This directory contains the infrastructure-as-code (IaC) templates and deployment scripts for provisioning and managing Azure resources using Bicep.
- Azure CLI
- Azure Bicep tools
- Azure Subscription - You must have permission to create and manage resources in a target Azure subscription.
Note
The necessary CLI tools should be installed by default in the devcontainer environment.
You can confirm Bicep is installed by running the following command:
az bicep versioninfra/
├── bicep/
│ ├── modules/
│ │ └── ...
│ ├── main.bicep
│ ├── main.bicepparam
│ └── ...
├── scripts/
│ ├── Deploy-Infrastructure.ps1
│ ├── deploy.sh
│ └── ...
└── README.md- bicep/: Contains the Bicep templates and parameter files for provisioning Azure resources.
- modules/: Contains reusable Bicep modules for creating resources.
- scripts/: Contains the deployment scripts for managing the resources, supporting both PowerShell and Bash.
Important
Although not required, the deployment can be configured to your specific needs by modifying the parameters in the ./bicep/main.bicepparam file. All parameters are optional, and if not provided, resources will be deployed using the naming conventions defined in the Azure Cloud Adoption Framework.
Expand to see the parameters
[!NOTE] For resource names that are marked as Optional, if not provided, the deployment will use the naming conventions defined in the Azure Cloud Adoption Framework. This means that the resource names will be automatically generated based on the
workloadNameandlocationparameters.
| Bicep Parameter | Description |
|---|---|
| workloadName | Name of the Azure environment to deploy. |
| location | Azure region to deploy the resources, e.g. eastus2. |
| tags | Optional, Object containing the tags that will be assigned to all resources deployed resources. |
| keyVaultName | Optional, Name of the Key Vault to use for storing secrets. |
| logAnalyticsWorkspaceName | Optional, Name of the Log Analytics Workspace to use for monitoring and logging. |
| applicationInsightsName | Optional, Name of the Application Insights resource to use for monitoring. |
| aiServicesName | Optional, Name of the Azure AI Services resource to use for deploying the Azure OpenAI chat completion model. |
| storageAccountName | Optional, Name of the Azure Storage Account to use for storing data. |
| aiFoundryHubName | Optional, Name of the Azure AI Foundry Hub to use for managing the AI project. |
| aiFoundryProjectName | Optional, Name of the Azure AI Foundry Project to use for managing the AI resources for the experiment. |
| identities | Optional, Object containing the identities to assign least-privileged access Azure RBAC role assignments to. |
| raiPolicies | Optional, Object containing the Azure AI Content Safety policies to apply to deployed model endpoints in the Azure AI Services resource. |
| chatModelDeployment | Optional, Object containing the details for the Azure OpenAI chat completion model deployment to use, e.g. gpt-4.1. |
| textEmbeddingModelDeployment | Optional, Object containing the details for the Azure OpenAI text embedding model deployment to use, e.g. text-embedding-3-large. |
| phiModelDeployment | Optional, Object containing the details for the Azure AI Phi model deployment to use, e.g. Phi-4. |
To deploy the resources, run the following commands:
az login
./scripts/deploy.sh <deploymentName> <resourceGroupName> <location>Note
If a specific Azure tenant is required, use the --tenant <TenantId> parameter in the az login command.
az login --tenant <TenantId>
Tip
If you want to preview the changes without deployment, you can add the --what-if parameter.
./scripts/deploy.sh <deploymentName> <resourceGroupName> <location> --what-if
This script will compile the Bicep templates and deploy the resources to the target Azure subscription.
To teardown the resources, run the following commands:
./scripts/teardown.sh <resourceGroupName>This script will remove all resources provisioned by the deployment script.