
+        },
+        "template": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "1.0.0.0",
+          "metadata": {
+            "_generator": {
+              "name": "bicep",
+              "version": "0.5.6.12127",
+              "templateHash": "2016431671585526523"
+            }
+          },
+          "parameters": {
+            "location": {
+              "type": "string"
+            },
+            "baseName": {
+              "type": "string"
+            },
+            "env": {
+              "type": "string"
+            },
+            "computeInstanceName": {
+              "type": "string",
+              "defaultValue": "[format('{0}-{1}-ci', parameters('env'), parameters('baseName'))]"
+            },
+            "workspaceName": {
+              "type": "string"
+            }
+          },
+          "resources": [
+            {
+              "type": "Microsoft.MachineLearningServices/workspaces/computes",
+              "apiVersion": "2020-09-01-preview",
+              "name": "[format('{0}/{1}', parameters('workspaceName'), parameters('computeInstanceName'))]",
+              "location": "[parameters('location')]",
+              "properties": {
+                "computeType": "AmlCompute",
+                "properties": {
+                  "vmSize": "Standard_DS3_v2",
+                  "subnet": "[json('null')]",
+                  "osType": "Linux",
+                  "scaleSettings": {
+                    "maxNodeCount": 4,
+                    "minNodeCount": 0
+                  }
+                }
+              }
+            }
+          ]
+        }
+      },
+      "dependsOn": [
+        "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'amls')]",
+        "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('resourceGroupName'))]"
+      ]
+    }
+  ]
+}
\ No newline at end of file
diff --git a/bicep/modules/amlcomputeinstance.bicep b/bicep/modules/amlcomputeinstance.bicep
new file mode 100644
index 0000000..1339277
--- /dev/null
+++ b/bicep/modules/amlcomputeinstance.bicep
@@ -0,0 +1,25 @@
+param location string
+param baseName string
+param env string
+param computeInstanceName string = '${env}-${baseName}-ci'
+param workspaceName string
+
+resource amlci 'Microsoft.MachineLearningServices/workspaces/computes@2020-09-01-preview' = {
+  name: '${workspaceName}/${computeInstanceName}'
+  location: location
+  properties:{
+    computeType: 'AmlCompute'
+    properties:{
+      vmSize: 'Standard_DS3_v2'
+      subnet: json('null')
+      osType:'Linux'
+      scaleSettings:{
+        maxNodeCount: 4
+        minNodeCount: 0
+
+      }
+    }
+    
+  }
+}
+
diff --git a/bicep/modules/amls.bicep b/bicep/modules/amls.bicep
new file mode 100644
index 0000000..611da00
--- /dev/null
+++ b/bicep/modules/amls.bicep
@@ -0,0 +1,39 @@
+param location string
+param baseName string
+param env string
+param stoacctid string
+param kvid string
+param appinsightid string
+param crid string
+
+
+
+// azure machine learning service
+resource amls 'Microsoft.MachineLearningServices/workspaces@2020-09-01-preview' = {
+  name: '${env}${baseName}-ws'
+  location: location
+  identity: {
+    type: 'SystemAssigned'
+  }
+  sku:{
+    tier: 'basic'
+    name: 'basic'
+  }
+  properties:{
+    friendlyName: '${env}${baseName}-ws'
+    storageAccount: stoacctid
+    keyVault: kvid
+    applicationInsights: appinsightid
+    containerRegistry: crid
+    encryption:{
+      status: 'Disabled'
+      keyVaultProperties:{
+        keyIdentifier: ''
