Tips-Of-Mine/terraform-azure
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix comments

Browse Source
This commit is contained in:
murggu 2022-11-18 22:12:00 +01:00
parent a0ddf338d3
commit eb6b615ae3
14 changed files with 42 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
quickstart/101-synapse/README.md
View File

@ -9,7 +9,6 @@ Network connectivity to the workspace is allowed over public endpoints, making t
## Resources
| Terraform Resource Type | Description |
| - | - |
| `azurerm_resource_group` | The resource group all resources get deployed into. |
@ -46,6 +45,6 @@ Network connectivity to the workspace is allowed over public endpoints, making t
## Learn more
- If you are new to Azure Synapse Analytics, see [Azure Synapse Analytics service](https://azure.microsoft.com/services/synapse-analytics/) and [Azure Synapse Analytics documentation](https://learn.microsoft.com/azure/synapse-analytics/overview-what-is).
- To learn more about security configurations in Azure Synapse Analytics, see [Azure Synapse Analytics security white paper](https://learn.microsoft.com/azure/synapse-analytics/guidance/security-white-paper-introduction).
- For all configurations of Azure Synapse Analytics in Terraform, see [Terraform Hashicorp AzureRM provider documentation](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/synapse_workspace).
- If you are new to Azure Synapse Analytics, see [Azure Synapse Analytics service](https://azure.microsoft.com/services/synapse-analytics/) and [Azure Synapse Analytics documentation](https://learn.microsoft.com/azure/synapse-analytics/guidance/success-by-design-introduction).
- To learn more about security configurations in Azure Synapse Analytics, see [Azure Synapse Analytics security white paper](https://learn.microsoft.com/azure/synapse-analytics/guidance/security-white-paper-introduction) and watch [Success with Synapse - Security videos](https://www.youtube.com/playlist?list=PLzUAjXZBFU9OWYjSI5TdlpMV0ltAjLaNw).
- For all configurations of Azure Synapse Analytics in Terraform, see [Terraform Hashicorp AzureRM provider documentation](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/synapse_workspace).

2
quickstart/101-synapse/locals.tf
View File

@ -1,4 +1,4 @@
locals {
basename = "${var.name}-${var.environment}"
basename = "${var.name}-${var.environment}"
safe_basename = replace(local.basename, "-", "")
}

12
quickstart/101-synapse/main.tf
View File

@ -1,15 +1,3 @@
terraform {
required_providers {
azurerm = {
version = "= 3.30.0"
}
}
}
provider "azurerm" {
features {}
}
data "azurerm_client_config" "current" {}
data "http" "ip" {

11
quickstart/101-synapse/providers.tf Normal file
View File

@ -0,0 +1,11 @@
terraform {
required_providers {
azurerm = {
version = "= 3.32.0"
}
}
}
provider "azurerm" {
features {}
}

4
quickstart/101-synapse/synapse_workspace.tf
View File

@ -23,6 +23,6 @@ resource "azurerm_synapse_workspace" "default" {
resource "azurerm_synapse_firewall_rule" "allow_my_ip" {
name = "AllowMyPublicIp"
synapse_workspace_id = azurerm_synapse_workspace.default.id
start_ip_address = data.http.ip.body
end_ip_address = data.http.ip.body
start_ip_address = data.http.ip.response_body
end_ip_address = data.http.ip.response_body
}

2
quickstart/101-synapse/variables.tf
View File

@ -32,13 +32,11 @@ variable "aad_login" {
variable "synadmin_username" {
type = string
description = "Specifies The login name of the SQL administrator"
default = "sqladminuser"
}
variable "synadmin_password" {
type = string
description = "The Password associated with the sql_administrator_login for the SQL administrator"
default = "ThisIsNotVerySecure!"
}
variable "enable_syn_sparkpool" {

