Deploying a Secure Azure Synapse Workspace Using Terraform
Note: if you’re looking for more (secure) Azure Data Terraform modules please check this GitHub repo or this getting started blog.
Securing an Azure Synapse workspace can be tricky. The following post explains how to create a secure Azure Synapse Analytics workspace with underlying ADLS Gen 2, Spark Pool and SQL Pool using Terraform.
The deployment steps describe the minimal set of resources required to get start with Azure Synapse Analytics in a network-isolated set up. See more about Synapse network security options here.
> Jump directly to the GitHub repo if you want to stop reading.
Deploy a secure Synapse workspace
The deployment creates a workspace in an isolated network environment using Azure Private Link endpoints. Private DNS zones are included so domain names can be resolved within the virtual network (VNet).
The deployment includes the following resources:
- Synapse Workspace with Private Endpoints for accessing Dedicated SQL pools (Dedicated SQL endpoint), Serverless SQL pool (Serverless SQL endpoint), and Apache Spark pools + pipeline resources (Development endpoint).
- Synapse Private Link Hub with Private Endpoint to securely connect to Synapse Studio from the VNet using Azure Private Link.
- Storage Account (ADLS Gen2) with Private Endpoints
blobanddfs. - Virtual Network with 10.0.0.0/16 by default, including two subnets
default(10.0.1.0/24) andbastion(10.0.10.0/27). - Jumphost (Windows) with Bastion for easy access to the VNet.
- (Optional) Synapse Spark Pool and SQL Pool by enabling
enable_syn_sparkpoolandenable_syn_sqlpoolfeature flags.
Instructions
- Clone the repo and go to the directory
- Copy terraform.tfvars.example to terraform.tfvars
- Update terraform.tfvars with your desired values
- Run Terraform
$ terraform init
$ terraform plan
$ terraform applyFor any suggestions or questions, feel free to reach out :)
References:
- To learn more about Synapse network security options, see Azure Synapse Analytics security white paper
- To find Terraform module examples for Azure Data services, see Azure Data Labs module repository
- To learn more about Terraform support on Azure, see Azure Provider documentation
