fix comments

quickstart/101-synapse/README.md

@@ -9,7 +9,6 @@ Network connectivity to the workspace is allowed over public endpoints, making t
 
 ## Resources
 
-
 | Terraform Resource Type | Description |
 | - | - |
 | `azurerm_resource_group` | The resource group all resources get deployed into. |
@@ -46,6 +45,6 @@ Network connectivity to the workspace is allowed over public endpoints, making t
 
 ## Learn more
 
-- If you are new to Azure Synapse Analytics, see [Azure Synapse Analytics service](https://azure.microsoft.com/services/synapse-analytics/) and [Azure Synapse Analytics documentation](https://learn.microsoft.com/azure/synapse-analytics/overview-what-is).
+- If you are new to Azure Synapse Analytics, see [Azure Synapse Analytics service](https://azure.microsoft.com/services/synapse-analytics/) and [Azure Synapse Analytics documentation](https://learn.microsoft.com/azure/synapse-analytics/guidance/success-by-design-introduction).
-- To learn more about security configurations in Azure Synapse Analytics, see [Azure Synapse Analytics security white paper](https://learn.microsoft.com/azure/synapse-analytics/guidance/security-white-paper-introduction).
+- To learn more about security configurations in Azure Synapse Analytics, see [Azure Synapse Analytics security white paper](https://learn.microsoft.com/azure/synapse-analytics/guidance/security-white-paper-introduction) and watch [Success with Synapse - Security videos](https://www.youtube.com/playlist?list=PLzUAjXZBFU9OWYjSI5TdlpMV0ltAjLaNw).
-- For all configurations of Azure Synapse Analytics in Terraform, see [Terraform Hashicorp AzureRM provider documentation](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/synapse_workspace).
+- For all configurations of Azure Synapse Analytics in Terraform, see [Terraform Hashicorp AzureRM provider documentation](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/synapse_workspace).

quickstart/101-synapse/locals.tf

@@ -1,4 +1,4 @@
 locals {
-  basename = "${var.name}-${var.environment}"
+  basename      = "${var.name}-${var.environment}"
   safe_basename = replace(local.basename, "-", "")
 }

quickstart/101-synapse/main.tf

@@ -1,15 +1,3 @@
-terraform {
-  required_providers {
-    azurerm = {
-      version = "= 3.30.0"
-    }
-  }
-}
-
-provider "azurerm" {
-  features {}
-}
-
 data "azurerm_client_config" "current" {}
 
 data "http" "ip" {

quickstart/101-synapse/providers.tf

@@ -0,0 +1,11 @@
+terraform {
+  required_providers {
+    azurerm = {
+      version = "= 3.32.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}

quickstart/101-synapse/synapse_workspace.tf

@@ -23,6 +23,6 @@ resource "azurerm_synapse_workspace" "default" {
 resource "azurerm_synapse_firewall_rule" "allow_my_ip" {
   name                 = "AllowMyPublicIp"
   synapse_workspace_id = azurerm_synapse_workspace.default.id
-  start_ip_address     = data.http.ip.body
+  start_ip_address     = data.http.ip.response_body
-  end_ip_address       = data.http.ip.body
+  end_ip_address       = data.http.ip.response_body
 }

quickstart/101-synapse/variables.tf

@@ -32,13 +32,11 @@ variable "aad_login" {
 variable "synadmin_username" {
   type        = string
   description = "Specifies The login name of the SQL administrator"
-  default     = "sqladminuser"
 }
 
 variable "synadmin_password" {
   type        = string
   description = "The Password associated with the sql_administrator_login for the SQL administrator"
-  default     = "ThisIsNotVerySecure!"
 }
 
 variable "enable_syn_sparkpool" {

quickstart/201-synapse-secure/README.md

@@ -6,7 +6,7 @@ and its associated resources including Azure Data Lake Storage (gen2), Synapse S
 In addition to these core services, this configuration specifies any networking components that are required to set up Azure Synapse Analytics
 for private network connectivity using [Azure Private Link](https://docs.microsoft.com/en-us/azure/private-link/). 
 
-This configuration describes the minimal set of resources you require to get started with Azure Synapse Analytics in a network-isolated set-up. This configuration creates new network components. Use Azure Bastion to securely connect to the Virtual Machine.
+This configuration describes the minimal set of resources you require to get started with Azure Synapse Analytics in a network-isolated set-up. This configuration creates new network components. Use Azure Bastion to securely connect to the Virtual Machine. 
 
