azurermDatabricksWorkspace
Manages a Databricks Workspace
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "example-resources",
}
);
const azurermDatabricksWorkspaceExample =
new azurerm.databricksWorkspace.DatabricksWorkspace(this, "example_1", {
location: azurermResourceGroupExample.location,
name: "databricks-test",
resource_group_name: azurermResourceGroupExample.name,
sku: "standard",
tags: {
Environment: "Production",
},
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermDatabricksWorkspaceExample.overrideLogicalId("example");
-> You can use the Databricks Terraform Provider to manage resources within the Databricks Workspace.
Argument Reference
The following arguments are supported:
-
name
- (Required) Specifies the name of the Databricks Workspace resource. Changing this forces a new resource to be created. -
resourceGroupName
- (Required) The name of the Resource Group in which the Databricks Workspace should exist. Changing this forces a new resource to be created. -
location
- (Required) Specifies the supported Azure location where the resource has to be created. Changing this forces a new resource to be created. -
loadBalancerBackendAddressPoolId
- (Optional) Resource ID of the Outbound Load balancer Backend Address Pool for Secure Cluster Connectivity (No Public IP) workspace. Changing this forces a new resource to be created. -
sku
- (Required) Thesku
to use for the Databricks Workspace. Possible values arestandard
,premium
, ortrial
.
\~> NOTE Downgrading to a trialSku
from a standard
or premiumSku
will force a new resource to be created.
-
managedServicesCmkKeyVaultKeyId
- (Optional) Customer managed encryption properties for the Databricks Workspace managed resources(e.g. Notebooks and Artifacts). -
managedDiskCmkKeyVaultKeyId
- (Optional) Customer managed encryption properties for the Databricks Workspace managed disks. -
managedDiskCmkRotationToLatestVersionEnabled
- (Optional) Whether customer managed keys for disk encryption will automatically be rotated to the latest version. -
managedResourceGroupName
- (Optional) The name of the resource group where Azure should place the managed Databricks resources. Changing this forces a new resource to be created.
\~> NOTE Make sure that this field is unique if you have multiple Databrick Workspaces deployed in your subscription and choose to not have the managedResourceGroupName
auto generated by the Azure Resource Provider. Having multiple Databrick Workspaces deployed in the same subscription with the same manageResourceGroupName
may result in some resources that cannot be deleted.
-
customerManagedKeyEnabled
- (Optional) Is the workspace enabled for customer managed key encryption? Iftrue
this enables the Managed Identity for the managed storage account. Possible values aretrue
orfalse
. Defaults tofalse
. This field is only valid if the Databricks Workspacesku
is set topremium
. -
infrastructureEncryptionEnabled
- (Optional) Is the Databricks File System root file system enabled with a secondary layer of encryption with platform managed keys? Possible values aretrue
orfalse
. Defaults tofalse
. This field is only valid if the Databricks Workspacesku
is set topremium
. Changing this forces a new resource to be created. -
publicNetworkAccessEnabled
- (Optional) Allow public access for accessing workspace. Set value tofalse
to access workspace only via private link endpoint. Possible values includetrue
orfalse
. Defaults totrue
. -
networkSecurityGroupRulesRequired
- (Optional) Does the data plane (clusters) to control plane communication happen over private link endpoint only or publicly? Possible valuesallRules
,noAzureDatabricksRules
ornoAzureServiceRules
. Required whenpublicNetworkAccessEnabled
is set tofalse
. -
customParameters
- (Optional) AcustomParameters
block as documented below. -
tags
- (Optional) A mapping of tags to assign to the resource.
A customParameters
block supports the following:
-
machineLearningWorkspaceId
- (Optional) The ID of a Azure Machine Learning workspace to link with Databricks workspace. Changing this forces a new resource to be created. -
natGatewayName
- (Optional) Name of the NAT gateway for Secure Cluster Connectivity (No Public IP) workspace subnets. Defaults tonatGateway
. Changing this forces a new resource to be created. -
publicIpName
- (Optional) Name of the Public IP for No Public IP workspace with managed vNet. Defaults tonatGwPublicIp
. Changing this forces a new resource to be created. -
noPublicIp
- (Optional) Are public IP Addresses not allowed? Possible values aretrue
orfalse
. Defaults tofalse
.
