Azure Synapse Analytics Terraform module

Terraform module for creation Azure Synapse Analytics

Usage

Requirements

Name	Version
terraform	>= 1.5.0
azurerm	>= 4.0.1
http	>= 3.4
random	>= 3.5.1
time	~> 0.9.2

Providers

Name	Version
azurerm	>= 4.0.1
http	>= 3.4
random	>= 3.5.1
time	~> 0.9.2

Modules

No modules.

Resources

Name	Type
azurerm_private_endpoint.this	resource
azurerm_private_endpoint.this_unmanaged_dns_zone_groups	resource
azurerm_private_endpoint_application_security_group_association.this	resource
azurerm_role_assignment.private_endpoint	resource
azurerm_role_assignment.storage_blob_contributor	resource
azurerm_role_assignment.this	resource
azurerm_synapse_firewall_rule.azureservices	resource
azurerm_synapse_firewall_rule.client_ip	resource
azurerm_synapse_firewall_rule.this	resource
azurerm_synapse_integration_runtime_azure.this	resource
azurerm_synapse_integration_runtime_self_hosted.this	resource
azurerm_synapse_linked_service.this	resource
azurerm_synapse_managed_private_endpoint.private_link	resource
azurerm_synapse_private_link_hub.this	resource
azurerm_synapse_role_assignment.this	resource
azurerm_synapse_spark_pool.this	resource
azurerm_synapse_sql_pool.this	resource
azurerm_synapse_workspace.this	resource
random_password.sql_password	resource
time_sleep.wait_for_firewall_operations	resource
http_http.client_ip	data source

