Azure Synapse Firewall Rule
This page shows how to write Terraform and Azure Resource Manager for Synapse Firewall Rule and write them securely.
azurerm_synapse_firewall_rule (Terraform)
The Firewall Rule in Synapse can be configured in Terraform with the resource name azurerm_synapse_firewall_rule
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_synapse_firewall_rule" "wrkspc_firewall" {
count = try(var.settings.workspace_firewall, null) == null ? 0 : 1
name = var.settings.workspace_firewall.name
synapse_workspace_id = azurerm_synapse_workspace.ws.id
start_ip_address = var.settings.workspace_firewall.start_ip
resource "azurerm_synapse_firewall_rule" "denied" {
name = "AllowAll"
synapse_workspace_id = azurerm_synapse_workspace.test.id
start_ip_address = "0.0.0.0"
end_ip_address = "255.255.255.255"
resource "azurerm_synapse_firewall_rule" "allowed" {
name = "AllowAll"
synapse_workspace_id = azurerm_synapse_workspace.test.id
start_ip_address = "1.1.1.1"
end_ip_address = "255.255.255.255"
}
resource "azurerm_synapse_firewall_rule" "azure" {
name = "AllowAllWindowsAzureIps"
synapse_workspace_id = azurerm_synapse_workspace.example.id
start_ip_address = "0.0.0.0"
end_ip_address = "0.0.0.0"
}
resource "azurerm_synapse_firewall_rule" "firewall_rule" {
name = "AllowAll"
synapse_workspace_id = azurerm_synapse_workspace.workspace_bad.id
start_ip_address = "0.0.0.0"
end_ip_address = "255.255.255.255"
resource "azurerm_synapse_firewall_rule" "firewall_rule" {
name = "AllowAll"
synapse_workspace_id = azurerm_synapse_workspace.workspace_bad.id
start_ip_address = "0.0.0.0"
end_ip_address = "255.255.255.255"
resource "azurerm_synapse_firewall_rule" "synapse_firewall_rule" {
depends_on = [
azurerm_synapse_spark_pool.spark_pool
]
name = var.synapse_firewall_rule_name
synapse_workspace_id = azurerm_synapse_workspace.synapse_workspace.id
resource "azurerm_synapse_firewall_rule" "wrkspc_firewall" {
count = try(var.settings.workspace_firewall, null) == null ? 0 : 1
name = var.settings.workspace_firewall.name
synapse_workspace_id = azurerm_synapse_workspace.ws.id
start_ip_address = var.settings.workspace_firewall.start_ip
resource "azurerm_synapse_firewall_rule" "firewall_rule" {
name = "AllowAll"
synapse_workspace_id = azurerm_synapse_workspace.workspace_bad.id
start_ip_address = "0.0.0.0"
end_ip_address = "255.255.255.255"
resource "azurerm_synapse_firewall_rule" "example" {
name = "AllowAll"
synapse_workspace_id = azurerm_synapse_workspace.example.id
start_ip_address = "0.0.0.0"
end_ip_address = "255.255.255.255"
}
Parameters
-
end_ip_address
required - string -
id
optional computed - string -
name
required - string -
start_ip_address
required - string -
synapse_workspace_id
required - string -
timeouts
single block
Explanation in Terraform Registry
Allows you to Manages a Synapse Firewall Rule.
Tips: Best Practices for The Other Azure Synapse Resources
In addition to the azurerm_synapse_workspace, Azure Synapse has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_synapse_workspace
Ensure to enable the managed virtual network
It is better to enable the managed virtual network, which is disabled as the default.
Microsoft.Synapse/workspaces/firewallRules (Azure Resource Manager)
The workspaces/firewallRules in Microsoft.Synapse can be configured in Azure Resource Manager with the resource name Microsoft.Synapse/workspaces/firewallRules
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
"type": "Microsoft.Synapse/workspaces/firewallRules",
"apiVersion": "2019-06-01-preview",
"properties": {
"endIpAddress": "255.255.255.255",
"startIpAddress": "0.0.0.0"
}
"type": "Microsoft.Synapse/workspaces/firewallRules",
"apiVersion": "2019-06-01-preview",
"name": "[concat(variables('workspaceName'), '/allowAll')]",
"dependsOn": [
"[concat('Microsoft.Synapse/workspaces/', variables('workspaceName'))]"
],
"type": "Microsoft.Synapse/workspaces/firewallRules",
"apiVersion": "2019-06-01-preview",
"name": "[concat(variables('workspaceName'), '/allowAll')]",
"dependsOn": [
"[concat('Microsoft.Synapse/workspaces/', variables('workspaceName'))]"
],
Parameters
apiVersion
required - stringname
required - stringThe IP firewall rule name
properties
requiredendIpAddress
optional - stringThe end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress
startIpAddress
optional - stringThe start IP address of the firewall rule. Must be IPv4 format
type
required - string
Frequently asked questions
What is Azure Synapse Firewall Rule?
Azure Synapse Firewall Rule is a resource for Synapse of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure Synapse Firewall Rule?
For Terraform, the anmoltoppo/Terraform, snyk-labs/infrastructure-as-code-goof and snyk-labs/infrastructure-as-code-goof source code examples are useful. See the Terraform Example section for further details.
For Azure Resource Manager, the jeremymaya/arm-playground, mattboothman/test and MaheshGupta09/microsoft-data-engineering-ilt-deploy source code examples are useful. See the Azure Resource Manager Example section for further details.