\~> NOTE Updating noPublicIp
parameter is only allowed if the value is changing from false
to true
and and only for VNet-injected workspaces.
-
publicSubnetName
- (Optional) The name of the Public Subnet within the Virtual Network. Required ifvirtualNetworkId
is set. Changing this forces a new resource to be created. -
publicSubnetNetworkSecurityGroupAssociationId
- (Optional) The resource ID of theazurermSubnetNetworkSecurityGroupAssociation
resource which is referred to by thepublicSubnetName
field. This is the same as the ID of the subnet referred to by thepublicSubnetName
field. Required ifvirtualNetworkId
is set. -
privateSubnetName
- (Optional) The name of the Private Subnet within the Virtual Network. Required ifvirtualNetworkId
is set. Changing this forces a new resource to be created. -
privateSubnetNetworkSecurityGroupAssociationId
- (Optional) The resource ID of theazurermSubnetNetworkSecurityGroupAssociation
resource which is referred to by theprivateSubnetName
field. This is the same as the ID of the subnet referred to by theprivateSubnetName
field. Required ifvirtualNetworkId
is set. -
storageAccountName
- (Optional) Default Databricks File Storage account name. Defaults to a randomized name(e.g.dbstoragel6Mfeghoe5Kxu
). Changing this forces a new resource to be created. -
storageAccountSkuName
- (Optional) Storage account SKU name. Possible values includestandardLrs
,standardGrs
,standardRagrs
,standardGzrs
,standardRagzrs
,standardZrs
,premiumLrs
orpremiumZrs
. Defaults tostandardGrs
. Changing this forces a new resource to be created. -
virtualNetworkId
- (Optional) The ID of a Virtual Network where this Databricks Cluster should be created. Changing this forces a new resource to be created. -
vnetAddressPrefix
- (Optional) Address prefix for Managed virtual network. Defaults to10139
. Changing this forces a new resource to be created.
\~> NOTE Databricks requires that a network security group is associated with the public
and private
subnets when a virtualNetworkId
has been defined. Both public
and private
subnets must be delegated to microsoftDatabricks/workspaces
. For more information about subnet delegation see the product documentation.
Example HCL Configurations
- Databricks Workspace Secure Connectivity Cluster with Load Balancer
- Databricks Workspace Secure Connectivity Cluster without Load Balancer
- Databricks Workspace with Private Endpoint
- Databricks Workspace with Private Endpoint, Customer Managed Keys for Managed Services and Databricks File System Customer Managed Keys
- Databricks Workspace with Databricks File System Customer Managed Keys
- Databricks Workspace with Customer Managed Keys for Managed Services
Attributes Reference
The following attributes are exported:
-
id
- The ID of the Databricks Workspace in the Azure management plane. -
diskEncryptionSetId
- The ID of Managed Disk Encryption Set created by the Databricks Workspace. -
managedDiskIdentity
- AmanagedDiskIdentity
block as documented below. -
managedResourceGroupId
- The ID of the Managed Resource Group created by the Databricks Workspace. -
workspaceUrl
- The workspace URL which is of the format 'adb-{workspaceId}.{random}.azuredatabricks.net' -
workspaceId
- The unique identifier of the databricks workspace in Databricks control plane. -
storageAccountIdentity
- AstorageAccountIdentity
block as documented below.
A managedDiskIdentity
block exports the following:
-
principalId
- The principal UUID for the internal databricks disks identity needed to provide access to the workspace for enabling Customer Managed Keys. -
tenantId
- The UUID of the tenant where the internal databricks disks identity was created. -
type
- The type of the internal databricks disks identity.
A storageAccountIdentity
block exports the following:
-
principalId
- The principal UUID for the internal databricks storage account needed to provide access to the workspace for enabling Customer Managed Keys. -
tenantId
- The UUID of the tenant where the internal databricks storage account was created. -
type
- The type of the internal databricks storage account.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the Databricks Workspace.update
- (Defaults to 30 minutes) Used when updating the Databricks Workspace.read
- (Defaults to 5 minutes) Used when retrieving the Databricks Workspace.delete
- (Defaults to 30 minutes) Used when deleting the Databricks Workspace.
Import
Databrick Workspaces can be imported using the resourceId
, e.g.