diff --git a/examples/byob/README.md b/examples/byob/README.md index 1c55d4d..baea956 100644 --- a/examples/byob/README.md +++ b/examples/byob/README.md @@ -1,36 +1,46 @@ # Azure BYOB -This example can be used to create the Azure Blob Ctorage container required when using the BYOB mode for Dedicated Cloud deployment. +## About + +Weights & Biases can connect to a Azure Blob Storage Container created and owned by the customer. This is called BYOB (Bring your own bucket). More details (here)[https://docs.wandb.ai/guides/hosting/data-security/secure-storage-connector#provision-the-azure-blob-storage]. + +This example does not deploy a Weights & Biases instance. It deploys all required resources (Storage container and permissions) in the customer's account. + +--- + +## Using Terraform + +This example can be used to create the Azure Blob Storage container required when using the BYOB mode for Dedicated Cloud deployment. 1. Make sure you have Terraform installed 2. Make sure you have Azure CLI installed and configured 3. Clone this repository 4. Access the directory `examples/byob` and fix the options in the file `terraform.tfvars` -Once the configuration is done, just execute the Terraform following the example below +Once the configuration is done, just execute the Terraform following the example below: ```bash terraform init terraform apply -var-file=terraform.tfvars ``` -At the end of execution you will have the following output +At the end of execution you will have the following output: ```bash blob_container = "rgnamestorage/wandb" storage_key = ``` -To retrieve the storage key, you can use the Azure CLI installed previously like the example below. +To retrieve the storage key, you can use the Azure CLI installed previously like the example below: ```bash az storage account keys list --account-name --resource-group --query '[0].value' -o tsv 1111111111111122222222222333333333334444444555555555 ``` -This command will return the storage key, which you can then use for your deployment needs. Ensure you handle the storage key securely as it contains sensitive information. +This command will return the storage key. Ensure you handle the storage key securely. -# Customer Managed Key Encryption +### Customer Managed Key Encryption The following section provides details on enabling Customer Managed Key (CMK) encryption for the Azure Blob Storage container which is disabled by default. @@ -71,3 +81,7 @@ storage_vault_key_id = "https://.vault.azure.net/keys/ ``` Retrieve the storage key as shown above. + +## Using Azure Portal + +Please refer to the (public documentation)[https://docs.wandb.ai/guides/hosting/data-security/secure-storage-connector#provision-the-kms-key] on how to create all required resources manually.