ποΈ Infrastructure as Code¶
Last Updated: 2025-01-28 | Version: 1.0.0
π Table of Contents¶
- π― Overview
- π Structure
- π Quick Start
- π Prerequisites
- βοΈ Configuration
- π§ Deployment
- π° Cost Estimation
- π Security
- π§Ή Cleanup
- β Troubleshooting
π― Overview¶
This directory contains Azure Bicep templates for deploying the complete Microsoft Fabric Casino/Gaming POC infrastructure.
What Gets Deployed¶
graph TB
subgraph RG["π¦ Resource Group"]
FC[π Fabric Capacity<br/>F64 SKU]
PV[π Microsoft Purview<br/>Data Governance]
ADLS[πΎ ADLS Gen2<br/>Data Lake Storage]
KV[π Key Vault<br/>Secrets Management]
LA[π Log Analytics<br/>Monitoring]
MI[π Managed Identity<br/>RBAC]
end
subgraph Optional["π Optional (Private Endpoints)"]
VN[π Virtual Network]
PE[π Private Endpoints]
end
FC --> LA
ADLS --> KV
PV --> ADLS
VN -.-> PE
PE -.-> ADLS
PE -.-> KV
style FC fill:#e3f2fd
style PV fill:#f3e5f5
style ADLS fill:#e8f5e9
style KV fill:#fff3e0π Structure¶
infra/
βββ main.bicep # π― Main orchestration template
βββ main.bicepparam # π Default parameters
βββ main.json # π¦ Compiled ARM template
βββ environments/ # π Environment-specific configs
β βββ dev/ # Development
β βββ staging/ # Staging
β βββ prod/ # Production
βββ modules/ # 𧩠Reusable Bicep modules
βββ fabric/ # Fabric Capacity
βββ governance/ # Purview & policies
βββ monitoring/ # Log Analytics
βββ networking/ # VNet & endpoints
βββ security/ # Key Vault & RBAC
βββ storage/ # ADLS Gen2
π Quick Start¶
Option 1: Azure CLI (Recommended)¶
# 1. Login to Azure
az login
# 2. Set subscription
az account set --subscription "YOUR_SUBSCRIPTION_ID"
# 3. What-If (Preview changes)
az deployment sub what-if \
--location eastus2 \
--template-file infra/main.bicep \
--parameters infra/environments/dev/dev.bicepparam
# 4. Deploy
az deployment sub create \
--location eastus2 \
--template-file infra/main.bicep \
--parameters infra/environments/dev/dev.bicepparam \
--name "fabric-poc-$(date +%Y%m%d)"
Option 2: PowerShell¶
# 1. Login to Azure
Connect-AzAccount
# 2. Set subscription
Set-AzContext -Subscription "YOUR_SUBSCRIPTION_ID"
# 3. What-If (Preview changes)
New-AzSubscriptionDeployment `
-Location eastus2 `
-TemplateFile infra/main.bicep `
-TemplateParameterFile infra/environments/dev/dev.bicepparam `
-WhatIf
# 4. Deploy
New-AzSubscriptionDeployment `
-Location eastus2 `
-TemplateFile infra/main.bicep `
-TemplateParameterFile infra/environments/dev/dev.bicepparam `
-Name "fabric-poc-$(Get-Date -Format yyyyMMdd)"
π Prerequisites¶
Required¶
| Requirement | Details |
|---|---|
| Azure Subscription | With Fabric capacity enabled |
| Azure CLI | v2.50+ (az --version) |
| Bicep CLI | v0.22+ (az bicep version) |
| Permissions | Subscription Contributor + User Access Administrator |
Verify Prerequisites¶
# Check Azure CLI version
az --version | grep "azure-cli"
# Check Bicep version
az bicep version
# Check permissions
az role assignment list --assignee $(az ad signed-in-user show --query id -o tsv) --query "[].roleDefinitionName" -o tsv
βοΈ Configuration¶
Parameters Reference¶
| Parameter | Type | Default | Description |
|---|---|---|---|
environment | string | dev | Environment name (dev, staging, prod) |
location | string | eastus2 | Azure region |
projectPrefix | string | fabricpoc | Resource naming prefix (3-10 chars) |
fabricCapacitySku | string | F64 | Fabric capacity SKU |
fabricAdminEmail | string | required | Admin email for Fabric |
enablePrivateEndpoints | bool | false | Enable private networking |
logRetentionDays | int | 90 | Log retention (30-730 days) |
costCenter | string | "" | Cost allocation tag |
owner | string | "" | Owner tag |
Environment Files¶
Edit the appropriate environment file before deployment:
# Development
infra/environments/dev/dev.bicepparam
# Staging
infra/environments/staging/staging.bicepparam
# Production
infra/environments/prod/prod.bicepparam
Example Parameter File¶
using '../main.bicep'
param environment = 'dev'
param location = 'eastus2'
param projectPrefix = 'casinopoc'
param fabricCapacitySku = 'F64'
param fabricAdminEmail = 'admin@contoso.com'
