terraform template

Author: brown9804

.gitignore

@@ -1,5 +1,5 @@
 # Local .terraform directories
-.terraform/
+*.terraform**
 
 # .tfstate files
 *.tfstate
@@ -13,7 +13,6 @@ crash.*.log
 # password, private keys, and other secrets. These should not be part of version 
 # control as they are data points which are potentially sensitive and subject 
 # to change depending on the environment.
-*.tfvars
 *.tfvars.json
 
 # Ignore override files as they are usually used to override resources locally and so
@@ -25,7 +24,7 @@ override.tf.json
 
 # Ignore transient lock info files created by terraform apply
 .terraform.tfstate.lock.info
-
+.terraform.lock.hcl
 # Include override files you do wish to add to version control using negated pattern
 # !example_override.tf
 
@@ -34,4 +33,4 @@ override.tf.json
 
 # Ignore CLI configuration files
 .terraformrc
-terraform.rc
+terraform.rc

README.md

@@ -1,4 +1,4 @@
-# Azure Text Embedding Model Recommendations - Overview 
+# Azure Text Embedding Model - Overview 
 
 Costa Rica
 

AI-Search_Overview.md aiSearch-Overview.mdAI-Search_Overview.md renamed to aiSearch-Overview.md

@@ -1,4 +1,4 @@
-#  RAG (Retrieval-Augmented Generation) pattern - Overview 
+#  Azure AI Search - Overview 
 
 Costa Rica
 

terraform-infrastructure/main.tf

@@ -0,0 +1,125 @@
+// Retrieve client config – helpful for role assignments.
+data "azurerm_client_config" "example" {}
+
+// Optionally, retrieve your own Azure AD user info.
+data "azuread_user" "current" {
+  object_id = data.azurerm_client_config.example.object_id
+}
+
+// Resource Group 
+resource "azurerm_resource_group" "rg" {
+  name     = var.resource_group_name
+  location = var.location
+  tags = {
+    Project = "AI Agents"
+  }
+}
+
+// Key Vault 
+resource "azurerm_key_vault" "example" {
+  name                = var.keyvault_name
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+  tenant_id           = data.azurerm_client_config.example.tenant_id
+
+  sku_name                 = "standard"
+  purge_protection_enabled = true
+}
+
+// Key Vault Policies 
+resource "azurerm_key_vault_access_policy" "example" {
+  key_vault_id = azurerm_key_vault.example.id
+  tenant_id    = data.azurerm_client_config.example.tenant_id
+  object_id    = data.azurerm_client_config.example.object_id
+
+  key_permissions = [
+    "Create",
+    "Get",
+    "Delete",
+    "Purge",
+    "GetRotationPolicy",
+  ]
+}
+
+// Storage Account 
+resource "azurerm_storage_account" "example" {
+  name                     = var.storage_account_name
+  location                 = azurerm_resource_group.rg.location
+  resource_group_name      = azurerm_resource_group.rg.name
+  account_tier             = "Standard"
+  account_replication_type = "LRS"
+}
+
+// AI Services Account 
+resource "azurerm_ai_services" "aiserviceaccount" {
+  name                = var.aiservices_name
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+  sku_name            = "S0"
+}
+
+// AI Foundry
+resource "azurerm_ai_foundry" "aifoundry" {
+  name                = var.aifoundry_name
+  location            = azurerm_ai_services.aiserviceaccount.location
+  resource_group_name = azurerm_ai_services.aiserviceaccount.resource_group_name
+  storage_account_id  = azurerm_storage_account.example.id
+  key_vault_id        = azurerm_key_vault.example.id
+
+  identity {
+    type = "SystemAssigned"
+  }
+
+}
+
+// AI Foundry Project 
+resource "azurerm_ai_foundry_project" "aiproject" {
+  name               = var.aifoundryproject_name
+  location           = azurerm_ai_foundry.aifoundry.location
+  ai_services_hub_id = azurerm_ai_foundry.aifoundry.id
+
+  identity {
+    type = "SystemAssigned"
+  }
+}
+
+
+// Azure Open AI (Cognitive Services) Account
+resource "azurerm_cognitive_account" "openai" {
+  name                = var.openai_account_name
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+  sku_name            = "S0"
+  kind                = "OpenAI"
+  tags = {
+    Project = "AI Agents"
+  }
+}
+
+// Azure Cognitive Search Service
+resource "azurerm_search_service" "search" {
+  name                = var.search_service_name
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+  sku                 = "standard"
+  partition_count     = 1
+  replica_count       = 1
+  tags = {
+    Project = "AI Agents"
+  }
+}
+
+
+// Role Assignments for Permissions
+resource "azurerm_role_assignment" "ai_developer" {
+  principal_id         = var.developer_principal_id # or object_id
+  scope                = azurerm_resource_group.rg.id
+  role_definition_name = "Azure AI Developer"
+}
+
+resource "azurerm_role_assignment" "openai_user" {
+  principal_id         = var.openai_user_object_id # or we can use object_id
+  scope                = azurerm_resource_group.rg.id
+  role_definition_name = "Cognitive Services OpenAI User"
+}
+

