Here's how to deploy an Azure Synapse Analytics workspace using an Azure Resource Manager (ARM) template.
You'll first need to make sure the
Microsoft.Synapse resource provider is registered within your subscription. If it's not registered, you can register it through the portal, or use a simple
Az PowerShell command, like so:
Register-AzResourceProvider -ProviderNamespace "Microsoft.Synapse"
or use the az CLI:
az provider register --namespace Microsoft.Synapse
Note: to register a resource provider, you must have the
/register/action permission for that resource provider, which is included in the Contributor and Owner roles at the subscription scope.
Below you'll find the template which deploys a Synapse workspace, and (optionally) an Azure Data Lake Store Gen2 (ADLS g2). At the time of writing, Azure Synapse Analytics is in public preview, so the ARM template was quite hard to come by. After manually deploying the resource in the portal, I could take advantage of the "Export template" functionality to retrieve the ARM template. Generally, this functionality should always make it possible to find the ARM template for a particular set of resources, if (for whatever reason) you can't find them in the docs.
In PowerShell, for example, this looks like:
where I'm using a parameters file, which looks like this:
This template performs a number of operations:
- Optionally deploys an ADLS g2 account (determined by the
isNewStorageAccountparameter) - a Synapse workspace needs a default data lake storage account configuring upon provisioning
- If an ADLS g2 account is created, a new filesystem is also created
- If the storage account is existing, but a new filesystem is to be created, this template will do that (determined by the
- Deploys the Synapse workspace, configuring the firewall rules, SQL admin credentials, virtual network settings, SQL control settings for the managed identity. This last point grants the CONTROL permission to the workspace's managed identity on all SQL pools and SQL on-demand (i.e. it gives the managed identity all the permissions).
- Assigns the Synapse workspace's managed identity an RBAC role (Storage Blob Data Contributor) on the default storage account (determined by the
- Assigns the caller's identity an RBAC role (Storage Blob Data Contributor) on the default storage account (determined by the
And that's it - hope you've found this useful!
If you're looking to learn how to deploy an Azure Synapse Analytics workspace using the Azure CLI, take a look at this blog by Lena Hall.
Want to get started with Synapse but not sure where to start?
We also have created number of talks about Azure Synapse:
- Serverless data prep using SQL on demand and Synapse Pipelines
- Azure Synapse - On-Demand Serverless Compute and Querying
- Custom C# Spark Jobs in Azure Synapse
- Custom Scala Spark Jobs in Azure Synapse
Finally, if you are interested in more content about Azure Synapse, we have a dedicated editions page which collates all our blog posts.