Skip to content
Ed Freeman By Ed Freeman Software Engineer II
Deploy an Azure Synapse Analytics workspace using an ARM Template

Here's how to deploy an Azure Synapse Analytics workspace using an Azure Resource Manager (ARM) template.

Prerequisite

You'll first need to make sure the Microsoft.Synapse resource provider is registered within your subscription. If it's not registered, you can register it through the portal, or use a simple Az PowerShell command, like so:

Register-AzResourceProvider -ProviderNamespace "Microsoft.Synapse"

The best hour you can spend to refine your own data strategy and leverage the latest capabilities on Azure to accelerate your road map.

or use the az CLI:

az provider register --namespace Microsoft.Synapse

Note: to register a resource provider, you must have the /register/action permission for that resource provider, which is included in the Contributor and Owner roles at the subscription scope.

Template

Below you'll find the template which deploys a Synapse workspace, and (optionally) an Azure Data Lake Store Gen2 (ADLS g2). At the time of writing, Azure Synapse Analytics is in public preview, so the ARM template was quite hard to come by. After manually deploying the resource in the portal, I could take advantage of the "Export template" functionality to retrieve the ARM template. Generally, this functionality should always make it possible to find the ARM template for a particular set of resources, if (for whatever reason) you can't find them in the docs.

This can be deployed using your preferred tool - for example, you can use the portal, the Az module in PowerShell, or the Azure CLI.

In PowerShell, for example, this looks like:

$tenantId = ""
$subscriptionId = ""

Connect-AzAccount -Tenant $tenantId -Subscription $subscriptionId

$resourceGroupName = ""
$templateFilePath = ""
$templateParameterFilePath = ""

New-AzResourceGroupDeployment -ResourceGroupName $resourceGroupName -TemplateFile $templateFilePath -TemplateParameterFile $templateParameterFilePath

where I'm using a parameters file, which looks like this:

{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "name": {
            "value": ""
        },
        "location": {
            "value": ""
        },
        "defaultDataLakeStorageAccountName": {
            "value": ""
        },
        "defaultDataLakeStorageFilesystemName": {
            "value": ""
        },
        "sqlAdministratorLogin": {
            "value": "sqladminuser"
        },
        "sqlAdministratorLoginPassword": {
            "value": ""
        },
        "setWorkspaceIdentityRbacOnStorageAccount": {
            "value": true
        },
        "allowAllConnections": {
            "value": true
        },
        "grantWorkspaceIdentityControlForSql": {
            "value": "Enabled"
        },
        "managedVirtualNetwork": {
            "value": ""
        },
        "tagValues": {
            "value": {}
        },
        "storageSubscriptionID": {
            "value": ""
        },
        "storageResourceGroupName": {
            "value": ""
        },
        "storageLocation": {
            "value": ""
        },
        "storageRoleUniqueId": {
            "value": ""
        },
        "isNewStorageAccount": {
            "value": false
        },
        "isNewFileSystemOnly": {
            "value": false
        },
        "adlaResourceId": {
            "value": ""
        },
        "storageAccessTier": {
            "value": "Hot"
        },
        "storageAccountType": {
            "value": "Standard_RAGRS"
        },
        "storageSupportsHttpsTrafficOnly": {
            "value": true
        },
        "storageKind": {
            "value": "StorageV2"
        },
        "storageIsHnsEnabled": {
            "value": true
        },
        "userObjectId": {
            "value": ""
        },
        "setSbdcRbacOnStorageAccount": {
            "value": true
        }
    }
}

This template performs a number of operations:

  • Optionally deploys an ADLS g2 account (determined by the isNewStorageAccount parameter) - a Synapse workspace needs a default data lake storage account configuring upon provisioning
    • If an ADLS g2 account is created, a new filesystem is also created
  • If the storage account is existing, but a new filesystem is to be created, this template will do that (determined by the isNewFileSystemOnly parameter)
  • Deploys the Synapse workspace, configuring the firewall rules, SQL admin credentials, virtual network settings, SQL control settings for the managed identity. This last point grants the CONTROL permission to the workspace's managed identity on all SQL pools and SQL on-demand (i.e. it gives the managed identity all the permissions).
  • Assigns the Synapse workspace's managed identity an RBAC role (Storage Blob Data Contributor) on the default storage account (determined by the setWorkspaceIdentityRbacOnStorageAccount parameter).
  • Assigns the principal identified by the userObjectId parameter an RBAC role (Storage Blob Data Contributor) on the default storage account (determined by the setSbdcRbacOnStorageAccount parameter)

And that's it - hope you've found this useful!


Azure Weekly is a summary of the week's top Microsoft Azure news from AI to Availability Zones. Keep on top of all the latest Azure developments!

If you're looking to learn how to deploy an Azure Synapse Analytics workspace using the Azure CLI, take a look at this blog by Lena Hall.

Want to get started with Synapse but not sure where to start?

If you'd like to know more about Azure Synapse, we offer a free 1 hour, 1-2-1 Azure Data Strategy Briefing. Please book a call and then we'll confirm the time and send you a meeting invite.

We also have created number of talks about Azure Synapse:

Finally, if you are interested in more content about Azure Synapse, we have a dedicated editions page which collates all our blog posts.

FAQs

How do I deploy an Azure Synapse Analytics workspace? You can deploy an Azure Synapse Analytics workspace through a number of means. Some options are through the portal, using the Azure CLI, or using an Azure Resource Manager (ARM) template. An ARM template in Azure is a popular method of defining infrastructure as code, and will inevitably be a widespread mechanism used for deploying Azure Synapse Analytics workspaces as the new service grows in popularity.

Ed Freeman

Software Engineer II

Ed Freeman

Ed is a Data Engineer helping to deliver projects for clients of all shapes and sizes, providing best of breed technology solutions to industry specific challenges. He focusses primarily on cloud technologies, data analytics and business intelligence, though his Mathematical background has also led to a distinct interest in Data Science, Artificial Intelligence, and other related fields.

He also curates a weekly newsletter, Power BI Weekly, where you can receive all the latest Power BI news, for free.

Ed won the Cloud Apprentice of the Year at the Computing Rising Star Awards 2019.