Azure Synapse Analytics workspace (moderately secure network set up)
This deployment configuration specifies an Azure Synapse Analytics workspace, and its associated resources including Azure Data Lake Storage (gen2), Synapse Spark Pool and Synapse SQL Pool.
In addition to these core services, this configuration specifies any networking components that are required to set up Azure Synapse Analytics for private network connectivity using Azure Private Link.
This configuration describes the minimal set of resources you require to get started with Azure Synapse Analytics in a network-isolated set-up. This configuration creates new network components. Use Azure Bastion to securely connect to the Virtual Machine.
Resources
| Terraform Resource Type | Description |
|---|---|
azurerm_resource_group |
The resource group all resources get deployed into. |
azurerm_bastion_host |
An Azure Bastion Instance to securely RDP into Virtual Machines deployed into the Virtual Network. |
azurerm_windows_virtual_machine |
A Windows Data Science Virtual Machine (jumphost) used for connecting to the Azure Synapse Analytics workspace. |
azurerm_storage_account |
An Azure Storage instance associated to the Azure Synapse Analytics workspace. |
azurerm_synapse_workspace |
An Azure Synapse Analytics workspace instance. |
azurerm_synapse_private_link_hub |
An Azure Synapse Private Link Hub to allow securely connecting to Synapse Studio. |
azurerm_synapse_spark_pool |
An Azure Synapse Analytics spark pool. |
azurerm_synapse_sql_pool |
An Azure Synapse Analytics dedicated SQL pool. |
azurerm_virtual_network |
A default vnet. |
azurerm_subnet |
bastion and default subnets. |
Variables
| Name | Description | Default |
|---|---|---|
| name | Name of the deployment | - |
| environment | The deployment environment name (used for pre- and postfixing resource names) | dev |
| location | The Azure region used for deployments | East US |
| aad_admin.login | The login name of the Azure AD Administrator of the Synapse Workspace | - |
| aad_admin.object_id | The object id of the Azure AD Administrator of the Synapse Workspace | - |
| aad_admin.tenant_id | The tenant id of the Azure AD Administrator of the Synapse Workspace | - |
| synadmin_username | Specifies the login name of the SQL administrator | - |
| synadmin_password | The Password associated with the synadmin_username for the SQL administrator | - |
| jumphost_username | Admin username of the VM | - |
| jumphost_password | Password for the admin username of the VM | - |
| enable_syn_sparkpool | A feature flag to enable/disable the Spark pool | false |
| enable_syn_sqlpool | A feature flag to enable/disable the SQL pool | false |
Usage
- Copy
terraform.tfvars.exampletoterraform.tfvars - Update
terraform.tfvarswith your desired values - Run Terraform
$ terraform init $ terraform plan $ terraform apply
Learn more
- If you are new to Azure Synapse Analytics, see Azure Synapse Analytics service and Azure Synapse Analytics documentation.
- To learn more about security configurations in Azure Synapse Analytics, see Azure Synapse Analytics security white paper and watch Success with Synapse - Security videos.
- For all configurations of Azure Synapse Analytics in Terraform, see Terraform Hashicorp AzureRM provider documentation.