We recommend using Azure Native.
azure.machinelearning.Workspace
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const current = azure.core.getClientConfig({});
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleInsights = new azure.appinsights.Insights("example", {
name: "workspace-example-ai",
location: example.location,
resourceGroupName: example.name,
applicationType: "web",
});
const exampleKeyVault = new azure.keyvault.KeyVault("example", {
name: "workspaceexamplekeyvault",
location: example.location,
resourceGroupName: example.name,
tenantId: current.then(current => current.tenantId),
skuName: "premium",
});
const exampleAccount = new azure.storage.Account("example", {
name: "workspacestorageaccount",
location: example.location,
resourceGroupName: example.name,
accountTier: "Standard",
accountReplicationType: "GRS",
});
const exampleWorkspace = new azure.machinelearning.Workspace("example", {
name: "example-workspace",
location: example.location,
resourceGroupName: example.name,
applicationInsightsId: exampleInsights.id,
keyVaultId: exampleKeyVault.id,
storageAccountId: exampleAccount.id,
identity: {
type: "SystemAssigned",
},
});
import pulumi
import pulumi_azure as azure
current = azure.core.get_client_config()
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_insights = azure.appinsights.Insights("example",
name="workspace-example-ai",
location=example.location,
resource_group_name=example.name,
application_type="web")
example_key_vault = azure.keyvault.KeyVault("example",
name="workspaceexamplekeyvault",
location=example.location,
resource_group_name=example.name,
tenant_id=current.tenant_id,
sku_name="premium")
example_account = azure.storage.Account("example",
name="workspacestorageaccount",
location=example.location,
resource_group_name=example.name,
account_tier="Standard",
account_replication_type="GRS")
example_workspace = azure.machinelearning.Workspace("example",
name="example-workspace",
location=example.location,
resource_group_name=example.name,
application_insights_id=example_insights.id,
key_vault_id=example_key_vault.id,
storage_account_id=example_account.id,
identity={
"type": "SystemAssigned",
})
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/appinsights"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/machinelearning"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := core.GetClientConfig(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleInsights, err := appinsights.NewInsights(ctx, "example", &appinsights.InsightsArgs{
Name: pulumi.String("workspace-example-ai"),
Location: example.Location,
ResourceGroupName: example.Name,
ApplicationType: pulumi.String("web"),
})
if err != nil {
return err
}
exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
Name: pulumi.String("workspaceexamplekeyvault"),
Location: example.Location,
ResourceGroupName: example.Name,
TenantId: pulumi.String(current.TenantId),
SkuName: pulumi.String("premium"),
})
if err != nil {
return err
}
exampleAccount, err := storage.NewAccount(ctx, "example", &storage.AccountArgs{
Name: pulumi.String("workspacestorageaccount"),
Location: example.Location,
ResourceGroupName: example.Name,
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("GRS"),
})
if err != nil {
return err
}
_, err = machinelearning.NewWorkspace(ctx, "example", &machinelearning.WorkspaceArgs{
Name: pulumi.String("example-workspace"),
Location: example.Location,
ResourceGroupName: example.Name,
ApplicationInsightsId: exampleInsights.ID(),
KeyVaultId: exampleKeyVault.ID(),
StorageAccountId: exampleAccount.ID(),
Identity: &machinelearning.WorkspaceIdentityArgs{
Type: pulumi.String("SystemAssigned"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var current = Azure.Core.GetClientConfig.Invoke();
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleInsights = new Azure.AppInsights.Insights("example", new()
{
Name = "workspace-example-ai",
Location = example.Location,
ResourceGroupName = example.Name,
ApplicationType = "web",
});
var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
{
Name = "workspaceexamplekeyvault",
Location = example.Location,
ResourceGroupName = example.Name,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
SkuName = "premium",
});
var exampleAccount = new Azure.Storage.Account("example", new()
{
Name = "workspacestorageaccount",
Location = example.Location,
ResourceGroupName = example.Name,
AccountTier = "Standard",
AccountReplicationType = "GRS",
