Microsoft.Databricks workspaces 2018-04-01
Bicep resource definition
The workspaces resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Databricks/workspaces resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Databricks/workspaces@2018-04-01' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
sku: {
name: 'string'
tier: 'string'
}
properties: {
authorizations: [
{
principalId: 'string'
roleDefinitionId: 'string'
}
]
createdBy: {}
managedResourceGroupId: 'string'
parameters: {
amlWorkspaceId: {
value: 'string'
}
customPrivateSubnetName: {
value: 'string'
}
customPublicSubnetName: {
value: 'string'
}
customVirtualNetworkId: {
value: 'string'
}
enableNoPublicIp: {
value: bool
}
encryption: {
value: {
KeyName: 'string'
keySource: 'string'
keyvaulturi: 'string'
keyversion: 'string'
}
}
loadBalancerBackendPoolName: {
value: 'string'
}
loadBalancerId: {
value: 'string'
}
natGatewayName: {
value: 'string'
}
prepareEncryption: {
value: bool
}
publicIpName: {
value: 'string'
}
requireInfrastructureEncryption: {
value: bool
}
storageAccountName: {
value: 'string'
}
storageAccountSkuName: {
value: 'string'
}
vnetAddressPrefix: {
value: 'string'
}
}
storageAccountIdentity: {}
uiDefinitionUri: 'string'
updatedBy: {}
}
}
Property values
workspaces
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) Character limit: 3-64 Valid characters: Alphanumerics, underscores, and hyphens |
| location | The geo-location where the resource lives | string (required) |
| tags | Resource tags. | Dictionary of tag names and values. See Tags in templates |
| sku | The SKU of the resource. | Sku |
| properties | The workspace properties. | WorkspaceProperties (required) |
WorkspaceProperties
| Name | Description | Value |
|---|---|---|
| authorizations | The workspace provider authorizations. | WorkspaceProviderAuthorization[] |
| createdBy | Indicates the Object ID, PUID and Application ID of entity that created the workspace. | CreatedBy |
| managedResourceGroupId | The managed resource group Id. | string (required) |
| parameters | The workspace's custom parameters. | WorkspaceCustomParameters |
| storageAccountIdentity | The details of Managed Identity of Storage Account | ManagedIdentityConfiguration |
| uiDefinitionUri | The blob URI where the UI definition file is located. | string |
| updatedBy | Indicates the Object ID, PUID and Application ID of entity that last updated the workspace. | CreatedBy |
WorkspaceProviderAuthorization
| Name | Description | Value |
|---|---|---|
| principalId | The provider's principal identifier. This is the identity that the provider will use to call ARM to manage the workspace resources. | string (required) |
| roleDefinitionId | The provider's role definition identifier. This role will define all the permissions that the provider must have on the workspace's container resource group. This role definition cannot have permission to delete the resource group. | string (required) |
CreatedBy
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
WorkspaceCustomParameters
| Name | Description | Value |
|---|---|---|
| amlWorkspaceId | The ID of a Azure Machine Learning workspace to link with Databricks workspace | WorkspaceCustomStringParameter |
| customPrivateSubnetName | The name of the Private Subnet within the Virtual Network | WorkspaceCustomStringParameter |
| customPublicSubnetName | The name of a Public Subnet within the Virtual Network | WorkspaceCustomStringParameter |
| customVirtualNetworkId | The ID of a Virtual Network where this Databricks Cluster should be created | WorkspaceCustomStringParameter |
| enableNoPublicIp | Should the Public IP be Disabled? | WorkspaceCustomBooleanParameter |
| encryption | Contains the encryption details for Customer-Managed Key (CMK) enabled workspace. | WorkspaceEncryptionParameter |
| loadBalancerBackendPoolName | Name of the outbound Load Balancer Backend Pool for Secure Cluster Connectivity (No Public IP). | WorkspaceCustomStringParameter |
| loadBalancerId | Resource URI of Outbound Load balancer for Secure Cluster Connectivity (No Public IP) workspace. | WorkspaceCustomStringParameter |
| natGatewayName | Name of the NAT gateway for Secure Cluster Connectivity (No Public IP) workspace subnets. | WorkspaceCustomStringParameter |
| prepareEncryption | Prepare the workspace for encryption. Enables the Managed Identity for managed storage account. | WorkspaceCustomBooleanParameter |
| publicIpName | Name of the Public IP for No Public IP workspace with managed vNet. | WorkspaceCustomStringParameter |
| requireInfrastructureEncryption | A boolean indicating whether or not the DBFS root file system will be enabled with secondary layer of encryption with platform managed keys for data at rest. | WorkspaceCustomBooleanParameter |
