Skip to content

azurermCognitiveAccount

Manages a Cognitive Services Account.

-> Note: Version v2.65.0 of the Azure Provider and later will attempt to Purge the Cognitive Account during deletion. This feature can be disabled using the features block within the provider block, see the provider documentation on the features block for more information.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
const azurermCognitiveAccountExample =
  new azurerm.cognitiveAccount.CognitiveAccount(this, "example_1", {
    kind: "Face",
    location: azurermResourceGroupExample.location,
    name: "example-account",
    resource_group_name: azurermResourceGroupExample.name,
    sku_name: "S0",
    tags: {
      Acceptance: "Test",
    },
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermCognitiveAccountExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

  • name - (Required) Specifies the name of the Cognitive Service Account. Changing this forces a new resource to be created.

  • resourceGroupName - (Required) The name of the resource group in which the Cognitive Service Account is created. Changing this forces a new resource to be created.

  • location - (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

  • kind - (Required) Specifies the type of Cognitive Service Account that should be created. Possible values are academic, anomalyDetector, bingAutosuggest, bingAutosuggestV7, bingCustomSearch, bingSearch, bingSearchV7, bingSpeech, bingSpellCheck, bingSpellCheckV7, cognitiveServices, computerVision, contentModerator, customSpeech, customVisionPrediction, customVisionTraining, emotion, face, formRecognizer, immersiveReader, luis, luisAuthoring, metricsAdvisor, openAi, personalizer, qnAMaker, recommendations, speakerRecognition, speech, speechServices, speechTranslation, textAnalytics, textTranslation and webLm. Changing this forces a new resource to be created.

-> NOTE: New Bing Search resources cannot be created as their APIs are moving from Cognitive Services Platform to new surface area under Microsoft.com. Starting from October 30, 2020, existing instances of Bing Search APIs provisioned via Cognitive Services will be continuously supported for next 3 years or till the end of respective Enterprise Agreement, whichever happens first.

-> NOTE: You must create your first Face, Text Analytics, or Computer Vision resources from the Azure portal to review and acknowledge the terms and conditions. In Azure Portal, the checkbox to accept terms and conditions is only displayed when a US region is selected. More information on Prerequisites.

  • skuName - (Required) Specifies the SKU Name for this Cognitive Service Account. Possible values are f0, f1, s0, s, s1, s2, s3, s4, s5, s6, p0, p1, p2, e0 and dc0.

-> NOTE: SKU dc0 is the commitment tier for Cognitive Services containers running in disconnected environments. You must obtain approval from Microsoft by submitting the request form first, before you can use this SKU. More information on Purchase a commitment plan to use containers in disconnected environments.

  • customSubdomainName - (Optional) The subdomain name used for token-based authentication. Changing this forces a new resource to be created.

  • dynamicThrottlingEnabled - (Optional) Whether to enable the dynamic throttling for this Cognitive Service Account.

  • customerManagedKey - (Optional) A customerManagedKey block as documented below.

  • fqdns - (Optional) List of FQDNs allowed for the Cognitive Account.

  • identity - (Optional) An identity block as defined below.

  • localAuthEnabled - (Optional) Whether local authentication methods is enabled for the Cognitive Account. Defaults to true.

  • metricsAdvisorAadClientId - (Optional) The Azure AD Client ID (Application ID). This attribute is only set when kind is metricsAdvisor. Changing this forces a new resource to be created.

  • metricsAdvisorAadTenantId - (Optional) The Azure AD Tenant ID. This attribute is only set when kind is metricsAdvisor. Changing this forces a new resource to be created.

  • metricsAdvisorSuperUserName - (Optional) The super user of Metrics Advisor. This attribute is only set when kind is metricsAdvisor. Changing this forces a new resource to be created.

  • metricsAdvisorWebsiteName - (Optional) The website name of Metrics Advisor. This attribute is only set when kind is metricsAdvisor. Changing this forces a new resource to be created.

-> NOTE: This URL is mandatory if the kind is set to qnAMaker.

  • networkAcls - (Optional) A networkAcls block as defined below.

  • outboundNetworkAccessRestricted - (Optional) Whether outbound network access is restricted for the Cognitive Account. Defaults to false.

  • publicNetworkAccessEnabled - (Optional) Whether public network access is allowed for the Cognitive Account. Defaults to true.

  • qnaRuntimeEndpoint - (Optional) A URL to link a QnAMaker cognitive account to a QnA runtime.

  • customQuestionAnsweringSearchServiceId - (Optional) If kind is textAnalytics this specifies the ID of the Search service.

  • customQuestionAnsweringSearchServiceKey - (Optional) If kind is textAnalytics this specifies the key of the Search service.

-> NOTE: customQuestionAnsweringSearchServiceId and customQuestionAnsweringSearchServiceKey are used for Custom Question Answering, the renamed version of QnA Maker, while qnaRuntimeEndpoint is used for the old version of QnA Maker

  • storage - (Optional) A storage block as defined below.

  • tags - (Optional) A mapping of tags to assign to the resource.

A networkAcls block supports the following:

  • defaultAction - (Required) The Default Action to use when no rules match from ipRules / virtualNetworkRules. Possible values are allow and deny.

  • ipRules - (Optional) One or more IP Addresses, or CIDR Blocks which should be able to access the Cognitive Account.

  • virtualNetworkRules - (Optional) A virtualNetworkRules block as defined below.

A virtualNetworkRules block supports the following:

  • subnetId - (Required) The ID of the subnet which should be able to access this Cognitive Account.

  • ignoreMissingVnetServiceEndpoint - (Optional) Whether ignore missing vnet service endpoint or not. Default to false.

A customerManagedKey block supports the following:

  • keyVaultKeyId - (Required) The ID of the Key Vault Key which should be used to Encrypt the data in this Cognitive Account.

  • identityClientId - (Optional) The Client ID of the User Assigned Identity that has access to the key. This property only needs to be specified when there're multiple identities attached to the Cognitive Account.

A identity block supports the following:

  • type - (Required) Specifies the type of Managed Service Identity that should be configured on this Cognitive Account. Possible values are systemAssigned, userAssigned, systemAssigned,UserAssigned (to enable both).

  • identityIds - (Optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this Cognitive Account.

\~> NOTE: This is required when type is set to userAssigned or systemAssigned,UserAssigned.

A storage block supports the following:

  • storageAccountId - (Required) Full resource id of a Microsoft.Storage resource.

  • identityClientId - (Optional) The client ID of the managed identity associated with the storage resource.

Attributes Reference

The following attributes are exported:

  • id - The ID of the Cognitive Service Account.

  • endpoint - The endpoint used to connect to the Cognitive Service Account.

  • identity - An identity block as defined below.

  • primaryAccessKey - A primary access key which can be used to connect to the Cognitive Service Account.

  • secondaryAccessKey - The secondary access key which can be used to connect to the Cognitive Service Account.

An identity block exports the following:

  • principalId - The Principal ID associated with this Managed Service Identity.

  • tenantId - The Tenant ID associated with this Managed Service Identity.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 30 minutes) Used when creating the Cognitive Service Account.
  • update - (Defaults to 30 minutes) Used when updating the Cognitive Service Account.
  • read - (Defaults to 5 minutes) Used when retrieving the Cognitive Service Account.
  • delete - (Defaults to 30 minutes) Used when deleting the Cognitive Service Account.

Import

Cognitive Service Accounts can be imported using the resourceId, e.g.

terraform import azurerm_cognitive_account.account1 /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.CognitiveServices/accounts/account1