microsoft
diff --git a/‎azure.yaml
Lines changed: 4 additions & 0 deletions b/‎azure.yaml
Lines changed: 4 additions & 0 deletions
diff --git a/‎docs/CustomizingAzdParameters.md
Lines changed: 7 additions & 1 deletion b/‎docs/CustomizingAzdParameters.md
Lines changed: 7 additions & 1 deletion
diff --git a/‎docs/DeploymentGuide.md
Lines changed: 1 addition & 1 deletion b/‎docs/DeploymentGuide.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎infra/main.bicep
Lines changed: 28 additions & 8 deletions b/‎infra/main.bicep
Lines changed: 28 additions & 8 deletions
@@ -1,6 +1,10 @@
 name: modernize-your-code-solution-accelerator
 metadata:
     template: [email protected]
+
+requiredVersions:
+  azd: '>=1.17.1'
+
 parameters:
   AzureAiServiceLocation:
     type: string
 
@@ -20,6 +20,7 @@ By default this template will use the environment name as the prefix to prevent
 | `AZURE_ENV_JUMPBOX_ADMIN_USERNAME`     | string  | `JumpboxAdminUser`          | Specifies the administrator username for the Jumpbox Virtual Machine.      |
 | `AZURE_ENV_JUMPBOX_ADMIN_PASSWORD`     | string  | `JumpboxAdminP@ssw0rd1234!` | Specifies the administrator password for the Jumpbox Virtual Machine.      |
 | `AZURE_ENV_COSMOS_SECONDARY_LOCATION`  | string  | *(not set by default)*      | Specifies the secondary region for Cosmos DB. Required if `enableRedundancy` is `true`. |
+| `AZURE_EXISTING_AI_PROJECT_RESOURCE_ID`  | string  | *(not set by default)*      | Specifies the existing AI Foundry Project Resource ID if it needs to be reused. |
 ---
 
 ## How to Set a Parameter
@@ -30,11 +31,16 @@ To customize any of the above values, run the following command **before** `azd
 azd env set <PARAMETER_NAME> <VALUE>
 ```
 
-Set the Log Analytics Workspace Id if you need to reuse the existing workspace which is already existing
+Set the Log Analytics Workspace Id if you need to reuse the existing workspace
 ```shell
 azd env set AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID '/subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.OperationalInsights/workspaces/<workspace-name>'
 ```
 
+Set the Azure Existing AI Foundry Project Resource ID if you need to reuse the existing AI Foundry Project
+```shell
+azd env set AZURE_EXISTING_AI_PROJECT_RESOURCE_ID '/subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.CognitiveServices/accounts/<account-name>/projects/<project-name>'
+```
+
 **Example:**
 
 ```bash
 
@@ -107,7 +107,7 @@ If you're not using one of the above options for opening the project, then you'l
 
 1. Make sure the following tools are installed:
 
-    * [Azure Developer CLI (azd)](https://aka.ms/install-azd)
+    * [Azure Developer CLI (azd)](https://aka.ms/install-azd) <small>(v1.17.1+)</small> - version
     * [Python 3.9+](https://www.python.org/downloads/)
     * [Docker Desktop](https://www.docker.com/products/docker-desktop/)
     * [Git](https://git-scm.com/downloads)
 
@@ -96,6 +96,9 @@ param imageVersion string = 'latest'
 @description('Version of the GPT model to deploy:')
 param gptModelVersion string = '2024-08-06'
 
+@description('Use this parameter to use an existing AI project resource ID')
+param azureExistingAIProjectResourceId string = ''
+
 param existingLogAnalyticsWorkspaceId string = ''
 
 var allTags = union(
@@ -221,23 +224,40 @@ module network 'modules/network.bicep' = if (enablePrivateNetworking) {
 }
 