| storageAccountName | Default DBFS storage account name. | WorkspaceCustomStringParameter |
| storageAccountSkuName | Storage account SKU name, ex: Standard_GRS, Standard_LRS. Refer https://aka.ms/storageskus for valid inputs. |
WorkspaceCustomStringParameter |
| vnetAddressPrefix | Address prefix for Managed virtual network. Default value for this input is 10.139. | WorkspaceCustomStringParameter |
WorkspaceCustomStringParameter
| Name | Description | Value |
|---|---|---|
| value | The value which should be used for this field. | string (required) |
WorkspaceCustomBooleanParameter
| Name | Description | Value |
|---|---|---|
| value | The value which should be used for this field. | bool (required) |
WorkspaceEncryptionParameter
| Name | Description | Value |
|---|---|---|
| value | The value which should be used for this field. | Encryption |
Encryption
| Name | Description | Value |
|---|---|---|
| KeyName | The name of KeyVault key. | string |
| keySource | The encryption keySource (provider). Possible values (case-insensitive): Default, Microsoft.Keyvault | 'Default' 'Microsoft.Keyvault' |
| keyvaulturi | The Uri of KeyVault. | string |
| keyversion | The version of KeyVault key. | string |
ManagedIdentityConfiguration
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
Sku
| Name | Description | Value |
|---|---|---|
| name | The SKU name. | string (required) |
| tier | The SKU tier. | string |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Deploy the Sports Analytics on Azure Architecture |
Creates an Azure storage account with ADLS Gen 2 enabled, an Azure Data Factory instance with linked services for the storage account (an the Azure SQL Database if deployed), and an Azure Databricks instance. The AAD identity for the user deploying the template and the managed identity for the ADF instance will be granted the Storage Blob Data Contributor role on the storage account. There are also options to deploy an Azure Key Vault instance, an Azure SQL Database, and an Azure Event Hub (for streaming use cases). When an Azure Key Vault is deployed, the data factory managed identity and the AAD identity for the user deploying the template will be granted the Key Vault Secrets User role. |
| Deploy an Azure Databricks Workspace with PE,CMK all forms |
This template allows you to create an Azure Databricks workspace with PrivateEndpoint and managed services and CMK with DBFS encryption. |
| Azure Databricks All-in-one Template for VNet Injection |
This template allows you to create a network security group, a virtual network and an Azure Databricks workspace with the virtual network. |
| Azure Databricks All-in-one Templat VNetInjection-Pvtendpt |
This template allows you to create a network security group, a virtual network and an Azure Databricks workspace with the virtual network, and Private Endpoint. |
| AzureDatabricks Template for VNetInjection and Load Balancer |
This template allows you to create a a load balancer, network security group, a virtual network and an Azure Databricks workspace with the virtual network. |
| AzureDatabricks Template for VNet Injection with NAT Gateway |
This template allows you to create a NAT gateway, network security group, a virtual network and an Azure Databricks workspace with the virtual network. |
| Deploy an Azure Databricks Workspace |
This template allows you to create an Azure Databricks workspace. |
| Azure Databricks Workspace with custom Address Range |
This template allows you to create an Azure Databricks workspace with a custom virtual network address range. |
| Deploy an Azure Databricks Workspace with all 3 forms of CMK |
This template allows you to create an Azure Databricks workspace with managed services and CMK with DBFS encryption. |
| Deploy an Azure Databricks WS with CMK for DBFS encryption |
This template allows you to create an Azure Databricks workspace with CMK for DBFS root encryption |
| Deploy an Azure Databricks Workspace with Managed Disks CMK |
This template allows you to create an Azure Databricks workspace with Managed Disks CMK. |
| Deploy Azure Databricks Workspace with Managed Services CMK |
This template allows you to create an Azure Databricks workspace with Managed Services CMK. |
| Azure Databricks Workspace with VNet Injection |
This template allows you to create an Azure Databricks workspace with a custom virtual network. |
ARM template resource definition
The workspaces resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Databricks/workspaces resource, add the following JSON to your template.
