Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Note
You must use a hub based project for this feature. A Foundry project isn't supported. See How do I know which type of project I have? and Create a hub based project.
Important
Items marked (preview) in this article are currently in public preview. This preview is provided without a service-level agreement, and we don't recommend it for production workloads. Certain features might not be supported or might have constrained capabilities. For more information, see Supplemental Terms of Use for Microsoft Azure Previews.
In this article, you learn how to add a new connection to Azure AI Foundry using the Azure Machine Learning SDK.
Connections are a way to authenticate and consume both Microsoft and other resources within your Azure AI Foundry projects. For example, connections can be used for prompt flow, training data, and deployments. Connections can be created exclusively for one project or shared with all projects in the same Azure AI Foundry hub. For more information, see How to add a new connection in Azure AI Foundry portal.
Prerequisites
- An Azure subscription. If you don't have an Azure subscription, create a free account before you begin. Try the free or paid version of Azure AI Foundry today.
- An Azure AI Foundry hub. For information on creating a hub, see Create Azure AI Foundry Services with the SDK.
- A resource to create a connection to. For example, an AI Services resource. The examples in this article use placeholders that you must replace with your own values when running the code.
Set up your environment
Install packages. (If in a notebook cell, use
%pip installinstead.)pip install azure-ai-ml pip install azure-identityProvide your subscription details:
# Enter details of your subscription subscription_id = "<SUBSCRIPTION_ID>" resource_group = "<RESOURCE_GROUP>"Get a handle to the subscription. All the Python code in this article uses
ml_client:# get a handle to the subscription from azure.ai.ml import MLClient from azure.identity import DefaultAzureCredential ml_client = MLClient(DefaultAzureCredential(), subscription_id, resource_group)(Optional) If you have multiple accounts, add the tenant ID of the Microsoft Entra ID you wish to use into the
DefaultAzureCredential. Find your tenant ID from the Azure portal under Microsoft Entra ID, External Identities.DefaultAzureCredential(interactive_browser_tenant_id="<TENANT_ID>")(Optional) If you're working on in the Azure Government - US or Azure China 21Vianet regions, specify the region into which you want to authenticate. You can specify the region with
DefaultAzureCredential. The following example authenticates to the Azure Government - US region:from azure.identity import AzureAuthorityHosts DefaultAzureCredential(authority=AzureAuthorityHosts.AZURE_GOVERNMENT)
Authenticating with Microsoft Entra ID
There are various authentication methods for the different connection types. When you use Microsoft Entra ID, in addition to creating the connection you might also need to grant Azure role-based access control permissions before the connection can be used. For more information, visit Role-based access control.
Important
We recommend Microsoft Entra ID authentication with managed identities for Azure resources to avoid storing credentials with your applications that run in the cloud.
Use API keys with caution. Don't include the API key directly in your code, and never post it publicly. If using API keys, store them securely in Azure Key Vault, rotate the keys regularly, and restrict access to Azure Key Vault using role based access control and network access restrictions. For more information about using API keys securely in your apps, see API keys with Azure Key Vault.
For more information about AI services security, see Authenticate requests to Azure AI services.
Azure OpenAI in Foundry Models
The following example uses the AzureOpenAIConnection class to create an Azure OpenAI in Azure AI Foundry Models connection.
Tip
To connect to Azure OpenAI and more AI services with one connection, you can use the AI services connection instead.
from azure.ai.ml.entities import AzureOpenAIConnection
name = "XXXXXXXXX"
target = "https://XXXXXXXXX.cognitiveservices.azure.com/"
resource_id= "Azure-resource-id"
# Microsoft Entra ID
credentials = None
wps_connection = AzureOpenAIConnection(
name=name,
azure_endpoint=target,
credentials=credentials,
resource_id = resource_id,
is_shared=False
)
ml_client.connections.create_or_update(wps_connection)
Azure AI services
The following example uses the AzureAIServicesConnection class to create an Azure AI services connection. This example creates one connection for the AI services documented in the Connect to Azure AI services article. The same connection also supports Azure OpenAI.