 module aiServices 'modules/ai-foundry/main.bicep' = {
-  name: take('aiservices-${resourcesName}-deployment', 64)
+  name: take('avm.res.cognitive-services.account.${resourcesName}', 64)
   #disable-next-line no-unnecessary-dependson
   dependsOn: [logAnalyticsWorkspace, network] // required due to optional flags that could change dependency
   params: {
     name: '${abbrs.ai.aiFoundry}${resourcesName}'
     location: aiDeploymentsLocation
     sku: 'S0'
     kind: 'AIServices'
-    deployments: [modelDeployment]
+    deployments: [ modelDeployment ]
     projectName: '${abbrs.ai.aiFoundryProject}${resourcesName}'
+    projectDescription: '${abbrs.ai.aiFoundryProject}${resourcesName}'
     logAnalyticsWorkspaceResourceId: enableMonitoring ? logAnalyticsWorkspaceResourceId : ''
     privateNetworking: enablePrivateNetworking
       ? {
           virtualNetworkResourceId: network.outputs.vnetResourceId
           subnetResourceId: network.outputs.subnetPrivateEndpointsResourceId
         }
       : null
+    existingFoundryProjectResourceId: azureExistingAIProjectResourceId
+    disableLocalAuth: true //Should be set to true for WAF aligned configuration
+    customSubDomainName: 'ais-${resourcesName}'
+    apiProperties: {
+      //staticsEnabled: false
+    }
+    allowProjectManagement: true
+    managedIdentities: {
+      systemAssigned: true
+    }
+    publicNetworkAccess: 'Enabled'
+    networkAcls: {
+      bypass: 'AzureServices'
+      defaultAction: 'Allow'
+    }
+    privateEndpoints: []
     roleAssignments: [
       {
         principalId: appIdentity.outputs.principalId
@@ -314,9 +334,9 @@ module keyVault 'modules/keyVault.bicep' = {
       : null
     roleAssignments: [
       {
-        principalId: aiServices.outputs.?systemAssignedMIPrincipalId ?? ''
+        principalId: aiServices.outputs.?systemAssignedMIPrincipalId ?? appIdentity.outputs.principalId
         principalType: 'ServicePrincipal'
-        roleDefinitionIdOrName: 'Key Vault Reader'
+        roleDefinitionIdOrName: 'Key Vault Administrator'
       }
     ]
     tags: allTags
@@ -473,15 +493,15 @@ module containerAppBackend 'br/public:avm/res/app/container-app:0.17.0' = {
             }
             {
               name: 'AI_PROJECT_ENDPOINT'
-              value: aiServices.outputs.project.apiEndpoint // or equivalent
+              value: aiServices.outputs.aiProjectInfo.apiEndpoint // or equivalent
             }
             {
               name: 'AZURE_AI_AGENT_PROJECT_CONNECTION_STRING' // This was not really used in code. 
-              value: aiServices.outputs.project.apiEndpoint
+              value: aiServices.outputs.aiProjectInfo.apiEndpoint
             }
             {
               name: 'AZURE_AI_AGENT_PROJECT_NAME'
-              value: aiServices.outputs.project.name
+              value: aiServices.outputs.aiProjectInfo.name
             }
             {
               name: 'AZURE_AI_AGENT_RESOURCE_GROUP_NAME'
@@ -493,7 +513,7 @@ module containerAppBackend 'br/public:avm/res/app/container-app:0.17.0' = {
             }
             {
               name: 'AZURE_AI_AGENT_ENDPOINT'
-              value: aiServices.outputs.project.apiEndpoint
+              value: aiServices.outputs.aiProjectInfo.apiEndpoint
             }
             {
               name: 'AZURE_CLIENT_ID'
Original file line number	Diff line number	Diff line change
`@@ -96,6 +96,9 @@ param imageVersion string = 'latest'`
`96`	`96`	`@description('Version of the GPT model to deploy:')`
`97`	`97`	`param gptModelVersion string = '2024-08-06'`
`98`	`98`
	`99`	`+@description('Use this parameter to use an existing AI project resource ID')`
	`100`	`+param azureExistingAIProjectResourceId string = ''`
	`101`	`+`
`99`	`102`	`param existingLogAnalyticsWorkspaceId string = ''`
`100`	`103`