{
"type": "Microsoft.Databricks/workspaces",
"apiVersion": "2018-04-01",
"name": "string",
"location": "string",
"tags": {
"tagName1": "tagValue1",
"tagName2": "tagValue2"
},
"sku": {
"name": "string",
"tier": "string"
},
"properties": {
"authorizations": [
{
"principalId": "string",
"roleDefinitionId": "string"
}
],
"createdBy": {},
"managedResourceGroupId": "string",
"parameters": {
"amlWorkspaceId": {
"value": "string"
},
"customPrivateSubnetName": {
"value": "string"
},
"customPublicSubnetName": {
"value": "string"
},
"customVirtualNetworkId": {
"value": "string"
},
"enableNoPublicIp": {
"value": "bool"
},
"encryption": {
"value": {
"KeyName": "string",
"keySource": "string",
"keyvaulturi": "string",
"keyversion": "string"
}
},
"loadBalancerBackendPoolName": {
"value": "string"
},
"loadBalancerId": {
"value": "string"
},
"natGatewayName": {
"value": "string"
},
"prepareEncryption": {
"value": "bool"
},
"publicIpName": {
"value": "string"
},
"requireInfrastructureEncryption": {
"value": "bool"
},
"storageAccountName": {
"value": "string"
},
"storageAccountSkuName": {
"value": "string"
},
"vnetAddressPrefix": {
"value": "string"
}
},
"storageAccountIdentity": {},
"uiDefinitionUri": "string",
"updatedBy": {}
}
}
Property values
workspaces
| Name | Description | Value |
|---|---|---|
| type | The resource type | 'Microsoft.Databricks/workspaces' |
| apiVersion | The resource api version | '2018-04-01' |
| name | The resource name | string (required) Character limit: 3-64 Valid characters: Alphanumerics, underscores, and hyphens |
| location | The geo-location where the resource lives | string (required) |
| tags | Resource tags. | Dictionary of tag names and values. See Tags in templates |
| sku | The SKU of the resource. | Sku |
| properties | The workspace properties. | WorkspaceProperties (required) |
WorkspaceProperties
| Name | Description | Value |
|---|---|---|
| authorizations | The workspace provider authorizations. | WorkspaceProviderAuthorization[] |
| createdBy | Indicates the Object ID, PUID and Application ID of entity that created the workspace. | CreatedBy |
| managedResourceGroupId | The managed resource group Id. | string (required) |
| parameters | The workspace's custom parameters. | WorkspaceCustomParameters |
| storageAccountIdentity | The details of Managed Identity of Storage Account | ManagedIdentityConfiguration |
| uiDefinitionUri | The blob URI where the UI definition file is located. | string |
| updatedBy | Indicates the Object ID, PUID and Application ID of entity that last updated the workspace. | CreatedBy |
WorkspaceProviderAuthorization
| Name | Description | Value |
|---|---|---|
| principalId | The provider's principal identifier. This is the identity that the provider will use to call ARM to manage the workspace resources. | string (required) |
| roleDefinitionId | The provider's role definition identifier. This role will define all the permissions that the provider must have on the workspace's container resource group. This role definition cannot have permission to delete the resource group. | string (required) |
CreatedBy
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
WorkspaceCustomParameters
| Name | Description | Value |
|---|---|---|
| amlWorkspaceId | The ID of a Azure Machine Learning workspace to link with Databricks workspace | WorkspaceCustomStringParameter |
| customPrivateSubnetName | The name of the Private Subnet within the Virtual Network | WorkspaceCustomStringParameter |
| customPublicSubnetName | The name of a Public Subnet within the Virtual Network | WorkspaceCustomStringParameter |
| customVirtualNetworkId | The ID of a Virtual Network where this Databricks Cluster should be created | WorkspaceCustomStringParameter |
| enableNoPublicIp | Should the Public IP be Disabled? | WorkspaceCustomBooleanParameter |
| encryption | Contains the encryption details for Customer-Managed Key (CMK) enabled workspace. | WorkspaceEncryptionParameter |