});
var exampleWorkspace = new Azure.MachineLearning.Workspace("example", new()
{
Name = "example-workspace",
Location = example.Location,
ResourceGroupName = example.Name,
ApplicationInsightsId = exampleInsights.Id,
KeyVaultId = exampleKeyVault.Id,
StorageAccountId = exampleAccount.Id,
Identity = new Azure.MachineLearning.Inputs.WorkspaceIdentityArgs
{
Type = "SystemAssigned",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.appinsights.Insights;
import com.pulumi.azure.appinsights.InsightsArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.machinelearning.Workspace;
import com.pulumi.azure.machinelearning.WorkspaceArgs;
import com.pulumi.azure.machinelearning.inputs.WorkspaceIdentityArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = CoreFunctions.getClientConfig();
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleInsights = new Insights("exampleInsights", InsightsArgs.builder()
.name("workspace-example-ai")
.location(example.location())
.resourceGroupName(example.name())
.applicationType("web")
.build());
var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
.name("workspaceexamplekeyvault")
.location(example.location())
.resourceGroupName(example.name())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.skuName("premium")
.build());
var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
.name("workspacestorageaccount")
.location(example.location())
.resourceGroupName(example.name())
.accountTier("Standard")
.accountReplicationType("GRS")
.build());
var exampleWorkspace = new Workspace("exampleWorkspace", WorkspaceArgs.builder()
.name("example-workspace")
.location(example.location())
.resourceGroupName(example.name())
.applicationInsightsId(exampleInsights.id())
.keyVaultId(exampleKeyVault.id())
.storageAccountId(exampleAccount.id())
.identity(WorkspaceIdentityArgs.builder()
.type("SystemAssigned")
.build())
.build());
}
}
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleInsights:
type: azure:appinsights:Insights
name: example
properties:
name: workspace-example-ai
location: ${example.location}
resourceGroupName: ${example.name}
applicationType: web
exampleKeyVault:
type: azure:keyvault:KeyVault
name: example
properties:
name: workspaceexamplekeyvault
location: ${example.location}
resourceGroupName: ${example.name}
tenantId: ${current.tenantId}
skuName: premium
exampleAccount:
type: azure:storage:Account
name: example
properties:
name: workspacestorageaccount
location: ${example.location}
resourceGroupName: ${example.name}
accountTier: Standard
accountReplicationType: GRS
exampleWorkspace:
type: azure:machinelearning:Workspace
name: example
properties:
name: example-workspace
location: ${example.location}
resourceGroupName: ${example.name}
applicationInsightsId: ${exampleInsights.id}
keyVaultId: ${exampleKeyVault.id}
storageAccountId: ${exampleAccount.id}
identity:
type: SystemAssigned
variables:
current:
fn::invoke:
Function: azure:core:getClientConfig
Arguments: {}
With Data Encryption
NOTE: The Key Vault must enable purge protection.
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const current = azure.core.getClientConfig({});
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleInsights = new azure.appinsights.Insights("example", {
name: "workspace-example-ai",
location: example.location,
resourceGroupName: example.name,
applicationType: "web",
});
const exampleKeyVault = new azure.keyvault.KeyVault("example", {
name: "workspaceexamplekeyvault",
location: example.location,
resourceGroupName: example.name,
tenantId: current.then(current => current.tenantId),
skuName: "premium",
purgeProtectionEnabled: true,
});
const exampleAccessPolicy = new azure.keyvault.AccessPolicy("example", {
keyVaultId: exampleKeyVault.id,
tenantId: current.then(current => current.tenantId),
objectId: current.then(current => current.objectId),
keyPermissions: [
"Create",
"Get",
"Delete",
"Purge",
"GetRotationPolicy",
],
});
const exampleAccount = new azure.storage.Account("example", {
name: "workspacestorageaccount",
location: example.location,
resourceGroupName: example.name,
accountTier: "Standard",
accountReplicationType: "GRS",
});
const exampleKey = new azure.keyvault.Key("example", {
name: "workspaceexamplekeyvaultkey",
keyVaultId: exampleKeyVault.id,
keyType: "RSA",
keySize: 2048,
keyOpts: [
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
],
}, {
dependsOn: [
exampleKeyVault,
exampleAccessPolicy,
],
});
