Microsoft.Databricks workspaces 2023-02-01
Article 04/10/2023
1 contributor
Feedback
In this article
Bicep resource definition
The workspaces resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log .
To create a Microsoft.Databricks/workspaces resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Databricks/workspaces@2023-02-01' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
sku: {
name: 'string'
tier: 'string'
}
properties: {
authorizations: [
{
principalId: 'string'
roleDefinitionId: 'string'
}
]
createdBy: {}
encryption: {
entities: {
managedDisk: {
keySource: 'Microsoft.Keyvault'
keyVaultProperties: {
keyName: 'string'
keyVaultUri: 'string'
keyVersion: 'string'
}
rotationToLatestKeyVersionEnabled: bool
}
managedServices: {
keySource: 'Microsoft.Keyvault'
keyVaultProperties: {
keyName: 'string'
keyVaultUri: 'string'
keyVersion: 'string'
}
}
}
}
managedDiskIdentity: {}
managedResourceGroupId: 'string'
parameters: {
amlWorkspaceId: {
value: 'string'
}
customPrivateSubnetName: {
value: 'string'
}
customPublicSubnetName: {
value: 'string'
}
customVirtualNetworkId: {
value: 'string'
}
enableNoPublicIp: {
value: bool
}
encryption: {
value: {
KeyName: 'string'
keySource: 'string'
keyvaulturi: 'string'
keyversion: 'string'
}
}
loadBalancerBackendPoolName: {
value: 'string'
}
loadBalancerId: {
value: 'string'
}
natGatewayName: {
value: 'string'
}
prepareEncryption: {
value: bool
}
publicIpName: {
value: 'string'
}
requireInfrastructureEncryption: {
value: bool
}
storageAccountName: {
value: 'string'
}
storageAccountSkuName: {
value: 'string'
}
vnetAddressPrefix: {
value: 'string'
}
}
publicNetworkAccess: 'string'
requiredNsgRules: 'string'
storageAccountIdentity: {}
uiDefinitionUri: 'string'
updatedBy: {}
}
}
Property values
workspaces
Name
Description
Value
name
The resource name
string (required) Character limit: 3-64 Valid characters: Alphanumerics, underscores, and hyphens
location
The geo-location where the resource lives
string (required)
tags
Resource tags.
Dictionary of tag names and values. See Tags in templates
sku
The SKU of the resource.
Sku
properties
The workspace properties.
WorkspaceProperties (required)
WorkspaceProperties
Name
Description
Value
authorizations
The workspace provider authorizations.
WorkspaceProviderAuthorization []
createdBy
Indicates the Object ID, PUID and Application ID of entity that created the workspace.
CreatedBy
encryption
Encryption properties for databricks workspace
WorkspacePropertiesEncryption
managedDiskIdentity
The details of Managed Identity of Disk Encryption Set used for Managed Disk Encryption
ManagedIdentityConfiguration
managedResourceGroupId
The managed resource group Id.
string (required)
parameters
The workspace's custom parameters.
WorkspaceCustomParameters
publicNetworkAccess
The network access type for accessing workspace. Set value to disabled to access workspace only via private link.
'Disabled' 'Enabled'
requiredNsgRules
Gets or sets a value indicating whether data plane (clusters) to control plane communication happen over private endpoint. Supported values are 'AllRules' and 'NoAzureDatabricksRules'. 'NoAzureServiceRules' value is for internal use only.
'AllRules' 'NoAzureDatabricksRules' 'NoAzureServiceRules'
storageAccountIdentity
The details of Managed Identity of Storage Account
ManagedIdentityConfiguration
uiDefinitionUri
The blob URI where the UI definition file is located.
string
updatedBy
Indicates the Object ID, PUID and Application ID of entity that last updated the workspace.
CreatedBy
WorkspaceProviderAuthorization
Name
Description
Value
principalId
The provider's principal identifier. This is the identity that the provider will use to call ARM to manage the workspace resources.
string (required)
roleDefinitionId
The provider's role definition identifier. This role will define all the permissions that the provider must have on the workspace's container resource group. This role definition cannot have permission to delete the resource group.
string (required)
CreatedBy
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
WorkspacePropertiesEncryption
EncryptionEntitiesDefinition
Name
Description
Value
managedDisk
Encryption properties for the databricks managed disks.