| loadBalancerBackendPoolName | Name of the outbound Load Balancer Backend Pool for Secure Cluster Connectivity (No Public IP). | WorkspaceCustomStringParameter |
| loadBalancerId | Resource URI of Outbound Load balancer for Secure Cluster Connectivity (No Public IP) workspace. | WorkspaceCustomStringParameter |
| natGatewayName | Name of the NAT gateway for Secure Cluster Connectivity (No Public IP) workspace subnets. | WorkspaceCustomStringParameter |
| prepareEncryption | Prepare the workspace for encryption. Enables the Managed Identity for managed storage account. | WorkspaceCustomBooleanParameter |
| publicIpName | Name of the Public IP for No Public IP workspace with managed vNet. | WorkspaceCustomStringParameter |
| requireInfrastructureEncryption | A boolean indicating whether or not the DBFS root file system will be enabled with secondary layer of encryption with platform managed keys for data at rest. | WorkspaceCustomBooleanParameter |
| storageAccountName | Default DBFS storage account name. | WorkspaceCustomStringParameter |
| storageAccountSkuName | Storage account SKU name, ex: Standard_GRS, Standard_LRS. Refer https://aka.ms/storageskus for valid inputs. |
WorkspaceCustomStringParameter |
| vnetAddressPrefix | Address prefix for Managed virtual network. Default value for this input is 10.139. | WorkspaceCustomStringParameter |
WorkspaceCustomStringParameter
| Name | Description | Value |
|---|---|---|
| value | The value which should be used for this field. | string (required) |
WorkspaceCustomBooleanParameter
| Name | Description | Value |
|---|---|---|
| value | The value which should be used for this field. | bool (required) |
WorkspaceEncryptionParameter
| Name | Description | Value |
|---|---|---|
| value | The value which should be used for this field. | Encryption |
Encryption
| Name | Description | Value |
|---|---|---|
| KeyName | The name of KeyVault key. | string |
| keySource | The encryption keySource (provider). Possible values (case-insensitive): Default, Microsoft.Keyvault | 'Default' 'Microsoft.Keyvault' |
| keyvaulturi | The Uri of KeyVault. | string |
| keyversion | The version of KeyVault key. | string |
ManagedIdentityConfiguration
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
Sku
| Name | Description | Value |
|---|---|---|
| name | The SKU name. | string (required) |
| tier | The SKU tier. | string |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
| Deploy the Sports Analytics on Azure Architecture |
Creates an Azure storage account with ADLS Gen 2 enabled, an Azure Data Factory instance with linked services for the storage account (an the Azure SQL Database if deployed), and an Azure Databricks instance. The AAD identity for the user deploying the template and the managed identity for the ADF instance will be granted the Storage Blob Data Contributor role on the storage account. There are also options to deploy an Azure Key Vault instance, an Azure SQL Database, and an Azure Event Hub (for streaming use cases). When an Azure Key Vault is deployed, the data factory managed identity and the AAD identity for the user deploying the template will be granted the Key Vault Secrets User role. |
| Deploy an Azure Databricks Workspace with PE,CMK all forms |
This template allows you to create an Azure Databricks workspace with PrivateEndpoint and managed services and CMK with DBFS encryption. |
| Azure Databricks All-in-one Template for VNet Injection |
This template allows you to create a network security group, a virtual network and an Azure Databricks workspace with the virtual network. |
| Azure Databricks All-in-one Templat VNetInjection-Pvtendpt |
This template allows you to create a network security group, a virtual network and an Azure Databricks workspace with the virtual network, and Private Endpoint. |
| AzureDatabricks Template for VNetInjection and Load Balancer |
This template allows you to create a a load balancer, network security group, a virtual network and an Azure Databricks workspace with the virtual network. |
