Created
August 23, 2024 04:59
-
-
Save gerrytan/bab481a6a2dca325d963d5cd2a8db3e2 to your computer and use it in GitHub Desktop.
azurerm #27099
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// ---------------------------------------- | |
// Module/databricks_workspace/main.tf | |
// ---------------------------------------- | |
data "azurerm_resource_group" "gtan_27099" { | |
name = "gtan-27099" | |
} | |
data "azurerm_virtual_network" "gtan_27099_vn" { | |
name = "gtan-27099-vn" | |
resource_group_name = data.azurerm_resource_group.gtan_27099.name | |
} | |
# Private subnet --------------------- | |
resource "azurerm_subnet" "privdbx" { | |
name = "privdbx" | |
resource_group_name = data.azurerm_resource_group.gtan_27099.name | |
virtual_network_name = data.azurerm_virtual_network.gtan_27099_vn.name | |
address_prefixes = ["10.179.3.0/24"] | |
delegation { | |
name = "privdbx-delegation" | |
service_delegation { | |
name = "Microsoft.Databricks/workspaces" | |
actions = [ | |
"Microsoft.Network/virtualNetworks/subnets/join/action", | |
"Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action", | |
"Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action", | |
] | |
} | |
} | |
} | |
resource "azurerm_network_security_group" "privdbx" { | |
name = "privdbx-nsg" | |
location = data.azurerm_resource_group.gtan_27099.location | |
resource_group_name = data.azurerm_resource_group.gtan_27099.name | |
security_rule { | |
name = "privdbx-rule" | |
priority = 100 | |
direction = "Inbound" | |
access = "Allow" | |
protocol = "Tcp" | |
source_port_range = "*" | |
destination_port_range = "*" | |
source_address_prefix = "*" | |
destination_address_prefix = "*" | |
} | |
} | |
resource "azurerm_subnet_network_security_group_association" "private_subnet_nsga" { | |
subnet_id = azurerm_subnet.privdbx.id | |
network_security_group_id = azurerm_network_security_group.privdbx.id | |
} | |
# Public subnet --------------------- | |
resource "azurerm_subnet" "pubdbx" { | |
name = "pubdbx" | |
resource_group_name = data.azurerm_resource_group.gtan_27099.name | |
virtual_network_name = data.azurerm_virtual_network.gtan_27099_vn.name | |
address_prefixes = ["10.179.4.0/24"] | |
delegation { | |
name = "privdbx-delegation" | |
service_delegation { | |
name = "Microsoft.Databricks/workspaces" | |
actions = [ | |
"Microsoft.Network/virtualNetworks/subnets/join/action", | |
"Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action", | |
"Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action", | |
] | |
} | |
} | |
} | |
resource "azurerm_network_security_group" "pubdbx" { | |
name = "pubdbx-nsg" | |
location = data.azurerm_resource_group.gtan_27099.location | |
resource_group_name = data.azurerm_resource_group.gtan_27099.name | |
security_rule { | |
name = "pubdbx-rule" | |
priority = 100 | |
direction = "Inbound" | |
access = "Allow" | |
protocol = "Tcp" | |
source_port_range = "*" | |
destination_port_range = "*" | |
source_address_prefix = "*" | |
destination_address_prefix = "*" | |
} | |
} | |
resource "azurerm_subnet_network_security_group_association" "public_subnet_nsga" { | |
subnet_id = azurerm_subnet.pubdbx.id | |
network_security_group_id = azurerm_network_security_group.pubdbx.id | |
} | |
# Workspace --------------------- | |
resource "azurerm_databricks_workspace" "dbx_worskpace" { | |
name = "gtan-27099-testdbxworkspace" | |
location = "australiaeast" | |
sku = "premium" | |
resource_group_name = data.azurerm_resource_group.gtan_27099.name | |
managed_resource_group_name = "gtan-27099-testdbxworkspacemrg" | |
custom_parameters { | |
no_public_ip = true | |
virtual_network_id = data.azurerm_virtual_network.gtan_27099_vn.id | |
private_subnet_name = "privdbx" | |
public_subnet_name = "pubdbx" | |
private_subnet_network_security_group_association_id = azurerm_subnet_network_security_group_association.private_subnet_nsga.id | |
public_subnet_network_security_group_association_id = azurerm_subnet_network_security_group_association.public_subnet_nsga.id | |
} | |
network_security_group_rules_required = "NoAzureDatabricksRules" | |
public_network_access_enabled = false | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment