fix comments

quickstart/101-synapse/README.md

@@ -9,7 +9,6 @@ Network connectivity to the workspace is allowed over public endpoints, making t
 
 ## Resources
 
-
 | Terraform Resource Type | Description |
 | - | - |
 | `azurerm_resource_group` | The resource group all resources get deployed into. |
@@ -46,6 +45,6 @@ Network connectivity to the workspace is allowed over public endpoints, making t
 
 ## Learn more
 
-- If you are new to Azure Synapse Analytics, see [Azure Synapse Analytics service](https://azure.microsoft.com/services/synapse-analytics/) and [Azure Synapse Analytics documentation](https://learn.microsoft.com/azure/synapse-analytics/overview-what-is).
+- If you are new to Azure Synapse Analytics, see [Azure Synapse Analytics service](https://azure.microsoft.com/services/synapse-analytics/) and [Azure Synapse Analytics documentation](https://learn.microsoft.com/azure/synapse-analytics/guidance/success-by-design-introduction).
-- To learn more about security configurations in Azure Synapse Analytics, see [Azure Synapse Analytics security white paper](https://learn.microsoft.com/azure/synapse-analytics/guidance/security-white-paper-introduction).
+- To learn more about security configurations in Azure Synapse Analytics, see [Azure Synapse Analytics security white paper](https://learn.microsoft.com/azure/synapse-analytics/guidance/security-white-paper-introduction) and watch [Success with Synapse - Security videos](https://www.youtube.com/playlist?list=PLzUAjXZBFU9OWYjSI5TdlpMV0ltAjLaNw).
 - For all configurations of Azure Synapse Analytics in Terraform, see [Terraform Hashicorp AzureRM provider documentation](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/synapse_workspace).

quickstart/101-synapse/main.tf

@@ -1,15 +1,3 @@
-terraform {
-  required_providers {
-    azurerm = {
-      version = "= 3.30.0"
-    }
-  }
-}
-
-provider "azurerm" {
-  features {}
-}
-
 data "azurerm_client_config" "current" {}
 
 data "http" "ip" {

quickstart/101-synapse/providers.tf

@@ -0,0 +1,11 @@
+terraform {
+  required_providers {
+    azurerm = {
+      version = "= 3.32.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}

quickstart/101-synapse/synapse_workspace.tf

@@ -23,6 +23,6 @@ resource "azurerm_synapse_workspace" "default" {
 resource "azurerm_synapse_firewall_rule" "allow_my_ip" {
   name                 = "AllowMyPublicIp"
   synapse_workspace_id = azurerm_synapse_workspace.default.id
-  start_ip_address     = data.http.ip.body
+  start_ip_address     = data.http.ip.response_body
-  end_ip_address       = data.http.ip.body
+  end_ip_address       = data.http.ip.response_body
 }

quickstart/101-synapse/variables.tf

@@ -32,13 +32,11 @@ variable "aad_login" {
 variable "synadmin_username" {
   type        = string
   description = "Specifies The login name of the SQL administrator"
-  default     = "sqladminuser"
 }
 
 variable "synadmin_password" {
   type        = string
   description = "The Password associated with the sql_administrator_login for the SQL administrator"
-  default     = "ThisIsNotVerySecure!"
 }
 
 variable "enable_syn_sparkpool" {

quickstart/201-synapse-secure/README.md

@@ -40,8 +40,6 @@ This configuration describes the minimal set of resources you require to get sta
 | enable_syn_sparkpool| A feature flag to enable/disable the Spark pool | false |
 | enable_syn_sqlpool| A feature flag to enable/disable the SQL pool | false |
 
-
-
 ## Usage
 
 1. Copy `terraform.tfvars.example` to `terraform.tfvars`
@@ -55,6 +53,6 @@ This configuration describes the minimal set of resources you require to get sta
 