8
quickstart/201-synapse-secure/README.md
View File

@ -6,7 +6,7 @@ and its associated resources including Azure Data Lake Storage (gen2), Synapse S
In addition to these core services, this configuration specifies any networking components that are required to set up Azure Synapse Analytics
for private network connectivity using [Azure Private Link](https://docs.microsoft.com/en-us/azure/private-link/).
This configuration describes the minimal set of resources you require to get started with Azure Synapse Analytics in a network-isolated set-up. This configuration creates new network components. Use Azure Bastion to securely connect to the Virtual Machine.
This configuration describes the minimal set of resources you require to get started with Azure Synapse Analytics in a network-isolated set-up. This configuration creates new network components. Use Azure Bastion to securely connect to the Virtual Machine.
## Resources
@ -40,8 +40,6 @@ This configuration describes the minimal set of resources you require to get sta
| enable_syn_sparkpool| A feature flag to enable/disable the Spark pool | false |
| enable_syn_sqlpool| A feature flag to enable/disable the SQL pool | false |
## Usage
1. Copy `terraform.tfvars.example` to `terraform.tfvars`
@ -55,6 +53,6 @@ This configuration describes the minimal set of resources you require to get sta
## Learn more
- If you are new to Azure Synapse Analytics, see [Azure Synapse Analytics service](https://azure.microsoft.com/services/synapse-analytics/) and [Azure Synapse Analytics documentation](https://learn.microsoft.com/azure/synapse-analytics/overview-what-is).
- To learn more about security configurations in Azure Synapse Analytics, see [Azure Synapse Analytics security white paper](https://learn.microsoft.com/azure/synapse-analytics/guidance/security-white-paper-introduction).
- If you are new to Azure Synapse Analytics, see [Azure Synapse Analytics service](https://azure.microsoft.com/services/synapse-analytics/) and [Azure Synapse Analytics documentation](https://learn.microsoft.com/azure/synapse-analytics/guidance/success-by-design-introduction).
- To learn more about security configurations in Azure Synapse Analytics, see [Azure Synapse Analytics security white paper](https://learn.microsoft.com/azure/synapse-analytics/guidance/security-white-paper-introduction) and watch [Success with Synapse - Security videos](https://www.youtube.com/playlist?list=PLzUAjXZBFU9OWYjSI5TdlpMV0ltAjLaNw).
- For all configurations of Azure Synapse Analytics in Terraform, see [Terraform Hashicorp AzureRM provider documentation](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/synapse_workspace).

2
quickstart/201-synapse-secure/locals.tf
View File

@ -1,4 +1,4 @@
locals {
basename = "${var.name}-${var.environment}"
basename = "${var.name}-${var.environment}"
safe_basename = replace(local.basename, "-", "")
}

12
quickstart/201-synapse-secure/main.tf
View File

@ -1,15 +1,3 @@
terraform {
required_providers {
azurerm = {
version = "= 3.30.0"
}
}
}
provider "azurerm" {
features {}
}
data "azurerm_client_config" "current" {}
data "http" "ip" {

12
quickstart/201-synapse-secure/network.tf
View File

@ -8,12 +8,12 @@ resource "azurerm_virtual_network" "default" {
# Subnets
resource "azurerm_subnet" "default" {
name = "snet-${local.basename}"
resource_group_name = azurerm_resource_group.default.name
virtual_network_name = azurerm_virtual_network.default.name
address_prefixes = ["10.0.1.0/24"]
service_endpoints = []
enforce_private_link_endpoint_network_policies = true
name = "snet-${local.basename}"
resource_group_name = azurerm_resource_group.default.name
virtual_network_name = azurerm_virtual_network.default.name
address_prefixes = ["10.0.1.0/24"]
service_endpoints = []
private_endpoint_network_policies_enabled = true
}
resource "azurerm_subnet" "bastion" {

11
quickstart/201-synapse-secure/providers.tf Normal file
View File

@ -0,0 +1,11 @@
terraform {
required_providers {
azurerm = {
version = "= 3.32.0"
}
}
}
provider "azurerm" {
features {}
}

2
quickstart/201-synapse-secure/storage_account.tf
View File

@ -41,7 +41,7 @@ resource "azurerm_storage_account_network_rules" "firewall_rules" {
storage_account_id = azurerm_storage_account.default.id
default_action = "Deny"
ip_rules = [data.http.ip.body]
ip_rules = [data.http.ip.response_body]
virtual_network_subnet_ids = []
bypass = ["None"]
}

11
quickstart/201-synapse-secure/synapse_workspace.tf
View File

@ -8,7 +8,9 @@ resource "azurerm_synapse_workspace" "default" {
sql_administrator_login_password = var.synadmin_password
managed_virtual_network_enabled = true
managed_resource_group_name = "${azurerm_resource_group.default.name}-syn-managed"
managed_resource_group_name = "${azurerm_resource_group.default.name}-syn-managed"
public_network_access_enabled = false
aad_admin {
login = var.aad_login.name
@ -21,13 +23,6 @@ resource "azurerm_synapse_workspace" "default" {
}
}
resource "azurerm_synapse_firewall_rule" "allow_my_ip" {
name = "AllowMyPublicIp"
synapse_workspace_id = azurerm_synapse_workspace.default.id
start_ip_address = data.http.ip.body
end_ip_address = data.http.ip.body
}
# DNS Zones
resource "azurerm_private_dns_zone" "zone_dev" {

4
quickstart/201-synapse-secure/variables.tf
View File

@ -32,25 +32,21 @@ variable "aad_login" {
variable "jumphost_username" {
type = string
description = "Admin username of the VM"
default = "azureuser"
}
variable "jumphost_password" {
type = string
description = "Password for the admin username of the VM"
default = "ThisIsNotVerySecure!"
}
variable "synadmin_username" {
type = string
description = "Specifies The login name of the SQL administrator"
default = "sqladminuser"
}
variable "synadmin_password" {
type = string
description = "The Password associated with the sql_administrator_login for the SQL administrator"
default = "ThisIsNotVerySecure!"
}
variable "enable_syn_sparkpool" {