# Create Required Azure Services
Before starting this section, make sure you have set up the global variables from the previous section. Once your global variables have been set up, you no longer have to set them up again, as they are stored in a .env environment file. 

If you delete your .env file or your Azure login session expires, you may need to re-run the setup process as shown in the [previous section](setup_environment.ipynb). Keep this in mind when proceeding onto the other sections in this sample.

## Get Global Variables
First, we will read the previously stored global variables.

In [None]:
from env_variables import *

## Create Resource Group
A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group. 
We will now create a new Azure resource group using the resource group name and location set in the [previous section](setup_environment.ipynb). Check that this name is present in the .env file, as this name will be auto-filled into the placeholders starting with the character "$".

First, we will tag your resource group with your username and "lva" so that it will be easy to find.

In [None]:
import os
from sys import platform

if platform == "win32": #Windows
    userName = (os.environ['USERNAME']).lower()
else: #Linux or MacOS
    userName = (os.environ['USER']).lower()

set_key(envPath, "USERNAME", userName)

resourceTags = "Owner={} Project=lva".format(userName)

In [None]:
!az group create --name $resourceGroupName --location  $resourceLocation --tag $resourceTags

## Create Azure Container Registry Service
We will use Azure Container Registry (ACR) to store our module images.

In [None]:
!az acr create --name $acrServiceName --resource-group $resourceGroupName --location $resourceLocation --sku Basic --admin-enabled true --tag $resourceTags

> <span style="color:red; font-weight: bold"> [!WARNING] </span>  
> Even if the cell above finishes executing, it may take several seconds to minutes to have the changes reflected on Azure Datacenter. Wait for 2-3 minutes before proceeding to the next cell to avoid running into errors.

### Get Access Credentials from ACR
After the ACR resource has been generated, we can grab the access credentials from ACR by running the following code snippets.

In [None]:
acrUserNameTemp = !az acr credential show -n $acrServiceName --query username
acrPasswordTemp = !az acr credential show -n $acrServiceName --query passwords[0].value

acrUserName = acrUserNameTemp[0]
acrPassword = acrPasswordTemp[0]

Run the cell below to save these ACR credentials for future use by storing them in the .env file.

In [None]:
set_key(envPath, "CONTAINER_REGISTRY_USERNAME_myacr", acrUserName)
set_key(envPath, "CONTAINER_REGISTRY_PASSWORD_myacr", acrPassword)
tempVar = set_key(envPath, "ACR_SERVICE_FULL_NAME", acrServiceName+".azurecr.io")

## Create Azure IoT Hub
Next, we will create an Azure IoT Hub.
> <span style="color:red; font-weight: bold"> [!WARNING] </span>  
> Running the code snippet below may yield the following error: "IotHub name '<NAME\>' is not available". This error appears if the service already exists. If you see the error, skip the step, as you have likely created the resource already.


In [None]:
!az iot hub create --name $iotHubServiceName --resource-group $resourceGroupName --location $resourceLocation --sku S1

Run the cells below to save these Azure IoT Hub connection string for future use by storing it in the .env file. This string is used to identify the hub.

In [None]:
iotHubConnString = !az iot hub show-connection-string --hub-name $iotHubServiceName --output tsv

In [None]:
tempVar = set_key(envPath, "IOT_HUB_CONN_STRING", iotHubConnString[0].rstrip())

## Create IoT Edge Device Identity
To run LVA on the Edge, we will need to create an IoT Edge device to run our modules with AI capability. In the code below, we will instruct Azure IoT Hub to create a resource framework for this cloud-based IoT Edge device.

In [None]:
# Install iot hub CLI extensions
!az extension add --name azure-iot

If we want to connect/match physical devices to this cloud-based Edge device later, the connection will be set using the IoT Edge device's connection string. Everything in this cloud-based Edge device will be cloned into the physical device, including all the IoT Edge modules. Thus, we will also be printing out and saving the cloud-based IoT Edge device's connection string for future use.

In [None]:
# Create edge device if one does not already exist
tempVar = !az iot hub device-identity create --hub-name $iotHubServiceName --device-id $iotDeviceId --edge-enabled
iotEdgeDeviceConnString = !az iot hub device-identity connection-string show --hub-name $iotHubServiceName --device-id $iotDeviceId --output tsv

Run the cell below to save the IoT Edge Device Connection String in the environment file for future use

In [None]:
tempVar = set_key(envPath, "IOT_EDGE_DEVICE_CONN_STRING", iotEdgeDeviceConnString[0].rstrip())

## Create Azure Storage Services
To store assets onto Azure Media Services, we must also create a storage resource.

In [None]:
!az storage account create --name $storageServiceName --resource-group $resourceGroupName --location $resourceLocation --sku Standard_LRS --tag $resourceTags

## Create Azure Media Services

Azure Media Services (AMS) is a cloud-based media workflow platform to index, package, protect, and stream video. For this sample, we will be using AMS to archive video clips (Edge streams) generated when our AI module detects motion.

In [None]:
!az ams account create --name $mediaServiceName --resource-group $resourceGroupName --storage-account $storageServiceName --location $resourceLocation --tag $resourceTags

## Create Azure Service Principal
A service principal is a security identity used by user-created apps, services, and tools to access Azure resources. Like with the other resources created thus far, we will be creating a service principal and storing the credentials (AAD_TENANT_ID, AAD_SERVICE_PRINCIPAL_ID, and AAD_SERVICE_PRINCIPAL_SECRET) in the .env file. 


In [None]:
tempVar = !az ams account sp create --account-name $mediaServiceName --resource-group $resourceGroupName --name lvasp$resourceGroupName --output json
output = !az ams account sp reset-credentials --account-name $mediaServiceName --resource-group $resourceGroupName --name lvasp$resourceGroupName --output json
output = ''.join(output)

In [None]:
import json

amssp = json.loads(output)

set_key(envPath, "AAD_TENANT_ID", amssp['AadTenantId'])
set_key(envPath, "AAD_SERVICE_PRINCIPAL_ID", amssp['AadClientId'])
tempVar = set_key(envPath, "AAD_SERVICE_PRINCIPAL_SECRET", amssp['AadSecret'])

## Next Steps
If all the code cells above have successfully finished running, return to the Readme page to continue.   