const exampleWorkspace = new azure.machinelearning.Workspace("example", {
name: "example-workspace",
location: example.location,
resourceGroupName: example.name,
applicationInsightsId: exampleInsights.id,
keyVaultId: exampleKeyVault.id,
storageAccountId: exampleAccount.id,
identity: {
type: "SystemAssigned",
},
encryption: {
keyVaultId: exampleKeyVault.id,
keyId: exampleKey.id,
},
});
import pulumi
import pulumi_azure as azure
current = azure.core.get_client_config()
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_insights = azure.appinsights.Insights("example",
name="workspace-example-ai",
location=example.location,
resource_group_name=example.name,
application_type="web")
example_key_vault = azure.keyvault.KeyVault("example",
name="workspaceexamplekeyvault",
location=example.location,
resource_group_name=example.name,
tenant_id=current.tenant_id,
sku_name="premium",
purge_protection_enabled=True)
example_access_policy = azure.keyvault.AccessPolicy("example",
key_vault_id=example_key_vault.id,
tenant_id=current.tenant_id,
object_id=current.object_id,
key_permissions=[
"Create",
"Get",
"Delete",
"Purge",
"GetRotationPolicy",
])
example_account = azure.storage.Account("example",
name="workspacestorageaccount",
location=example.location,
resource_group_name=example.name,
account_tier="Standard",
account_replication_type="GRS")
example_key = azure.keyvault.Key("example",
name="workspaceexamplekeyvaultkey",
key_vault_id=example_key_vault.id,
key_type="RSA",
key_size=2048,
key_opts=[
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
],
opts = pulumi.ResourceOptions(depends_on=[
example_key_vault,
example_access_policy,
]))
example_workspace = azure.machinelearning.Workspace("example",
name="example-workspace",
location=example.location,
resource_group_name=example.name,
application_insights_id=example_insights.id,
key_vault_id=example_key_vault.id,
storage_account_id=example_account.id,
identity={
"type": "SystemAssigned",
},
encryption={
"key_vault_id": example_key_vault.id,
"key_id": example_key.id,
})
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/appinsights"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/machinelearning"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := core.GetClientConfig(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleInsights, err := appinsights.NewInsights(ctx, "example", &appinsights.InsightsArgs{
Name: pulumi.String("workspace-example-ai"),
Location: example.Location,
ResourceGroupName: example.Name,
ApplicationType: pulumi.String("web"),
})
if err != nil {
return err
}
exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
Name: pulumi.String("workspaceexamplekeyvault"),
Location: example.Location,
ResourceGroupName: example.Name,
TenantId: pulumi.String(current.TenantId),
SkuName: pulumi.String("premium"),
PurgeProtectionEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
exampleAccessPolicy, err := keyvault.NewAccessPolicy(ctx, "example", &keyvault.AccessPolicyArgs{
KeyVaultId: exampleKeyVault.ID(),
TenantId: pulumi.String(current.TenantId),
ObjectId: pulumi.String(current.ObjectId),
KeyPermissions: pulumi.StringArray{
pulumi.String("Create"),
pulumi.String("Get"),
pulumi.String("Delete"),
pulumi.String("Purge"),
pulumi.String("GetRotationPolicy"),
},
})
if err != nil {
return err
}
exampleAccount, err := storage.NewAccount(ctx, "example", &storage.AccountArgs{
Name: pulumi.String("workspacestorageaccount"),
Location: example.Location,
ResourceGroupName: example.Name,
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("GRS"),
})
if err != nil {
return err
}
exampleKey, err := keyvault.NewKey(ctx, "example", &keyvault.KeyArgs{
Name: pulumi.String("workspaceexamplekeyvaultkey"),
KeyVaultId: exampleKeyVault.ID(),
KeyType: pulumi.String("RSA"),
KeySize: pulumi.Int(2048),
KeyOpts: pulumi.StringArray{
pulumi.String("decrypt"),
pulumi.String("encrypt"),
pulumi.String("sign"),
pulumi.String("unwrapKey"),
pulumi.String("verify"),
pulumi.String("wrapKey"),
},
}, pulumi.DependsOn([]pulumi.Resource{
exampleKeyVault,
exampleAccessPolicy,
}))
if err != nil {
return err
}
_, err = machinelearning.NewWorkspace(ctx, "example", &machinelearning.WorkspaceArgs{
Name: pulumi.String("example-workspace"),
Location: example.Location,
ResourceGroupName: example.Name,
ApplicationInsightsId: exampleInsights.ID(),
KeyVaultId: exampleKeyVault.ID(),
StorageAccountId: exampleAccount.ID(),
Identity: &machinelearning.WorkspaceIdentityArgs{
