Azure-Samples · JinLee794 · Sep 26, 2025 · Sep 26, 2025 · Sep 26, 2025 · Sep 26, 2025
diff --git a/devops/scripts/azd/helpers/generate-env.sh b/devops/scripts/azd/helpers/generate-env.sh
@@ -90,12 +90,12 @@ AZURE_OPENAI_CHAT_DEPLOYMENT_VERSION=2024-10-01-preview
 
 # Pool Configuration for Optimal Performance
 AOAI_POOL_ENABLED=$(get_azd_value "AOAI_POOL_ENABLED" "true")
-AOAI_POOL_SIZE=$(get_azd_value "AOAI_POOL_SIZE" "50")
-POOL_SIZE_TTS=$(get_azd_value "POOL_SIZE_TTS" "100")
-POOL_SIZE_STT=$(get_azd_value "POOL_SIZE_STT" "100")
+AOAI_POOL_SIZE=$(get_azd_value "AOAI_POOL_SIZE" "5")
+POOL_SIZE_TTS=$(get_azd_value "POOL_SIZE_TTS" "10")
+POOL_SIZE_STT=$(get_azd_value "POOL_SIZE_STT" "10")
 TTS_POOL_PREWARMING_ENABLED=$(get_azd_value "TTS_POOL_PREWARMING_ENABLED" "true")
 STT_POOL_PREWARMING_ENABLED=$(get_azd_value "STT_POOL_PREWARMING_ENABLED" "true")
-POOL_PREWARMING_BATCH_SIZE=$(get_azd_value "POOL_PREWARMING_BATCH_SIZE" "10")
+POOL_PREWARMING_BATCH_SIZE=$(get_azd_value "POOL_PREWARMING_BATCH_SIZE" "5")
 CLIENT_MAX_AGE_SECONDS=$(get_azd_value "CLIENT_MAX_AGE_SECONDS" "3600")
 CLEANUP_INTERVAL_SECONDS=$(get_azd_value "CLEANUP_INTERVAL_SECONDS" "180")
 

diff --git a/infra/terraform/README.md b/infra/terraform/README.md
@@ -172,7 +172,7 @@ The **domain endpoint** is specifically used for ACS integration, while the **re
 | `location` | Azure region | - | ✅ |
 | `name` | Application base name | `rtaudioagent` | |
 | `disable_local_auth` | Use managed identity only | `true` | |
-| `openai_models` | Model deployments | `[gpt-4o]` | |
+| `model_deployments` | Model deployments | `[gpt-4o]` | |
 | `redis_sku` | Redis Enterprise SKU | `MemoryOptimized_M10` | |
 
 ### 🚀 Container Apps Deployment
@@ -236,7 +236,7 @@ az containerapp create \
 | [azurerm_application_insights.main](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_insights) | resource |
 | [azurerm_cognitive_account.openai](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cognitive_account) | resource |
 | [azurerm_cognitive_account.speech](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cognitive_account) | resource |
-| [azurerm_cognitive_deployment.openai_models](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cognitive_deployment) | resource |
+| [azurerm_cognitive_deployment.model_deployments](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cognitive_deployment) | resource |
 | [azurerm_communication_service.main](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/communication_service) | resource |
 | [azurerm_container_app.backend](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/container_app) | resource |
 | [azurerm_container_app.frontend](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/container_app) | resource |
@@ -289,7 +289,7 @@ az containerapp create \
 | <a name="input_mongo_collection_name"></a> [mongo\_collection\_name](#input\_mongo\_collection\_name) | Name of the MongoDB collection | `string` | `"audioagentcollection"` | no |
 | <a name="input_mongo_database_name"></a> [mongo\_database\_name](#input\_mongo\_database\_name) | Name of the MongoDB database | `string` | `"audioagentdb"` | no |
 | <a name="input_name"></a> [name](#input\_name) | Base name for the real-time audio agent application | `string` | `"rtaudioagent"` | no |
-| <a name="input_openai_models"></a> [openai\_models](#input\_openai\_models) | Azure OpenAI model deployments | ```list(object({ name = string version = string sku_name = string capacity = number }))``` | ```[ { "capacity": 50, "name": "gpt-4o", "sku_name": "Standard", "version": "2024-11-20" } ]``` | no |
+| <a name="input_model_deployments"></a> [openai\_models](#input\_openai\_models) | Azure OpenAI model deployments | ```list(object({ name = string version = string sku_name = string capacity = number }))``` | ```[ { "capacity": 50, "name": "gpt-4o", "sku_name": "Standard", "version": "2024-11-20" } ]``` | no |
 | <a name="input_principal_id"></a> [principal\_id](#input\_principal\_id) | Principal ID of the user or service principal to assign application roles | `string` | `null` | no |
 | <a name="input_principal_type"></a> [principal\_type](#input\_principal\_type) | Type of principal (User or ServicePrincipal) | `string` | `"User"` | no |
 | <a name="input_redis_port"></a> [redis\_port](#input\_redis\_port) | Port for Azure Managed Redis | `number` | `10000` | no |

diff --git a/infra/terraform/ai-foundry.tf b/infra/terraform/ai-foundry.tf
@@ -0,0 +1,25 @@
+module "ai_foundry" {
+  source = "./modules/ai"
+
+  resource_group_name = azurerm_resource_group.main.name
+  location            = azurerm_resource_group.main.location
+  tags                = local.tags
+
+  disable_local_auth            = var.disable_local_auth
+  foundry_account_name          = local.resource_names.foundry_account
+  foundry_custom_subdomain_name = local.resource_names.foundry_account
+
+  project_name         = local.resource_names.foundry_project
+  project_display_name = local.foundry_project_display
+  project_description  = local.foundry_project_desc
+
+  model_deployments = var.model_deployments
+
+  log_analytics_workspace_id = azurerm_log_analytics_workspace.main.id
+  account_principal_ids = distinct([
+    azurerm_user_assigned_identity.backend.principal_id,
+    azurerm_user_assigned_identity.frontend.principal_id,
+    azapi_resource.acs.identity[0].principal_id,
+    local.principal_id
+  ])
+}
diff --git a/infra/terraform/ai-services.tf → infra/terraform/ai-services.tf.back b/infra/terraform/ai-services.tf → infra/terraform/ai-services.tf.back
@@ -2,7 +2,7 @@
 # AZURE OPENAI
 # ============================================================================
 
-resource "azurerm_cognitive_account" "openai" {
+resource "azurerm_cognitive_account" "openai" {
   name                = local.resource_names.openai
   location            = var.openai_location != null ? var.openai_location : var.location
   resource_group_name = azurerm_resource_group.main.name
@@ -16,31 +16,31 @@ resource "azurerm_cognitive_account" "openai" {
   local_auth_enabled = !var.disable_local_auth
 
   tags = local.tags
-}
-
-# Diagnostic settings for Azure OpenAI
-resource "azurerm_monitor_diagnostic_setting" "openai_diagnostics" {
-  name                       = "${azurerm_cognitive_account.openai.name}-diagnostics"
-  target_resource_id         = azurerm_cognitive_account.openai.id
-  log_analytics_workspace_id = azurerm_log_analytics_workspace.main.id
-
-  # Common Cognitive Services categories
-  enabled_log {
-    category = "Audit"
-  }
-
-  enabled_log {
-    category = "RequestResponse"
-  }
-
-  enabled_metric {
-    category = "AllMetrics"
-  }
-}
+}
+
+# Diagnostic settings for Azure OpenAI
+resource "azurerm_monitor_diagnostic_setting" "openai_diagnostics" {
+  name                       = "${azurerm_cognitive_account.openai.name}-diagnostics"
+  target_resource_id         = azurerm_cognitive_account.openai.id
+  log_analytics_workspace_id = azurerm_log_analytics_workspace.main.id
+
+  # Common Cognitive Services categories
+  enabled_log {
+    category = "Audit"
+  }
+
+  enabled_log {
+    category = "RequestResponse"
+  }
+
+  enabled_metric {
+    category = "AllMetrics"
+  }
+}
 