+        keyVaultArmId: ''
+      }
+    }
+  }
+
+}
+
+output amlsName string = amls.name
diff --git a/bicep/modules/appinsight.bicep b/bicep/modules/appinsight.bicep
new file mode 100644
index 0000000..93706ec
--- /dev/null
+++ b/bicep/modules/appinsight.bicep
@@ -0,0 +1,16 @@
+param baseName string
+param env string
+param location string
+
+
+// app insights
+resource appinsight 'Microsoft.Insights/components@2020-02-02-preview' = {
+  name: '${env}${baseName}-appin'
+  location: location
+  kind: 'web'
+  properties:{
+    Application_Type: 'web'
+  }
+}
+
+output appinsightOut string = appinsight.id
diff --git a/bicep/modules/cr.bicep b/bicep/modules/cr.bicep
new file mode 100644
index 0000000..1ac6bee
--- /dev/null
+++ b/bicep/modules/cr.bicep
@@ -0,0 +1,17 @@
+param env string
+param baseName string
+param location string
+
+resource cr 'Microsoft.ContainerRegistry/registries@2020-11-01-preview' = {
+  name: '${env}${baseName}cr'
+  location: location
+  sku: {
+    name: 'Standard'
+  }
+
+  properties:{
+    adminUserEnabled:true
+  }
+}
+
+output crOut string = cr.id
diff --git a/bicep/modules/kv.bicep b/bicep/modules/kv.bicep
new file mode 100644
index 0000000..49ebbe9
--- /dev/null
+++ b/bicep/modules/kv.bicep
@@ -0,0 +1,20 @@
+param baseName string
+param env string
+param location string
+
+
+// keyvault
+resource kv 'Microsoft.KeyVault/vaults@2019-09-01' = {
+  name: '${env}-${baseName}-kv'
+  location: location
+  properties:{
+    tenantId: subscription().tenantId
+    sku: {
+      name: 'standard'
+      family: 'A'
+    }
+    accessPolicies: []
+  }
+}
+
+output kvOut string = kv.id
diff --git a/bicep/modules/stoacct.bicep b/bicep/modules/stoacct.bicep
new file mode 100644
index 0000000..bd3bd24
--- /dev/null
+++ b/bicep/modules/stoacct.bicep
@@ -0,0 +1,30 @@
+param env string
+param baseName string
+param location string
+
+
+// stroage account
+resource stoacct 'Microsoft.Storage/storageAccounts@2019-04-01' = {
+  name: '${env}${baseName}sa'
+  location: location
+  sku:{
+    name:'Standard_LRS'
+  }
+  kind: 'StorageV2'
+  properties:{
+    encryption:{
+      services:{
+        blob:{
+          enabled: true
+        }
+        file:{
+          enabled: true
+        }
+      }
+      keySource: 'Microsoft.Storage'
+    }
+    supportsHttpsTrafficOnly: true
+  }
+}
+
+output stoacctOut string = stoacct.id
diff --git a/bicep/pipelines/bicep-iac-std-pipeline.yml b/bicep/pipelines/bicep-iac-std-pipeline.yml
new file mode 100644
index 0000000..a778980
--- /dev/null
+++ b/bicep/pipelines/bicep-iac-std-pipeline.yml
@@ -0,0 +1,34 @@
+variables:
+- template: ../../../config-aml.yml
+- ${{ if eq(variables['Build.SourceBranchName'], 'main') }}:
+    # 'main' branch: PRD environment
+    - template: ../../../config-infra-prod.yml
+- ${{ if ne(variables['Build.SourceBranchName'], 'main') }}:  
+    # 'develop' or feature branches: DEV environment
+    - template: ../../../config-infra-dev.yml
+
+trigger:
+- none
+
+pool:
+  vmImage: $(ap_vm_image)
+
+
+stages :
+  - stage: CheckOutBicepAndDeploy
+    displayName: Deploy AML Workspace
+    jobs:
+    - job: DeployBicep
+      displayName: Create Bicep Deployment
+      steps:
+      - checkout: self
+      - task: AzureCLI@2
+        displayName: Running Deployment
+        inputs:
+          azureSubscription: $(ado_service_connection_rg)
+          scriptType: bash
+          scriptLocation: inlineScript
+          inlineScript: |
+            az --version
+            echo "deploying bicep..."