ManagedDiskEncryption
managedServices
Encryption properties for the databricks managed services.
EncryptionV2
ManagedDiskEncryption
Name
Description
Value
keySource
The encryption keySource (provider). Possible values (case-insensitive): Microsoft.Keyvault
'Microsoft.Keyvault' (required)
keyVaultProperties
Key Vault input properties for encryption.
ManagedDiskEncryptionKeyVaultProperties (required)
rotationToLatestKeyVersionEnabled
Indicate whether the latest key version should be automatically used for Managed Disk Encryption.
bool
ManagedDiskEncryptionKeyVaultProperties
Name
Description
Value
keyName
The name of KeyVault key.
string (required)
keyVaultUri
The URI of KeyVault.
string (required)
keyVersion
The version of KeyVault key.
string (required)
EncryptionV2
Name
Description
Value
keySource
The encryption keySource (provider). Possible values (case-insensitive): Microsoft.Keyvault
'Microsoft.Keyvault' (required)
keyVaultProperties
Key Vault input properties for encryption.
EncryptionV2KeyVaultProperties
EncryptionV2KeyVaultProperties
Name
Description
Value
keyName
The name of KeyVault key.
string (required)
keyVaultUri
The Uri of KeyVault.
string (required)
keyVersion
The version of KeyVault key.
string (required)
ManagedIdentityConfiguration
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
WorkspaceCustomParameters
WorkspaceCustomStringParameter
Name
Description
Value
value
The value which should be used for this field.
string (required)
WorkspaceCustomBooleanParameter
Name
Description
Value
value
The value which should be used for this field.
bool (required)
WorkspaceEncryptionParameter
Name
Description
Value
value
The value which should be used for this field.
Encryption
Encryption
Name
Description
Value
KeyName
The name of KeyVault key.
string
keySource
The encryption keySource (provider). Possible values (case-insensitive): Default, Microsoft.Keyvault
'Default' 'Microsoft.Keyvault'
keyvaulturi
The Uri of KeyVault.
string
keyversion
The version of KeyVault key.
string
Sku
Name
Description
Value
name
The SKU name.
string (required)
tier
The SKU tier.
string
Quickstart templates
The following quickstart templates deploy this resource type.
Template
Description
Deploy the Sports Analytics on Azure Architecture
Creates an Azure storage account with ADLS Gen 2 enabled, an Azure Data Factory instance with linked services for the storage account (an the Azure SQL Database if deployed), and an Azure Databricks instance. The AAD identity for the user deploying the template and the managed identity for the ADF instance will be granted the Storage Blob Data Contributor role on the storage account. There are also options to deploy an Azure Key Vault instance, an Azure SQL Database, and an Azure Event Hub (for streaming use cases). When an Azure Key Vault is deployed, the data factory managed identity and the AAD identity for the user deploying the template will be granted the Key Vault Secrets User role.
Deploy an Azure Databricks Workspace with PE,CMK all forms
This template allows you to create an Azure Databricks workspace with PrivateEndpoint and managed services and CMK with DBFS encryption.
Azure Databricks All-in-one Template for VNet Injection
This template allows you to create a network security group, a virtual network and an Azure Databricks workspace with the virtual network.
Azure Databricks All-in-one Templat VNetInjection-Pvtendpt
This template allows you to create a network security group, a virtual network and an Azure Databricks workspace with the virtual network, and Private Endpoint.
AzureDatabricks Template for VNetInjection and Load Balancer
This template allows you to create a a load balancer, network security group, a virtual network and an Azure Databricks workspace with the virtual network.
AzureDatabricks Template for VNet Injection with NAT Gateway
This template allows you to create a NAT gateway, network security group, a virtual network and an Azure Databricks workspace with the virtual network.
Deploy an Azure Databricks Workspace
This template allows you to create an Azure Databricks workspace.
Azure Databricks Workspace with custom Address Range
This template allows you to create an Azure Databricks workspace with a custom virtual network address range.
