azurermDatabricksWorkspace

Manages a Databricks Workspace

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
const azurermDatabricksWorkspaceExample =
  new azurerm.databricksWorkspace.DatabricksWorkspace(this, "example_1", {
    location: azurermResourceGroupExample.location,
    name: "databricks-test",
    resource_group_name: azurermResourceGroupExample.name,
    sku: "standard",
    tags: {
      Environment: "Production",
    },
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermDatabricksWorkspaceExample.overrideLogicalId("example");

-> You can use the Databricks Terraform Provider to manage resources within the Databricks Workspace.

Argument Reference

The following arguments are supported:

• name - (Required) Specifies the name of the Databricks Workspace resource. Changing this forces a new resource to be created.

• resourceGroupName - (Required) The name of the Resource Group in which the Databricks Workspace should exist. Changing this forces a new resource to be created.

• location - (Required) Specifies the supported Azure location where the resource has to be created. Changing this forces a new resource to be created.

• loadBalancerBackendAddressPoolId - (Optional) Resource ID of the Outbound Load balancer Backend Address Pool for Secure Cluster Connectivity (No Public IP) workspace. Changing this forces a new resource to be created.

• sku - (Required) The sku to use for the Databricks Workspace. Possible values are standard, premium, or trial.

\~> NOTE Downgrading to a trialSku from a standard or premiumSku will force a new resource to be created.

• managedServicesCmkKeyVaultKeyId - (Optional) Customer managed encryption properties for the Databricks Workspace managed resources(e.g. Notebooks and Artifacts).

• managedDiskCmkKeyVaultKeyId - (Optional) Customer managed encryption properties for the Databricks Workspace managed disks.

• managedDiskCmkRotationToLatestVersionEnabled - (Optional) Whether customer managed keys for disk encryption will automatically be rotated to the latest version.

• managedResourceGroupName - (Optional) The name of the resource group where Azure should place the managed Databricks resources. Changing this forces a new resource to be created.

\~> NOTE Make sure that this field is unique if you have multiple Databrick Workspaces deployed in your subscription and choose to not have the managedResourceGroupName auto generated by the Azure Resource Provider. Having multiple Databrick Workspaces deployed in the same subscription with the same manageResourceGroupName may result in some resources that cannot be deleted.

• customerManagedKeyEnabled - (Optional) Is the workspace enabled for customer managed key encryption? If true this enables the Managed Identity for the managed storage account. Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium.

• infrastructureEncryptionEnabled - (Optional) Is the Databricks File System root file system enabled with a secondary layer of encryption with platform managed keys? Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium. Changing this forces a new resource to be created.

• publicNetworkAccessEnabled - (Optional) Allow public access for accessing workspace. Set value to false to access workspace only via private link endpoint. Possible values include true or false. Defaults to true.

• networkSecurityGroupRulesRequired - (Optional) Does the data plane (clusters) to control plane communication happen over private link endpoint only or publicly? Possible values allRules, noAzureDatabricksRules or noAzureServiceRules. Required when publicNetworkAccessEnabled is set to false.

• customParameters - (Optional) A customParameters block as documented below.

• tags - (Optional) A mapping of tags to assign to the resource.

A customParameters block supports the following:

• machineLearningWorkspaceId - (Optional) The ID of a Azure Machine Learning workspace to link with Databricks workspace. Changing this forces a new resource to be created.

• natGatewayName - (Optional) Name of the NAT gateway for Secure Cluster Connectivity (No Public IP) workspace subnets. Defaults to natGateway. Changing this forces a new resource to be created.

• publicIpName - (Optional) Name of the Public IP for No Public IP workspace with managed vNet. Defaults to natGwPublicIp. Changing this forces a new resource to be created.

• noPublicIp - (Optional) Are public IP Addresses not allowed? Possible values are true or false. Defaults to false.

\~> NOTE Updating noPublicIp parameter is only allowed if the value is changing from false to true and and only for VNet-injected workspaces.