+            az deployment sub create --name $(Build.DefinitionName)    --location $(location) --template-file ./infrastructure/bicep/main.bicep --parameters location=$(location) resourceGroupName=$(resource_group) prefix=$(namespace) postfix=$(postfix)
\ No newline at end of file
diff --git a/terraform/aml_deploy.tf b/terraform/aml_deploy.tf
new file mode 100644
index 0000000..586632e
--- /dev/null
+++ b/terraform/aml_deploy.tf
@@ -0,0 +1,94 @@
+# Resource group
+
+module "resource_group" {
+  source = "./modules/resource-group"
+
+  location = var.location
+
+  prefix  = var.prefix
+  postfix = var.postfix
+
+  tags = local.tags
+}
+
+# Azure Machine Learning workspace
+
+module "aml_workspace" {
+  source = "./modules/aml-workspace"
+
+  rg_name  = module.resource_group.name
+  location = module.resource_group.location
+
+  prefix  = var.prefix
+  postfix = var.postfix
+
+  storage_account_id      = module.storage_account_aml.id
+  key_vault_id            = module.key_vault.id
+  application_insights_id = module.application_insights.id
+  container_registry_id   = module.container_registry.id
+
+  enable_aml_computecluster = var.enable_aml_computecluster
+  storage_account_name      = module.storage_account_aml.name
+
+  tags = local.tags
+}
+
+# Storage account
+
+module "storage_account_aml" {
+  source = "./modules/storage-account"
+
+  rg_name  = module.resource_group.name
+  location = module.resource_group.location
+
+  prefix  = var.prefix
+  postfix = "${var.postfix}aml"
+
+  hns_enabled                         = false
+  firewall_bypass                     = ["AzureServices"]
+  firewall_virtual_network_subnet_ids = []
+
+  tags = local.tags
+}
+
+# Key vault
+
+module "key_vault" {
+  source = "./modules/key-vault"
+
+  rg_name  = module.resource_group.name
+  location = module.resource_group.location
+
+  prefix  = var.prefix
+  postfix = var.postfix
+
+  tags = local.tags
+}
+
+# Application insights
+
+module "application_insights" {
+  source = "./modules/application-insights"
+
+  rg_name  = module.resource_group.name
+  location = module.resource_group.location
+
+  prefix  = var.prefix
+  postfix = var.postfix
+
+  tags = local.tags
+}
+
+# Container registry
+
+module "container_registry" {
+  source = "./modules/container-registry"
+
+  rg_name  = module.resource_group.name
+  location = module.resource_group.location
+
+  prefix  = var.prefix
+  postfix = var.postfix
+
+  tags = local.tags
+}
\ No newline at end of file
diff --git a/terraform/locals.tf b/terraform/locals.tf
new file mode 100644
index 0000000..afa3b7c
--- /dev/null
+++ b/terraform/locals.tf
@@ -0,0 +1,9 @@
+locals {
+  tags = {
+    Owner       = "mlops-tabular"
+    Project     = "mlops-tabular"
+    Environment = "${var.environment}"
+    Toolkit     = "Terraform"
+    Name        = "${var.prefix}"
+  }
+}
\ No newline at end of file
diff --git a/terraform/main.tf b/terraform/main.tf
new file mode 100644
index 0000000..3e72635
--- /dev/null
+++ b/terraform/main.tf
@@ -0,0 +1,18 @@
+terraform {
+  backend "azurerm" {} 
+  required_providers {
+    azurerm = {
+      version = "= 2.99.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}
+
+data "azurerm_client_config" "current" {}
+
+data "http" "ip" {
+  url = "https://ifconfig.me"
+}
\ No newline at end of file
diff --git a/terraform/modules/aml-workspace/main.tf b/terraform/modules/aml-workspace/main.tf
new file mode 100644
index 0000000..98a1b2e
--- /dev/null
+++ b/terraform/modules/aml-workspace/main.tf
@@ -0,0 +1,104 @@
+resource "azurerm_machine_learning_workspace" "adl_mlw" {
+  name                    = "mlw-${var.prefix}-${var.postfix}"
+  location                = var.location
+  resource_group_name     = var.rg_name
+  application_insights_id = var.application_insights_id
+  key_vault_id            = var.key_vault_id
+  storage_account_id      = var.storage_account_id
+  container_registry_id   = var.container_registry_id
+
+  identity {
+    type = "SystemAssigned"
+  }
+
+  tags = var.tags
+}
+
+# Compute cluster
+
+resource "azurerm_machine_learning_compute_cluster" "adl_aml_ws_compute_cluster" {
+  name                          = "mlwcc${var.prefix}${var.postfix}"
