Azure Synapse Linked Service

This page shows how to write Terraform and Azure Resource Manager for Synapse Linked Service and write them securely.

azurerm_synapse_linked_service (Terraform)

The Linked Service in Synapse can be configured in Terraform with the resource name azurerm_synapse_linked_service. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).


The following arguments are supported:

  • name - (Required) The name which should be used for this Synapse Linked Service. Changing this forces a new Synapse Linked Service to be created.

  • synapse_workspace_id - (Required) The Synapse Workspace ID in which to associate the Linked Service with. Changing this forces a new Synapse Linked Service to be created.

  • type - (Required) The type of data stores that will be connected to Synapse. For full list of supported data stores, please refer to Azure Synapse connector. Changing this forces a new Synapse Linked Service to be created.

  • type_properties_json - (Required) A JSON object that contains the properties of the Synapse Linked Service.

  • additional_properties - (Optional) A map of additional properties to associate with the Synapse Linked Service.

  • annotations - (Optional) List of tags that can be used for describing the Synapse Linked Service.

  • description - (Optional) The description for the Synapse Linked Service.

  • integration_runtime - (Optional) A integration_runtime block as defined below.

  • parameters - (Optional) A map of parameters to associate with the Synapse Linked Service.

A integration_runtime block supports the following:

  • name - (Required) The integration runtime reference to associate with the Synapse Linked Service.

  • parameters - (Optional) A map of parameters to associate with the integration runtime.

In addition to the Arguments listed above - the following Attributes are exported:

  • id - The ID of the Synapse Linked Service.

Explanation in Terraform Registry

Manages a Synapse Linked Service.

Tips: Best Practices for The Other Azure Synapse Resources

In addition to the azurerm_synapse_workspace, Azure Synapse has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.



Ensure to enable the managed virtual network

It is better to enable the managed virtual network, which is disabled as the default.

Review your Azure Synapse settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

Microsoft.Synapse/workspaces (Azure Resource Manager)

The workspaces in Microsoft.Synapse can be configured in Azure Resource Manager with the resource name Microsoft.Synapse/workspaces. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

    "$schema": "",
    "contentVersion": "",
    "parameters": {
        "workspaceName": {
    "$schema": "",
    "contentVersion": "",
    "parameters": {
        "workspaceName": {
    "$schema": "",
    "contentVersion": "",
    "parameters": {
        "workspaceName": {
    "$schema": "",
    "contentVersion": "",
    "parameters": {
        "workspaceName": {
    "$schema": "",
    "contentVersion": "",
    "parameters": {
        "workspaceName": {
    "$schema": "",
    "contentVersion": "",
    "parameters": {
        "workspaceName": {
            "type": "Microsoft.Synapse/workspaces",
            "apiVersion": "2021-06-01",
            "name": "[parameters('workspaces_mgdcworkspace_name')]",
            "location": "westeurope",
            "identity": {
                "type": "SystemAssigned"
            "type": "Microsoft.Synapse/workspaces",
            "apiVersion": "2019-06-01-preview",
            "name": "[parameters('workspaces_saw_name')]",
            "location": "westus2",
            "identity": {
                "principalId": null,
            "type": "Microsoft.Synapse/workspaces",
            "apiVersion": "2021-06-01",
            "name": "[parameters('WorkspaceName')]",
            "location": "westeurope",
            "identity": {
                "type": "SystemAssigned"
            "type": "Microsoft.Synapse/workspaces",
            "apiVersion": "2020-12-01",
            "tags": {},
            "location": "[parameters('location')]",
            "properties": {
                "defaultDataLakeStorage": {


  • apiVersion required - string
  • identity optional
      • type optional - string

        The type of managed identity for the workspace.

      • userAssignedIdentities optional - undefined

        The User Assigned Managed Identities.

  • location required - string

    The geo-location where the resource lives

  • name required - string

    The name of the workspace.

  • properties required
      • azureADOnlyAuthentication optional - boolean

        Enable or Disable AzureADOnlyAuthentication on All Workspace subresource

      • connectivityEndpoints optional - string

        Connectivity endpoints

      • cspWorkspaceAdminProperties optional
          • initialWorkspaceAdminObjectId optional - string

            AAD object ID of initial workspace admin

      • defaultDataLakeStorage optional
          • accountUrl optional - string

            Account URL

          • createManagedPrivateEndpoint optional - boolean

            Create managed private endpoint to this storage account or not

          • filesystem optional - string

            Filesystem name

          • resourceId optional - string

            ARM resource Id of this storage account

      • encryption optional
          • cmk optional
              • kekIdentity optional
                  • userAssignedIdentity optional - string

                    User assigned identity resource Id

                  • useSystemAssignedIdentity optional - object

                    Boolean specifying whether to use system assigned identity or not

              • key optional
                  • keyVaultUrl optional - string

                    Workspace Key sub-resource key vault url

                  • name optional - string

                    Workspace Key sub-resource name

      • managedResourceGroupName optional - string

        Workspace managed resource group. The resource group name uniquely identifies the resource group within the user subscriptionId. The resource group name must be no longer than 90 characters long, and must be alphanumeric characters (Char.IsLetterOrDigit()) and '-', '_', '(', ')' and'.'. Note that the name cannot end with '.'

      • managedVirtualNetwork optional - string

        Setting this to 'default' will ensure that all compute for this workspace is in a virtual network managed on behalf of the user.

      • managedVirtualNetworkSettings optional
          • allowedAadTenantIdsForLinking optional - array

            Allowed Aad Tenant Ids For Linking

          • linkedAccessCheckOnTargetResource optional - boolean

            Linked Access Check On Target Resource

          • preventDataExfiltration optional - boolean

            Prevent Data Exfiltration

      • privateEndpointConnections optional array
          • properties optional
              • privateEndpoint optional
                • privateLinkServiceConnectionState optional
                    • description optional - string

                      The private link service connection description.

                    • status optional - string

                      The private link service connection status.

        • publicNetworkAccess optional - string

          Enable or Disable public network access to workspace.

        • purviewConfiguration optional
            • purviewResourceId optional - string

              Purview Resource ID

        • sqlAdministratorLogin optional - string

          Login for workspace SQL active directory administrator

        • sqlAdministratorLoginPassword optional - string

          SQL administrator login password

        • virtualNetworkProfile optional
            • computeSubnetId optional - string

              Subnet ID used for computes in workspace

        • workspaceRepositoryConfiguration optional
            • accountName optional - string

              Account name

            • collaborationBranch optional - string

              Collaboration branch

            • hostName optional - string

              GitHub Enterprise host name. For example:

            • lastCommitId optional - string

              The last commit ID

            • projectName optional - string

              VSTS project name

            • repositoryName optional - string

              Repository name

            • rootFolder optional - string

              Root folder to use in the repository

            • tenantId optional - string

              The VSTS tenant ID

            • type optional - string

              Type of workspace repositoryID configuration. Example WorkspaceVSTSConfiguration, WorkspaceGitHubConfiguration

    • tags optional - string

      Resource tags.

    • type required - string

    Frequently asked questions

    What is Azure Synapse Linked Service?

    Azure Synapse Linked Service is a resource for Synapse of Microsoft Azure. Settings can be wrote in Terraform.