Deploy an Azure Synapse Analytics workspace using an ARM Template

Here's how to deploy an Azure Synapse Analytics workspace using an Azure Resource Manager (ARM) template.

Prerequisite

You'll first need to make sure the Microsoft.Synapse resource provider is registered within your subscription. If it's not registered, you can register it through the portal, or use a simple Az PowerShell command, like so:

Register-AzResourceProvider -ProviderNamespace "Microsoft.Synapse"

or use the az CLI:

az provider register --namespace Microsoft.Synapse

Note: to register a resource provider, you must have the /register/action permission for that resource provider, which is included in the Contributor and Owner roles at the subscription scope.

Template

Below you'll find the template which deploys a Synapse workspace, and (optionally) an Azure Data Lake Store Gen2 (ADLS g2). At the time of writing, Azure Synapse Analytics is in public preview, so the ARM template was quite hard to come by. After manually deploying the resource in the portal, I could take advantage of the "Export template" functionality to retrieve the ARM template. Generally, this functionality should always make it possible to find the ARM template for a particular set of resources, if (for whatever reason) you can't find them in the docs.

This can be deployed using your preferred tool - for example, you can use the portal, the Az module in PowerShell, or the Azure CLI.

In PowerShell, for example, this looks like:

$tenantId = ""
$subscriptionId = ""

Connect-AzAccount -Tenant $tenantId -Subscription $subscriptionId

$resourceGroupName = ""
$templateFilePath = ""
$templateParameterFilePath = ""

New-AzResourceGroupDeployment -ResourceGroupName $resourceGroupName -TemplateFile $templateFilePath -TemplateParameterFile $templateParameterFilePath

where I'm using a parameters file, which looks like this:

{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "name": {
            "value": ""
        },
        "location": {
            "value": ""
        },
        "defaultDataLakeStorageAccountName": {
            "value": ""
        },
        "defaultDataLakeStorageFilesystemName": {
            "value": ""
        },
        "sqlAdministratorLogin": {
            "value": "sqladminuser"
        },
        "sqlAdministratorLoginPassword": {
            "value": ""
        },
        "setWorkspaceIdentityRbacOnStorageAccount": {
            "value": true
        },
        "allowAllConnections": {
            "value": true
        },
        "grantWorkspaceIdentityControlForSql": {
            "value": "Enabled"
        },
        "managedVirtualNetwork": {
            "value": ""
        },
        "tagValues": {
            "value": {}
        },
        "storageSubscriptionID": {
            "value": ""
        },
        "storageResourceGroupName": {
            "value": ""
        },
        "storageLocation": {
            "value": ""
        },
        "storageRoleUniqueId": {
            "value": ""
        },
        "isNewStorageAccount": {
            "value": false
        },
        "isNewFileSystemOnly": {
            "value": false
        },
        "adlaResourceId": {
            "value": ""
        },
        "storageAccessTier": {
            "value": "Hot"
        },
        "storageAccountType": {
            "value": "Standard_RAGRS"
        },
        "storageSupportsHttpsTrafficOnly": {
            "value": true
        },
        "storageKind": {
            "value": "StorageV2"
        },
        "storageIsHnsEnabled": {
            "value": true
        },
        "userObjectId": {
            "value": ""
        },
        "setSbdcRbacOnStorageAccount": {
            "value": true
        }
    }
}

This template performs a number of operations:

• Optionally deploys an ADLS g2 account (determined by the isNewStorageAccount parameter) - a Synapse workspace needs a default data lake storage account configuring upon provisioning
  • If an ADLS g2 account is created, a new filesystem is also created
• If the storage account is existing, but a new filesystem is to be created, this template will do that (determined by the isNewFileSystemOnly parameter)
• Deploys the Synapse workspace, configuring the firewall rules, SQL admin credentials, virtual network settings, SQL control settings for the managed identity. This last point grants the CONTROL permission to the workspace's managed identity on all SQL pools and SQL on-demand (i.e. it gives the managed identity all the permissions).
• Assigns the Synapse workspace's managed identity an RBAC role (Storage Blob Data Contributor) on the default storage account (determined by the setWorkspaceIdentityRbacOnStorageAccount parameter).
• Assigns the principal identified by the userObjectId parameter an RBAC role (Storage Blob Data Contributor) on the default storage account (determined by the setSbdcRbacOnStorageAccount parameter)

And that's it - hope you've found this useful!

If you're looking to learn how to deploy an Azure Synapse Analytics workspace using the Azure CLI, take a look at this blog by Lena Hall.

Want to get started with Synapse but not sure where to start?

If you'd like to know more about Azure Synapse, we offer a free 1 hour, 1-2-1 Azure Data Strategy Briefing. Please book a call and then we'll confirm the time and send you a meeting invite.

We also have created number of talks about Azure Synapse:

• Serverless data prep using SQL on demand and Synapse Pipelines
• Azure Synapse - On-Demand Serverless Compute and Querying
• Detecting Anomalies in IoT Telemetry with Azure Synapse Analytics
• Custom C# Spark Jobs in Azure Synapse
• Custom Scala Spark Jobs in Azure Synapse

Finally, if you are interested in more content about Azure Synapse, we have a dedicated editions page which collates all our blog posts.