Inputs

Name	Description	Type	Default	Required
add_storage_contributor_role	If true, add Storage Contributor Role to Synapse Workspace identity.	bool	true	no
allow_azure_services_access	If true, allow Azure Services and Resources to access this workspace.	bool	false	no
allow_own_ip	If true, create firewall rule to allow client IP to Synapse Workspace.	bool	false	no
auth_sql_administrator	Specifies The login name of the SQL administrator. Changing this forces a new resource to be created.	string	null	no
auth_sql_administrator_password	The Password associated with the sql_administrator_login for the SQL administrator.	string	null	no
azure_devops_repo	Integrate Synapse Workspace with Azure DevOps.	object({ account_name = string project_name = string repository_name = string branch_name = string root_folder = string last_commit_id = optional(string) tenant_id = optional(string) })	null	no
azure_integration_runtimes	Manages a Azure Synapse Azure Integration Runtimes.	map(object({ location = optional(string, "AutoResolve") compute_type = optional(string, "General") core_count = optional(number, 8) description = optional(string, null) time_to_live_min = optional(number, 0) }))	{}	no
azure_role_assignments	Manages a Azure Role Assignment to Synapse Workspace.	list(object({ role_name = string principal_id = string }))	[]	no
azuread_authentication_only	Azure Active Directory Authentication the only way to authenticate with resources inside this synapse Workspace.	bool	false	no
firewall_rules	Allows you to Manages a Synapse Firewall Rules.	list(object({ name = string start_ip_address = string end_ip_address = string }))	[]	no
github	Integrate Synapse Workspace with Github.	object({ account_name = string repository_name = string branch_name = string root_folder = string last_commit_id = optional(string) git_url = optional(string) })	null	no
identity_ids	Specifies a list of User Assigned Managed Identity IDs to be assigned to this Synapse Workspace.	list(string)	[]	no
identity_type	Specifies the type of Managed Service Identity that should be associated with this Logic App.	string	"SystemAssigned"	no
linked_services	Manages a Synapse Linked Services.	map(object({ type = string type_properties_json = string additional_properties = optional(map(string), {}) annotations = optional(list(string), []) description = optional(string, null) parameters = optional(map(string), {}) integration_runtime_name = optional(string, null) integration_runtime_parameters = optional(map(string), {}) }))	{}	no
location	Specifies the Azure Region where the synapse Workspace should exist. Changing this forces a new resource to be created.	string	n/a	yes
managed_resource_group_name	Specifies the name of the Managed Resource Group for the synapse Workspace. Changing this forces a new resource to be created.	string	""	no
managed_virtual_network_enabled	Identifyes if Virtual Network is enabled for all computes in this workspace	bool	false	no
name	Specifies the name which should be used for this synapse Workspace. Changing this forces a new resource to be created.	string	n/a	yes
private_endpoints	A map of private endpoints to create on the resource. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time. - name - (Optional) The name of the private endpoint. One will be generated if not set. - role_assignments - (Optional) A map of role assignments to create on the private endpoint. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time. See var.role_assignments for more information. - lock - (Optional) The lock level to apply to the private endpoint. Default is None. Possible values are None, CanNotDelete, and ReadOnly. - tags - (Optional) A mapping of tags to assign to the private endpoint. - subnet_resource_id - The resource ID of the subnet to deploy the private endpoint in. - subresource_name - The service name of the private endpoint. Possible value are blob, 'dfs', 'file', queue, table, and web. - private_dns_zone_group_name - (Optional) The name of the private DNS zone group. One will be generated if not set. - private_dns_zone_resource_ids - (Optional) A set of resource IDs of private DNS zones to associate with the private endpoint. If not set, no zone groups will be created and the private endpoint will not be associated with any private DNS zones. DNS records must be managed external to this module. - application_security_group_resource_ids - (Optional) A map of resource IDs of application security groups to associate with the private endpoint. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time. - private_service_connection_name - (Optional) The name of the private service connection. One will be generated if not set. - network_interface_name - (Optional) The name of the network interface. One will be generated if not set. - location - (Optional) The Azure location where the resources will be deployed. Defaults to the location of the resource group. - resource_group_name - (Optional) The resource group where the resources will be deployed. Defaults to the resource group of the resource. - ip_configurations - (Optional) A map of IP configurations to create on the private endpoint. If not specified the platform will create one. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time. - name - The name of the IP configuration. - private_ip_address - The private IP address of the IP configuration.	map(object({ name = optional(string, null) role_assignments = optional(map(object({ role_definition_id_or_name = string principal_id = string description = optional(string, null) skip_service_principal_aad_check = optional(bool, false) condition = optional(string, null) condition_version = optional(string, null) delegated_managed_identity_resource_id = optional(string, null) principal_type = optional(string, null) })), {}) lock = optional(object({ kind = string name = optional(string, null) }), null) tags = optional(map(string), null) subnet_resource_id = string subresource_name = string private_dns_zone_group_name = optional(string, "default") private_dns_zone_resource_ids = optional(set(string), []) application_security_group_associations = optional(map(string), {}) private_service_connection_name = optional(string, null) network_interface_name = optional(string, null) location = optional(string, null) resource_group_name = optional(string, null) ip_configurations = optional(map(object({ name = string private_ip_address = string })), {}) }))	{}	no
private_endpoints_manage_dns_zone_group	Whether to manage private DNS zone groups with this module. If set to false, you must manage private DNS zone groups externally, e.g. using Azure Policy.	bool	true	no
private_link_hub_name	Name of the Private Link Hub	string	null	no
private_links	A map of private endpoints to create on the resource. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time. - name - (Optional) The name of the private link. One will be generated if not set. - target_resource_id - The resource ID of the target resource to be establish private link. - subresource_name - The service name of the private endpoint. Possible value are blob, 'dfs', 'file', queue, table, web, vault, etc.	map(object({ name = optional(string, null) target_resource_id = string subresource_name = optional(string, "web") }))	{}	no
purview_id	The ID of purview account.	string	null	no
resource_group_name	Specifies the name of the Resource Group where the synapse Workspace should exist. Changing this forces a new resource to be created.	string	n/a	yes
self_hosted_integration_runtimes	Manages a Self Hosted Synapse Azure Integration Runtimes.	map(object({ description = optional(string, null) }))	{}	no
spark_pools	Manages a Synapse Spark Pools.	map(object({ node_size_family = optional(string, "None") node_size = optional(string, "Small") node_count = optional(number, null) cache_size = optional(number, null) compute_isolation_enabled = optional(bool, false) dynamic_executor_allocation_enabled = optional(bool, false) min_executors = optional(number, null) max_executors = optional(number, null) session_level_packages_enabled = optional(bool, false) spark_log_folder = optional(string, "/logs") spark_events_folder = optional(string, "/events") spark_version = optional(string, "3.4") autoscale_max_node_count = optional(number, null) autoscale_min_node_count = optional(number, null) autopause_delay_in_minutes = optional(number, null) requirements_content = optional(string, null) requirements_filename = optional(string, "requirements.txt") spark_config_content = optional(string, null) spark_config_filename = optional(string, "config.txt") }))	{}	no
sql_pools	Manages a Synapse SQL Pools.	map(object({ sku_name = string create_mode = optional(string, "Default") collation = optional(string, "SQL_LATIN1_GENERAL_CP1_CI_AS") data_encrypted = optional(bool, false) recovery_database_id = optional(string, null) geo_backup_policy_enabled = optional(bool, true) storage_account_type = optional(string, "GRS") restore_source_database_id = optional(string, null) restore_point_in_time = optional(string, false) }))	{}	no
storage_account_id	Storage Account ID used by Synapse Workspace. Necessary if add_storage_contributor_role is true.	string	false	no
storage_data_lake_gen2_filesystem_id	Specifies the ID of storage data lake gen2 filesystem resource. Changing this forces a new resource to be created.	string	n/a	yes
synapse_role_assignments	Manages a Synapse Role Assignment.	list(object({ role_name = string principal_id = string principal_type = optional(string, null) }))	[]	no
tags	A mapping of tags which should be assigned to the Synapse Workspace.	map(string)	null	no
wait_for_firewall_operations	Timeout settings for firewall operations.	object({ create = optional(string, "30s") destroy = optional(string, "0s") })	{ "create": "30s", "destroy": "0s" }	no

Outputs

Name	Description
azure_integration_runtimes_id	The Azure Integration Runtimes ID.
endpoints	A list of Connectivity endpoints for this Synapse Workspace.
id	The ID of the synapse Workspace.
identity	The Principal ID and Tenant ID for the Service Principal associated with the Managed Service Identity of this Synapse Workspace.
linked_services_id	The Linked Services ID.
self_hosted_integration_runtimes_id	The Self Hosted Integration Runtimes ID.
spark_pools_id	The Spark Pools ID.
sql_administrator_password	SQL administrator password.
sql_pools_id	The SQL Pools ID.

License

Apache 2 Licensed. For more information please see LICENSE