+  location                      = var.location
+  vm_priority                   = "LowPriority"
+  vm_size                       = "STANDARD_DS2_V2"
+  machine_learning_workspace_id = azurerm_machine_learning_workspace.adl_mlw.id
+  count                         = var.enable_aml_computecluster ? 1 : 0
+
+  scale_settings {
+    min_node_count                       = 0
+    max_node_count                       = 1
+    scale_down_nodes_after_idle_duration = "PT120S" # 120 seconds
+  }
+
+  identity {
+    type = "SystemAssigned"
+  }
+}
+
+# Datastore
+
+resource "azurerm_resource_group_template_deployment" "arm_aml_create_datastore" {
+  name                = "arm_aml_create_datastore"
+  resource_group_name = var.rg_name
+  deployment_mode     = "Incremental"
+  parameters_content = jsonencode({
+    "WorkspaceName" = {
+      value = azurerm_machine_learning_workspace.adl_mlw.name
+    },
+    "StorageAccountName" = {
+      value = var.storage_account_name
+    }
+  })
+
+  depends_on = [time_sleep.wait_30_seconds]
+
+  template_content = <<TEMPLATE
+{
+  "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+        "WorkspaceName": {
+            "type": "String"
+        },
+        "StorageAccountName": {
+            "type": "String"
+        }
+    },
+  "resources": [
+        {
+            "type": "Microsoft.MachineLearningServices/workspaces/datastores",
+            "apiVersion": "2021-03-01-preview",
+            "name": "[concat(parameters('WorkspaceName'), '/default')]",
+            "dependsOn": [],
+            "properties": {
+                "contents": {
+                    "accountName": "[parameters('StorageAccountName')]",
+                    "containerName": "default",
+                    "contentsType": "AzureBlob",
+                    "credentials": {
+                      "credentialsType": "None"
+                    },
+                    "endpoint": "core.windows.net",
+                    "protocol": "https"
+                  },
+                  "description": "Default datastore for mlops-tabular",
+                  "isDefault": false,
+                  "properties": {
+                    "ServiceDataAccessAuthIdentity": "None"
+                  },
+                  "tags": {}
+                }
+        }
+  ]
+}
+TEMPLATE
+}
+
+resource "time_sleep" "wait_30_seconds" {
+
+  depends_on = [
+    azurerm_machine_learning_workspace.adl_mlw
+  ]
+
+  create_duration = "30s"
+}
\ No newline at end of file
diff --git a/terraform/modules/aml-workspace/outputs.tf b/terraform/modules/aml-workspace/outputs.tf
new file mode 100644
index 0000000..e69de29
diff --git a/terraform/modules/aml-workspace/variables.tf b/terraform/modules/aml-workspace/variables.tf
new file mode 100644
index 0000000..be58b12
--- /dev/null
+++ b/terraform/modules/aml-workspace/variables.tf
@@ -0,0 +1,55 @@
+variable "rg_name" {
+  type        = string
+  description = "Resource group name"
+}
+
+variable "location" {
+  type        = string
+  description = "Location of the resource group"
+}
+
+variable "tags" {
+  type        = map(string)
+  default     = {}
+  description = "A mapping of tags which should be assigned to the deployed resource"
+}
+
+variable "prefix" {
+  type        = string
+  description = "Prefix for the module name"
+}
+
+variable "postfix" {
+  type        = string
+  description = "Postfix for the module name"
+}
+
+variable "storage_account_id" {
+  type        = string
+  description = "The ID of the Storage Account linked to AML workspace"
+}
+
+variable "key_vault_id" {
+  type        = string
+  description = "The ID of the Key Vault linked to AML workspace"
+}
+
+variable "application_insights_id" {
+  type        = string
+  description = "The ID of the Application Insights linked to AML workspace"
+}
+
+variable "container_registry_id" {
+  type        = string
+  description = "The ID of the Container Registry linked to AML workspace"
+}
+
+variable "enable_aml_computecluster" {
+  description = "Variable to enable or disable AML compute cluster"
+  default     = false
+}
+
+variable "storage_account_name" {
+  type        = string
+  description = "The Name of the Storage Account linked to AML workspace"