Deploy an Azure Databricks Workspace with all 3 forms of CMK
This template allows you to create an Azure Databricks workspace with managed services and CMK with DBFS encryption.
Deploy an Azure Databricks WS with CMK for DBFS encryption
This template allows you to create an Azure Databricks workspace with CMK for DBFS root encryption
Deploy an Azure Databricks Workspace with Managed Disks CMK
This template allows you to create an Azure Databricks workspace with Managed Disks CMK.
Deploy Azure Databricks Workspace with Managed Services CMK
This template allows you to create an Azure Databricks workspace with Managed Services CMK.
Azure Databricks Workspace with VNet Injection
This template allows you to create an Azure Databricks workspace with a custom virtual network.
ARM template resource definition
The workspaces resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log .
To create a Microsoft.Databricks/workspaces resource, add the following JSON to your template.
{
"type": "Microsoft.Databricks/workspaces",
"apiVersion": "2023-02-01",
"name": "string",
"location": "string",
"tags": {
"tagName1": "tagValue1",
"tagName2": "tagValue2"
},
"sku": {
"name": "string",
"tier": "string"
},
"properties": {
"authorizations": [
{
"principalId": "string",
"roleDefinitionId": "string"
}
],
"createdBy": {},
"encryption": {
"entities": {
"managedDisk": {
"keySource": "Microsoft.Keyvault",
"keyVaultProperties": {
"keyName": "string",
"keyVaultUri": "string",
"keyVersion": "string"
},
"rotationToLatestKeyVersionEnabled": "bool"
},
"managedServices": {
"keySource": "Microsoft.Keyvault",
"keyVaultProperties": {
"keyName": "string",
"keyVaultUri": "string",
"keyVersion": "string"
}
}
}
},
"managedDiskIdentity": {},
"managedResourceGroupId": "string",
"parameters": {
"amlWorkspaceId": {
"value": "string"
},
"customPrivateSubnetName": {
"value": "string"
},
"customPublicSubnetName": {
"value": "string"
},
"customVirtualNetworkId": {
"value": "string"
},
"enableNoPublicIp": {
"value": "bool"
},
"encryption": {
"value": {
"KeyName": "string",
"keySource": "string",
"keyvaulturi": "string",
"keyversion": "string"
}
},
"loadBalancerBackendPoolName": {
"value": "string"
},
"loadBalancerId": {
"value": "string"
},
"natGatewayName": {
"value": "string"
},
"prepareEncryption": {
"value": "bool"
},
"publicIpName": {
"value": "string"
},
"requireInfrastructureEncryption": {
"value": "bool"
},
"storageAccountName": {
"value": "string"
},
"storageAccountSkuName": {
"value": "string"
},
"vnetAddressPrefix": {
"value": "string"
}
},
"publicNetworkAccess": "string",
"requiredNsgRules": "string",
"storageAccountIdentity": {},
"uiDefinitionUri": "string",
"updatedBy": {}
}
}
Property values
workspaces
Name
Description
Value
type
The resource type
'Microsoft.Databricks/workspaces'
apiVersion
The resource api version
'2023-02-01'
name
The resource name
string (required) Character limit: 3-64 Valid characters: Alphanumerics, underscores, and hyphens
location
The geo-location where the resource lives
string (required)
tags
Resource tags.
Dictionary of tag names and values. See Tags in templates
sku
The SKU of the resource.
Sku
properties
The workspace properties.
WorkspaceProperties (required)
WorkspaceProperties
Name
Description
Value
authorizations
The workspace provider authorizations.
WorkspaceProviderAuthorization []
createdBy
Indicates the Object ID, PUID and Application ID of entity that created the workspace.
CreatedBy
encryption
Encryption properties for databricks workspace
WorkspacePropertiesEncryption
managedDiskIdentity
The details of Managed Identity of Disk Encryption Set used for Managed Disk Encryption
ManagedIdentityConfiguration
managedResourceGroupId
The managed resource group Id.
string (required)
parameters
The workspace's custom parameters.
WorkspaceCustomParameters
publicNetworkAccess
The network access type for accessing workspace. Set value to disabled to access workspace only via private link.