• publicSubnetName - (Optional) The name of the Public Subnet within the Virtual Network. Required if virtualNetworkId is set. Changing this forces a new resource to be created.

• publicSubnetNetworkSecurityGroupAssociationId - (Optional) The resource ID of the azurermSubnetNetworkSecurityGroupAssociation resource which is referred to by the publicSubnetName field. This is the same as the ID of the subnet referred to by the publicSubnetName field. Required if virtualNetworkId is set.

• privateSubnetName - (Optional) The name of the Private Subnet within the Virtual Network. Required if virtualNetworkId is set. Changing this forces a new resource to be created.

• privateSubnetNetworkSecurityGroupAssociationId - (Optional) The resource ID of the azurermSubnetNetworkSecurityGroupAssociation resource which is referred to by the privateSubnetName field. This is the same as the ID of the subnet referred to by the privateSubnetName field. Required if virtualNetworkId is set.

• storageAccountName - (Optional) Default Databricks File Storage account name. Defaults to a randomized name(e.g. dbstoragel6Mfeghoe5Kxu). Changing this forces a new resource to be created.

• storageAccountSkuName - (Optional) Storage account SKU name. Possible values include standardLrs, standardGrs, standardRagrs, standardGzrs, standardRagzrs, standardZrs, premiumLrs or premiumZrs. Defaults to standardGrs. Changing this forces a new resource to be created.

• virtualNetworkId - (Optional) The ID of a Virtual Network where this Databricks Cluster should be created. Changing this forces a new resource to be created.

• vnetAddressPrefix - (Optional) Address prefix for Managed virtual network. Defaults to 10139. Changing this forces a new resource to be created.

\~> NOTE Databricks requires that a network security group is associated with the public and private subnets when a virtualNetworkId has been defined. Both public and private subnets must be delegated to microsoftDatabricks/workspaces. For more information about subnet delegation see the product documentation.

Example HCL Configurations

• Databricks Workspace Secure Connectivity Cluster with Load Balancer
• Databricks Workspace Secure Connectivity Cluster without Load Balancer
• Databricks Workspace with Private Endpoint
• Databricks Workspace with Private Endpoint, Customer Managed Keys for Managed Services and Databricks File System Customer Managed Keys
• Databricks Workspace with Databricks File System Customer Managed Keys
• Databricks Workspace with Customer Managed Keys for Managed Services

Attributes Reference

The following attributes are exported:

• id - The ID of the Databricks Workspace in the Azure management plane.

• diskEncryptionSetId - The ID of Managed Disk Encryption Set created by the Databricks Workspace.

• managedDiskIdentity - A managedDiskIdentity block as documented below.

• managedResourceGroupId - The ID of the Managed Resource Group created by the Databricks Workspace.

• workspaceUrl - The workspace URL which is of the format 'adb-{workspaceId}.{random}.azuredatabricks.net'

• workspaceId - The unique identifier of the databricks workspace in Databricks control plane.

• storageAccountIdentity - A storageAccountIdentity block as documented below.

A managedDiskIdentity block exports the following:

• principalId - The principal UUID for the internal databricks disks identity needed to provide access to the workspace for enabling Customer Managed Keys.

• tenantId - The UUID of the tenant where the internal databricks disks identity was created.

• type - The type of the internal databricks disks identity.

A storageAccountIdentity block exports the following:

• principalId - The principal UUID for the internal databricks storage account needed to provide access to the workspace for enabling Customer Managed Keys.

• tenantId - The UUID of the tenant where the internal databricks storage account was created.

• type - The type of the internal databricks storage account.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

• create - (Defaults to 30 minutes) Used when creating the Databricks Workspace.
• update - (Defaults to 30 minutes) Used when updating the Databricks Workspace.
• read - (Defaults to 5 minutes) Used when retrieving the Databricks Workspace.
• delete - (Defaults to 30 minutes) Used when deleting the Databricks Workspace.

Import

Databrick Workspaces can be imported using the resourceId, e.g.

terraform import azurerm_databricks_workspace.workspace1 /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Databricks/workspaces/workspace1