+}
\ No newline at end of file
diff --git a/terraform/modules/application-insights/main.tf b/terraform/modules/application-insights/main.tf
new file mode 100644
index 0000000..94b69e9
--- /dev/null
+++ b/terraform/modules/application-insights/main.tf
@@ -0,0 +1,8 @@
+resource "azurerm_application_insights" "adl_appi" {
+  name                = "appi-${var.prefix}-${var.postfix}"
+  location            = var.location
+  resource_group_name = var.rg_name
+  application_type    = "web"
+
+  tags = var.tags
+}
\ No newline at end of file
diff --git a/terraform/modules/application-insights/outputs.tf b/terraform/modules/application-insights/outputs.tf
new file mode 100644
index 0000000..fa70656
--- /dev/null
+++ b/terraform/modules/application-insights/outputs.tf
@@ -0,0 +1,3 @@
+output "id" {
+  value = azurerm_application_insights.adl_appi.id
+}
\ No newline at end of file
diff --git a/terraform/modules/application-insights/variables.tf b/terraform/modules/application-insights/variables.tf
new file mode 100644
index 0000000..442eafe
--- /dev/null
+++ b/terraform/modules/application-insights/variables.tf
@@ -0,0 +1,25 @@
+variable "rg_name" {
+  type        = string
+  description = "Resource group name"
+}
+
+variable "location" {
+  type        = string
+  description = "Location of the resource group"
+}
+
+variable "tags" {
+  type        = map(string)
+  default     = {}
+  description = "A mapping of tags which should be assigned to the deployed resource"
+}
+
+variable "prefix" {
+  type        = string
+  description = "Prefix for the module name"
+}
+
+variable "postfix" {
+  type        = string
+  description = "Postfix for the module name"
+}
\ No newline at end of file
diff --git a/terraform/modules/container-registry/main.tf b/terraform/modules/container-registry/main.tf
new file mode 100644
index 0000000..e0b5224
--- /dev/null
+++ b/terraform/modules/container-registry/main.tf
@@ -0,0 +1,20 @@
+locals {
+  safe_prefix  = replace(var.prefix, "-", "")
+  safe_postfix = replace(var.postfix, "-", "")
+}
+
+resource "azurerm_container_registry" "adl_cr" {
+  name                = "cr${local.safe_prefix}${local.safe_postfix}"
+  resource_group_name = var.rg_name
+  location            = var.location
+  sku                 = "Premium"
+  admin_enabled       = false
+
+  network_rule_set {
+    default_action  = "Deny"
+    ip_rule         = []
+    virtual_network = []
+  }
+
+  tags = var.tags
+}
\ No newline at end of file
diff --git a/terraform/modules/container-registry/outputs.tf b/terraform/modules/container-registry/outputs.tf
new file mode 100644
index 0000000..13f61e8
--- /dev/null
+++ b/terraform/modules/container-registry/outputs.tf
@@ -0,0 +1,3 @@
+output "id" {
+  value = azurerm_container_registry.adl_cr.id
+}
\ No newline at end of file
diff --git a/terraform/modules/container-registry/variables.tf b/terraform/modules/container-registry/variables.tf
new file mode 100644
index 0000000..442eafe
--- /dev/null
+++ b/terraform/modules/container-registry/variables.tf
@@ -0,0 +1,25 @@
+variable "rg_name" {
+  type        = string
+  description = "Resource group name"
+}
+
+variable "location" {
+  type        = string
+  description = "Location of the resource group"
+}
+
+variable "tags" {
+  type        = map(string)
+  default     = {}
+  description = "A mapping of tags which should be assigned to the deployed resource"
+}
+
+variable "prefix" {
+  type        = string
+  description = "Prefix for the module name"
+}
+
+variable "postfix" {
+  type        = string
+  description = "Postfix for the module name"
+}
\ No newline at end of file
diff --git a/terraform/modules/key-vault/main.tf b/terraform/modules/key-vault/main.tf
new file mode 100644
index 0000000..382ffae
--- /dev/null
+++ b/terraform/modules/key-vault/main.tf
@@ -0,0 +1,18 @@
+data "azurerm_client_config" "current" {}
+
+resource "azurerm_key_vault" "adl_kv" {
+  name                = "kv-${var.prefix}-${var.postfix}"
+  location            = var.location
+  resource_group_name = var.rg_name
+  tenant_id           = data.azurerm_client_config.current.tenant_id
+  sku_name            = "standard"
+
+  network_acls {
+    default_action             = "Deny"
