Azure Synapse Linked Service
This page shows how to write Terraform and Azure Resource Manager for Synapse Linked Service and write them securely.
azurerm_synapse_linked_service (Terraform)
The Linked Service in Synapse can be configured in Terraform with the resource name azurerm_synapse_linked_service. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
The following arguments are supported:
name- (Required) The name which should be used for this Synapse Linked Service. Changing this forces a new Synapse Linked Service to be created.synapse_workspace_id- (Required) The Synapse Workspace ID in which to associate the Linked Service with. Changing this forces a new Synapse Linked Service to be created.type- (Required) The type of data stores that will be connected to Synapse. For full list of supported data stores, please refer to Azure Synapse connector. Changing this forces a new Synapse Linked Service to be created.type_properties_json- (Required) A JSON object that contains the properties of the Synapse Linked Service.
additional_properties- (Optional) A map of additional properties to associate with the Synapse Linked Service.annotations- (Optional) List of tags that can be used for describing the Synapse Linked Service.description- (Optional) The description for the Synapse Linked Service.integration_runtime- (Optional) Aintegration_runtimeblock as defined below.parameters- (Optional) A map of parameters to associate with the Synapse Linked Service.
A integration_runtime block supports the following:
name- (Required) The integration runtime reference to associate with the Synapse Linked Service.parameters- (Optional) A map of parameters to associate with the integration runtime.
In addition to the Arguments listed above - the following Attributes are exported:
id- The ID of the Synapse Linked Service.
Explanation in Terraform Registry
Manages a Synapse Linked Service.
Tips: Best Practices for The Other Azure Synapse Resources
In addition to the azurerm_synapse_workspace, Azure Synapse has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_synapse_workspace
Ensure to enable the managed virtual network
It is better to enable the managed virtual network, which is disabled as the default.
Microsoft.Synapse/workspaces (Azure Resource Manager)
The workspaces in Microsoft.Synapse can be configured in Azure Resource Manager with the resource name Microsoft.Synapse/workspaces. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspaceName": {
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspaceName": {
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspaceName": {
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspaceName": {
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspaceName": {
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspaceName": {
"type": "Microsoft.Synapse/workspaces",
"apiVersion": "2021-06-01",
"name": "[parameters('workspaces_mgdcworkspace_name')]",
"location": "westeurope",
"identity": {
"type": "SystemAssigned"
"type": "Microsoft.Synapse/workspaces",
"apiVersion": "2019-06-01-preview",
"name": "[parameters('workspaces_saw_name')]",
"location": "westus2",
"identity": {
"principalId": null,
"type": "Microsoft.Synapse/workspaces",
"apiVersion": "2021-06-01",
"name": "[parameters('WorkspaceName')]",
"location": "westeurope",
"identity": {
"type": "SystemAssigned"
"type": "Microsoft.Synapse/workspaces",
"apiVersion": "2020-12-01",
"tags": {},
"location": "[parameters('location')]",
"properties": {
"defaultDataLakeStorage": {
Parameters
apiVersionrequired - stringidentityoptionaltypeoptional - stringThe type of managed identity for the workspace.
userAssignedIdentitiesoptional - undefinedThe User Assigned Managed Identities.
locationrequired - stringThe geo-location where the resource lives
namerequired - stringThe name of the workspace.
propertiesrequiredazureADOnlyAuthenticationoptional - booleanEnable or Disable AzureADOnlyAuthentication on All Workspace subresource
connectivityEndpointsoptional - stringConnectivity endpoints
cspWorkspaceAdminPropertiesoptionalinitialWorkspaceAdminObjectIdoptional - stringAAD object ID of initial workspace admin
defaultDataLakeStorageoptionalaccountUrloptional - stringAccount URL
createManagedPrivateEndpointoptional - booleanCreate managed private endpoint to this storage account or not
filesystemoptional - stringFilesystem name
resourceIdoptional - stringARM resource Id of this storage account
encryptionoptionalcmkoptionalkekIdentityoptionaluserAssignedIdentityoptional - stringUser assigned identity resource Id
useSystemAssignedIdentityoptional - objectBoolean specifying whether to use system assigned identity or not
keyoptionalkeyVaultUrloptional - stringWorkspace Key sub-resource key vault url
nameoptional - stringWorkspace Key sub-resource name
managedResourceGroupNameoptional - stringWorkspace managed resource group. The resource group name uniquely identifies the resource group within the user subscriptionId. The resource group name must be no longer than 90 characters long, and must be alphanumeric characters (Char.IsLetterOrDigit()) and '-', '_', '(', ')' and'.'. Note that the name cannot end with '.'
managedVirtualNetworkoptional - stringSetting this to 'default' will ensure that all compute for this workspace is in a virtual network managed on behalf of the user.
managedVirtualNetworkSettingsoptionalallowedAadTenantIdsForLinkingoptional - arrayAllowed Aad Tenant Ids For Linking
linkedAccessCheckOnTargetResourceoptional - booleanLinked Access Check On Target Resource
preventDataExfiltrationoptional - booleanPrevent Data Exfiltration
privateEndpointConnectionsoptional arraypropertiesoptionalprivateEndpointoptionalprivateLinkServiceConnectionStateoptionaldescriptionoptional - stringThe private link service connection description.
statusoptional - stringThe private link service connection status.
publicNetworkAccessoptional - stringEnable or Disable public network access to workspace.
purviewConfigurationoptionalpurviewResourceIdoptional - stringPurview Resource ID
sqlAdministratorLoginoptional - stringLogin for workspace SQL active directory administrator
sqlAdministratorLoginPasswordoptional - stringSQL administrator login password
virtualNetworkProfileoptionalcomputeSubnetIdoptional - stringSubnet ID used for computes in workspace
workspaceRepositoryConfigurationoptionalaccountNameoptional - stringAccount name
collaborationBranchoptional - stringCollaboration branch
hostNameoptional - stringGitHub Enterprise host name. For example: https://github.mydomain.com
lastCommitIdoptional - stringThe last commit ID
projectNameoptional - stringVSTS project name
repositoryNameoptional - stringRepository name
rootFolderoptional - stringRoot folder to use in the repository
tenantIdoptional - stringThe VSTS tenant ID
typeoptional - stringType of workspace repositoryID configuration. Example WorkspaceVSTSConfiguration, WorkspaceGitHubConfiguration
tagsoptional - stringResource tags.
typerequired - string
