diff --git a/AzureDeployment/AzureML/azureML.json b/AzureDeployment/AzureML/azureML.json new file mode 100644 index 0000000..0c34826 --- /dev/null +++ b/AzureDeployment/AzureML/azureML.json @@ -0,0 +1,115 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "azureMLName": { + "type": "string" + }, + "location": { + "type": "string" + }, + "uniqueKey": { + "type": "string" + } + }, + "variables": { + "azureMLSku": "basic", + "appInsights": "[resourceId('Microsoft.Insights/components', variables('appInsightsName'))]", + "appInsightsName": "[concat('appInsights-', parameters('uniqueKey'))]", + "keyVault": "[resourceId('Microsoft.KeyVault/vaults', variables('keyVaultName'))]", + "keyVaultName": "[concat('keyVault-', parameters('uniqueKey'))]", + "dataAccount": "[resourceId('Microsoft.Storage/storageAccounts', variables('dataAccountName'))]", + "dataAccountName": "[concat('storage', parameters('uniqueKey'))]", + "dataAccountType": "Standard_LRS" + }, + "resources": [ + { + "comments": "Application Insights for AzureML Workspace", + "type": "Microsoft.Insights/components", + "apiVersion": "2020-02-02-preview", + "name": "[variables('appInsightsName')]", + "location": "[if(or(equals(parameters('location'),'eastus2'), equals(parameters('location'),'westcentralus')),'southcentralus',parameters('location'))]", + "kind": "web", + "properties": { + "Application_Type": "web" + } + }, + { + "comments": "KeyVault for AzureML Workspace", + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2019-09-01", + "name": "[variables('keyVaultName')]", + "location": "[parameters('location')]", + "properties": { + "accessPolicies": [], + "enableSoftDelete": true, + "softDeleteRetentionInDays": 30, + "sku": { + "family": "A", + "name": "standard" + }, + "tenantId": "[subscription().tenantId]" + } + }, + { + "comments": "Storage account for AzureML Workspace", + "type": "Microsoft.Storage/storageAccounts", + "apiVersion": "2019-06-01", + "name": "[variables('dataAccountName')]", + "location": "[parameters('location')]", + "sku": { + "name": "[variables('dataAccountType')]" + }, + "kind": "StorageV2", + "properties": { + "encryption": { + "keySource": "Microsoft.Storage", + "services": { + "blob": { + "enabled": true + }, + "file": { + "enabled": true + } + } + }, + "supportsHttpsTrafficOnly": true + } + }, + { + "comments": "AzureML Workspace", + "type": "Microsoft.MachineLearningServices/workspaces", + "apiVersion": "2020-06-01", + "name": "[parameters('azureMLName')]", + "location": "[parameters('location')]", + "sku": { + "name": "[variables('azureMLSku')]", + "tier": "[variables('azureMLSku')]" + }, + "dependsOn": [ + "[variables('appInsights')]", + "[variables('dataAccount')]", + "[variables('keyVault')]" + ], + "properties": { + "applicationInsights": "[variables('appInsights')]", + "friendlyName": "[parameters('azureMLName')]", + "keyVault": "[variables('keyVault')]", + "storageAccount": "[variables('dataAccount')]" + }, + "identity": { + "type": "SystemAssigned" + } + } + ], + "outputs": { + "resourceId": { + "type": "string", + "value": "[resourceId('Microsoft.MachineLearningServices/workspaces', parameters('azureMLName'))]" + }, + "keyVaultName": { + "type": "string", + "value": "[variables('keyVaultName')]" + } + } +} diff --git a/AzureDeployment/CosmosDB/cosmosdb.json b/AzureDeployment/CosmosDB/cosmosdb.json new file mode 100644 index 0000000..ba61233 --- /dev/null +++ b/AzureDeployment/CosmosDB/cosmosdb.json @@ -0,0 +1,86 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "accountName": { + "type": "string" + }, + "databaseName": { + "type": "string" + }, + "containerName": { + "type": "string" + }, + "partitionKey": { + "type": "string" + }, + "location": { + "type": "string" + }, + "keyVaultKeyUri": { + "type": "string", + "metadata": { + "description": "The uri to a key in your Key Vault to add a second layer of encryption on top of what is provided by default" + }, + "defaultValue": "" + } + }, + "resources": [ + { + "comments": "Create a Cosmos DB account, database and container.", + "name": "[parameters('accountName')]", + "type": "Microsoft.DocumentDB/databaseAccounts", + "apiVersion": "2020-04-01", + "location": "[parameters('location')]", + "properties": { + "locations": [ + { + "locationName": "[parameters('location')]" + } + ], + "databaseAccountOfferType": "Standard", + "keyVaultKeyUri": "[parameters('keyVaultKeyUri')]" + }, + { + "name": "[parameters('databaseName')]", + "type": "Microsoft.DocumentDB/sqlDatabases", + "apiVersion": "2020-04-01", + "dependsOn": [ + "[parameters('accountName')]" + ], + "properties": { + "resource": { + "id": "[parameters('databaseName')]" + }, + "options": { + "throughput": 