'Disabled' 'Enabled'
requiredNsgRules
Gets or sets a value indicating whether data plane (clusters) to control plane communication happen over private endpoint. Supported values are 'AllRules' and 'NoAzureDatabricksRules'. 'NoAzureServiceRules' value is for internal use only.
'AllRules' 'NoAzureDatabricksRules' 'NoAzureServiceRules'
storageAccountIdentity
The details of Managed Identity of Storage Account
ManagedIdentityConfiguration
uiDefinitionUri
The blob URI where the UI definition file is located.
string
updatedBy
Indicates the Object ID, PUID and Application ID of entity that last updated the workspace.
CreatedBy
WorkspaceProviderAuthorization
Name
Description
Value
principalId
The provider's principal identifier. This is the identity that the provider will use to call ARM to manage the workspace resources.
string (required)
roleDefinitionId
The provider's role definition identifier. This role will define all the permissions that the provider must have on the workspace's container resource group. This role definition cannot have permission to delete the resource group.
string (required)
CreatedBy
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
WorkspacePropertiesEncryption
EncryptionEntitiesDefinition
Name
Description
Value
managedDisk
Encryption properties for the databricks managed disks.
ManagedDiskEncryption
managedServices
Encryption properties for the databricks managed services.
EncryptionV2
ManagedDiskEncryption
Name
Description
Value
keySource
The encryption keySource (provider). Possible values (case-insensitive): Microsoft.Keyvault
'Microsoft.Keyvault' (required)
keyVaultProperties
Key Vault input properties for encryption.
ManagedDiskEncryptionKeyVaultProperties (required)
rotationToLatestKeyVersionEnabled
Indicate whether the latest key version should be automatically used for Managed Disk Encryption.
bool
ManagedDiskEncryptionKeyVaultProperties
Name
Description
Value
keyName
The name of KeyVault key.
string (required)
keyVaultUri
The URI of KeyVault.
string (required)
keyVersion
The version of KeyVault key.
string (required)
EncryptionV2
Name
Description
Value
keySource
The encryption keySource (provider). Possible values (case-insensitive): Microsoft.Keyvault
'Microsoft.Keyvault' (required)
keyVaultProperties
Key Vault input properties for encryption.
EncryptionV2KeyVaultProperties
EncryptionV2KeyVaultProperties
Name
Description
Value
keyName
The name of KeyVault key.
string (required)
keyVaultUri
The Uri of KeyVault.
string (required)
keyVersion
The version of KeyVault key.
string (required)
ManagedIdentityConfiguration
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
WorkspaceCustomParameters
WorkspaceCustomStringParameter
Name
Description
Value
value
The value which should be used for this field.
string (required)
WorkspaceCustomBooleanParameter
Name
Description
Value
value
The value which should be used for this field.
bool (required)
WorkspaceEncryptionParameter
Name
Description
Value
value
The value which should be used for this field.
Encryption
Encryption
Name
Description
Value
KeyName
The name of KeyVault key.
string
keySource
The encryption keySource (provider). Possible values (case-insensitive): Default, Microsoft.Keyvault
'Default' 'Microsoft.Keyvault'
keyvaulturi
The Uri of KeyVault.
string
keyversion
The version of KeyVault key.
string
Sku
Name
Description
Value
name
The SKU name.
string (required)
tier
The SKU tier.
string
Quickstart templates
The following quickstart templates deploy this resource type.
Template
Description
Deploy the Sports Analytics on Azure Architecture
Creates an Azure storage account with ADLS Gen 2 enabled, an Azure Data Factory instance with linked services for the storage account (an the Azure SQL Database if deployed), and an Azure Databricks instance. The AAD identity for the user deploying the template and the managed identity for the ADF instance will be granted the Storage Blob Data Contributor role on the storage account. There are also options to deploy an Azure Key Vault instance, an Azure SQL Database, and an Azure Event Hub (for streaming use cases). When an Azure Key Vault is deployed, the data factory managed identity and the AAD identity for the user deploying the template will be granted the Key Vault Secrets User role.