Type: pulumi.String("SystemAssigned"),
},
Encryption: &machinelearning.WorkspaceEncryptionArgs{
KeyVaultId: exampleKeyVault.ID(),
KeyId: exampleKey.ID(),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var current = Azure.Core.GetClientConfig.Invoke();
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleInsights = new Azure.AppInsights.Insights("example", new()
{
Name = "workspace-example-ai",
Location = example.Location,
ResourceGroupName = example.Name,
ApplicationType = "web",
});
var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
{
Name = "workspaceexamplekeyvault",
Location = example.Location,
ResourceGroupName = example.Name,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
SkuName = "premium",
PurgeProtectionEnabled = true,
});
var exampleAccessPolicy = new Azure.KeyVault.AccessPolicy("example", new()
{
KeyVaultId = exampleKeyVault.Id,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
KeyPermissions = new[]
{
"Create",
"Get",
"Delete",
"Purge",
"GetRotationPolicy",
},
});
var exampleAccount = new Azure.Storage.Account("example", new()
{
Name = "workspacestorageaccount",
Location = example.Location,
ResourceGroupName = example.Name,
AccountTier = "Standard",
AccountReplicationType = "GRS",
});
var exampleKey = new Azure.KeyVault.Key("example", new()
{
Name = "workspaceexamplekeyvaultkey",
KeyVaultId = exampleKeyVault.Id,
KeyType = "RSA",
KeySize = 2048,
KeyOpts = new[]
{
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
},
}, new CustomResourceOptions
{
DependsOn =
{
exampleKeyVault,
exampleAccessPolicy,
},
});
var exampleWorkspace = new Azure.MachineLearning.Workspace("example", new()
{
Name = "example-workspace",
Location = example.Location,
ResourceGroupName = example.Name,
ApplicationInsightsId = exampleInsights.Id,
KeyVaultId = exampleKeyVault.Id,
StorageAccountId = exampleAccount.Id,
Identity = new Azure.MachineLearning.Inputs.WorkspaceIdentityArgs
{
Type = "SystemAssigned",
},
Encryption = new Azure.MachineLearning.Inputs.WorkspaceEncryptionArgs
{
KeyVaultId = exampleKeyVault.Id,
KeyId = exampleKey.Id,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.appinsights.Insights;
import com.pulumi.azure.appinsights.InsightsArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.keyvault.AccessPolicy;
import com.pulumi.azure.keyvault.AccessPolicyArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.keyvault.Key;
import com.pulumi.azure.keyvault.KeyArgs;
import com.pulumi.azure.machinelearning.Workspace;
import com.pulumi.azure.machinelearning.WorkspaceArgs;
import com.pulumi.azure.machinelearning.inputs.WorkspaceIdentityArgs;
import com.pulumi.azure.machinelearning.inputs.WorkspaceEncryptionArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = CoreFunctions.getClientConfig();
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleInsights = new Insights("exampleInsights", InsightsArgs.builder()
.name("workspace-example-ai")
.location(example.location())
.resourceGroupName(example.name())
.applicationType("web")
.build());
var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
.name("workspaceexamplekeyvault")
.location(example.location())
.resourceGroupName(example.name())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.skuName("premium")
.purgeProtectionEnabled(true)
.build());
var exampleAccessPolicy = new AccessPolicy("exampleAccessPolicy", AccessPolicyArgs.builder()
.keyVaultId(exampleKeyVault.id())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
.keyPermissions(
"Create",
"Get",
"Delete",
"Purge",
"GetRotationPolicy")
.build());
var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
.name("workspacestorageaccount")
.location(example.location())
.resourceGroupName(example.name())
.accountTier("Standard")
.accountReplicationType("GRS")
.build());
var exampleKey = new Key("exampleKey", KeyArgs.builder()
.name("workspaceexamplekeyvaultkey")
.keyVaultId(exampleKeyVault.id())
.keyType("RSA")
.keySize(2048)
.keyOpts(
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey")
.build(), CustomResourceOptions.builder()
.dependsOn(
exampleKeyVault,
exampleAccessPolicy)
.build());
var exampleWorkspace = new Workspace("exampleWorkspace", WorkspaceArgs.builder()
.name("example-workspace")
.location(example.location())
.resourceGroupName(example.name())
.applicationInsightsId(exampleInsights.id())
.keyVaultId(exampleKeyVault.id())
.storageAccountId(exampleAccount.id())
.identity(WorkspaceIdentityArgs.builder()
.type("SystemAssigned")