400 + } + } + } + { + "name": "[parameters('containerName')]", + "type": "Microsoft.DocumentDB/containers", + "apiVersion": "2020-04-01", + "dependsOn": [ + "[parameters('databaseName')]" + ], + "properties": { + "resource": { + "id": "[parameters('containerName')]", + "partitionKey": { + "paths": [ + "[parameters('partitionKey')]" + ], + "kind": "Hash" + } + } + } + } + ], + "outputs": { + "resourceId": { + "type": "string", + "value": "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('accountName'))]" + } + } +} diff --git a/AzureDeployment/DeploySpark/Synapse/azuredeploy.json b/AzureDeployment/DeploySpark/Synapse/azuredeploy.json new file mode 100644 index 0000000..b4aa588 --- /dev/null +++ b/AzureDeployment/DeploySpark/Synapse/azuredeploy.json @@ -0,0 +1,59 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "type": "String" + }, + "sqlAdministratorLogin": { + "type": "String" + }, + "sqlAdministratorPassword": { + "type": "SecureString" + }, + "tagValues": { + "defaultValue": {"Created with":"Synapse Azure Resource Manager deploment template"}, + "type": "Object" + } + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2018-05-01", + "name": "storage", + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "https://raw.githubusercontent.com/Azure-Samples/Synapse/master/Manage/DeployWorkspace/storage/azuredeploy.json", + "contentVersion": "1.0.0.0" + }, + "parameters":{ + "storageAccount":{"value": "[parameters('name')]"} + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2018-05-01", + "name": "workspace", + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "https://raw.githubusercontent.com/Azure-Samples/Synapse/master/Manage/DeployWorkspace/workspace/azuredeploy.json", + "contentVersion": "1.0.0.0" + }, + "parameters":{ + "name":{"value": "[parameters('name')]"}, + "sqlAdministratorLogin":{"value": "[parameters('sqlAdministratorLogin')]"}, + "sqlAdministratorPassword":{"value": "[parameters('sqlAdministratorPassword')]"}, + "defaultDataLakeStorageAccountName":{"value": "[parameters('name')]"}, + "tagValues":{"value": "[parameters('tagValues')]"} + } + }, + "dependsOn": [ + "storage" + ] + } + ], + "outputs": {} +} diff --git a/AzureDeployment/Identity/Identity.json b/AzureDeployment/Identity/Identity.json new file mode 100644 index 0000000..1dbfba4 --- /dev/null +++ b/AzureDeployment/Identity/Identity.json @@ -0,0 +1,74 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "delegateIdentity": { + "type": "bool", + "defaultValue": false + }, + "identityName": { + "type": "string" + }, + "location": { + "type": "string" + } + }, + "variables": { + "contributor": "[concat(subscription().id, '/providers/Microsoft.Authorization/roleDefinitions/', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "identity": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName'))]", + "roleAssignmentName": "[guid(resourceGroup().id, parameters('identityName'))]", + "delegatedRoleAssignmentName": "[guid(resourceGroup().id, parameters('identityName'), 'delegated')]" + }, + "resources": [ + { + "comments": "User-assigned managed identity used by deployment script", + "type": "Microsoft.ManagedIdentity/userAssignedIdentities", + "apiVersion": "2018-11-30", + "name": "[parameters('identityName')]", + "location": "[parameters('location')]" + }, + { + "condition": "[not(parameters('delegateIdentity'))]", + "comments": "Grant user-assigned managed identity permission on the scope of resource group", + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "name": "[variables('roleAssignmentName')]", + "dependsOn": [ + "[variables('identity')]" + ], + "properties": { + "roleDefinitionId": "[variables('contributor')]", + "principalId": "[reference(parameters('identityName')).principalId]", + "principalType": "ServicePrincipal", + "scope": "[resourceGroup().id]" + } + }, + { + "condition": "[parameters('delegateIdentity')]", + "comments": "Grant user-assigned managed identity permission on the scope of resource group", + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "name": "[variables('delegatedRoleAssignmentName')]", + "dependsOn": [ + "[variables('identity')]" + ], + "properties": { + "roleDefinitionId": "[variables('contributor')]", + "principalId": "[reference(parameters('identityName')).principalId]", + "principalType": "ServicePrincipal", + "scope": "[resourceGroup().id]", + "delegatedManagedIdentityResourceId": "[variables('identity')]" + } + } + ], + "outputs": { + "resourceId": { + "type": "string", + "value": "[variables('identity')]" + }, + "principalId": { + "type": "string", + "value": "[reference(parameters('identityName')).principalId]" + } + } +}