Managing Azure Cognitive Services with Terraform
Learn how to deploy and manage Azure Cognitive Services using Terraform
Managing Azure Cognitive Services with Terraform
Azure Cognitive Services provides AI and machine learning capabilities through APIs. This guide shows you how to manage Cognitive Services using Terraform.
Video Tutorial
Learn more about managing Azure Cognitive Services with Terraform in this comprehensive video tutorial:
Prerequisites
- Azure subscription
- Terraform installed
- Azure CLI installed
- Basic understanding of AI and ML concepts
Project Structure
.
├── main.tf # Main Terraform configuration file
├── variables.tf # Variable definitions
├── outputs.tf # Output definitions
├── terraform.tfvars # Variable values
└── modules/
└── cognitive/
├── main.tf # Cognitive Services specific configurations
├── variables.tf # Module variables
├── services.tf # Individual service configurations
└── outputs.tf # Module outputsBasic Configuration
Here’s a basic example of setting up Cognitive Services:
resource "azurerm_resource_group" "cognitive_rg" {
name = "cognitive-resources"
location = "eastus"
}
resource "azurerm_cognitive_account" "cognitive" {
name = "cognitive-service"
location = azurerm_resource_group.cognitive_rg.location
resource_group_name = azurerm_resource_group.cognitive_rg.name
kind = "CognitiveServices"
sku_name = "S0"
identity {
type = "SystemAssigned"
}
tags = {
environment = "production"
}
}Service-Specific Configurations
Computer Vision
resource "azurerm_cognitive_account" "vision" {
name = "computer-vision"
location = azurerm_resource_group.cognitive_rg.location
resource_group_name = azurerm_resource_group.cognitive_rg.name
kind = "ComputerVision"
sku_name = "S1"
network_acls {
default_action = "Deny"
ip_rules = ["203.0.113.0/24"]
}
}Language Service
resource "azurerm_cognitive_account" "language" {
name = "language-service"
location = azurerm_resource_group.cognitive_rg.location
resource_group_name = azurerm_resource_group.cognitive_rg.name
kind = "TextAnalytics"
sku_name = "S1"
custom_subdomain_name = "mylanguageservice"
}Speech Service
resource "azurerm_cognitive_account" "speech" {
name = "speech-service"
location = azurerm_resource_group.cognitive_rg.location
resource_group_name = azurerm_resource_group.cognitive_rg.name
kind = "SpeechServices"
sku_name = "S0"
}Best Practices
- Use Infrastructure as Code for consistent deployments
- Implement proper monitoring and logging
- Use managed identities for enhanced security
- Configure network security appropriately
- Implement proper backup and disaster recovery
Security Considerations
Network Security
Configure private endpoints:
resource "azurerm_virtual_network" "cognitive_vnet" {
name = "cognitive-vnet"
resource_group_name = azurerm_resource_group.cognitive_rg.name
location = azurerm_resource_group.cognitive_rg.location
address_space = ["10.0.0.0/16"]
}
resource "azurerm_subnet" "cognitive_subnet" {
name = "cognitive-subnet"
resource_group_name = azurerm_resource_group.cognitive_rg.name
virtual_network_name = azurerm_virtual_network.cognitive_vnet.name
address_prefixes = ["10.0.1.0/24"]
enforce_private_link_endpoint_network_policies = true
}
resource "azurerm_private_endpoint" "cognitive_pe" {
name = "cognitive-pe"
location = azurerm_resource_group.cognitive_rg.location
resource_group_name = azurerm_resource_group.cognitive_rg.name
subnet_id = azurerm_subnet.cognitive_subnet.id
private_service_connection {
name = "cognitive-privateserviceconnection"
private_connection_resource_id = azurerm_cognitive_account.cognitive.id
subresource_names = ["account"]
is_manual_connection = false
}
}Key Management
Store keys in Key Vault:
resource "azurerm_key_vault" "cognitive_vault" {
name = "cognitive-vault"
location = azurerm_resource_group.cognitive_rg.location
resource_group_name = azurerm_resource_group.cognitive_rg.name
tenant_id = data.azurerm_client_config.current.tenant_id
sku_name = "standard"
purge_protection_enabled = true
}
resource "azurerm_key_vault_secret" "cognitive_key" {
name = "cognitive-key"
value = azurerm_cognitive_account.cognitive.primary_access_key
key_vault_id = azurerm_key_vault.cognitive_vault.id
}Monitoring and Logging
Configure diagnostics settings:
resource "azurerm_monitor_diagnostic_setting" "cognitive_diagnostics" {
name = "cognitive-diagnostics"
target_resource_id = azurerm_cognitive_account.cognitive.id
log_analytics_workspace_id = azurerm_log_analytics_workspace.workspace.id
log {
category = "Audit"
enabled = true
}
log {
category = "RequestResponse"
enabled = true
}
metric {
category = "AllMetrics"
enabled = true
}
}Cost Management
Configure budgets and alerts:
resource "azurerm_consumption_budget_resource_group" "cognitive_budget" {
name = "cognitive-budget"
resource_group_id = azurerm_resource_group.cognitive_rg.id
amount = 1000
time_grain = "Monthly"
notification {
enabled = true
threshold = 90.0
operator = "GreaterThan"
contact_emails = [
"admin@example.com"
]
}
}Integration Examples
Integration with Azure Functions:
resource "azurerm_function_app" "cognitive_function" {
# ... other configurations ...
app_settings = {
"CognitiveServicesEndpoint" = azurerm_cognitive_account.cognitive.endpoint
"CognitiveServicesKey" = "@Microsoft.KeyVault(SecretUri=${azurerm_key_vault_secret.cognitive_key.versionless_id})"
}
identity {
type = "SystemAssigned"
}
}Integration with Azure Logic Apps:
resource "azurerm_logic_app_workflow" "cognitive_workflow" {
name = "cognitive-workflow"
location = azurerm_resource_group.cognitive_rg.location
resource_group_name = azurerm_resource_group.cognitive_rg.name
identity {
type = "SystemAssigned"
}
}Conclusion
Azure Cognitive Services with Terraform provides powerful AI capabilities that can be managed through Infrastructure as Code. By following these best practices and configurations, you can create secure and scalable AI solutions in Azure.