Skip to content
Merged
Show file tree
Hide file tree
Changes from 4 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion .devcontainer/devcontainer.json
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,11 @@
"ghcr.io/devcontainers/features/docker-in-docker:2": {"version": "latest"},
"ghcr.io/azure/azure-dev/azd:latest": {},
"ghcr.io/devcontainers/features/node:1": {},
"ghcr.io/devcontainers/features/azure-cli:1": {},
"ghcr.io/devcontainers/features/azure-cli:1": {
"installBicep": true,
"version": "latest",
"bicepVersion": "latest"
Comment thread
Dhruvkumar-Microsoft marked this conversation as resolved.
},
"ghcr.io/jsburckhardt/devcontainer-features/uv:1": {"shellautocompletion": true,
"version": "latest"}
},
Expand Down
54 changes: 1 addition & 53 deletions infra/main.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -701,15 +701,13 @@ module virtualMachine 'br/public:avm/res/compute/virtual-machine:0.22.0' = if (e
}

// ========== Private DNS Zones ========== //
var keyVaultPrivateDNSZone = 'privatelink.${toLower(environment().name) == 'azureusgovernment' ? 'vaultcore.usgovcloudapi.net' : 'vaultcore.azure.net'}'
var privateDnsZones = [
'privatelink.cognitiveservices.azure.com'
'privatelink.openai.azure.com'
'privatelink.services.ai.azure.com'
'privatelink.documents.azure.com'
'privatelink.blob.core.windows.net'
'privatelink.search.windows.net'
keyVaultPrivateDNSZone
]

// DNS Zone Index Constants
Expand All @@ -720,7 +718,6 @@ var dnsZoneIndex = {
cosmosDb: 3
blob: 4
search: 5
keyVault: 6
}

// List of DNS zone indices that correspond to AI-related services.
Expand Down Expand Up @@ -1579,7 +1576,7 @@ module webSite 'modules/web-sites.bicep' = {
// ========== Storage Account ========== //

var storageAccountName = replace('st${solutionSuffix}', '-', '')
param storageContainerName string = 'sample-dataset'

param storageContainerNameRetailCustomer string = 'retail-dataset-customer'
param storageContainerNameRetailOrder string = 'retail-dataset-order'
param storageContainerNameRFPSummary string = 'rfp-summary-dataset'
Expand Down Expand Up @@ -1796,55 +1793,6 @@ module aiSearchFoundryConnection 'modules/aifp-connections.bicep' = {
]
}

// ========== KeyVault ========== //
var keyVaultName = 'kv-${solutionSuffix}'
module keyvault 'br/public:avm/res/key-vault/vault:0.13.3' = {
name: take('avm.res.key-vault.vault.${keyVaultName}', 64)
params: {
name: keyVaultName
location: location
tags: tags
sku: enableScalability ? 'premium' : 'standard'
publicNetworkAccess: enablePrivateNetworking ? 'Disabled' : 'Enabled'
networkAcls: {
defaultAction: 'Allow'
}
enableVaultForDeployment: true
enableVaultForDiskEncryption: true
enableVaultForTemplateDeployment: true
enableRbacAuthorization: true
enableSoftDelete: true
softDeleteRetentionInDays: 7
diagnosticSettings: enableMonitoring ? [{ workspaceResourceId: logAnalyticsWorkspaceResourceId }] : []
// WAF aligned configuration for Private Networking
privateEndpoints: enablePrivateNetworking
? [
{
name: 'pep-${keyVaultName}'
customNetworkInterfaceName: 'nic-${keyVaultName}'
privateDnsZoneGroup: {
privateDnsZoneGroupConfigs: [
{ privateDnsZoneResourceId: avmPrivateDnsZones[dnsZoneIndex.keyVault]!.outputs.resourceId }
]
}
service: 'vault'
subnetResourceId: virtualNetwork!.outputs.backendSubnetResourceId
}
]
: []
// WAF aligned configuration for Role-based Access Control
roleAssignments: [
{
principalId: userAssignedIdentity.outputs.principalId
principalType: 'ServicePrincipal'
roleDefinitionIdOrName: 'Key Vault Administrator'
}
]
secrets: []
enableTelemetry: enableTelemetry
}
}

// ============ //
// Outputs //
// ============ //
Expand Down
Loading
Loading