 ## Resources
 
@@ -40,8 +40,6 @@ This configuration describes the minimal set of resources you require to get sta
 | enable_syn_sparkpool| A feature flag to enable/disable the Spark pool | false |
 | enable_syn_sqlpool| A feature flag to enable/disable the SQL pool | false |
 
-
-
 ## Usage
 
 1. Copy `terraform.tfvars.example` to `terraform.tfvars`
@@ -55,6 +53,6 @@ This configuration describes the minimal set of resources you require to get sta
 
 ## Learn more
 
-- If you are new to Azure Synapse Analytics, see [Azure Synapse Analytics service](https://azure.microsoft.com/services/synapse-analytics/) and [Azure Synapse Analytics documentation](https://learn.microsoft.com/azure/synapse-analytics/overview-what-is).
+- If you are new to Azure Synapse Analytics, see [Azure Synapse Analytics service](https://azure.microsoft.com/services/synapse-analytics/) and [Azure Synapse Analytics documentation](https://learn.microsoft.com/azure/synapse-analytics/guidance/success-by-design-introduction).
-- To learn more about security configurations in Azure Synapse Analytics, see [Azure Synapse Analytics security white paper](https://learn.microsoft.com/azure/synapse-analytics/guidance/security-white-paper-introduction).
+- To learn more about security configurations in Azure Synapse Analytics, see [Azure Synapse Analytics security white paper](https://learn.microsoft.com/azure/synapse-analytics/guidance/security-white-paper-introduction) and watch [Success with Synapse - Security videos](https://www.youtube.com/playlist?list=PLzUAjXZBFU9OWYjSI5TdlpMV0ltAjLaNw).
 - For all configurations of Azure Synapse Analytics in Terraform, see [Terraform Hashicorp AzureRM provider documentation](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/synapse_workspace).

quickstart/201-synapse-secure/locals.tf

@@ -1,4 +1,4 @@
 locals {
-  basename = "${var.name}-${var.environment}"
+  basename      = "${var.name}-${var.environment}"
   safe_basename = replace(local.basename, "-", "")
 }

quickstart/201-synapse-secure/main.tf

@@ -1,15 +1,3 @@
-terraform {
-  required_providers {
-    azurerm = {
-      version = "= 3.30.0"
-    }
-  }
-}
-
-provider "azurerm" {
-  features {}
-}
-
 data "azurerm_client_config" "current" {}
 
 data "http" "ip" {

quickstart/201-synapse-secure/network.tf

@@ -8,12 +8,12 @@ resource "azurerm_virtual_network" "default" {
 # Subnets
 
 resource "azurerm_subnet" "default" {
-  name                                           = "snet-${local.basename}"
+  name                                      = "snet-${local.basename}"
-  resource_group_name                            = azurerm_resource_group.default.name
+  resource_group_name                       = azurerm_resource_group.default.name
-  virtual_network_name                           = azurerm_virtual_network.default.name
+  virtual_network_name                      = azurerm_virtual_network.default.name
-  address_prefixes                               = ["10.0.1.0/24"]
+  address_prefixes                          = ["10.0.1.0/24"]
-  service_endpoints                              = []
+  service_endpoints                         = []
-  enforce_private_link_endpoint_network_policies = true
+  private_endpoint_network_policies_enabled = true
 }
 
 resource "azurerm_subnet" "bastion" {

quickstart/201-synapse-secure/providers.tf

@@ -0,0 +1,11 @@
+terraform {
+  required_providers {
+    azurerm = {
+      version = "= 3.32.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}

quickstart/201-synapse-secure/storage_account.tf

@@ -41,7 +41,7 @@ resource "azurerm_storage_account_network_rules" "firewall_rules" {
   storage_account_id = azurerm_storage_account.default.id
 
   default_action             = "Deny"
-  ip_rules                   = [data.http.ip.body]
+  ip_rules                   = [data.http.ip.response_body]
   virtual_network_subnet_ids = []
   bypass                     = ["None"]
 }

quickstart/201-synapse-secure/synapse_workspace.tf

@@ -8,7 +8,9 @@ resource "azurerm_synapse_workspace" "default" {
   sql_administrator_login_password = var.synadmin_password
 
   managed_virtual_network_enabled = true
-  managed_resource_group_name = "${azurerm_resource_group.default.name}-syn-managed"
+  managed_resource_group_name     = "${azurerm_resource_group.default.name}-syn-managed"
+
+  public_network_access_enabled = false
 
   aad_admin {
     login     = var.aad_login.name
@@ -21,13 +23,6 @@ resource "azurerm_synapse_workspace" "default" {
   }
 }
 
-resource "azurerm_synapse_firewall_rule" "allow_my_ip" {
-  name                 = "AllowMyPublicIp"
-  synapse_workspace_id = azurerm_synapse_workspace.default.id
-  start_ip_address     = data.http.ip.body
-  end_ip_address       = data.http.ip.body
-}
-
 # DNS Zones
 
 resource "azurerm_private_dns_zone" "zone_dev" {

quickstart/201-synapse-secure/variables.tf

@@ -32,25 +32,21 @@ variable "aad_login" {
 variable "jumphost_username" {
   type        = string
   description = "Admin username of the VM"
-  default     = "azureuser"
 }
 
 variable "jumphost_password" {
   type        = string
   description = "Password for the admin username of the VM"
-  default     = "ThisIsNotVerySecure!"
 }
 
 variable "synadmin_username" {
   type        = string
   description = "Specifies The login name of the SQL administrator"
-  default     = "sqladminuser"
 }
 
 variable "synadmin_password" {
   type        = string
   description = "The Password associated with the sql_administrator_login for the SQL administrator"
-  default     = "ThisIsNotVerySecure!"
 }
 
 variable "enable_syn_sparkpool" {