.build())
.encryption(WorkspaceEncryptionArgs.builder()
.keyVaultId(exampleKeyVault.id())
.keyId(exampleKey.id())
.build())
.build());
}
}
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleInsights:
type: azure:appinsights:Insights
name: example
properties:
name: workspace-example-ai
location: ${example.location}
resourceGroupName: ${example.name}
applicationType: web
exampleKeyVault:
type: azure:keyvault:KeyVault
name: example
properties:
name: workspaceexamplekeyvault
location: ${example.location}
resourceGroupName: ${example.name}
tenantId: ${current.tenantId}
skuName: premium
purgeProtectionEnabled: true
exampleAccessPolicy:
type: azure:keyvault:AccessPolicy
name: example
properties:
keyVaultId: ${exampleKeyVault.id}
tenantId: ${current.tenantId}
objectId: ${current.objectId}
keyPermissions:
- Create
- Get
- Delete
- Purge
- GetRotationPolicy
exampleAccount:
type: azure:storage:Account
name: example
properties:
name: workspacestorageaccount
location: ${example.location}
resourceGroupName: ${example.name}
accountTier: Standard
accountReplicationType: GRS
exampleKey:
type: azure:keyvault:Key
name: example
properties:
name: workspaceexamplekeyvaultkey
keyVaultId: ${exampleKeyVault.id}
keyType: RSA
keySize: 2048
keyOpts:
- decrypt
- encrypt
- sign
- unwrapKey
- verify
- wrapKey
options:
dependson:
- ${exampleKeyVault}
- ${exampleAccessPolicy}
exampleWorkspace:
type: azure:machinelearning:Workspace
name: example
properties:
name: example-workspace
location: ${example.location}
resourceGroupName: ${example.name}
applicationInsightsId: ${exampleInsights.id}
keyVaultId: ${exampleKeyVault.id}
storageAccountId: ${exampleAccount.id}
identity:
type: SystemAssigned
encryption:
keyVaultId: ${exampleKeyVault.id}
keyId: ${exampleKey.id}
variables:
current:
fn::invoke:
Function: azure:core:getClientConfig
Arguments: {}
With User Assigned Identity And Data Encryption
NOTE: The Key Vault must enable purge protection.
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as azuread from "@pulumi/azuread";
const current = azure.core.getClientConfig({});
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleInsights = new azure.appinsights.Insights("example", {
name: "example-ai",
location: example.location,
resourceGroupName: example.name,
applicationType: "web",
});
const exampleAccount = new azure.storage.Account("example", {
name: "examplestorageaccount",
location: example.location,
resourceGroupName: example.name,
accountTier: "Standard",
accountReplicationType: "GRS",
});
const exampleKeyVault = new azure.keyvault.KeyVault("example", {
name: "example-keyvalut",
location: example.location,
resourceGroupName: example.name,
tenantId: current.then(current => current.tenantId),
skuName: "premium",
purgeProtectionEnabled: true,
});
const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", {
name: "example-identity",
location: example.location,
resourceGroupName: example.name,
});
const example_identity = new azure.keyvault.AccessPolicy("example-identity", {
keyVaultId: exampleKeyVault.id,
tenantId: current.then(current => current.tenantId),
objectId: exampleUserAssignedIdentity.principalId,
keyPermissions: [
"WrapKey",
"UnwrapKey",
"Get",
"Recover",
],
secretPermissions: [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore",
],
});
const example_sp = new azure.keyvault.AccessPolicy("example-sp", {
keyVaultId: exampleKeyVault.id,
tenantId: current.then(current => current.tenantId),
objectId: current.then(current => current.objectId),
keyPermissions: [
"Get",
"Create",
"Recover",
"Delete",
"Purge",
"GetRotationPolicy",
],
});
const test = azuread.getServicePrincipal({
displayName: "Azure Cosmos DB",
});
const example_cosmosdb = new azure.keyvault.AccessPolicy("example-cosmosdb", {
keyVaultId: exampleKeyVault.id,
tenantId: current.then(current => current.tenantId),
objectId: test.then(test => test.objectId),
keyPermissions: [
"Get",
"Recover",
"UnwrapKey",
"WrapKey",
],
}, {
dependsOn: [
test,
current,
],
});
const exampleKey = new azure.keyvault.Key("example", {
name: "example-keyvaultkey",
keyVaultId: exampleKeyVault.id,
keyType: "RSA",
keySize: 2048,
keyOpts: [
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
],
}, {
dependsOn: [
exampleKeyVault,
example_sp,
],
});
const example_role1 = new azure.authorization.Assignment("example-role1", {
scope: exampleKeyVault.id,
roleDefinitionName: "Contributor",
principalId: exampleUserAssignedIdentity.principalId,
});