`101`	`104`	`var allTags = union(`
`@@ -221,23 +224,40 @@ module network 'modules/network.bicep' = if (enablePrivateNetworking) {`
`221`	`224`	`}`
`222`	`225`
`223`	`226`	`module aiServices 'modules/ai-foundry/main.bicep' = {`
`224`		`- name: take('aiservices-${resourcesName}-deployment', 64)`
	`227`	`+ name: take('avm.res.cognitive-services.account.${resourcesName}', 64)`
`225`	`228`	`#disable-next-line no-unnecessary-dependson`
`226`	`229`	`dependsOn: [logAnalyticsWorkspace, network] // required due to optional flags that could change dependency`
`227`	`230`	`params: {`
`228`	`231`	`name: '${abbrs.ai.aiFoundry}${resourcesName}'`
`229`	`232`	`location: aiDeploymentsLocation`
`230`	`233`	`sku: 'S0'`
`231`	`234`	`kind: 'AIServices'`
`232`		`- deployments: [modelDeployment]`
	`235`	`+ deployments: [ modelDeployment ]`
`233`	`236`	`projectName: '${abbrs.ai.aiFoundryProject}${resourcesName}'`
	`237`	`+ projectDescription: '${abbrs.ai.aiFoundryProject}${resourcesName}'`
`234`	`238`	`logAnalyticsWorkspaceResourceId: enableMonitoring ? logAnalyticsWorkspaceResourceId : ''`
`235`	`239`	`privateNetworking: enablePrivateNetworking`
`236`	`240`	`? {`
`237`	`241`	`virtualNetworkResourceId: network.outputs.vnetResourceId`
`238`	`242`	`subnetResourceId: network.outputs.subnetPrivateEndpointsResourceId`
`239`	`243`	`}`
`240`	`244`	`: null`
	`245`	`+ existingFoundryProjectResourceId: azureExistingAIProjectResourceId`
	`246`	`+ disableLocalAuth: true //Should be set to true for WAF aligned configuration`
	`247`	`+ customSubDomainName: 'ais-${resourcesName}'`
	`248`	`+ apiProperties: {`
	`249`	`+ //staticsEnabled: false`
	`250`	`+ }`
	`251`	`+ allowProjectManagement: true`
	`252`	`+ managedIdentities: {`
	`253`	`+ systemAssigned: true`
	`254`	`+ }`
	`255`	`+ publicNetworkAccess: 'Enabled'`
	`256`	`+ networkAcls: {`
	`257`	`+ bypass: 'AzureServices'`
	`258`	`+ defaultAction: 'Allow'`
	`259`	`+ }`
	`260`	`+ privateEndpoints: []`
`241`	`261`	`roleAssignments: [`
`242`	`262`	`{`
`243`	`263`	`principalId: appIdentity.outputs.principalId`
`@@ -314,9 +334,9 @@ module keyVault 'modules/keyVault.bicep' = {`
`314`	`334`	`: null`
`315`	`335`	`roleAssignments: [`
`316`	`336`	`{`
`317`		`- principalId: aiServices.outputs.?systemAssignedMIPrincipalId ?? ''`
	`337`	`+ principalId: aiServices.outputs.?systemAssignedMIPrincipalId ?? appIdentity.outputs.principalId`
`318`	`338`	`principalType: 'ServicePrincipal'`
`319`		`- roleDefinitionIdOrName: 'Key Vault Reader'`
	`339`	`+ roleDefinitionIdOrName: 'Key Vault Administrator'`
`320`	`340`	`}`
`321`	`341`	`]`
`322`	`342`	`tags: allTags`
`@@ -473,15 +493,15 @@ module containerAppBackend 'br/public:avm/res/app/container-app:0.17.0' = {`
`473`	`493`	`}`
`474`	`494`	`{`
`475`	`495`	`name: 'AI_PROJECT_ENDPOINT'`
`476`		`- value: aiServices.outputs.project.apiEndpoint // or equivalent`
	`496`	`+ value: aiServices.outputs.aiProjectInfo.apiEndpoint // or equivalent`
`477`	`497`	`}`
`478`	`498`	`{`
`479`	`499`	`name: 'AZURE_AI_AGENT_PROJECT_CONNECTION_STRING' // This was not really used in code.`
`480`		`- value: aiServices.outputs.project.apiEndpoint`
	`500`	`+ value: aiServices.outputs.aiProjectInfo.apiEndpoint`
`481`	`501`	`}`
`482`	`502`	`{`
`483`	`503`	`name: 'AZURE_AI_AGENT_PROJECT_NAME'`
`484`		`- value: aiServices.outputs.project.name`
	`504`	`+ value: aiServices.outputs.aiProjectInfo.name`
`485`	`505`	`}`
`486`	`506`	`{`
`487`	`507`	`name: 'AZURE_AI_AGENT_RESOURCE_GROUP_NAME'`
`@@ -493,7 +513,7 @@ module containerAppBackend 'br/public:avm/res/app/container-app:0.17.0' = {`
`493`	`513`	`}`
`494`	`514`	`{`
`495`	`515`	`name: 'AZURE_AI_AGENT_ENDPOINT'`
`496`		`- value: aiServices.outputs.project.apiEndpoint`
	`516`	`+ value: aiServices.outputs.aiProjectInfo.apiEndpoint`
`497`	`517`	`}`
`498`	`518`	`{`
`499`	`519`	`name: 'AZURE_CLIENT_ID'`