Create azuredeploy.json (#18)

* Create azuredeploy.json * Create azureML.json * Create cosmosdb.json * Create Identity.json * Update cosmosdb.json * Update cosmosdb.json * Update cosmosdb.json
2021-03-16 19:11:04 -04:00 · 2021-03-16 19:11:04 -04:00 · 533b7bdb6b
--- a/AzureDeployment/AzureML/azureML.json
+++ b/AzureDeployment/AzureML/azureML.json
@ -0,0 +1,115 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "azureMLName": {
+      "type": "string"
+    },
+    "location": {
+      "type": "string"
+    },
+    "uniqueKey": {
+      "type": "string"
+    }
+  },
+  "variables": {
+    "azureMLSku": "basic",
+    "appInsights": "[resourceId('Microsoft.Insights/components', variables('appInsightsName'))]",
+    "appInsightsName": "[concat('appInsights-', parameters('uniqueKey'))]",
+    "keyVault": "[resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName'))]",
+    "keyVaultName": "[concat('keyVault-', parameters('uniqueKey'))]",
+    "dataAccount": "[resourceId('Microsoft.Storage/storageAccounts', variables('dataAccountName'))]",
+    "dataAccountName": "[concat('storage', parameters('uniqueKey'))]",
+    "dataAccountType": "Standard_LRS"
+  },
+  "resources": [
+    {
+      "comments": "Application Insights for AzureML Workspace",
+      "type": "Microsoft.Insights/components",
+      "apiVersion": "2020-02-02-preview",
+      "name": "[variables('appInsightsName')]",
+      "location": "[if(or(equals(parameters('location'),'eastus2'), equals(parameters('location'),'westcentralus')),'southcentralus',parameters('location'))]",
+      "kind": "web",
+      "properties": {
+        "Application_Type": "web"
+      }
+    },
+    {
+      "comments": "KeyVault for AzureML Workspace",
+      "type": "Microsoft.KeyVault/vaults",
+      "apiVersion": "2019-09-01",
+      "name": "[variables('keyVaultName')]",
+      "location": "[parameters('location')]",
+      "properties": {
+        "accessPolicies": [],
+        "enableSoftDelete": true,
+        "softDeleteRetentionInDays": 30,
+        "sku": {
+          "family": "A",
+          "name": "standard"
+        },
+        "tenantId": "[subscription().tenantId]"
+      }
+    },
+    {
+      "comments": "Storage account for AzureML Workspace",
+      "type": "Microsoft.Storage/storageAccounts",
+      "apiVersion": "2019-06-01",
+      "name": "[variables('dataAccountName')]",
+      "location": "[parameters('location')]",
+      "sku": {
+        "name": "[variables('dataAccountType')]"
+      },
+      "kind": "StorageV2",
+      "properties": {
+        "encryption": {
+          "keySource": "Microsoft.Storage",
+          "services": {
+            "blob": {
+              "enabled": true
+            },
+            "file": {
+              "enabled": true
+            }
+          }
+        },
+        "supportsHttpsTrafficOnly": true
+      }
+    },
+    {
+      "comments": "AzureML Workspace",
+      "type": "Microsoft.MachineLearningServices/workspaces",
+      "apiVersion": "2020-06-01",
+      "name": "[parameters('azureMLName')]",
+      "location": "[parameters('location')]",
+      "sku": {
+        "name": "[variables('azureMLSku')]",
+        "tier": "[variables('azureMLSku')]"
+      },
+      "dependsOn": [
+        "[variables('appInsights')]",
+        "[variables('dataAccount')]",
+        "[variables('keyVault')]"
+      ],
+      "properties": {
+        "applicationInsights": "[variables('appInsights')]",
+        "friendlyName": "[parameters('azureMLName')]",
+        "keyVault": "[variables('keyVault')]",
+        "storageAccount": "[variables('dataAccount')]"
+      },
+      "identity": {
+        "type": "SystemAssigned"
+      }
+    }
+  ],
+  "outputs": {
+    "resourceId": {
+      "type": "string",
+      "value": "[resourceId('Microsoft.MachineLearningServices/workspaces', parameters('azureMLName'))]"
+    },
+    "keyVaultName": {
+      "type": "string",
+      "value": "[variables('keyVaultName')]"
+    }
+  }
+}
--- a/AzureDeployment/CosmosDB/cosmosdb.json
+++ b/AzureDeployment/CosmosDB/cosmosdb.json
@ -0,0 +1,86 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "accountName": {
+      "type": "string"
+    },
+    "databaseName": {
+      "type": "string"
+    },
+    "containerName": {
+      "type": "string"
+    },
+    "partitionKey": {
+      "type": "string"
+    },
+    "location": {
+      "type": "string"
+    },
+    "keyVaultKeyUri": {
+      "type": "string",
+      "metadata": {
+        "description": "The uri to a key in your Key Vault to add a second layer of encryption on top of what is provided by default"
+      },
+      "defaultValue": ""
+    }
+  },
+  "resources": [
+    {
+      "comments": "Create a Cosmos DB account, database and container.",
+      "name": "[parameters('accountName')]",
+      "type": "Microsoft.DocumentDB/databaseAccounts",
+      "apiVersion": "2020-04-01",
+      "location": "[parameters('location')]",
+      "properties": {
+        "locations": [
+          {
+            "locationName": "[parameters('location')]"
+          }
+        ],
+        "databaseAccountOfferType": "Standard",
+        "keyVaultKeyUri": "[parameters('keyVaultKeyUri')]"
+    },
+    {
+      "name": "[parameters('databaseName')]",
+      "type": "Microsoft.DocumentDB/sqlDatabases",
+      "apiVersion": "2020-04-01",
+      "dependsOn": [
+        "[parameters('accountName')]"
+      ],
+      "properties": {
+        "resource": {
+          "id": "[parameters('databaseName')]"
+        },
+        "options": {
+          "throughput": 400
+        }
+      }
+    }
