https://github.com/glav/aihub-secure-storage
Templated deployment for Azure AI Hub with secure storage account - no public access
https://github.com/glav/aihub-secure-storage
Last synced: 4 months ago
JSON representation
Templated deployment for Azure AI Hub with secure storage account - no public access
- Host: GitHub
- URL: https://github.com/glav/aihub-secure-storage
- Owner: glav
- Created: 2025-06-13T05:46:43.000Z (12 months ago)
- Default Branch: main
- Last Pushed: 2025-06-24T03:18:51.000Z (11 months ago)
- Last Synced: 2025-06-24T04:26:28.747Z (11 months ago)
- Language: Bicep
- Size: 52.7 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Azure AI Hub with Secure Storage
This project deploys an Azure AI Hub with secure storage infrastructure using Azure Bicep templates and shell scripts.
## Prerequisites
- Azure CLI installed and configured
- Appropriate Azure subscription permissions to create resource groups and deploy resources
- Bash shell environment (available in the dev container)
## Deployment
### Deploy Infrastructure
Use the `deploy.sh` script to create and deploy all necessary Azure resources:
```bash
cd infra
./deploy.sh
```
**Parameters:**
- `` - Azure region where resources will be deployed (e.g., `eastus`, `westus2`)
- `` - Name of the Azure resource group to create
**Example:**
```bash
./deploy.sh eastus my-aihub-rg
```
**What the deploy script does:**
1. Creates a new Azure resource group with a 7-day expiration tag
2. Deploys the main Bicep template (`main.bicep`) which provisions:
- Azure ML workspace
- Storage account with secure configuration
- Key Vault
- Other supporting resources
3. Provisions the managed network for the ML workspace
4. Configures datastore authentication using the `configure_datastore_auth.sh` script
### Post-Deployment Configuration
The deployment automatically runs `configure_datastore_auth.sh` to set up proper permissions for accessing the storage account. This script:
- Assigns the current user the "Storage Blob Data Reader" role on the storage account
- Configures authentication for Azure ML datastore access
## Cleanup
### Remove All Resources
Use the `cleanup.sh` script to completely remove all deployed resources:
```bash
cd infra
./cleanup.sh
```
**Parameters:**
- `` - Azure region where resources were deployed
- `` - Name of the Azure resource group to delete
**Example:**
```bash
./cleanup.sh eastus my-aihub-rg
```
**What the cleanup script does:**
1. Finds and deletes the Key Vault in the specified resource group
2. Purges the Key Vault (permanently removes it)
3. Deletes the entire resource group and all contained resources
**⚠️ Warning:** The cleanup script permanently deletes all resources in the specified resource group. This action cannot be undone.
## Additional Scripts
- **`configure_datastore_auth.sh`** - Configures user permissions for Azure ML datastore access (automatically called by deploy.sh)
- **`comprehensive_troubleshooting.sh`** - Troubleshooting utilities for deployment issues
- **`storage_network_update.bicep`** - Bicep template for updating storage network configurations
- **`workspace_permissions.bicep`** - Bicep template for workspace permission configurations
## Project Structure
```
infra/
├── deploy.sh # Main deployment script
├── cleanup.sh # Resource cleanup script
├── configure_datastore_auth.sh # Permission configuration script
├── main.bicep # Main Bicep deployment template
├── hub.bicep # AI Hub specific resources
├── storage_account.bicep # Storage account configuration
└── ... # Additional Bicep templates
```