Deploy an Azure Databricks Workspace with PE,CMK all forms
This template allows you to create an Azure Databricks workspace with PrivateEndpoint and managed services and CMK with DBFS encryption.
Azure Databricks All-in-one Template for VNet Injection
This template allows you to create a network security group, a virtual network and an Azure Databricks workspace with the virtual network.
Azure Databricks All-in-one Templat VNetInjection-Pvtendpt
This template allows you to create a network security group, a virtual network and an Azure Databricks workspace with the virtual network, and Private Endpoint.
AzureDatabricks Template for VNetInjection and Load Balancer
This template allows you to create a a load balancer, network security group, a virtual network and an Azure Databricks workspace with the virtual network.
AzureDatabricks Template for VNet Injection with NAT Gateway
This template allows you to create a NAT gateway, network security group, a virtual network and an Azure Databricks workspace with the virtual network.
Deploy an Azure Databricks Workspace
This template allows you to create an Azure Databricks workspace.
Azure Databricks Workspace with custom Address Range
This template allows you to create an Azure Databricks workspace with a custom virtual network address range.
Deploy an Azure Databricks Workspace with all 3 forms of CMK
This template allows you to create an Azure Databricks workspace with managed services and CMK with DBFS encryption.
Deploy an Azure Databricks WS with CMK for DBFS encryption
This template allows you to create an Azure Databricks workspace with CMK for DBFS root encryption
Deploy an Azure Databricks Workspace with Managed Disks CMK
This template allows you to create an Azure Databricks workspace with Managed Disks CMK.
Deploy Azure Databricks Workspace with Managed Services CMK
This template allows you to create an Azure Databricks workspace with Managed Services CMK.
Azure Databricks Workspace with VNet Injection
This template allows you to create an Azure Databricks workspace with a custom virtual network.
The workspaces resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log .
To create a Microsoft.Databricks/workspaces resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Databricks/workspaces@2023-02-01"
name = "string"
location = "string"
parent_id = "string"
tags = {
tagName1 = "tagValue1"
tagName2 = "tagValue2"
}
body = jsonencode({
properties = {
authorizations = [
{
principalId = "string"
roleDefinitionId = "string"
}
]
createdBy = {}
encryption = {
entities = {
managedDisk = {
keySource = "Microsoft.Keyvault"
keyVaultProperties = {
keyName = "string"
keyVaultUri = "string"
keyVersion = "string"
}
rotationToLatestKeyVersionEnabled = bool
}
managedServices = {
keySource = "Microsoft.Keyvault"
keyVaultProperties = {
keyName = "string"
keyVaultUri = "string"
keyVersion = "string"
}
}
}
}
managedDiskIdentity = {}
managedResourceGroupId = "string"
parameters = {
amlWorkspaceId = {
value = "string"
}
customPrivateSubnetName = {
value = "string"
}
customPublicSubnetName = {
value = "string"
}
customVirtualNetworkId = {
value = "string"
}
enableNoPublicIp = {
value = bool
}
encryption = {
value = {
KeyName = "string"
keySource = "string"
keyvaulturi = "string"
keyversion = "string"
}
}
loadBalancerBackendPoolName = {
value = "string"
}
loadBalancerId = {
value = "string"
}
natGatewayName = {
value = "string"
}
prepareEncryption = {
value = bool
}
publicIpName = {
value = "string"
}
requireInfrastructureEncryption = {
value = bool
}
storageAccountName = {
value = "string"
}
storageAccountSkuName = {
value = "string"
}
vnetAddressPrefix = {
value = "string"
}
}
publicNetworkAccess = "string"
requiredNsgRules = "string"
storageAccountIdentity = {}
uiDefinitionUri = "string"
updatedBy = {}
}
sku = {
name = "string"
tier = "string"
}
})
}
Property values
workspaces
Name
Description
Value
type
The resource type
"Microsoft.Databricks/workspaces@2023-02-01"
name
The resource name
string (required) Character limit: 3-64 Valid characters: Alphanumerics, underscores, and hyphens
location
The geo-location where the resource lives
string (required)
parent_id
To deploy to a resource group, use the ID of that resource group.
string (required)
tags
Resource tags.