+    ip_rules                   = []
+    virtual_network_subnet_ids = []
+    bypass                     = "None"
+  }
+
+  tags = var.tags
+}
\ No newline at end of file
diff --git a/terraform/modules/key-vault/outputs.tf b/terraform/modules/key-vault/outputs.tf
new file mode 100644
index 0000000..46d9cbe
--- /dev/null
+++ b/terraform/modules/key-vault/outputs.tf
@@ -0,0 +1,7 @@
+output "id" {
+  value = azurerm_key_vault.adl_kv.id
+}
+
+output "name" {
+  value = azurerm_key_vault.adl_kv.name
+}
\ No newline at end of file
diff --git a/terraform/modules/key-vault/variables.tf b/terraform/modules/key-vault/variables.tf
new file mode 100644
index 0000000..442eafe
--- /dev/null
+++ b/terraform/modules/key-vault/variables.tf
@@ -0,0 +1,25 @@
+variable "rg_name" {
+  type        = string
+  description = "Resource group name"
+}
+
+variable "location" {
+  type        = string
+  description = "Location of the resource group"
+}
+
+variable "tags" {
+  type        = map(string)
+  default     = {}
+  description = "A mapping of tags which should be assigned to the deployed resource"
+}
+
+variable "prefix" {
+  type        = string
+  description = "Prefix for the module name"
+}
+
+variable "postfix" {
+  type        = string
+  description = "Postfix for the module name"
+}
\ No newline at end of file
diff --git a/terraform/modules/resource-group/main.tf b/terraform/modules/resource-group/main.tf
new file mode 100644
index 0000000..045c593
--- /dev/null
+++ b/terraform/modules/resource-group/main.tf
@@ -0,0 +1,5 @@
+resource "azurerm_resource_group" "adl_rg" {
+  name     = "rg-${var.prefix}-${var.postfix}"
+  location = var.location
+  tags     = var.tags
+}
\ No newline at end of file
diff --git a/terraform/modules/resource-group/outputs.tf b/terraform/modules/resource-group/outputs.tf
new file mode 100644
index 0000000..44e271f
--- /dev/null
+++ b/terraform/modules/resource-group/outputs.tf
@@ -0,0 +1,7 @@
+output "name" {
+  value = azurerm_resource_group.adl_rg.name
+}
+
+output "location" {
+  value = azurerm_resource_group.adl_rg.location
+}
\ No newline at end of file
diff --git a/terraform/modules/resource-group/variables.tf b/terraform/modules/resource-group/variables.tf
new file mode 100644
index 0000000..1de576f
--- /dev/null
+++ b/terraform/modules/resource-group/variables.tf
@@ -0,0 +1,21 @@
+variable "location" {
+  type        = string
+  default     = "North Europe"
+  description = "Location of the Resource Group"
+}
+
+variable "tags" {
+  type        = map(string)
+  default     = {}
+  description = "A mapping of tags which should be assigned to the Resource Group"
+}
+
+variable "prefix" {
+  type        = string
+  description = "Prefix for the module name"
+}
+
+variable "postfix" {
+  type        = string
+  description = "Postfix for the module name"
+}
\ No newline at end of file
diff --git a/terraform/modules/storage-account/main.tf b/terraform/modules/storage-account/main.tf
new file mode 100644
index 0000000..791010c
--- /dev/null
+++ b/terraform/modules/storage-account/main.tf
@@ -0,0 +1,34 @@
+data "azurerm_client_config" "current" {}
+
+data "http" "ip" {
+  url = "https://ifconfig.me"
+}
+
+locals {
+  safe_prefix  = replace(var.prefix, "-", "")
+  safe_postfix = replace(var.postfix, "-", "")
+}
+
+resource "azurerm_storage_account" "adl_st" {
+  name                     = "st${local.safe_prefix}${local.safe_postfix}"
+  resource_group_name      = var.rg_name
+  location                 = var.location
+  account_tier             = "Standard"
+  account_replication_type = "LRS"
+  account_kind             = "StorageV2"
+  is_hns_enabled           = var.hns_enabled
+
+  tags = var.tags
+}
+
+# Virtual Network & Firewall configuration
+
+resource "azurerm_storage_account_network_rules" "firewall_rules" {
+  resource_group_name  = var.rg_name
+  storage_account_name = azurerm_storage_account.adl_st.name
+
+  default_action             = "Allow"
+  ip_rules                   = [] # [data.http.ip.body]
+  virtual_network_subnet_ids = var.firewall_virtual_network_subnet_ids
+  bypass                     = var.firewall_bypass
+}
diff --git a/terraform/modules/storage-account/outputs.tf b/terraform/modules/storage-account/outputs.tf
