diff --git a/quickstart/101-synapse/.gitignore b/quickstart/101-synapse/.gitignore new file mode 100644 index 00000000..cc744186 --- /dev/null +++ b/quickstart/101-synapse/.gitignore @@ -0,0 +1,11 @@ +# Terraform specific + +.terraform + +.terraform.lock.hcl +terraform.tfstate +terraform.tfstate.backup +.terraform.tfstate.lock.info +terraform.tfvars +**.tfbackend +state/ \ No newline at end of file diff --git a/quickstart/101-synapse/README.md b/quickstart/101-synapse/README.md new file mode 100644 index 00000000..ab8dd2d8 --- /dev/null +++ b/quickstart/101-synapse/README.md @@ -0,0 +1,51 @@ +# Azure Synapse Analytics workspace (public network connectivity) + +This deployment configuration specifies an [Azure Synapse Analytics workspace](https://learn.microsoft.com/en-us/azure/synapse-analytics/get-started-create-workspace), +and its associated resources including Azure Data Lake Storage (gen2), Synapse Spark Pool and Synapse SQL Pool. + +This configuration describes the minimal set of resources you require to get started with Azure Synapse Analytics. + +Network connectivity to the workspace is allowed over public endpoints, making this configuration suitable for open source projects or pilot environments. + +## Resources + + +| Terraform Resource Type | Description | +| - | - | +| `azurerm_resource_group` | The resource group all resources get deployed into. | +| `azurerm_storage_account` | An Azure Storage instance associated to the Azure Synapse Analytics workspace. | +| `azurerm_synapse_workspace` | An Azure Synapse Analytics workspace instance. | +| `azurerm_synapse_spark_pool` | An Azure Synapse Analytics spark pool. | +| `azurerm_synapse_sql_pool` | An Azure Synapse Analytics dedicated SQL pool. | + +## Variables + +| Name | Description | Default | +|-|-|-| +| name | Name of the deployment | - | +| environment | The deployment environment name (used for pre- and postfixing resource names) | dev | +| location | The Azure region used for deployments | East US | +| aad_admin.login | The login name of the Azure AD Administrator of this Synapse Workspace | - | +| aad_admin.object_id| The object id of the Azure AD Administrator of this Synapse Workspace | - | +| aad_admin.tenant_id| The tenant id of the Azure AD Administrator of this Synapse Workspace | - | +| synadmin_username| Specifies The login name of the SQL administrator | sqladminuser | +| synadmin_password| The Password associated with the sql_administrator_login for the SQL administrator | ThisIsNotVerySecure! | +| enable_syn_sparkpool| A feature flag to enable/disable the Spark pool | false | +| enable_syn_sqlpool| A feature flag to enable/disable the SQL pool | false | + +## Usage + +1. Copy `terraform.tfvars.example` to `terraform.tfvars` +2. Update `terraform.tfvars` with your desired values +3. Run Terraform + ```console + $ terraform init + $ terraform plan + $ terraform apply + ``` + +## Learn more + +- If you are new to Azure Synapse Analytics, see [Azure Synapse Analytics service](https://azure.microsoft.com/services/synapse-analytics/) and [Azure Synapse Analytics documentation](https://learn.microsoft.com/azure/synapse-analytics/overview-what-is). +- To learn more about security configurations in Azure Synapse Analytics, see [Azure Synapse Analytics security white paper](https://learn.microsoft.com/azure/synapse-analytics/guidance/security-white-paper-introduction). +- For all configurations of Azure Synapse Analytics in Terraform, see [Terraform Hashicorp AzureRM provider documentation](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/synapse_workspace). diff --git a/quickstart/101-synapse/locals.tf b/quickstart/101-synapse/locals.tf new file mode 100644 index 00000000..2d4911c5 --- /dev/null +++ b/quickstart/101-synapse/locals.tf @@ -0,0 +1,10 @@ +locals { + tags = { + Toolkit = "Terraform" + } + + safe_name = replace(var.name, "-", "") + safe_environment = replace(var.environment, "-", "") + + basename = "${var.name}-${var.environment}" +} \ No newline at end of file diff --git a/quickstart/101-synapse/main.tf b/quickstart/101-synapse/main.tf new file mode 100644 index 00000000..c0dc6988 --- /dev/null +++ b/quickstart/101-synapse/main.tf @@ -0,0 +1,24 @@ +terraform { + required_providers { + azurerm = { + version = "= 3.30.0" + } + } +} + +provider "azurerm" { + features {} +} + +data "azurerm_client_config" "current" {} + +data "http" "ip" { + url = "https://ifconfig.me" +} + +resource "azurerm_resource_group" "default" { + name = "rg-${local.basename}" + location = var.location + + tags = local.tags +} \ No newline at end of file diff --git a/quickstart/101-synapse/storage_account.tf b/quickstart/101-synapse/storage_account.tf new file mode 100644 index 00000000..d7c9a9e2 --- /dev/null +++ b/quickstart/101-synapse/storage_account.tf @@ -0,0 +1,36 @@ +resource "azurerm_storage_account" "default" { + name = "st${local.safe_name}${local.safe_environment}" + resource_group_name = azurerm_resource_group.default.name + location = azurerm_resource_group.default.location + account_tier = "Standard" + account_replication_type = "LRS" + account_kind = "StorageV2" + is_hns_enabled = true +} + +resource "azurerm_role_assignment" "sbdc_current_user" { + scope = azurerm_storage_account.default.id + role_definition_name = "Storage Blob Data Contributor" + principal_id = data.azurerm_client_config.current.object_id +} + +resource "azurerm_role_assignment" "sbdc_syn_ws" { + scope = azurerm_storage_account.default.id + role_definition_name = "Storage Blob Data Contributor" + principal_id = azurerm_synapse_workspace.default.identity[0].principal_id +} + +resource "azurerm_role_assignment" "c_syn_ws" { + scope = azurerm_storage_account.default.id + role_definition_name = "Contributor" + principal_id = azurerm_synapse_workspace.default.identity[0].principal_id +} + +resource "azurerm_storage_data_lake_gen2_filesystem" "default" { + name = "default" + storage_account_id = azurerm_storage_account.default.id + + depends_on = [ + azurerm_role_assignment.sbdc_current_user + ] +} \ No newline at end of file diff --git a/quickstart/101-synapse/synapse_pools.tf b/quickstart/101-synapse/synapse_pools.tf new file mode 100644 index 00000000..baf3f571 --- /dev/null +++ b/quickstart/101-synapse/synapse_pools.tf @@ -0,0 +1,28 @@ +# Sql Pool + +resource "azurerm_synapse_sql_pool" "syn_pool_sql" { + name = "syndp01" + synapse_workspace_id = azurerm_synapse_workspace.default.id + sku_name = "DW100c" + create_mode = "Default" + count = var.enable_syn_sqlpool ? 1 : 0 +} + +# Spark Pool + +resource "azurerm_synapse_spark_pool" "syn_pool_spark" { + name = "synsp01" + synapse_workspace_id = azurerm_synapse_workspace.default.id + node_size_family = "MemoryOptimized" + node_size = "Small" + count = var.enable_syn_sparkpool ? 1 : 0 + + auto_scale { + max_node_count = 50 + min_node_count = 3 + } + + auto_pause { + delay_in_minutes = 15 + } +} \ No newline at end of file diff --git a/quickstart/101-synapse/synapse_workspace.tf b/quickstart/101-synapse/synapse_workspace.tf new file mode 100644 index 00000000..59687938 --- /dev/null +++ b/quickstart/101-synapse/synapse_workspace.tf @@ -0,0 +1,32 @@ +resource "azurerm_synapse_workspace" "default" { + name = "syn-${local.basename}" + resource_group_name = azurerm_resource_group.default.name + location = azurerm_resource_group.default.location + storage_data_lake_gen2_filesystem_id = azurerm_storage_data_lake_gen2_filesystem.default.id + + sql_administrator_login = var.synadmin_username + sql_administrator_login_password = var.synadmin_password + + managed_resource_group_name = "${azurerm_resource_group.default.name}-syn-managed" + + public_network_access_enabled = true + + aad_admin { + login = var.aad_login.name + object_id = var.aad_login.object_id + tenant_id = var.aad_login.tenant_id + } + + identity { + type = "SystemAssigned" + } + + tags = local.tags +} + +resource "azurerm_synapse_firewall_rule" "allow_my_ip" { + name = "AllowMyPublicIp" + synapse_workspace_id = azurerm_synapse_workspace.default.id + start_ip_address = data.http.ip.body + end_ip_address = data.http.ip.body +} diff --git a/quickstart/101-synapse/terraform.tfvars.example b/quickstart/101-synapse/terraform.tfvars.example new file mode 100644 index 00000000..9dfa8a8e --- /dev/null +++ b/quickstart/101-synapse/terraform.tfvars.example @@ -0,0 +1,12 @@ +name = "syn101" +environment = "dev" +location = "East US" + +aad_login = { + name = "azureuser@contoso.com" + object_id = "00000000-0000-0000-0000-000000000000" + tenant_id = "00000000-0000-0000-0000-000000000000" +} + +enable_syn_sparkpool = true +enable_syn_sqlpool = true \ No newline at end of file diff --git a/quickstart/101-synapse/variables.tf b/quickstart/101-synapse/variables.tf new file mode 100644 index 00000000..4bfb92fc --- /dev/null +++ b/quickstart/101-synapse/variables.tf @@ -0,0 +1,54 @@ +variable "name" { + type = string + description = "Name of the deployment" +} + +variable "environment" { + type = string + description = "Name of the environment" + default = "dev" +} + +variable "location" { + type = string + description = "Location of the resources" + default = "East US" +} + +variable "aad_login" { + description = "AAD login" + type = object({ + name = string + object_id = string + tenant_id = string + }) + default = { + name = "AzureAD Admin" + object_id = "00000000-0000-0000-0000-000000000000" + tenant_id = "00000000-0000-0000-0000-000000000000" + } +} + +variable "synadmin_username" { + type = string + description = "Specifies The login name of the SQL administrator" + default = "sqladminuser" +} + +variable "synadmin_password" { + type = string + description = "The Password associated with the sql_administrator_login for the SQL administrator" + default = "ThisIsNotVerySecure!" +} + +variable "enable_syn_sparkpool" { + type = bool + description = "Variable to enable or disable Synapse Spark pool deployment" + default = false +} + +variable "enable_syn_sqlpool" { + type = bool + description = "Variable to enable or disable Synapse Dedicated SQL pool deployment" + default = false +} \ No newline at end of file