 # OpenAI model deployments
-resource "azurerm_cognitive_deployment" "openai_models" {
-  for_each = { for idx, model in var.openai_models : model.name => model }
+resource "azurerm_cognitive_deployment" "model_deployments" {
+  for_each = { for idx, model in var.model_deployments : model.name => model }
 
   name                 = each.value.name
   cognitive_account_id = azurerm_cognitive_account.openai.id
@@ -84,7 +84,7 @@ resource "azurerm_key_vault_secret" "openai_key" {
 # AZURE SPEECH SERVICES
 # ============================================================================
 
-resource "azurerm_cognitive_account" "speech" {
+resource "azurerm_cognitive_account" "speech" {
   name                = local.resource_names.speech
   location            = azurerm_resource_group.main.location
   resource_group_name = azurerm_resource_group.main.name
@@ -98,26 +98,26 @@ resource "azurerm_cognitive_account" "speech" {
   #local_auth_enabled = !var.disable_local_auth
 
   tags = local.tags
-}
-
-# Diagnostic settings for Speech Services
-resource "azurerm_monitor_diagnostic_setting" "speech_diagnostics" {
-  name                       = "${azurerm_cognitive_account.speech.name}-diagnostics"
-  target_resource_id         = azurerm_cognitive_account.speech.id
-  log_analytics_workspace_id = azurerm_log_analytics_workspace.main.id
-
-  enabled_log {
-    category = "Audit"
-  }
-
-  enabled_log {
-    category = "RequestResponse"
-  }
-
-  enabled_metric {
-    category = "AllMetrics"
-  }
-}
+}
+
+# Diagnostic settings for Speech Services
+resource "azurerm_monitor_diagnostic_setting" "speech_diagnostics" {
+  name                       = "${azurerm_cognitive_account.speech.name}-diagnostics"
+  target_resource_id         = azurerm_cognitive_account.speech.id
+  log_analytics_workspace_id = azurerm_log_analytics_workspace.main.id
+
+  enabled_log {
+    category = "Audit"
+  }
+
+  enabled_log {
+    category = "RequestResponse"
+  }
+
+  enabled_metric {
+    category = "AllMetrics"
+  }
+}
 
 # RBAC assignments for Speech Services
 resource "azurerm_role_assignment" "speech_backend_user" {

diff --git a/infra/terraform/communication.tf b/infra/terraform/communication.tf
@@ -57,13 +57,6 @@ resource "azurerm_key_vault_secret" "acs_connection_string" {
 # - Enables real-time STT/TTS operations
 # - Required for Call Automation with speech features
 #
-resource "azurerm_role_assignment" "acs_speech_user" {
-  scope                = azurerm_cognitive_account.speech.id
-  role_definition_name = "Cognitive Services User"
-  principal_id         = azapi_resource.acs.identity[0].principal_id
-
-}
-
 
 # ============================================================================
 # DIAGNOSTIC SETTINGS FOR AZURE COMMUNICATION SERVICES
@@ -192,12 +185,12 @@ resource "azurerm_monitor_diagnostic_setting" "acs_diagnostics" {
 # ============================================================================
 
 resource "azurerm_eventgrid_system_topic" "acs" {
-  name                   = "eg-topic-acs-${local.resource_token}"
-  resource_group_name    = azurerm_resource_group.main.name
-  location               = "global"
-  source_arm_resource_id = azapi_resource.acs.id
-  topic_type             = "Microsoft.Communication.CommunicationServices"
-  tags                   = local.tags
+  name                = "eg-topic-acs-${local.resource_token}"
+  resource_group_name = azurerm_resource_group.main.name
+  location            = "global"
+  source_resource_id  = azapi_resource.acs.id
+  topic_type          = "Microsoft.Communication.CommunicationServices"
+  tags                = local.tags
 }
 
