Top / Microsoft Azure / Azure Synapse / Firewall Rule

Azure Synapse Firewall Rule

This page shows how to write Terraform and Azure Resource Manager for Synapse Firewall Rule and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_synapse_firewall_rule (Terraform)

The Firewall Rule in Synapse can be configured in Terraform with the resource name azurerm_synapse_firewall_rule. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

workspace.tf#L74
resource "azurerm_synapse_firewall_rule" "wrkspc_firewall" {
  count = try(var.settings.workspace_firewall, null) == null ? 0 : 1

  name                 = var.settings.workspace_firewall.name
  synapse_workspace_id = azurerm_synapse_workspace.ws.id
  start_ip_address     = var.settings.workspace_firewall.start_ip
azurerm_synapse_firewall_rule_denied.tf#L1
resource "azurerm_synapse_firewall_rule" "denied" {
  name                 = "AllowAll"
  synapse_workspace_id = azurerm_synapse_workspace.test.id
  start_ip_address     = "0.0.0.0"
  end_ip_address       = "255.255.255.255"
azurerm_synapse_firewall_rule_allowed.tf#L1
resource "azurerm_synapse_firewall_rule" "allowed" {
  name                 = "AllowAll"
  synapse_workspace_id = azurerm_synapse_workspace.test.id
  start_ip_address     = "1.1.1.1"
  end_ip_address       = "255.255.255.255"
}
synapse-db.tf#L114
resource "azurerm_synapse_firewall_rule" "azure" {
  name                 = "AllowAllWindowsAzureIps"
  synapse_workspace_id = azurerm_synapse_workspace.example.id
  start_ip_address     = "0.0.0.0"
  end_ip_address       = "0.0.0.0"
}
main.tf#L25
resource "azurerm_synapse_firewall_rule" "firewall_rule" {
  name                 = "AllowAll"
  synapse_workspace_id = azurerm_synapse_workspace.workspace_bad.id
  start_ip_address     = "0.0.0.0"
  end_ip_address       = "255.255.255.255"
main.tf#L25
resource "azurerm_synapse_firewall_rule" "firewall_rule" {
  name                 = "AllowAll"
  synapse_workspace_id = azurerm_synapse_workspace.workspace_bad.id
  start_ip_address     = "0.0.0.0"
  end_ip_address       = "255.255.255.255"
ApacheSparkPool.tf#L23
resource "azurerm_synapse_firewall_rule" "synapse_firewall_rule" {
  depends_on = [
    azurerm_synapse_spark_pool.spark_pool
  ]
  name                 = var.synapse_firewall_rule_name
  synapse_workspace_id = azurerm_synapse_workspace.synapse_workspace.id
workspace.tf#L116
resource "azurerm_synapse_firewall_rule" "wrkspc_firewall" {
  count = try(var.settings.workspace_firewall, null) == null ? 0 : 1

  name                 = var.settings.workspace_firewall.name
  synapse_workspace_id = azurerm_synapse_workspace.ws.id
  start_ip_address     = var.settings.workspace_firewall.start_ip
main.tf#L25
resource "azurerm_synapse_firewall_rule" "firewall_rule" {
  name                 = "AllowAll"
  synapse_workspace_id = azurerm_synapse_workspace.workspace_bad.id
  start_ip_address     = "0.0.0.0"
  end_ip_address       = "255.255.255.255"
synapse-workspace-sample.tf#L93
resource "azurerm_synapse_firewall_rule" "example" {
  name                 = "AllowAll"
  synapse_workspace_id = azurerm_synapse_workspace.example.id
  start_ip_address     = "0.0.0.0"
  end_ip_address       = "255.255.255.255"
}

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Allows you to Manages a Synapse Firewall Rule.

>> from Terraform Registry

Tips: Best Practices for The Other Azure Synapse Resources

In addition to the azurerm_synapse_workspace, Azure Synapse has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

azurerm_synapse_workspace

Ensure to enable the managed virtual network

It is better to enable the managed virtual network, which is disabled as the default.

Review your Azure Synapse settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

Microsoft.Synapse/workspaces/firewallRules (Azure Resource Manager)

The workspaces/firewallRules in Microsoft.Synapse can be configured in Azure Resource Manager with the resource name Microsoft.Synapse/workspaces/firewallRules. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

Template.json#L87
            "type": "Microsoft.Synapse/workspaces/firewallRules",
            "apiVersion": "2019-06-01-preview",
            "properties": {
                "endIpAddress": "255.255.255.255",
                "startIpAddress": "0.0.0.0"
            }
asaga-workspace-core.json#L175
      "type": "Microsoft.Synapse/workspaces/firewallRules",
      "apiVersion": "2019-06-01-preview",
      "name": "[concat(variables('workspaceName'), '/allowAll')]",
      "dependsOn": [
        "[concat('Microsoft.Synapse/workspaces/', variables('workspaceName'))]"
      ],
asaga-workspace-core.json#L175
      "type": "Microsoft.Synapse/workspaces/firewallRules",
      "apiVersion": "2019-06-01-preview",
      "name": "[concat(variables('workspaceName'), '/allowAll')]",
      "dependsOn": [
        "[concat('Microsoft.Synapse/workspaces/', variables('workspaceName'))]"
      ],

Parameters

  • apiVersion required - string
  • name required - string

    The IP firewall rule name

  • properties required
      • endIpAddress optional - string

        The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress

      • startIpAddress optional - string

        The start IP address of the firewall rule. Must be IPv4 format

  • type required - string

>> from Azure Resource Manager Documentation

The Other Related Azure Synapse Resources

Frequently asked questions

What is Azure Synapse Firewall Rule?

Azure Synapse Firewall Rule is a resource for Synapse of Microsoft Azure. Settings can be wrote in Terraform.

Where can I find the example code for the Azure Synapse Firewall Rule?

For Terraform, the anmoltoppo/Terraform, snyk-labs/infrastructure-as-code-goof and snyk-labs/infrastructure-as-code-goof source code examples are useful. See the Terraform Example section for further details.

For Azure Resource Manager, the jeremymaya/arm-playground, mattboothman/test and MaheshGupta09/microsoft-data-engineering-ilt-deploy source code examples are useful. See the Azure Resource Manager Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents