| title | titleSuffix | description | services | ms.service | ms.subservice | ms.author | author | ms.date | ms.topic | ms.tool |
|---|---|---|---|---|---|---|---|---|---|---|
Manage workspaces using Terraform |
Azure Machine Learning |
Learn how to manage Azure Machine Learning workspaces using Terraform. |
machine-learning |
machine-learning |
core |
deeikele |
denniseik |
01/05/2022 |
how-to |
terraform |
In this article, you learn how to create and manage an Azure Machine Learning workspace using Terraform configuration files. Terraform's template-based configuration files enable you to define, create, and configure Azure resources in a repeatable and predictable manner. Terraform tracks resource state and is able to clean up and destroy resources.
A Terraform configuration is a document that defines the resources that are needed for a deployment. It may also specify deployment variables. Variables are used to provide input values when using the configuration.
- An Azure subscription. If you don't have one, try the free or paid version of Azure Machine Learning.
- An installed version of the Azure CLI.
- Configure Terraform: follow the directions in this article and the Terraform and configure access to Azure article.
[!INCLUDE register-namespace]
[!INCLUDE application-insight]
Create the Terraform configuration file that declares the Azure provider:
-
Create a new file named
main.tf. If working with Azure Cloud Shell, use bash:code main.tf
-
Paste the following code into the editor:
main.tf: :::code language="terraform" source="~/terraform/quickstart/101-machine-learning/main.tf":::
-
Save the file (<Ctrl>S) and exit the editor (<Ctrl>Q).
The following Terraform configurations can be used to create an Azure Machine Learning workspace. When you create an Azure Machine Learning workspace, various other services are required as dependencies. The template also specifies these associated resources to the workspace. Depending on your needs, you can choose to use the template that creates resources with either public or private network connectivity.
Some resources in Azure require globally unique names. Before deploying your resources using the following templates, set the name variable to a value that is unique.
variables.tf: :::code language="terraform" source="~/terraform/quickstart/101-machine-learning/variables.tf":::
workspace.tf: :::code language="terraform" source="~/terraform/quickstart/101-machine-learning/workspace.tf":::
The configuration below creates a workspace in an isolated network environment using Azure Private Link endpoints. Private DNS zones are included so domain names can be resolved within the virtual network.
Some resources in Azure require globally unique names. Before deploying your resources using the following templates, set the resourceprefix variable to a value that is unique.
When using private link endpoints for both Azure Container Registry and Azure Machine Learning, Azure Container Registry tasks cannot be used for building environment images. Instead you can build images using an Azure Machine Learning compute cluster. To configure the cluster name of use, set the image_build_compute_name argument. You can configure to allow public access to a workspace that has a private link endpoint using the public_network_access_enabled argument.
variables.tf: :::code language="terraform" source="~/terraform/quickstart/201-machine-learning-moderately-secure/variables.tf":::
workspace.tf: :::code language="terraform" source="~/terraform/quickstart/201-machine-learning-moderately-secure/workspace.tf":::
network.tf:
# Virtual Network
resource "azurerm_virtual_network" "default" {
name = "vnet-${var.name}-${var.environment}"
address_space = var.vnet_address_space
location = azurerm_resource_group.default.location
resource_group_name = azurerm_resource_group.default.name
}
resource "azurerm_subnet" "snet-training" {
name = "snet-training"
resource_group_name = azurerm_resource_group.default.name
virtual_network_name = azurerm_virtual_network.default.name
address_prefixes = var.training_subnet_address_space
enforce_private_link_endpoint_network_policies = true
}
resource "azurerm_subnet" "snet-aks" {
name = "snet-aks"
resource_group_name = azurerm_resource_group.default.name
virtual_network_name = azurerm_virtual_network.default.name
address_prefixes = var.aks_subnet_address_space
enforce_private_link_endpoint_network_policies = true
}
resource "azurerm_subnet" "snet-workspace" {
name = "snet-workspace"
resource_group_name = azurerm_resource_group.default.name
virtual_network_name = azurerm_virtual_network.default.name
address_prefixes = var.ml_subnet_address_space
enforce_private_link_endpoint_network_policies = true
}
# ...
# For full reference, see: https://github.com/Azure/terraform/blob/master/quickstart/201-machine-learning-moderately-secure/network.tfThere are several options to connect to your private link endpoint workspace. To learn more about these options, refer to Securely connect to your workspace.
[!INCLUDE machine-learning-resource-provider]
-
To learn more about Terraform support on Azure, see Terraform on Azure documentation.
-
For details on the Terraform Azure provider and Machine Learning module, see Terraform Registry Azure Resource Manager Provider.
-
To find "quick start" template examples for Terraform, see Azure Terraform QuickStart Templates:
- 101: Machine learning workspace and compute – the minimal set of resources needed to get started with Azure ML.
- 201: Machine learning workspace, compute, and a set of network components for network isolation – all resources that are needed to create a production-pilot environment for use with HBI data.
- 202: Similar to 201, but with the option to bring existing network components..
- 301: Machine Learning workspace (Secure Hub and Spoke with Firewall).
-
To learn more about network configuration options, see Secure Azure Machine Learning workspace resources using virtual networks (VNets).
-
For alternative Azure Resource Manager template-based deployments, see Deploy resources with Resource Manager templates and Resource Manager REST API.