from azure.ai.ml.entities import AzureAIServicesConnection
name = "my-ai-services"
target = "https://my.cognitiveservices.azure.com/"
resource_id=""
# Microsoft Entra ID
credentials = None
wps_connection = AzureAIServicesConnection(
name=name,
endpoint=target,
credentials=credentials,
ai_services_resource_id=resource_id,
)
ml_client.connections.create_or_update(wps_connection)
Azure AI Search
The following example uses the AzureAISearchConnection class to create an Azure AI Search connection:
from azure.ai.ml.entities import AzureAISearchConnection
name = "my_aisearch_demo_connection"
target = "https://my.search.windows.net"
# Microsoft Entra ID
credentials = None
wps_connection = AzureAISearchConnection(
name=name,
endpoint=target,
credentials=credentials,
)
ml_client.connections.create_or_update(wps_connection)
Azure AI Content Safety
The following example creates an Azure AI Content Safety connection:
from azure.ai.ml.entities import AzureContentSafetyConnection, ApiKeyConfiguration
name = "my_content_safety"
target = "https://my.cognitiveservices.azure.com/"
api_key = "XXXXXXXXX"
wps_connection = AzureContentSafetyConnection(
name=name,
endpoint=target,
credentials=ApiKeyConfiguration(key=api_key),
#api_version="1234"
)
ml_client.connections.create_or_update(wps_connection)
Serverless model (preview)
The following example creates a serverless endpoint connection:
from azure.ai.ml.entities import ServerlessConnection
name = "my_maas_apk"
endpoint = "https://my.eastus2.inference.ai.azure.com/"
api_key = "XXXXXXXXX"
wps_connection = ServerlessConnection(
name=name,
endpoint=endpoint,
api_key=api_key,
)
ml_client.connections.create_or_update(wps_connection)
Azure Blob Storage
The following example uses the AzureBlobStoreConnection class to create an Azure Blob Storage connection. This connection is authenticated with an account key or a SAS token:
from azure.ai.ml.entities import AzureBlobStoreConnection, SasTokenConfiguration,AccountKeyConfiguration
name = "my_blobstore"
url = "https://XXXXXXXXX.blob.core.windows.net/mycontainer/"
wps_connection = AzureBlobStoreConnection(
name=name,
container_name="XXXXXXXXX",
account_name="XXXXXXXXX",
url=url,
#credentials=None
credentials=SasTokenConfiguration(sas_token="XXXXXXXXX")
#credentials=AccountKeyConfiguration(account_key="XXXXXXXXX")
)
ml_client.connections.create_or_update(wps_connection)
Azure Data Lake Storage Gen 2
The following example creates Azure Data Lake Storage Gen 2 connection. This connection is authenticated with a Service Principal:
from azure.ai.ml.entities import WorkspaceConnection
from azure.ai.ml.entities import ServicePrincipalConfiguration
sp_config = ServicePrincipalConfiguration(
tenant_id="XXXXXXXXXXXX",
client_id="XXXXXXXXXXXXX",
client_secret="XXXXXXXXXXXXXXXk" # your-client-secret
)
name = "myadlsgen2"
target = "https://ambadaladlsgen2.core.windows.net/dummycont"
wps_connection = WorkspaceConnection(
name=name,
type="azure_data_lake_gen2",
target=target,
credentials=None
)
ml_client.connections.create_or_update(workspace_connection=wps_connection)
Microsoft OneLake
The following example uses the MicrosoftOneLakeWorkspaceConnection class to create a Microsoft OneLake connection. This connection is authenticated with a Service Principal:
from azure.ai.ml.entities import MicrosoftOneLakeWorkspaceConnection, OneLakeArtifact
from azure.ai.ml.entities import ServicePrincipalConfiguration
sp_config = ServicePrincipalConfiguration(
tenant_id="XXXXXXXXXXX",
client_id="XXXXXXXXXXXXXXXXXX",
client_secret="XXXXXXXXXXXXXXXX" # your-client-secret
)
name = "my_onelake_sp"
artifact = OneLakeArtifact(
name="XXXXXXXXX",
type="lake_house"
)
wps_connection = MicrosoftOneLakeWorkspaceConnection(
name=name,
artifact=artifact,
one_lake_workspace_name="XXXXXXXXXXXXXXXXX",
endpoint="XXXXXXXXX.dfs.fabric.microsoft.com"
credentials=sp_config
)
ml_client.connections.create_or_update(workspace_connection=wps_connection)
Serp
The following example uses the SerpConnection class:
from azure.ai.ml.entities import SerpConnection
name = "my_serp_apk"
api_key = "XXXXXXXXX"
wps_connection = SerpConnection(
name=name,
api_key=api_key,
)
ml_client.connections.create_or_update(wps_connection)
OpenAI
The following example uses the OpenAIConnection class to create an OpenAI (not Azure OpenAI) connection:
from azure.ai.ml.entities import OpenAIConnection
name = "my_oai_apk"
api_key = "XXXXXXXX"
wps_connection = OpenAIConnection(
name=name,
api_key=api_key,
)
ml_client.connections.create_or_update(wps_connection)
Custom
The following example uses the ApiKeyConfiguration class to create custom connection:
from azure.ai.ml.entities import WorkspaceConnection
from azure.ai.ml.entities import ApiKeyConfiguration
name = "my_custom"
target = "https://XXXXXXXXX.core.windows.net/mycontainer"
wps_connection = WorkspaceConnection(
name=name,
type="custom",
target=target,
credentials=ApiKeyConfiguration(key="XXXXXXXXX"),
)
ml_client.connections.create_or_update(workspace_connection=wps_connection)
List connections
To list all connections, use the following example:
from azure.ai.ml.entities import Connection, AzureOpenAIConnection, ApiKeyConfiguration
connection_list = ml_client.connections.list()
for conn in connection_list:
print(conn)
Delete connections
To delete a connection, use the following example:
name = "my-connection"
ml_client.connections.delete(name)