[Module Proposal]: avm-ptn-ai-foundry-enterprise

[FreddyAyala]

Check for previous/existing GitHub issues/module proposals

• I have checked for previous/existing GitHub issues/module proposals.

Check this module doesn't already exist in the module indexes

• I have checked for that this module doesn't already exist in the module indexes.

Bicep or Terraform?

Terraform

Module Classification?

Pattern Module

Module Name

avm-ptn-ai-foundry-enterprise

Module Details

Module Details:

The avm-ptn-ai-foundry-enterprise is a comprehensive Terraform module designed to facilitate enterprise-scale AI deployments on Microsoft Azure. This module addresses critical infrastructure components, focusing on security, networking, AI services, and identity management, providing a robust foundation for Azure AI Foundry initiatives. Additionally, it is compatible with AI Landing Zones, allowing seamless integration as part of a broader application landing zone strategy.

This implements this architecture as a module: https://github.com/Azure-Samples/aistudio-end-to-end-baseline-architecture

Key Components:

1. Jumpbox Configuration:

   • Purpose: Acts as a secure bridge to the Azure environment by deploying a Windows-based jump box with isolated permissions.
   • Details:
     • Configurable VM parameters, such as admin credentials and VM sizing.
     • Implements Azure Bastion for enhanced security and seamless access.
     • Network isolation via private IP setup.

2. Networking Architecture:

   • Purpose: Establishes a secure and scalable network using Azure VNet, incorporating subnets, NSGs, private endpoints, and automated connectivity.
   • Details:
     • Subnet configurations include app services, gateways, and additional environments.
     • Implements NSGs to manage traffic with detailed security rules.
     • Incorporates DDoS protection for enhanced security.

3. AI Services Integration:

   • Purpose: Deploys advanced AI capabilities such as Azure Cognitive Services and Machine Learning, fostering AI-driven applications.
   • Details:
     • Uses azapi_resource for creating AI hubs and projects.
     • Configures private endpoints for AI services to maintain privacy and security.
     • Customizable SKUs for resource optimization.

4. Identity and Access Management (IAM):

   • Purpose: Automates RBAC, ensuring authorized access to resources, making it simple to implement user personas and roles.
   • Details:
     • Employs azurerm_role_assignment for dynamic role assignments.
     • Utilizes managed identities for accessing resources such as AI Search and OpenAI.
     • Define user groups and assign permissions.

5. Storage Solutions:

   • Purpose: Provides secure and scalable storage tailored for AI workloads.
   • Details:
     • Azure Storage Accounts with private endpoints for blob and file storage.
     • Enforces secure data transactions with network rule sets.
     • High availability through zone redundancy.

6. Key Management and Security:

   • Purpose: Utilizes Azure Key Vault to securely store sensitive data, such as API keys.
   • Details:
     • Sets up Key Vault access policies and role assignments.
     • Supports optional private DNS and endpoint configurations.

7. DNS and Private Networking:

   • Purpose: Offers private DNS zones to manage internal domain names securely for services.
   • Details:
     • Establishes private DNS zones linked with VNets.
     • Supports conditional DNS management for scalability.

8. AI Landing Zone Compatibility:

   • Purpose: Easily integrates with AI Landing Zones for a cohesive application landing zone strategy.
   • Details:
     • Enables seamless deployment within enterprise application strategies.
     • Establishes a consistent framework for cloud resources tailored to AI workloads.

9. Shared Private Links:

   • Purpose: Implements Shared PrivateLinks to allow for private indexing of data using AI Search.
   • Details:
     • Facilitates secure data access and indexing, enhancing data privacy and access control.
     • Supports AI-driven data queries and indexing in a private, secure network context.

Intended Benefits:

• Enhanced Security: Provides comprehensive security configurations for AI environments.
• Scalability: Supports large-scale, enterprise-grade deployments with scalable resources.
• Operational Efficiency: Reduces setup time through predefined configurations.
• Flexibility: Customizable to meet diverse enterprise needs.
• Compliance: Supports regulatory requirements with managed access controls.
• Integration: Seamlessly fits into an AI Landing Zone strategy, ensuring cohesive cloud infrastructure deployment.

The avm-ptn-ai-foundry-enterprise module reduces the complexity of an enterprise-scale deployment of AI Foundry. It simplifies role access management, making it easier for enterprises to manage and control access while leveraging Azure's advanced AI capabilities.

Do you want to be the owner of this module?

Yes

Module Owner's GitHub Username (handle)

FreddyAyala

(Optional) Secondary Module Owner's GitHub Username (handle)

No response

[microsoft-github-policy-service]

Important

The "Needs: Triage 🔍" label must be removed once the triage process is complete!

Tip

For additional guidance on how to triage this issue/PR, see the AVM Issue Triage documentation.

[microsoft-github-policy-service]

@FreddyAyala, thanks for volunteering to be a module owner!

Important

Please don't start the development just yet!

The AVM core team will review this module proposal and respond to you first. Thank you!