| AzureDatabricks Template for VNet Injection with NAT Gateway |
This template allows you to create a NAT gateway, network security group, a virtual network and an Azure Databricks workspace with the virtual network. |
| Deploy an Azure Databricks Workspace |
This template allows you to create an Azure Databricks workspace. |
| Azure Databricks Workspace with custom Address Range |
This template allows you to create an Azure Databricks workspace with a custom virtual network address range. |
| Deploy an Azure Databricks Workspace with all 3 forms of CMK |
This template allows you to create an Azure Databricks workspace with managed services and CMK with DBFS encryption. |
| Deploy an Azure Databricks WS with CMK for DBFS encryption |
This template allows you to create an Azure Databricks workspace with CMK for DBFS root encryption |
| Deploy an Azure Databricks Workspace with Managed Disks CMK |
This template allows you to create an Azure Databricks workspace with Managed Disks CMK. |
| Deploy Azure Databricks Workspace with Managed Services CMK |
This template allows you to create an Azure Databricks workspace with Managed Services CMK. |
| Azure Databricks Workspace with VNet Injection |
This template allows you to create an Azure Databricks workspace with a custom virtual network. |
Terraform (AzAPI provider) resource definition
The workspaces resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Databricks/workspaces resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Databricks/workspaces@2018-04-01"
name = "string"
location = "string"
parent_id = "string"
tags = {
tagName1 = "tagValue1"
tagName2 = "tagValue2"
}
body = jsonencode({
properties = {
authorizations = [
{
principalId = "string"
roleDefinitionId = "string"
}
]
createdBy = {}
managedResourceGroupId = "string"
parameters = {
amlWorkspaceId = {
value = "string"
}
customPrivateSubnetName = {
value = "string"
}
customPublicSubnetName = {
value = "string"
}
customVirtualNetworkId = {
value = "string"
}
enableNoPublicIp = {
value = bool
}
encryption = {
value = {
KeyName = "string"
keySource = "string"
keyvaulturi = "string"
keyversion = "string"
}
}
loadBalancerBackendPoolName = {
value = "string"
}
loadBalancerId = {
value = "string"
}
natGatewayName = {
value = "string"
}
prepareEncryption = {
value = bool
}
publicIpName = {
value = "string"
}
requireInfrastructureEncryption = {
value = bool
}
storageAccountName = {
value = "string"
}
storageAccountSkuName = {
value = "string"
}
vnetAddressPrefix = {
value = "string"
}
}
storageAccountIdentity = {}
uiDefinitionUri = "string"
updatedBy = {}
}
sku = {
name = "string"
tier = "string"
}
})
}
Property values
workspaces
| Name | Description | Value |
|---|---|---|
| type | The resource type | "Microsoft.Databricks/workspaces@2018-04-01" |
| name | The resource name | string (required) Character limit: 3-64 Valid characters: Alphanumerics, underscores, and hyphens |
| location | The geo-location where the resource lives | string (required) |
| parent_id | To deploy to a resource group, use the ID of that resource group. | string (required) |
| tags | Resource tags. | Dictionary of tag names and values. |
| sku | The SKU of the resource. | Sku |
| properties | The workspace properties. | WorkspaceProperties (required) |
WorkspaceProperties
| Name | Description | Value |
|---|---|---|
| authorizations | The workspace provider authorizations. | WorkspaceProviderAuthorization[] |
| createdBy | Indicates the Object ID, PUID and Application ID of entity that created the workspace. | CreatedBy |
| managedResourceGroupId | The managed resource group Id. | string (required) |
| parameters | The workspace's custom parameters. | WorkspaceCustomParameters |
| storageAccountIdentity | The details of Managed Identity of Storage Account | ManagedIdentityConfiguration |
| uiDefinitionUri | The blob URI where the UI definition file is located. | string |
