Automated AI Infrastructure Set-up with Azure Blueprints
PythonAzure Blueprints is a service that helps with the setup of governed and repeatable cloud environments. Blueprints enable the creation of a declarative specification for deployments in Azure. With Azure Blueprints, you can define a repeatable set of Azure resources that implements and adheres to an organization's standards, patterns, and requirements.
Blueprints are composed of:
- Artifacts: These could be role assignments, policy assignments, ARM templates, or resource groups.
- Parameters: Parameters for artifacts that need them.
- Resource Groups: Containers that house the artifacts.
- Blueprint: The container for all the above components.
When you create a blueprint, you're effectively creating a template that you can deploy multiple times. It allows you to orchestrate the deployment of various resource templates and other artifacts such as policy assignments.
Here's a basic Pulumi program in Python that defines an Azure Blueprint and a Blueprint assignment. This blueprint will set up some resource groups and assign a policy that ensures all indexed resources are tagged. Before running this Pulumi program, ensure you have Azure credentials configured and the Pulumi CLI installed on your environment.
First, explain this program's flow and what each part does. Then, provide the code after the explanation.
Program Explanation
- Setup: Import all necessary modules from Pulumi's Azure Native library to interact with Azure resources.
- Resource Group Artifacts: Define a resource group artifact that's part of the blueprint. This artifact will be used in the deployment of the blueprint.
- Policy Assignment Artifact: Define a policy assignment artifact ensuring all tagged resources are indexed.
- Blueprint Definition: Create an Azure Blueprint that includes the resource group and policy assignment artifacts.
- Published Blueprint: Publish the version of the blueprint so it could be assigned.
- Assignment of the Blueprint: Assign the blueprint to a subscription to enact the defined artifacts.
Let's break this down into a Pulumi program.
import pulumi import pulumi_azure_native as azure_native # Define a resource group artifact for the blueprint rg_artifact = azure_native.blueprint.ArtifactResource( name="rg-artifact", type="Microsoft.Blueprint/blueprints/artifacts", kind="template", artifact_name="resourceGroupTemplate", display_name="ResourceGroup Template", description="An ARM template for a resource group.", depends_on=[], template={ "schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": {}, "variables": {}, "resources": [{ "type": "Microsoft.Resources/resourceGroups", "apiVersion": "2018-05-01", "location": "westus", "name": "sampleResourceGroup", "properties": {}, }], }, ) # Define a policy assignment artifact for the blueprint policy_artifact = azure_native.blueprint.ArtifactResource( name="policy-artifact", type="Microsoft.Blueprint/blueprints/artifacts", kind="policyAssignment", artifact_name="taggingPolicy", display_name="Tagging Policy", description="Policy that audits for required tags on resources.", depends_on=[rg_artifact], policy_assignment={ "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/requireTagsOnResourceGroups", } ) # Define the blueprint blueprint = azure_native.blueprint.BlueprintResource( name="sample-blueprint", target_scope="subscription", display_name="Sample Blueprint", description="This is a sample blueprint that sets up resource groups with a tagging policy.", resource_groups={ "sampleRG": { "name": "sampleResourceGroup", "location": "westus", } }, artifacts=[rg_artifact, policy_artifact], ) # Publish the blueprint published_blueprint = azure_native.blueprint.PublishedBlueprintResource( name="sample-published-blueprint", blueprint_name=blueprint.name, version="v1", change_notes="Initial publication", depends_on=[blueprint], ) # Assign the blueprint to a subscription, the ID should be filled with the target subscription ID in Azure assignment = azure_native.blueprint.AssignmentResource( name="sample-blueprint-assignment", location="westus", blueprint_id=published_blueprint.id, assignment_name="Sample Blueprint Assignment", resource_scope=f"/subscriptions/{YOUR_SUBSCRIPTION_ID}", identity={ "type": "SystemAssigned", }, lock_mode="None", depends_on=[published_blueprint], ) # Export the URL of the assigned blueprint assigned_url = pulumi.Output.all(assignment.assignment_name, assignment.resource_scope).apply( lambda args: f"https://portal.azure.com/#blade/Microsoft_Azure_Policy/BlueprintsMenuBlade/AssignedBlueprint/BlueprintAssignmentId/{args[1]}/BlueprintAssignmentName/{args[0]}" ) pulumi.export('assigned_blueprint_url', assigned_url)
Make sure to replace
{YOUR_SUBSCRIPTION_ID}
with your actual Azure Subscription ID.This program starts by importing the necessary classes from the Pulumi Azure Native SDK. It then defines the artifacts that will be included in the blueprint, including an ARM template for a resource group and a policy assignment for tagging.
The blueprint itself is defined with a scope of a subscription, and it includes the artifacts we defined earlier. Once the blueprint is defined, it is published with a version and notes to describe the changes.
Finally, the blueprint is assigned to a subscription. The assignment creates a managed identity that the blueprint will use for deploying resources. The program also outputs the URL of the assignment in the Azure portal, so you can quickly navigate to it and inspect the blueprint and its assignment.
After running this program with Pulumi, the result will be a provisioned Azure environment, according to the defined blueprint. It'll demonstrate how resources should be set up consistently across Azure, following the company's governance with tagging policy included.