terraform-infrastructure/outputs.tf

@@ -0,0 +1,11 @@
+output "resource_group_id" {
+  value = azurerm_resource_group.rg.id
+}
+
+output "openai_account_id" {
+  value = azurerm_cognitive_account.openai.id
+}
+
+output "search_service_name" {
+  value = azurerm_search_service.search.name
+}

terraform-infrastructure/provider.tf

@@ -0,0 +1,27 @@
+# provider.tf
+# This file configures the Azure provider to interact with Azure resources.
+# It specifies the required provider and its version, along with provider-specific configurations.
+
+terraform {
+  required_version = ">= 1.8, < 2.0"
+  # Specify the required provider and its version
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"  # Source of the AzureRM provider
+      version = "~> 4.30.0"          # Version of the AzureRM provider
+    }
+    azuread = {
+      source  = "hashicorp/azuread"
+      version = "~> 2.38.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}                        # Enable all features for the AzureRM provider
+  subscription_id = var.subscription_id  # Add your subscription ID here
+}
+
+provider "azuread" {
+  # Defaults are usually sufficient.
+}

terraform-infrastructure/terraform.tfvars

@@ -0,0 +1,12 @@
+subscription_id        = "<your_subscription_id>"
+resource_group_name    = "RG-Embedding-Btest"
+location               = "East US"
+storage_account_name   = "aiembeddingbx1"
+aiservices_name        = "aiservicesbx1"
+keyvault_name          = "aiembeddingkvbx1"
+aifoundry_name         = "aifoundrytestbx1"
+aifoundryproject_name  = "projectnametestbx1"
+openai_account_name    = "aoaibx1test"
+search_service_name    = "aisearchbx1test"
+developer_principal_id = "<your_developer_principal_id>"
+openai_user_object_id  = "<your_openai_user_object_id>"

terraform-infrastructure/variables.tf

@@ -0,0 +1,60 @@
+variable "subscription_id" {
+  description = "Azure subscription ID"
+  type        = string
+}
+
+variable "location" {
+  description = "Azure region"
+  type        = string
+  default     = "East US"
+}
+
+variable "resource_group_name" {
+  description = "Name of the resource group for the AI Foundry Project"
+  type        = string
+}
+
+variable "keyvault_name" {
+  description = "The name of the key vault"
+  type        = string
+}
+
+variable "aiservices_name" {
+  description = "The name of the AI services account"
+  type        = string
+}
+
+variable "aifoundry_name" {
+  description = "The name of the AI Foundry Hub"
+  type        = string
+}
+
+variable "aifoundryproject_name" {
+  description = "The name of the AI Foundry Project"
+  type        = string
+}
+
+variable "storage_account_name" {
+  description = "The name of the storage account"
+  type        = string
+}
+
+variable "openai_account_name" {
+  description = "Name of the Azure OpenAI (Cognitive Services) account"
+  type        = string
+}
+
+variable "search_service_name" {
+  description = "Name of the Azure Cognitive Search service"
+  type        = string
+}
+
+variable "developer_principal_id" {
+  description = "Principal ID for the Azure AI Developer (assigned at the resource group level)"
+  type        = string
+}
+
+variable "openai_user_object_id" {
+  description = "Object ID for the Cognitive Services Open AI User (assigned at the resource group level)"
+  type        = string
+}