Azure Data Lake Store
This page shows how to write Terraform and Azure Resource Manager for Data Lake Store and write them securely.
azurerm_data_lake_store (Terraform)
The Store in Data Lake can be configured in Terraform with the resource name azurerm_data_lake_store
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_data_lake_store" "allowed" {}
resource "azurerm_data_lake_store" "allowed_2" {
encryption_state = "Enabled"
}
resource "azurerm_data_lake_store" "data_lake" {
name = var.var_data_lakename
resource_group_name =azurerm_resource_group.RG.name
location = var.var_location
resource "azurerm_data_lake_store" "data_lake_gen1" {
# count = local.data_lake_create_flag
name = var.data_lake_name
tags = var.resource_tags
location = var.azure_location
resource_group_name = var.resource_group_name
resource "azurerm_data_lake_store" "denied" {
encryption_state = "Disabled"
}
resource "azurerm_data_lake_store" "adlsg1" {
name = var.adls_name
resource_group_name = var.resource_group_name
location = var.location
encryption_state = var.adls_encryption_state
encryption_type = var.adls_encrytion_type
resource "azurerm_data_lake_store" "default" {
name = var.DATALAKE_NAME
resource_group_name = var.RESOURCE_GROUP_NAME
location = var.LOCATION
firewall_allow_azure_ips = "Enabled"
resource "azurerm_data_lake_store" "this" {
encryption_state = var.encryption_state
encryption_type = var.encryption_type
firewall_allow_azure_ips = var.firewall_allow_azure_ips
firewall_state = var.firewall_state
location = var.location
resource "azurerm_data_lake_store" "this" {
encryption_state = var.encryption_state
encryption_type = var.encryption_type
firewall_allow_azure_ips = var.firewall_allow_azure_ips
firewall_state = var.firewall_state
location = var.location
resource "azurerm_data_lake_store" "example_store" {
name = "consumptiondatalake"
resource_group_name = azurerm_resource_group.examplerg.name
location = azurerm_resource_group.examplerg.location
}
resource "azurerm_data_lake_store" "dlstore" {
name = "datalakestg"
resource_group_name = azurerm_resource_group.rg.name
location = "eastus2"
encryption_state = "Enabled"
encryption_type = "ServiceManaged"
Security Best Practices for azurerm_data_lake_store
There is 1 setting in azurerm_data_lake_store that should be taken care of for security reasons. The following section explain an overview and example code.
Ensure to enable the encryption of data lake storage
It is better to enable the encryption of Data Lake storage.
Parameters
-
encryption_state
optional - string -
encryption_type
optional computed - string -
endpoint
optional computed - string -
firewall_allow_azure_ips
optional - string -
firewall_state
optional - string -
id
optional computed - string -
location
required - string -
name
required - string -
resource_group_name
required - string -
tags
optional - map from string to string -
tier
optional - string -
timeouts
single block
Explanation in Terraform Registry
Manages an Azure Data Lake Storage Gen1 (previously known as Azure Data Lake Store).
Note: This resoruce manages an
Azure Data Lake Storage Gen1
, previously known asAzure Data Lake Store
.
Microsoft.DataLakeStore/accounts (Azure Resource Manager)
The accounts in Microsoft.DataLakeStore can be configured in Azure Resource Manager with the resource name Microsoft.DataLakeStore/accounts
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
apiVersion
required - stringidentity
optionaltype
required - stringThe type of encryption being used. Currently the only supported type is 'SystemAssigned'.
location
required - stringThe resource location.
name
required - stringThe name of the Data Lake Store account.
properties
requireddefaultGroup
optional - stringThe default owner group for all new folders and files created in the Data Lake Store account.
encryptionConfig
optionalkeyVaultMetaInfo
optionalencryptionKeyName
required - stringThe name of the user managed encryption key.
encryptionKeyVersion
required - stringThe version of the user managed encryption key.
keyVaultResourceId
required - stringThe resource identifier for the user managed Key Vault being used to encrypt.
type
required - stringThe type of encryption configuration being used. Currently the only supported types are 'UserManaged' and 'ServiceManaged'.
encryptionState
optional - stringThe current state of encryption for this Data Lake Store account.
firewallAllowAzureIps
optional - stringThe current state of allowing or disallowing IPs originating within Azure through the firewall. If the firewall is disabled, this is not enforced.
firewallRules
optional arrayname
required - stringThe unique name of the firewall rule to create.
properties
requiredendIpAddress
required - stringThe end IP address for the firewall rule. This can be either ipv4 or ipv6. Start and End should be in the same protocol.
startIpAddress
required - stringThe start IP address for the firewall rule. This can be either ipv4 or ipv6. Start and End should be in the same protocol.
firewallState
optional - stringThe current state of the IP address firewall for this Data Lake Store account.
newTier
optional - stringThe commitment tier to use for next month.
trustedIdProviders
optional arrayname
required - stringThe unique name of the trusted identity provider to create.
properties
requiredidProvider
required - stringThe URL of this trusted identity provider.
trustedIdProviderState
optional - stringThe current state of the trusted identity provider feature for this Data Lake Store account.
virtualNetworkRules
optional arrayname
required - stringThe unique name of the virtual network rule to create.
properties
requiredsubnetId
required - stringThe resource identifier for the subnet.
tags
optional - stringThe resource tags.
type
required - string
Frequently asked questions
What is Azure Data Lake Store?
Azure Data Lake Store is a resource for Data Lake of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure Data Lake Store?
For Terraform, the snyk-labs/infrastructure-as-code-goof, aspatil919/test and slalom/dataops-infra source code examples are useful. See the Terraform Example section for further details.