Skip to content

Instantly share code, notes, and snippets.

@gerrytan

gerrytan/main.tf

Created August 23, 2024 04:59
Show Gist options
  • Save gerrytan/bab481a6a2dca325d963d5cd2a8db3e2 to your computer and use it in GitHub Desktop.
Save gerrytan/bab481a6a2dca325d963d5cd2a8db3e2 to your computer and use it in GitHub Desktop.
Download ZIP
azurerm #27099
Raw
main.tf
// ----------------------------------------
// Module/databricks_workspace/main.tf
// ----------------------------------------
data "azurerm_resource_group" "gtan_27099" {
name = "gtan-27099"
}
data "azurerm_virtual_network" "gtan_27099_vn" {
name = "gtan-27099-vn"
resource_group_name = data.azurerm_resource_group.gtan_27099.name
}
# Private subnet ---------------------
resource "azurerm_subnet" "privdbx" {
name = "privdbx"
resource_group_name = data.azurerm_resource_group.gtan_27099.name
virtual_network_name = data.azurerm_virtual_network.gtan_27099_vn.name
address_prefixes = ["10.179.3.0/24"]
delegation {
name = "privdbx-delegation"
service_delegation {
name = "Microsoft.Databricks/workspaces"
actions = [
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action",
"Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action",
]
}
}
}
resource "azurerm_network_security_group" "privdbx" {
name = "privdbx-nsg"
location = data.azurerm_resource_group.gtan_27099.location
resource_group_name = data.azurerm_resource_group.gtan_27099.name
security_rule {
name = "privdbx-rule"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
resource "azurerm_subnet_network_security_group_association" "private_subnet_nsga" {
subnet_id = azurerm_subnet.privdbx.id
network_security_group_id = azurerm_network_security_group.privdbx.id
}
# Public subnet ---------------------
resource "azurerm_subnet" "pubdbx" {
name = "pubdbx"
resource_group_name = data.azurerm_resource_group.gtan_27099.name
virtual_network_name = data.azurerm_virtual_network.gtan_27099_vn.name
address_prefixes = ["10.179.4.0/24"]
delegation {
name = "privdbx-delegation"
service_delegation {
name = "Microsoft.Databricks/workspaces"
actions = [
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action",
"Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action",
]
}
}
}
resource "azurerm_network_security_group" "pubdbx" {
name = "pubdbx-nsg"
location = data.azurerm_resource_group.gtan_27099.location
resource_group_name = data.azurerm_resource_group.gtan_27099.name
security_rule {
name = "pubdbx-rule"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
resource "azurerm_subnet_network_security_group_association" "public_subnet_nsga" {
subnet_id = azurerm_subnet.pubdbx.id
network_security_group_id = azurerm_network_security_group.pubdbx.id
}
# Workspace ---------------------
resource "azurerm_databricks_workspace" "dbx_worskpace" {
name = "gtan-27099-testdbxworkspace"
location = "australiaeast"
sku = "premium"
resource_group_name = data.azurerm_resource_group.gtan_27099.name
managed_resource_group_name = "gtan-27099-testdbxworkspacemrg"
custom_parameters {
no_public_ip = true
virtual_network_id = data.azurerm_virtual_network.gtan_27099_vn.id
private_subnet_name = "privdbx"
public_subnet_name = "pubdbx"
private_subnet_network_security_group_association_id = azurerm_subnet_network_security_group_association.private_subnet_nsga.id
public_subnet_network_security_group_association_id = azurerm_subnet_network_security_group_association.public_subnet_nsga.id
}
network_security_group_rules_required = "NoAzureDatabricksRules"
public_network_access_enabled = false
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment