[User Story] - Deploy on WAF aligned infra for Production Environment #10
Description
Description
We need to provide an option to deploy the solution on locked-down infrastructure aligned to WAF principles for production like environment
Current Behavior
The current azd (bicep) automatic Azure provisioning is based on open public resources on Azure. It can be used for demo purpose or for CSAs who want to get started quickly about building agentic solution and familiarize with app patterns and architectures.
Acceptance Criteria
List clear, testable outcomes. Example:
- A new landing zone based deployment is provided using azd
Design Considerations
We should leverage the infra deployment provided by https://github.com/Azure/AI-Landing-Zones and reuse them as dependency (no copy past).
As of time of writing AI landing zone is not provided as an AVM package so we should try to download automatically and inject the related bicep content into an automated provision flow orchestrated by azd.
Such approach have been demonstrated in this repo: https://github.com/Azure-Samples/chat-with-your-data-java-lza-app-accelerator/tree/main/infra/aca/bicep
We should:
- Create a lza folder containing an azure.yml configuration.
- Bicep folder containing the specific app dependencies (in this case Azure Document Intelligence) that are not included in the AI landing Zone and the specific app configuration (RBAC permission for the created app to access landing zone resources).
- scripts to automatically dowload the ai landing zone package. this will be orchestrated by azd using pre-provision hooks mechnism.
Main Affected Modules and/or Classes
a new folder will be created. the existinf infra + azuer.yml in the root folder will be maintained for demo purposes
Additional Context (optional)
Right now the desired implementation is blocked by some improvement s about AI landing Zones resource externalization: