Top / Microsoft Azure / Azure Data Lake / Store

Azure Data Lake Store

This page shows how to write Terraform and Azure Resource Manager for Data Lake Store and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_data_lake_store (Terraform)

The Store in Data Lake can be configured in Terraform with the resource name azurerm_data_lake_store. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

azurerm_data_lake_encrypted.tf#L1
resource "azurerm_data_lake_store" "allowed" {}


resource "azurerm_data_lake_store" "allowed_2" {
  encryption_state = "Enabled"
}
data_lake.tf#L1
resource "azurerm_data_lake_store" "data_lake" {
name = var.var_data_lakename
resource_group_name =azurerm_resource_group.RG.name
location = var.var_location
main.tf#L10
resource "azurerm_data_lake_store" "data_lake_gen1" {
  # count                    = local.data_lake_create_flag
  name                     = var.data_lake_name
  tags                     = var.resource_tags
  location                 = var.azure_location
  resource_group_name      = var.resource_group_name
azurerm_data_lake_not_encrypted.tf#L1
resource "azurerm_data_lake_store" "denied" {
  encryption_state = "Disabled"
}
main.tf#L1
resource "azurerm_data_lake_store" "adlsg1" {
  name                     = var.adls_name
  resource_group_name      = var.resource_group_name
  location                 = var.location
  encryption_state         = var.adls_encryption_state
  encryption_type          = var.adls_encrytion_type
main.tf#L13
resource "azurerm_data_lake_store" "default" {
  name                = var.DATALAKE_NAME
  resource_group_name = var.RESOURCE_GROUP_NAME
  location            = var.LOCATION
  firewall_allow_azure_ips = "Enabled"
main.tf#L7
resource "azurerm_data_lake_store" "this" {
  encryption_state         = var.encryption_state
  encryption_type          = var.encryption_type
  firewall_allow_azure_ips = var.firewall_allow_azure_ips
  firewall_state           = var.firewall_state
  location                 = var.location
main.tf#L7
resource "azurerm_data_lake_store" "this" {
  encryption_state         = var.encryption_state
  encryption_type          = var.encryption_type
  firewall_allow_azure_ips = var.firewall_allow_azure_ips
  firewall_state           = var.firewall_state
  location                 = var.location
main.tf#L41
resource "azurerm_data_lake_store" "example_store" {
  name                = "consumptiondatalake"
  resource_group_name = azurerm_resource_group.examplerg.name
  location            = azurerm_resource_group.examplerg.location
}
adfarchitect.tf#L30
resource "azurerm_data_lake_store" "dlstore" {
  name                = "datalakestg"
  resource_group_name = azurerm_resource_group.rg.name
  location            = "eastus2"
  encryption_state    = "Enabled"
  encryption_type     = "ServiceManaged"

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Security Best Practices for azurerm_data_lake_store

There is 1 setting in azurerm_data_lake_store that should be taken care of for security reasons. The following section explain an overview and example code.

risk-label

Ensure to enable the encryption of data lake storage

It is better to enable the encryption of Data Lake storage.

Review your Azure Data Lake settings

You can check if the azurerm_data_lake_store setting in your .tf file is correct in 3 min with Shisho Cloud.

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Manages an Azure Data Lake Storage Gen1 (previously known as Azure Data Lake Store).

Note: This resoruce manages an Azure Data Lake Storage Gen1, previously known as Azure Data Lake Store.

>> from Terraform Registry

Microsoft.DataLakeStore/accounts (Azure Resource Manager)

The accounts in Microsoft.DataLakeStore can be configured in Azure Resource Manager with the resource name Microsoft.DataLakeStore/accounts. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

  • apiVersion required - string
  • identity optional
      • type required - string

        The type of encryption being used. Currently the only supported type is 'SystemAssigned'.

  • location required - string

    The resource location.

  • name required - string

    The name of the Data Lake Store account.

  • properties required
      • defaultGroup optional - string

        The default owner group for all new folders and files created in the Data Lake Store account.

      • encryptionConfig optional
          • keyVaultMetaInfo optional
              • encryptionKeyName required - string

                The name of the user managed encryption key.

              • encryptionKeyVersion required - string

                The version of the user managed encryption key.

              • keyVaultResourceId required - string

                The resource identifier for the user managed Key Vault being used to encrypt.

          • type required - string

            The type of encryption configuration being used. Currently the only supported types are 'UserManaged' and 'ServiceManaged'.

      • encryptionState optional - string

        The current state of encryption for this Data Lake Store account.

      • firewallAllowAzureIps optional - string

        The current state of allowing or disallowing IPs originating within Azure through the firewall. If the firewall is disabled, this is not enforced.

      • firewallRules optional array
          • name required - string

            The unique name of the firewall rule to create.

          • properties required
              • endIpAddress required - string

                The end IP address for the firewall rule. This can be either ipv4 or ipv6. Start and End should be in the same protocol.

              • startIpAddress required - string

                The start IP address for the firewall rule. This can be either ipv4 or ipv6. Start and End should be in the same protocol.

      • firewallState optional - string

        The current state of the IP address firewall for this Data Lake Store account.

      • newTier optional - string

        The commitment tier to use for next month.

      • trustedIdProviders optional array
          • name required - string

            The unique name of the trusted identity provider to create.

          • properties required
              • idProvider required - string

                The URL of this trusted identity provider.

      • trustedIdProviderState optional - string

        The current state of the trusted identity provider feature for this Data Lake Store account.

      • virtualNetworkRules optional array
          • name required - string

            The unique name of the virtual network rule to create.

          • properties required
              • subnetId required - string

                The resource identifier for the subnet.

  • tags optional - string

    The resource tags.

  • type required - string

>> from Azure Resource Manager Documentation

The Other Related Azure Data Lake Resources

Frequently asked questions

What is Azure Data Lake Store?

Azure Data Lake Store is a resource for Data Lake of Microsoft Azure. Settings can be wrote in Terraform.

Where can I find the example code for the Azure Data Lake Store?

For Terraform, the snyk-labs/infrastructure-as-code-goof, aspatil919/test and slalom/dataops-infra source code examples are useful. See the Terraform Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents