Secure Connection to Azure ML Workspaces via Service Endpoints.
PythonTo establish a secure connection to Azure Machine Learning (Azure ML) Workspaces using service endpoints, you will need to create a virtual network with a service endpoint that provides secure and direct access to Azure ML Workspaces. In Azure, service endpoints extend your virtual network private address space and the identity of your virtual network to the Azure services, over a direct connection. This feature is mainly used for securing Azure service resources to only your virtual network.
Here's a Python program using Pulumi to set this up. This program will:
- Create a resource group, which acts as a logical container for your Azure resources.
- Deploy a virtual network and a subnet configured with the service endpoint for Azure Machine Learning.
- Create an Azure ML Workspace with the necessary configurations to enable the connection from the service endpoint.
import pulumi from pulumi_azure_native import resources from pulumi_azure_native import network from pulumi_azure_native import machinelearningservices # Create an Azure Resource Group resource_group = resources.ResourceGroup('rg') # Create an Azure Virtual Network vnet = network.VirtualNetwork('vnet', resource_group_name=resource_group.name, address_space=network.AddressSpaceArgs( address_prefixes=['10.0.0.0/16'] ), location=resource_group.location) # Create a Subnet with Azure Machine Learning service endpoint # The subnet is delegated to Azure Machine Learning using the service endpoint. subnet = network.Subnet('subnet', resource_group_name=resource_group.name, virtual_network_name=vnet.name, address_prefix='10.0.0.0/24', service_endpoints=[network.ServiceEndpointPropertiesFormatArgs( service='Microsoft.MachineLearningServices' )], delegations=[network.DelegationArgs( name='mldelegation', service_name='Microsoft.MachineLearningServices/workspaces' )]) # Define the identity for the workspace identity = machinelearningservices.IdentityArgs( type='SystemAssigned' ) # Create an Azure ML Workspace ml_workspace = machinelearningservices.Workspace('mlWorkspace', identity=identity, resource_group_name=resource_group.name, location=resource_group.location, sku=machinelearningservices.Sku(name="Standard"), description='My ML Workspace') # Export the necessary outputs pulumi.export('resource_group_name', resource_group.name) pulumi.export('virtual_network_name', vnet.name) pulumi.export('subnet_id', subnet.id) pulumi.export('ml_workspace_name', ml_workspace.name)This Pulumi program uses the
pulumi_azure_nativepackage which provides native Azure Provider support within Pulumi.- The
ResourceGroupis a fundamental building block of this program that groups the Azure resources. - The
VirtualNetworkandSubnetare created to provide a network environment where you can create and manage Azure services securely. - The
service_endpointsargument withinSubnetis configured specifically for Azure Machine Learning services. - The
Workspacerepresents the Azure Machine Learning workspace which will be connected securely through the subnet's service endpoint.
Ensure that Pulumi CLI and Python are installed, and you have authenticated with Azure and set the required configurations for Pulumi. Once that's all set, move the provided Python code into a file (e.g.,
__main__.py) and runpulumi upin the same directory to create the resources.This setup will help you to ensure that data in your Azure ML Workspace can only be accessed from the configured virtual network, providing an additional layer of security.