Azure Synapse Linked Service
This page shows how to write Terraform and Azure Resource Manager for Synapse Linked Service and write them securely.
azurerm_synapse_linked_service (Terraform)
The Linked Service in Synapse can be configured in Terraform with the resource name azurerm_synapse_linked_service
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
The following arguments are supported:
name
- (Required) The name which should be used for this Synapse Linked Service. Changing this forces a new Synapse Linked Service to be created.synapse_workspace_id
- (Required) The Synapse Workspace ID in which to associate the Linked Service with. Changing this forces a new Synapse Linked Service to be created.type
- (Required) The type of data stores that will be connected to Synapse. For full list of supported data stores, please refer to Azure Synapse connector. Changing this forces a new Synapse Linked Service to be created.type_properties_json
- (Required) A JSON object that contains the properties of the Synapse Linked Service.
additional_properties
- (Optional) A map of additional properties to associate with the Synapse Linked Service.annotations
- (Optional) List of tags that can be used for describing the Synapse Linked Service.description
- (Optional) The description for the Synapse Linked Service.integration_runtime
- (Optional) Aintegration_runtime
block as defined below.parameters
- (Optional) A map of parameters to associate with the Synapse Linked Service.
A integration_runtime
block supports the following:
name
- (Required) The integration runtime reference to associate with the Synapse Linked Service.parameters
- (Optional) A map of parameters to associate with the integration runtime.
In addition to the Arguments listed above - the following Attributes are exported:
id
- The ID of the Synapse Linked Service.
Explanation in Terraform Registry
Manages a Synapse Linked Service.
Tips: Best Practices for The Other Azure Synapse Resources
In addition to the azurerm_synapse_workspace, Azure Synapse has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_synapse_workspace
Ensure to enable the managed virtual network
It is better to enable the managed virtual network, which is disabled as the default.
Microsoft.Synapse/workspaces (Azure Resource Manager)
The workspaces in Microsoft.Synapse can be configured in Azure Resource Manager with the resource name Microsoft.Synapse/workspaces
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspaceName": {
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspaceName": {
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspaceName": {
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspaceName": {
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspaceName": {
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspaceName": {
"type": "Microsoft.Synapse/workspaces",
"apiVersion": "2021-06-01",
"name": "[parameters('workspaces_mgdcworkspace_name')]",
"location": "westeurope",
"identity": {
"type": "SystemAssigned"
"type": "Microsoft.Synapse/workspaces",
"apiVersion": "2019-06-01-preview",
"name": "[parameters('workspaces_saw_name')]",
"location": "westus2",
"identity": {
"principalId": null,
"type": "Microsoft.Synapse/workspaces",
"apiVersion": "2021-06-01",
"name": "[parameters('WorkspaceName')]",
"location": "westeurope",
"identity": {
"type": "SystemAssigned"
"type": "Microsoft.Synapse/workspaces",
"apiVersion": "2020-12-01",
"tags": {},
"location": "[parameters('location')]",
"properties": {
"defaultDataLakeStorage": {
Parameters
apiVersion
required - stringidentity
optionaltype
optional - stringThe type of managed identity for the workspace.
userAssignedIdentities
optional - undefinedThe User Assigned Managed Identities.
location
required - stringThe geo-location where the resource lives
name
required - stringThe name of the workspace.
properties
requiredazureADOnlyAuthentication
optional - booleanEnable or Disable AzureADOnlyAuthentication on All Workspace subresource
connectivityEndpoints
optional - stringConnectivity endpoints
cspWorkspaceAdminProperties
optionalinitialWorkspaceAdminObjectId
optional - stringAAD object ID of initial workspace admin
defaultDataLakeStorage
optionalaccountUrl
optional - stringAccount URL
createManagedPrivateEndpoint
optional - booleanCreate managed private endpoint to this storage account or not
filesystem
optional - stringFilesystem name
resourceId
optional - stringARM resource Id of this storage account
encryption
optionalcmk
optionalkekIdentity
optionaluserAssignedIdentity
optional - stringUser assigned identity resource Id
useSystemAssignedIdentity
optional - objectBoolean specifying whether to use system assigned identity or not
key
optionalkeyVaultUrl
optional - stringWorkspace Key sub-resource key vault url
name
optional - stringWorkspace Key sub-resource name
managedResourceGroupName
optional - stringWorkspace managed resource group. The resource group name uniquely identifies the resource group within the user subscriptionId. The resource group name must be no longer than 90 characters long, and must be alphanumeric characters (Char.IsLetterOrDigit()) and '-', '_', '(', ')' and'.'. Note that the name cannot end with '.'
managedVirtualNetwork
optional - stringSetting this to 'default' will ensure that all compute for this workspace is in a virtual network managed on behalf of the user.
managedVirtualNetworkSettings
optionalallowedAadTenantIdsForLinking
optional - arrayAllowed Aad Tenant Ids For Linking
linkedAccessCheckOnTargetResource
optional - booleanLinked Access Check On Target Resource
preventDataExfiltration
optional - booleanPrevent Data Exfiltration
privateEndpointConnections
optional arrayproperties
optionalprivateEndpoint
optionalprivateLinkServiceConnectionState
optionaldescription
optional - stringThe private link service connection description.
status
optional - stringThe private link service connection status.
publicNetworkAccess
optional - stringEnable or Disable public network access to workspace.
purviewConfiguration
optionalpurviewResourceId
optional - stringPurview Resource ID
sqlAdministratorLogin
optional - stringLogin for workspace SQL active directory administrator
sqlAdministratorLoginPassword
optional - stringSQL administrator login password
virtualNetworkProfile
optionalcomputeSubnetId
optional - stringSubnet ID used for computes in workspace
workspaceRepositoryConfiguration
optionalaccountName
optional - stringAccount name
collaborationBranch
optional - stringCollaboration branch
hostName
optional - stringGitHub Enterprise host name. For example: https://github.mydomain.com
lastCommitId
optional - stringThe last commit ID
projectName
optional - stringVSTS project name
repositoryName
optional - stringRepository name
rootFolder
optional - stringRoot folder to use in the repository
tenantId
optional - stringThe VSTS tenant ID
type
optional - stringType of workspace repositoryID configuration. Example WorkspaceVSTSConfiguration, WorkspaceGitHubConfiguration
tags
optional - stringResource tags.
type
required - string