@@ -635,31 +635,7 @@ module aiFoundryAiServices 'modules/ai-services.bicep' = if (aiFoundryAIservices
635635 // WAF aligned configuration for Monitoring
636636 diagnosticSettings : enableMonitoring ? [{ workspaceResourceId : logAnalyticsWorkspaceResourceId }] : null
637637 publicNetworkAccess : enablePrivateNetworking ? 'Disabled' : 'Enabled'
638- privateEndpoints : (enablePrivateNetworking && empty (existingAiFoundryAiProjectResourceId ))
639- ? ([
640- {
641- name : 'pep-${aiFoundryAiServicesResourceName }'
642- customNetworkInterfaceName : 'nic-${aiFoundryAiServicesResourceName }'
643- subnetResourceId : virtualNetwork !.outputs .pepsSubnetResourceId
644- privateDnsZoneGroup : {
645- privateDnsZoneGroupConfigs : [
646- {
647- name : 'ai-services-dns-zone-cognitiveservices'
648- privateDnsZoneResourceId : avmPrivateDnsZones [dnsZoneIndex .cognitiveServices ]!.outputs .resourceId
649- }
650- {
651- name : 'ai-services-dns-zone-openai'
652- privateDnsZoneResourceId : avmPrivateDnsZones [dnsZoneIndex .openAI ]!.outputs .resourceId
653- }
654- {
655- name : 'ai-services-dns-zone-aiservices'
656- privateDnsZoneResourceId : avmPrivateDnsZones [dnsZoneIndex .aiServices ]!.outputs .resourceId
657- }
658- ]
659- }
660- }
661- ])
662- : []
638+ privateEndpoints : []
663639 deployments : [
664640 for aiModelDeployment in aiModelDeployments : {
665641 name : aiModelDeployment .name
@@ -678,6 +654,43 @@ module aiFoundryAiServices 'modules/ai-services.bicep' = if (aiFoundryAIservices
678654 }
679655}
680656
657+ // ========== AI Foundry Private Endpoint ========== //
658+ module aiFoundryPrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.8.1' = if (enablePrivateNetworking && !useExistingAiFoundryAiProject ) {
659+ name : take ('pep-${aiFoundryAiServicesResourceName }-deployment' , 64 )
660+ params : {
661+ name : 'pep-${aiFoundryAiServicesResourceName }'
662+ customNetworkInterfaceName : 'nic-${aiFoundryAiServicesResourceName }'
663+ location : location
664+ tags : tags
665+ privateLinkServiceConnections : [
666+ {
667+ name : 'pep-${aiFoundryAiServicesResourceName }-connection'
668+ properties : {
669+ privateLinkServiceId : aiFoundryAiServices !.outputs .resourceId
670+ groupIds : ['account' ]
671+ }
672+ }
673+ ]
674+ privateDnsZoneGroup : {
675+ privateDnsZoneGroupConfigs : [
676+ {
677+ name : 'ai-services-dns-zone-cognitiveservices'
678+ privateDnsZoneResourceId : avmPrivateDnsZones [dnsZoneIndex .cognitiveServices ]!.outputs .resourceId
679+ }
680+ {
681+ name : 'ai-services-dns-zone-openai'
682+ privateDnsZoneResourceId : avmPrivateDnsZones [dnsZoneIndex .openAI ]!.outputs .resourceId
683+ }
684+ {
685+ name : 'ai-services-dns-zone-aiservices'
686+ privateDnsZoneResourceId : avmPrivateDnsZones [dnsZoneIndex .aiServices ]!.outputs .resourceId
687+ }
688+ ]
689+ }
690+ subnetResourceId : virtualNetwork !.outputs .pepsSubnetResourceId
691+ }
692+ }
693+
681694// AI Foundry: AI Services Content Understanding
682695var aiFoundryAiServicesCUResourceName = 'aif-${solutionSuffix }-cu'
683696var aiServicesNameCu = 'aisa-${solutionSuffix }-cu'
@@ -703,31 +716,7 @@ module cognitiveServicesCu 'br/public:avm/res/cognitive-services/account:0.14.1'
703716 // staticsEnabled: false
704717 }
705718 publicNetworkAccess : enablePrivateNetworking ? 'Disabled' : 'Enabled'
706- privateEndpoints : (enablePrivateNetworking )
707- ? ([
708- {
709- name : 'pep-${aiFoundryAiServicesCUResourceName }'
710- customNetworkInterfaceName : 'nic-${aiFoundryAiServicesCUResourceName }'
711- subnetResourceId : virtualNetwork !.outputs .pepsSubnetResourceId
712- privateDnsZoneGroup : {
713- privateDnsZoneGroupConfigs : [
714- {
715- name : 'ai-services-cu-dns-zone-cognitiveservices'
716- privateDnsZoneResourceId : avmPrivateDnsZones [dnsZoneIndex .cognitiveServices ]!.outputs .resourceId
717- }
718- {
719- name : 'ai-services-cu-dns-zone-openai'
720- privateDnsZoneResourceId : avmPrivateDnsZones [dnsZoneIndex .openAI ]!.outputs .resourceId
721- }
722- {
723- name : 'ai-services-cu-dns-zone-aiservices'
724- privateDnsZoneResourceId : avmPrivateDnsZones [dnsZoneIndex .aiServices ]!.outputs .resourceId
725- }
726- ]
727- }
728- }
729- ])
730- : []
719+ privateEndpoints : []
731720 roleAssignments : [
732721 {
733722 roleDefinitionIdOrName : '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Azure AI User
@@ -738,6 +727,43 @@ module cognitiveServicesCu 'br/public:avm/res/cognitive-services/account:0.14.1'
738727 }
739728}
740729
730+ // ========== AI Services CU: Separate Private Endpoint ========== //
731+ module cognitiveServicesCuPrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.8.1' = if (enablePrivateNetworking ) {
732+ name : take ('pep-${aiFoundryAiServicesCUResourceName }-deployment' , 64 )
733+ params : {
734+ name : 'pep-${aiFoundryAiServicesCUResourceName }'
735+ customNetworkInterfaceName : 'nic-${aiFoundryAiServicesCUResourceName }'
736+ location : location
737+ tags : tags
738+ privateLinkServiceConnections : [
739+ {
740+ name : 'pep-${aiFoundryAiServicesCUResourceName }-connection'
741+ properties : {
742+ privateLinkServiceId : cognitiveServicesCu .outputs .resourceId
743+ groupIds : ['account' ]
744+ }
745+ }
746+ ]
747+ privateDnsZoneGroup : {
748+ privateDnsZoneGroupConfigs : [
749+ {
750+ name : 'ai-services-cu-dns-zone-cognitiveservices'
751+ privateDnsZoneResourceId : avmPrivateDnsZones [dnsZoneIndex .cognitiveServices ]!.outputs .resourceId
752+ }
753+ {
754+ name : 'ai-services-cu-dns-zone-openai'
755+ privateDnsZoneResourceId : avmPrivateDnsZones [dnsZoneIndex .openAI ]!.outputs .resourceId
756+ }
757+ {
758+ name : 'ai-services-cu-dns-zone-aiservices'
759+ privateDnsZoneResourceId : avmPrivateDnsZones [dnsZoneIndex .aiServices ]!.outputs .resourceId
760+ }
761+ ]
762+ }
763+ subnetResourceId : virtualNetwork !.outputs .pepsSubnetResourceId
764+ }
765+ }
766+
741767// ========== AVM WAF ========== //
742768// ========== AI Foundry: AI Search ========== //
743769var aiSearchName = 'srch-${solutionSuffix }'
0 commit comments