| updatedBy | Indicates the Object ID, PUID and Application ID of entity that last updated the workspace. | CreatedBy |
WorkspaceProviderAuthorization
| Name | Description | Value |
|---|---|---|
| principalId | The provider's principal identifier. This is the identity that the provider will use to call ARM to manage the workspace resources. | string (required) |
| roleDefinitionId | The provider's role definition identifier. This role will define all the permissions that the provider must have on the workspace's container resource group. This role definition cannot have permission to delete the resource group. | string (required) |
CreatedBy
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
WorkspaceCustomParameters
| Name | Description | Value |
|---|---|---|
| amlWorkspaceId | The ID of a Azure Machine Learning workspace to link with Databricks workspace | WorkspaceCustomStringParameter |
| customPrivateSubnetName | The name of the Private Subnet within the Virtual Network | WorkspaceCustomStringParameter |
| customPublicSubnetName | The name of a Public Subnet within the Virtual Network | WorkspaceCustomStringParameter |
| customVirtualNetworkId | The ID of a Virtual Network where this Databricks Cluster should be created | WorkspaceCustomStringParameter |
| enableNoPublicIp | Should the Public IP be Disabled? | WorkspaceCustomBooleanParameter |
| encryption | Contains the encryption details for Customer-Managed Key (CMK) enabled workspace. | WorkspaceEncryptionParameter |
| loadBalancerBackendPoolName | Name of the outbound Load Balancer Backend Pool for Secure Cluster Connectivity (No Public IP). | WorkspaceCustomStringParameter |
| loadBalancerId | Resource URI of Outbound Load balancer for Secure Cluster Connectivity (No Public IP) workspace. | WorkspaceCustomStringParameter |
| natGatewayName | Name of the NAT gateway for Secure Cluster Connectivity (No Public IP) workspace subnets. | WorkspaceCustomStringParameter |
| prepareEncryption | Prepare the workspace for encryption. Enables the Managed Identity for managed storage account. | WorkspaceCustomBooleanParameter |
| publicIpName | Name of the Public IP for No Public IP workspace with managed vNet. | WorkspaceCustomStringParameter |
| requireInfrastructureEncryption | A boolean indicating whether or not the DBFS root file system will be enabled with secondary layer of encryption with platform managed keys for data at rest. | WorkspaceCustomBooleanParameter |
| storageAccountName | Default DBFS storage account name. | WorkspaceCustomStringParameter |
| storageAccountSkuName | Storage account SKU name, ex: Standard_GRS, Standard_LRS. Refer https://aka.ms/storageskus for valid inputs. |
WorkspaceCustomStringParameter |
| vnetAddressPrefix | Address prefix for Managed virtual network. Default value for this input is 10.139. | WorkspaceCustomStringParameter |
WorkspaceCustomStringParameter
| Name | Description | Value |
|---|---|---|
| value | The value which should be used for this field. | string (required) |
WorkspaceCustomBooleanParameter
| Name | Description | Value |
|---|---|---|
| value | The value which should be used for this field. | bool (required) |
WorkspaceEncryptionParameter
| Name | Description | Value |
|---|---|---|
| value | The value which should be used for this field. | Encryption |
Encryption
| Name | Description | Value |
|---|---|---|
| KeyName | The name of KeyVault key. | string |
| keySource | The encryption keySource (provider). Possible values (case-insensitive): Default, Microsoft.Keyvault | "Default" "Microsoft.Keyvault" |
| keyvaulturi | The Uri of KeyVault. | string |
| keyversion | The version of KeyVault key. | string |
ManagedIdentityConfiguration
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
Sku
| Name | Description | Value |
|---|---|---|
| name | The SKU name. | string (required) |
| tier | The SKU tier. | string |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for