Dictionary of tag names and values.
sku
The SKU of the resource.
Sku
properties
The workspace properties.
WorkspaceProperties (required)
WorkspaceProperties
Name
Description
Value
authorizations
The workspace provider authorizations.
WorkspaceProviderAuthorization []
createdBy
Indicates the Object ID, PUID and Application ID of entity that created the workspace.
CreatedBy
encryption
Encryption properties for databricks workspace
WorkspacePropertiesEncryption
managedDiskIdentity
The details of Managed Identity of Disk Encryption Set used for Managed Disk Encryption
ManagedIdentityConfiguration
managedResourceGroupId
The managed resource group Id.
string (required)
parameters
The workspace's custom parameters.
WorkspaceCustomParameters
publicNetworkAccess
The network access type for accessing workspace. Set value to disabled to access workspace only via private link.
"Disabled" "Enabled"
requiredNsgRules
Gets or sets a value indicating whether data plane (clusters) to control plane communication happen over private endpoint. Supported values are 'AllRules' and 'NoAzureDatabricksRules'. 'NoAzureServiceRules' value is for internal use only.
"AllRules" "NoAzureDatabricksRules" "NoAzureServiceRules"
storageAccountIdentity
The details of Managed Identity of Storage Account
ManagedIdentityConfiguration
uiDefinitionUri
The blob URI where the UI definition file is located.
string
updatedBy
Indicates the Object ID, PUID and Application ID of entity that last updated the workspace.
CreatedBy
WorkspaceProviderAuthorization
Name
Description
Value
principalId
The provider's principal identifier. This is the identity that the provider will use to call ARM to manage the workspace resources.
string (required)
roleDefinitionId
The provider's role definition identifier. This role will define all the permissions that the provider must have on the workspace's container resource group. This role definition cannot have permission to delete the resource group.
string (required)
CreatedBy
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
WorkspacePropertiesEncryption
EncryptionEntitiesDefinition
Name
Description
Value
managedDisk
Encryption properties for the databricks managed disks.
ManagedDiskEncryption
managedServices
Encryption properties for the databricks managed services.
EncryptionV2
ManagedDiskEncryption
Name
Description
Value
keySource
The encryption keySource (provider). Possible values (case-insensitive): Microsoft.Keyvault
"Microsoft.Keyvault" (required)
keyVaultProperties
Key Vault input properties for encryption.
ManagedDiskEncryptionKeyVaultProperties (required)
rotationToLatestKeyVersionEnabled
Indicate whether the latest key version should be automatically used for Managed Disk Encryption.
bool
ManagedDiskEncryptionKeyVaultProperties
Name
Description
Value
keyName
The name of KeyVault key.
string (required)
keyVaultUri
The URI of KeyVault.
string (required)
keyVersion
The version of KeyVault key.
string (required)
EncryptionV2
Name
Description
Value
keySource
The encryption keySource (provider). Possible values (case-insensitive): Microsoft.Keyvault
"Microsoft.Keyvault" (required)
keyVaultProperties
Key Vault input properties for encryption.
EncryptionV2KeyVaultProperties
EncryptionV2KeyVaultProperties
Name
Description
Value
keyName
The name of KeyVault key.
string (required)
keyVaultUri
The Uri of KeyVault.
string (required)
keyVersion
The version of KeyVault key.
string (required)
ManagedIdentityConfiguration
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
WorkspaceCustomParameters
WorkspaceCustomStringParameter
Name
Description
Value
value
The value which should be used for this field.
string (required)
WorkspaceCustomBooleanParameter
Name
Description
Value
value
The value which should be used for this field.
bool (required)
WorkspaceEncryptionParameter
Name
Description
Value
value
The value which should be used for this field.
Encryption
Encryption
Name
Description
Value
KeyName
The name of KeyVault key.
string
keySource
The encryption keySource (provider). Possible values (case-insensitive): Default, Microsoft.Keyvault
"Default" "Microsoft.Keyvault"
keyvaulturi
The Uri of KeyVault.
string
keyversion
The version of KeyVault key.
string
Sku
Name
Description
Value
name
The SKU name.
string (required)
tier
The SKU tier.
string