 # # Event Grid System Topic Event Subscription for Incoming Calls

diff --git a/infra/terraform/containers.tf b/infra/terraform/containers.tf
@@ -303,22 +303,25 @@ resource "azurerm_container_app" "backend" {
       # Azure Speech Services
       env {
         name  = "AZURE_SPEECH_ENDPOINT"
-        value = "https://${azurerm_cognitive_account.speech.custom_subdomain_name}.cognitiveservices.azure.com/"
+        value = module.ai_foundry.endpoint
+        # value = "https://${azurerm_cognitive_account.speech.custom_subdomain_name}.cognitiveservices.azure.com/"
       }
 
       env {
         name  = "AZURE_SPEECH_DOMAIN_ENDPOINT"
-        value = "https://${azurerm_cognitive_account.speech.custom_subdomain_name}.cognitiveservices.azure.com/"
+        value = module.ai_foundry.openai_endpoint
+        # value = "https://${azurerm_cognitive_account.speech.custom_subdomain_name}.cognitiveservices.azure.com/"
       }
 
       env {
         name  = "AZURE_SPEECH_RESOURCE_ID"
-        value = azurerm_cognitive_account.speech.id
+        value = module.ai_foundry.account_id
+        # value = azurerm_cognitive_account.speech.id
       }
 
       env {
         name  = "AZURE_SPEECH_REGION"
-        value = azurerm_cognitive_account.speech.location
+        value = module.ai_foundry.location
       }
 
       dynamic "env" {
@@ -357,7 +360,7 @@ resource "azurerm_container_app" "backend" {
       # Azure OpenAI
       env {
         name  = "AZURE_OPENAI_ENDPOINT"
-        value = azurerm_cognitive_account.openai.endpoint
+        value = module.ai_foundry.openai_endpoint
       }
 
       env {

diff --git a/infra/terraform/data.tf b/infra/terraform/data.tf
@@ -61,27 +61,6 @@ resource "azurerm_role_assignment" "storage_principal_contributor" {
 # ============================================================================
 # COSMOS DB (MONGODB API)
 # ============================================================================
-# # Cosmos DB vCore MongoDB Cluster (M30 with 128GB disk)
-# resource "azurerm_mongo_cluster" "main" {
-#     name                = local.resource_names.cosmos
-#     resource_group_name = azurerm_resource_group.main.name
-#     location            = azurerm_resource_group.main.location
-
-#     administrator_username = "adminuser"
-#     administrator_password = random_password.cosmos_admin.result
-
-#     compute_tier    = "M30"
-#     high_availability_mode = "Disabled"
-#     public_network_access = "Enabled"
-#     shard_count     = 1
-#     storage_size_in_gb = 128
-#     version         = "5.0"
-
-
-
-#     tags = local.tags
-# }
-
 resource "azapi_resource" "mongoCluster" {
   type      = "Microsoft.DocumentDB/mongoClusters@2025-04-01-preview"
   parent_id = azurerm_resource_group.main.id

diff --git a/infra/terraform/main.tf b/infra/terraform/main.tf
@@ -70,12 +70,13 @@ locals {
 
   # Common tags
   tags = {
-    "azd-env-name" = var.environment_name
-    "hidden-title" = "Real Time Audio ${var.environment_name}"
-    "project"      = "gbb-ai-audio-agent"
-    "environment"  = var.environment_name
-    "deployment"   = "terraform"
-    "deployed_by"  = coalesce(var.deployed_by, local.principal_id)
+    "azd-env-name"    = var.environment_name
+    "hidden-title"    = "Real Time Audio ${var.environment_name}"
+    "project"         = "gbb-ai-audio-agent"
+    "environment"     = var.environment_name
+    "deployment"      = "terraform"
+    "deployed_by"     = coalesce(var.deployed_by, local.principal_id)
+    "SecurityControl" = "Ignore"
   }
 
   # Resource naming with Azure standard abbreviations
@@ -94,5 +95,10 @@ locals {
     log_analytics      = "log-${local.resource_token}"
     app_insights       = "ai-${local.resource_token}"
     container_env      = "cae-${var.name}-${var.environment_name}-${local.resource_token}"
+    foundry_account    = "aif${var.name}${var.environment_name}"
+    foundry_project    = "aif${var.name}${var.environment_name}proj"
   }
+
+  foundry_project_display = "AI Foundry ${var.environment_name}"
+  foundry_project_desc    = "AI Foundry project for ${var.environment_name} environment"
 }