AI Application Private Connectivity with Azure App Service VNET Integration
PythonIntegrating an AI application hosted on an Azure App Service with an Azure virtual network (VNet) can be beneficial for a number of reasons including enhanced security, private access to resources within the VNet, and better network performance. The process involves setting up a VNet, and integrating it with an Azure App Service so that the app can communicate securely with resources within the VNet.
To accomplish this using Pulumi, we'll take the following high-level steps:
- Create a resource group where all our resources will reside.
- Set up a virtual network (VNet) with a dedicated subnet where our App Service will be connected.
- Create an App Service Plan which specifies the location and SKU for the App Service Environment.
- Deploy an App Service in the created App Service Plan with VNet Integration enabled via the
WebAppVnetConnection
resource.
Here's a Pulumi program in Python that demonstrates how to automate the setup of this architecture:
import pulumi import pulumi_azure_native as azure_native # Create a resource group resource_group = azure_native.resources.ResourceGroup('resource_group') # Create a virtual network with a subnet dedicated to the App Service vnet = azure_native.network.VirtualNetwork( 'vnet', resource_group_name=resource_group.name, address_space=azure_native.network.AddressSpaceArgs( address_prefixes=['10.0.0.0/16'], ), subnets=[azure_native.network.SubnetArgs( name='AppServiceSubnet', address_prefix='10.0.1.0/24', )], ) # Create an App Service Plan app_service_plan = azure_native.web.AppServicePlan( 'app-service-plan', resource_group_name=resource_group.name, sku=azure_native.web.SkuDescriptionArgs( name='P1v2', tier='PremiumV2', ), is_xenon=True, # Required for VNet Integration hyper_v=True, location=resource_group.location, ) # Create an App Service with the Virtual Network integration app_service = azure_native.web.WebApp( 'app-service', resource_group_name=resource_group.name, server_farm_id=app_service_plan.id, kind='app', # Update the kind to support your specific use case (`app`, `api`, `function`, etc.) ) # Integrate the App Service with the VNet vnet_integration = azure_native.web.WebAppVnetConnection( 'app-service-vnet-connection', name=app_service.name, resource_group_name=resource_group.name, vnet_resource_id=vnet.id, subnet=azure_native.web.SubnetInfoArgs( name='AppServiceSubnet', resource_id=vnet.id.apply(lambda id: f"{id}/subnets/AppServiceSubnet"), ), ) # Export the App Service hostname pulumi.export('app_service_hostname', app_service.default_host_name)
This Pulumi program will perform the following actions:
- Define a resource group named
resource_group
to manage all resources as a single logical group. - Create a virtual network
vnet
with an address space of10.0.0.0/16
and a subnetAppServiceSubnet
with an address prefix of10.0.1.0/24
reserved for the Azure App Service. - Create an App Service Plan
app-service-plan
using theP1v2
SKU in the PremiumV2 tier, which supports VNet Integration. - Deploy an App Service
app-service
associated with the App Service Plan which will host the AI application. - Configure
vnet_integration
, aWebAppVnetConnection
to enable the App Service to integrate with theAppServiceSubnet
within thevnet
ensuring private connectivity.
To deploy this infrastructure, you would need to install Pulumi and set up the Azure provider. Once the program is ready, run
pulumi up
from the command line to create the resources. Thepulumi.export
statement will output the App Service's hostname once the deployment is complete. You can then use this hostname to access your AI application hosted on Azure.