new file mode 100644
index 0000000..178cb72
--- /dev/null
+++ b/terraform/modules/storage-account/outputs.tf
@@ -0,0 +1,7 @@
+output "id" {
+  value = azurerm_storage_account.adl_st.id
+}
+
+output "name" {
+  value = azurerm_storage_account.adl_st.name
+}
diff --git a/terraform/modules/storage-account/variables.tf b/terraform/modules/storage-account/variables.tf
new file mode 100644
index 0000000..5996cf2
--- /dev/null
+++ b/terraform/modules/storage-account/variables.tf
@@ -0,0 +1,39 @@
+variable "rg_name" {
+  type        = string
+  description = "Resource group name"
+}
+
+variable "location" {
+  type        = string
+  description = "Location of the resource group"
+}
+
+variable "tags" {
+  type        = map(string)
+  default     = {}
+  description = "A mapping of tags which should be assigned to the Resource Group"
+}
+
+variable "prefix" {
+  type        = string
+  description = "Prefix for the module name"
+}
+
+variable "postfix" {
+  type        = string
+  description = "Postfix for the module name"
+}
+
+variable "hns_enabled" {
+  type        = bool
+  description = "Hierarchical namespaces enabled/disabled"
+  default     = true
+}
+
+variable "firewall_virtual_network_subnet_ids" {
+  default = []
+}
+
+variable "firewall_bypass" {
+  default = ["None"]
+}
\ No newline at end of file
diff --git a/terraform/pipelines/tf-ado-deploy-infra.yml b/terraform/pipelines/tf-ado-deploy-infra.yml
new file mode 100644
index 0000000..21002a1
--- /dev/null
+++ b/terraform/pipelines/tf-ado-deploy-infra.yml
@@ -0,0 +1,55 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License.
+
+variables:
+- template: ../../../config-aml.yml
+- ${{ if eq(variables['Build.SourceBranchName'], 'main') }}:
+    # 'main' branch: PRD environment
+    - template: ../../../config-infra-prod.yml
+- ${{ if ne(variables['Build.SourceBranchName'], 'main') }}:  
+    # 'develop' or feature branches: DEV environment
+    - template: ../../../config-infra-dev.yml
+
+trigger:
+- none
+
+pool:
+  vmImage: $(ap_vm_image)
+
+resources:
+  repositories:
+    - repository: mlops-templates 
+      name: Azure/mlops-templates 
+      endpoint: mlops-v2-tabular
+      type: github
+      ref: main #branch name
+
+stages :
+  - stage: CreateStorageAccountForTerraformState
+    displayName: Create Storage for Terraform
+    jobs:
+    - job: CreateStorageForTerraform
+      displayName: Create Storage for Terraform
+      steps:
+      - checkout: self
+        path: s/
+      - checkout: mlops-templates
+        path: s/templates/
+      - template: templates/infra/create-resource-group.yml@mlops-templates
+      - template: templates/infra/create-storage-account.yml@mlops-templates
+      - template: templates/infra/create-storage-container.yml@mlops-templates
+  - stage: DeployAzureMachineLearningRG
+    displayName: Deploy AML Resource Group
+    jobs:
+    - job:  DeployAMLWorkspace
+      displayName: 'Deploy AML Workspace'
+      steps:
+      - checkout: self
+        path: s/
+      - checkout: mlops-templates
+        path: s/templates/
+      - template: templates/infra/install-terraform.yml@mlops-templates
+      - template: templates/infra/run-terraform-init.yml@mlops-templates
+      - template: templates/infra/run-terraform-validate.yml@mlops-templates
+      - template: templates/infra/run-terraform-plan.yml@mlops-templates
+      - template: templates/infra/run-terraform-apply.yml@mlops-templates
\ No newline at end of file
diff --git a/terraform/variables.tf b/terraform/variables.tf
new file mode 100644
index 0000000..ddab7ca
--- /dev/null
+++ b/terraform/variables.tf
@@ -0,0 +1,23 @@
+variable "location" {
+  type        = string
+  description = "Location of the resource group and modules"
+}
+
+variable "prefix" {
+  type        = string
+  description = "Prefix for module names"
+}
+
+variable "environment" {
+  type        = string
+  description = "Environment information"
+}
+
+variable "postfix" {
+  type        = string
+  description = "Postfix for module names"
+}
+
+variable "enable_aml_computecluster" {
+  description = "Variable to enable or disable AML compute cluster"
+}
\ No newline at end of file