Skip to content

Latest commit

 

History

History
119 lines (94 loc) · 6.79 KB

README.md

File metadata and controls

119 lines (94 loc) · 6.79 KB

Azure AI Landing Zone with Terraform

Azure AI Landing Zone

This GitHub repository provides a comprehensive guide and Terraform configurations to deploy an Azure AI Landing Zone—a specialized environment for empowering AI technologies, including advanced language models like GPT-4. The landing zone is designed to complement existing data management and data landing zones within your cloud-scale data analytics platform, enabling you to unlock the true potential of AI.

Getting Started

To deploy the Azure AI Landing Zone with Terraform, follow the steps below:

1. Set up Connectivity

  • Create a file /Landing_Zones/terraform.tfvars.
  • Replace <your connectivity subscription> with your actual connectivity subscription ID in the connectivity_subscription field.
  • Modify settings in the file /Landing_Zone/settings.connectivity.tf based on your requirements.
  • Authenticate to Azure using az login.

2. Initialize and Preview the Deployment

  • Open your command line interface application and navigate to the /Landing_Zone folder.
  • Run terraform init -reconfigure to initialize the Terraform repository using local state.
  • Preview the deployment by running terraform plan -var-file="terraform.tfvars".

3. Deploy the Connectivity Infrastructure

  • Execute terraform apply -var-file="terraform.tfvars" to deploy the connectivity infrastructure for the landing zone.

4. Deploy AI Workloads

  • Navigate to the /Workload/AI folder.
  • Create a file /Workload/AI/terraform.tfvars.
  • Replace <your connectivity subscription> and <your AI subscription> with your respective subscription IDs.
  • Copy the ID of your hub VNet deployed during the landing zone and paste it in the hub_vnet_id field.
  • Follow the same steps as above to deploy the AI workloads.

5. Configure APIM

  • Use the provided policy in the README to test OpenAI API behind APIM.
  • Replace <Your OpenAI API Key> and <Your OpenAI Backend Service> with your actual API key and backend service URL.
application/json application/json @(context.Response.Body.As()) ## What's Included

This repository contains Terraform configurations and settings to deploy the following components:

  • Connectivity Components:

    • Azure Virtual Networks (Hub) for secure connectivity to on-premises systems and other spoke networks.
    • Azure Firewall, a network-based, stateful firewall to control and inspect traffic flow in and out of the hub.
    • Bastion, a secure remote desktop access solution for VMs in the virtual network.
    • Jumpbox, a secure jump host to access VMs in private subnets.
  • AI Workloads:

    • Azure Open AI, a managed AI service for running advanced language models like GPT-4.
    • Separate Virtual Networks (Spokes) for securely hosting AI workloads.
    • Subnets within spokes to isolate different components.
    • Route Tables for controlling traffic flow within virtual networks.
    • Application Gateway, a load balancer for secure access to web applications and AI services.
    • Azure API Management as the API gateway for managing and securing APIs, including Azure Open AI.
    • Private DNS Zones for name resolution within the virtual network and between VNets.
    • Cosmos DB, a globally distributed, multi-model database service to support AI applications.
    • Web applications in Azure Web App.
    • Azure AI services for building intelligent applications.

Configuration Tips

This GitHub repository provides a foundation for your AI Landing Zone. However, it's essential to consider additional enhancements and best practices for your specific use case. Here are some tips for further improvement:

  • Implement Managed Identity for authenticating with Azure services.
  • Integrate Azure Key Vault for centralized secrets management.
  • Explore advanced networking configurations like Azure Virtual WAN and ExpressRoute to optimize network performance and connectivity.
  • Enable SSL/TLS certificates at the Azure Application Gateway level to enhance data encryption and security.

Contributions

Contributions to this repository are welcome! Feel free to raise issues or submit pull requests for any improvements, bug fixes, or additional features that can benefit the community.

License

This project is licensed under the MIT License. You are free to use, modify, and distribute the code as per the terms of the license.

Let's empower AI enthusiasts like you to revolutionize AI technology with Azure and Terraform. Share this repository with your network and join our community of innovators! 🌟 #AI #Azure #Terraform #CloudComputing #TechInnovation