 ## Learn more
 
-- If you are new to Azure Synapse Analytics, see [Azure Synapse Analytics service](https://azure.microsoft.com/services/synapse-analytics/) and [Azure Synapse Analytics documentation](https://learn.microsoft.com/azure/synapse-analytics/overview-what-is).
+- If you are new to Azure Synapse Analytics, see [Azure Synapse Analytics service](https://azure.microsoft.com/services/synapse-analytics/) and [Azure Synapse Analytics documentation](https://learn.microsoft.com/azure/synapse-analytics/guidance/success-by-design-introduction).
-- To learn more about security configurations in Azure Synapse Analytics, see [Azure Synapse Analytics security white paper](https://learn.microsoft.com/azure/synapse-analytics/guidance/security-white-paper-introduction).
+- To learn more about security configurations in Azure Synapse Analytics, see [Azure Synapse Analytics security white paper](https://learn.microsoft.com/azure/synapse-analytics/guidance/security-white-paper-introduction) and watch [Success with Synapse - Security videos](https://www.youtube.com/playlist?list=PLzUAjXZBFU9OWYjSI5TdlpMV0ltAjLaNw).
 - For all configurations of Azure Synapse Analytics in Terraform, see [Terraform Hashicorp AzureRM provider documentation](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/synapse_workspace).

quickstart/201-synapse-secure/main.tf

@@ -1,15 +1,3 @@
-terraform {
-  required_providers {
-    azurerm = {
-      version = "= 3.30.0"
-    }
-  }
-}
-
-provider "azurerm" {
-  features {}
-}
-
 data "azurerm_client_config" "current" {}
 
 data "http" "ip" {

quickstart/201-synapse-secure/network.tf

@@ -13,7 +13,7 @@ resource "azurerm_subnet" "default" {
   virtual_network_name                      = azurerm_virtual_network.default.name
   address_prefixes                          = ["10.0.1.0/24"]
   service_endpoints                         = []
-  enforce_private_link_endpoint_network_policies = true
+  private_endpoint_network_policies_enabled = true
 }
 
 resource "azurerm_subnet" "bastion" {

quickstart/201-synapse-secure/providers.tf

@@ -0,0 +1,11 @@
+terraform {
+  required_providers {
+    azurerm = {
+      version = "= 3.32.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}

quickstart/201-synapse-secure/storage_account.tf

@@ -41,7 +41,7 @@ resource "azurerm_storage_account_network_rules" "firewall_rules" {
   storage_account_id = azurerm_storage_account.default.id
 
   default_action             = "Deny"
-  ip_rules                   = [data.http.ip.body]
+  ip_rules                   = [data.http.ip.response_body]
   virtual_network_subnet_ids = []
   bypass                     = ["None"]
 }

quickstart/201-synapse-secure/synapse_workspace.tf

@@ -10,6 +10,8 @@ resource "azurerm_synapse_workspace" "default" {
   managed_virtual_network_enabled = true
   managed_resource_group_name     = "${azurerm_resource_group.default.name}-syn-managed"
 
+  public_network_access_enabled = false
+
   aad_admin {
     login     = var.aad_login.name
     object_id = var.aad_login.object_id
@@ -21,13 +23,6 @@ resource "azurerm_synapse_workspace" "default" {
   }
 }
 
-resource "azurerm_synapse_firewall_rule" "allow_my_ip" {
-  name                 = "AllowMyPublicIp"
-  synapse_workspace_id = azurerm_synapse_workspace.default.id
-  start_ip_address     = data.http.ip.body
-  end_ip_address       = data.http.ip.body
-}
-
 # DNS Zones
 
 resource "azurerm_private_dns_zone" "zone_dev" {

quickstart/201-synapse-secure/variables.tf

@@ -32,25 +32,21 @@ variable "aad_login" {
 variable "jumphost_username" {
   type        = string
   description = "Admin username of the VM"
-  default     = "azureuser"
 }
 
 variable "jumphost_password" {
   type        = string
   description = "Password for the admin username of the VM"
-  default     = "ThisIsNotVerySecure!"
 }
 
 variable "synadmin_username" {
   type        = string
   description = "Specifies The login name of the SQL administrator"
-  default     = "sqladminuser"
 }
 
 variable "synadmin_password" {
   type        = string
   description = "The Password associated with the sql_administrator_login for the SQL administrator"
-  default     = "ThisIsNotVerySecure!"
 }
 
 variable "enable_syn_sparkpool" {