+    {
+      "name": "[parameters('containerName')]",
+      "type": "Microsoft.DocumentDB/containers",
+      "apiVersion": "2020-04-01",
+      "dependsOn": [
+        "[parameters('databaseName')]"
+      ],
+      "properties": {
+        "resource": {
+          "id": "[parameters('containerName')]",
+          "partitionKey": {
+            "paths": [
+              "[parameters('partitionKey')]"
+            ],
+            "kind": "Hash"
+          }
+        }
+      }
+    }
+  ],
+  "outputs": {
+    "resourceId": {
+      "type": "string",
+      "value": "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('accountName'))]"
+    }
+  }
+}
--- a/AzureDeployment/DeploySpark/Synapse/azuredeploy.json
+++ b/AzureDeployment/DeploySpark/Synapse/azuredeploy.json
@ -0,0 +1,59 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "name": {
+            "type": "String"
+        },
+        "sqlAdministratorLogin": {
+            "type": "String"
+        },
+        "sqlAdministratorPassword": {
+            "type": "SecureString"
+        },
+        "tagValues": {
+            "defaultValue": {"Created with":"Synapse Azure Resource Manager deploment template"},
+            "type": "Object"
+        }
+    },
+    "resources": [
+        {
+            "type": "Microsoft.Resources/deployments",
+            "apiVersion": "2018-05-01",
+            "name": "storage",
+            "properties": {
+              "mode": "Incremental",
+              "templateLink": {
+                "uri": "https://raw.githubusercontent.com/Azure-Samples/Synapse/master/Manage/DeployWorkspace/storage/azuredeploy.json",
+                "contentVersion": "1.0.0.0"
+              },
+              "parameters":{
+                "storageAccount":{"value": "[parameters('name')]"}
+              }
+            }
+        },
+        {
+            "type": "Microsoft.Resources/deployments",
+            "apiVersion": "2018-05-01",
+            "name": "workspace",
+            "properties": {
+              "mode": "Incremental",
+              "templateLink": {
+                "uri": "https://raw.githubusercontent.com/Azure-Samples/Synapse/master/Manage/DeployWorkspace/workspace/azuredeploy.json",
+                "contentVersion": "1.0.0.0"
+              },
+              "parameters":{
+                "name":{"value": "[parameters('name')]"},
+                "sqlAdministratorLogin":{"value": "[parameters('sqlAdministratorLogin')]"},
+                "sqlAdministratorPassword":{"value": "[parameters('sqlAdministratorPassword')]"},
+                "defaultDataLakeStorageAccountName":{"value": "[parameters('name')]"},
+                "tagValues":{"value": "[parameters('tagValues')]"}
+              }
+            },
+            "dependsOn": [
+                "storage"
+            ]
+        }
+    ],
+    "outputs": {}
+}
--- a/AzureDeployment/Identity/Identity.json
+++ b/AzureDeployment/Identity/Identity.json
@ -0,0 +1,74 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "delegateIdentity": {
+      "type": "bool",
+      "defaultValue": false
+    },
+    "identityName": {
+      "type": "string"
+    },
+    "location": {
+      "type": "string"
+    }
+  },
+  "variables": {
+    "contributor": "[concat(subscription().id, '/providers/Microsoft.Authorization/roleDefinitions/', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
+    "identity": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName'))]",
+    "roleAssignmentName": "[guid(resourceGroup().id, parameters('identityName'))]",
+    "delegatedRoleAssignmentName": "[guid(resourceGroup().id, parameters('identityName'), 'delegated')]"
+  },
+  "resources": [
+    {
+      "comments": "User-assigned managed identity used by deployment script",
+      "type": "Microsoft.ManagedIdentity/userAssignedIdentities",
+      "apiVersion": "2018-11-30",
+      "name": "[parameters('identityName')]",
+      "location": "[parameters('location')]"
+    },
+    {
+      "condition": "[not(parameters('delegateIdentity'))]",
+      "comments": "Grant user-assigned managed identity permission on the scope of resource group",
+      "type": "Microsoft.Authorization/roleAssignments",
+      "apiVersion": "2020-04-01-preview",
+      "name": "[variables('roleAssignmentName')]",
+      "dependsOn": [
+        "[variables('identity')]"
+      ],
+      "properties": {
+        "roleDefinitionId": "[variables('contributor')]",
+        "principalId": "[reference(parameters('identityName')).principalId]",
+        "principalType": "ServicePrincipal",
+        "scope": "[resourceGroup().id]"
+      }
+    },
+    {
+      "condition": "[parameters('delegateIdentity')]",
+      "comments": "Grant user-assigned managed identity permission on the scope of resource group",
+      "type": "Microsoft.Authorization/roleAssignments",
+      "apiVersion": "2020-04-01-preview",
+      "name": "[variables('delegatedRoleAssignmentName')]",
+      "dependsOn": [
+        "[variables('identity')]"
+      ],
+      "properties": {
+        "roleDefinitionId": "[variables('contributor')]",
+        "principalId": "[reference(parameters('identityName')).principalId]",
+        "principalType": "ServicePrincipal",
+        "scope": "[resourceGroup().id]",
+        "delegatedManagedIdentityResourceId": "[variables('identity')]"
+      }
+    }
+  ],
+  "outputs": {
+    "resourceId": {
+      "type": "string",
+      "value": "[variables('identity')]"
+    },
+    "principalId": {
+      "type": "string",
+      "value": "[reference(parameters('identityName')).principalId]"
+    }
+  }
+}