param enablePrivateEndpoints = false
param logRetentionDays = 90
param costCenter = 'IT-Analytics'
param owner = 'Data Platform Team'
π§ Deployment¶
Step-by-Step Deployment¶
flowchart LR
A[1. Configure<br/>Parameters] --> B[2. What-If<br/>Preview]
B --> C{Changes<br/>OK?}
C -->|Yes| D[3. Deploy]
C -->|No| A
D --> E[4. Verify]
E --> F[5. Configure<br/>Fabric]
style A fill:#e3f2fd
style D fill:#e8f5e9
style F fill:#fff3e01. Configure Parameters¶
# Copy and edit parameter file
cp infra/environments/dev/dev.bicepparam infra/environments/dev/my-config.bicepparam
code infra/environments/dev/my-config.bicepparam
2. Preview Changes (What-If)¶
az deployment sub what-if \
--location eastus2 \
--template-file infra/main.bicep \
--parameters infra/environments/dev/my-config.bicepparam
3. Deploy¶
az deployment sub create \
--location eastus2 \
--template-file infra/main.bicep \
--parameters infra/environments/dev/my-config.bicepparam \
--name "fabric-poc-deploy"
4. Verify Deployment¶
# Check deployment status
az deployment sub show --name "fabric-poc-deploy" --query "properties.provisioningState"
# List created resources
az resource list --resource-group "rg-fabricpoc-dev" --output table
5. Configure Fabric Workspace¶
After infrastructure deployment, create your Fabric workspace:
- Navigate to Microsoft Fabric
- Create a new workspace
- Assign it to the deployed capacity
- Enable OneLake integration
π° Cost Estimation¶
Monthly Estimates by SKU¶
| SKU | Compute Units | Est. Monthly Cost | Best For |
|---|---|---|---|
| F2 | 2 CU | ~$262 | Development/Testing |
| F4 | 4 CU | ~$524 | Small POC |
| F8 | 8 CU | ~$1,049 | Standard POC |
| F64 | 64 CU | ~$8,389 | Production POC β |
| F128 | 128 CU | ~$16,778 | Enterprise |
π‘ Tip: Use F2/F4 for development, scale to F64 for POC demos.
Cost Optimization¶
- βΈοΈ Pause capacity when not in use (saves ~70%)
- π Use auto-scale for variable workloads
- π·οΈ Tag resources for cost allocation
- π Schedule capacity for business hours only
# Pause Fabric capacity (saves costs)
az fabric capacity suspend --resource-group "rg-fabricpoc-dev" --capacity-name "fc-fabricpoc-dev"
# Resume capacity
az fabric capacity resume --resource-group "rg-fabricpoc-dev" --capacity-name "fc-fabricpoc-dev"
π Security¶
Security Features¶
| Feature | Status | Description |
|---|---|---|
| Managed Identity | β Enabled | System-assigned identity for RBAC |
| Key Vault | β Enabled | Centralized secrets management |
| RBAC | β Enabled | Role-based access control |
| Private Endpoints | βοΈ Optional | Private networking for enhanced security |
| Encryption | β Enabled | Data encrypted at rest and in transit |
| Audit Logs | β Enabled | Sent to Log Analytics |
Enable Private Endpoints (Production)¶
This creates: - Virtual Network with subnets - Private endpoints for ADLS, Key Vault - Private DNS zones
π§Ή Cleanup¶
Delete All Resources¶
# Delete resource group (removes all resources)
az group delete --name "rg-fabricpoc-dev" --yes --no-wait
# Verify deletion
az group show --name "rg-fabricpoc-dev" 2>/dev/null || echo "Resource group deleted"
Partial Cleanup (Keep Data)¶
# Delete only Fabric capacity (keep storage)
az fabric capacity delete --resource-group "rg-fabricpoc-dev" --capacity-name "fc-fabricpoc-dev"
β Troubleshooting¶
Common Issues¶
β "Fabric capacity not available in region"
**Solution:** Use a supported region: - `eastus2` β - `westus2` β - `northeurope` β - `westeurope` ββ "Insufficient quota for Fabric capacity"
**Solution:** Request quota increase: 1. Go to Azure Portal β Subscriptions β Usage + quotas 2. Search for "Microsoft Fabric" 3. Request increase for desired SKUβ "Permission denied during deployment"
**Solution:** Ensure you have required roles: - Subscription Contributor - User Access Administratorβ "Bicep compilation error"
**Solution:** Update Bicep CLI:π Related Documentation¶
| Document | Description |
|---|---|
| π Prerequisites | Full prerequisites guide |
| π Deployment Guide | Complete deployment walkthrough |
| π° Cost Estimation | Detailed cost analysis |
| π Security Guide | Security best practices |