Azure Policy allowed compute SKUs in Azure Machine Learning

Azure Machine Learning Leave a comment

Working on a customer project, we needed to limit the VM SKUs that researchers could use in their Azure ML projects. We wanted them to be able to create compute instances themselves, but within the limits of our budgets. I came up with a policy that is flexible in the configuration, so you can:

  • Use the strongType “vmSKUs” so it’s always an updated list of SKUs to choose from
  • Select if the policy should be active for Compute Instances, Compute Clusters or both

The policy targets all events with an action this field: 

        {
          "equals": "Microsoft.MachineLearningServices/workspaces/computes",
          "field": "type"
        },

It then checks these fields for the values you’ve selected in the parameters for each field:

        {
          "field": "Microsoft.MachineLearningServices/workspaces/computes/computeType",
          "in": "[parameters('ComputeType')]"
        },
        {
          "not": {
            "field": "Microsoft.MachineLearningServices/workspaces/computes/vmSize",
            "in": "[parameters('listOfAllowedSKUs')]"
          }
        }

Diving into this, you could also control other aspects of Azure Machine Learning compute, for example:

  • the location
  • if users should be able to provision compute outside of their Azure Machine Learning workspace
  • if you want public IPs on (currently a preview feature)
  • number of VMs in a compute cluster
  • and lots of other things..

The full policy is written below, or you can find it on my GitHub where I will also post other policies:

{
  "mode": "all",
  "policyRule": {
    "if": {
      "allOf": [
        {
          "equals": "Microsoft.MachineLearningServices/workspaces/computes",
          "field": "type"
        },
        {
          "field": "Microsoft.MachineLearningServices/workspaces/computes/computeType",
          "in": "[parameters('ComputeType')]"
        },
        {
          "not": {
            "field": "Microsoft.MachineLearningServices/workspaces/computes/vmSize",
            "in": "[parameters('listOfAllowedSKUs')]"
          }
        }
      ]
    },
    "then": {
      "effect": "deny"
    }
  },
  "parameters": {
    "listOfAllowedSKUs": {
      "type": "Array",
      "metadata": {
        "displayName": "Allowed Size SKUs",
        "description": "The list of size SKUs that can be specified for virtual machines.",
        "strongType": "vmSKUs"
      }
    },
    "computeType": {
      "type": "Array",
      "metadata": {
        "displayName": "Target compute types",
        "description": "The list of compute types that can be targeted. Compute Clusters = AmlCompute, Compute Instances = ComputeInstance"
      },
      "allowedValues": [
        "AmlCompute",
        "ComputeInstance"
      ]
    }
  }
}

Leave a Reply