const example_role2 = new azure.authorization.Assignment("example-role2", {
scope: exampleAccount.id,
roleDefinitionName: "Storage Blob Data Contributor",
principalId: exampleUserAssignedIdentity.principalId,
});
const example_role3 = new azure.authorization.Assignment("example-role3", {
scope: exampleAccount.id,
roleDefinitionName: "Contributor",
principalId: exampleUserAssignedIdentity.principalId,
});
const example_role4 = new azure.authorization.Assignment("example-role4", {
scope: exampleInsights.id,
roleDefinitionName: "Contributor",
principalId: exampleUserAssignedIdentity.principalId,
});
const exampleWorkspace = new azure.machinelearning.Workspace("example", {
name: "example-workspace",
location: example.location,
resourceGroupName: example.name,
applicationInsightsId: exampleInsights.id,
keyVaultId: exampleKeyVault.id,
storageAccountId: exampleAccount.id,
highBusinessImpact: true,
primaryUserAssignedIdentity: exampleUserAssignedIdentity.id,
identity: {
type: "UserAssigned",
identityIds: [exampleUserAssignedIdentity.id],
},
encryption: {
userAssignedIdentityId: exampleUserAssignedIdentity.id,
keyVaultId: exampleKeyVault.id,
keyId: exampleKey.id,
},
}, {
dependsOn: [
example_role1,
example_role2,
example_role3,
example_role4,
example_cosmosdb,
],
});
import pulumi
import pulumi_azure as azure
import pulumi_azuread as azuread
current = azure.core.get_client_config()
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_insights = azure.appinsights.Insights("example",
name="example-ai",
location=example.location,
resource_group_name=example.name,
application_type="web")
example_account = azure.storage.Account("example",
name="examplestorageaccount",
location=example.location,
resource_group_name=example.name,
account_tier="Standard",
account_replication_type="GRS")
example_key_vault = azure.keyvault.KeyVault("example",
name="example-keyvalut",
location=example.location,
resource_group_name=example.name,
tenant_id=current.tenant_id,
sku_name="premium",
purge_protection_enabled=True)
example_user_assigned_identity = azure.authorization.UserAssignedIdentity("example",
name="example-identity",
location=example.location,
resource_group_name=example.name)
example_identity = azure.keyvault.AccessPolicy("example-identity",
key_vault_id=example_key_vault.id,
tenant_id=current.tenant_id,
object_id=example_user_assigned_identity.principal_id,
key_permissions=[
"WrapKey",
"UnwrapKey",
"Get",
"Recover",
],
secret_permissions=[
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore",
])
example_sp = azure.keyvault.AccessPolicy("example-sp",
key_vault_id=example_key_vault.id,
tenant_id=current.tenant_id,
object_id=current.object_id,
key_permissions=[
"Get",
"Create",
"Recover",
"Delete",
"Purge",
"GetRotationPolicy",
])
test = azuread.get_service_principal(display_name="Azure Cosmos DB")
example_cosmosdb = azure.keyvault.AccessPolicy("example-cosmosdb",
key_vault_id=example_key_vault.id,
tenant_id=current.tenant_id,
object_id=test.object_id,
key_permissions=[
"Get",
"Recover",
"UnwrapKey",
"WrapKey",
],
opts = pulumi.ResourceOptions(depends_on=[
test,
current,
]))
example_key = azure.keyvault.Key("example",
name="example-keyvaultkey",
key_vault_id=example_key_vault.id,
key_type="RSA",
key_size=2048,
key_opts=[
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
],
opts = pulumi.ResourceOptions(depends_on=[
example_key_vault,
example_sp,
]))
example_role1 = azure.authorization.Assignment("example-role1",
scope=example_key_vault.id,
role_definition_name="Contributor",
principal_id=example_user_assigned_identity.principal_id)
example_role2 = azure.authorization.Assignment("example-role2",
scope=example_account.id,
role_definition_name="Storage Blob Data Contributor",
principal_id=example_user_assigned_identity.principal_id)
example_role3 = azure.authorization.Assignment("example-role3",
scope=example_account.id,
role_definition_name="Contributor",
principal_id=example_user_assigned_identity.principal_id)
example_role4 = azure.authorization.Assignment("example-role4",
scope=example_insights.id,
role_definition_name="Contributor",
principal_id=example_user_assigned_identity.principal_id)
example_workspace = azure.machinelearning.Workspace("example",
name="example-workspace",
location=example.location,
resource_group_name=example.name,
application_insights_id=example_insights.id,
key_vault_id=example_key_vault.id,
storage_account_id=example_account.id,
high_business_impact=True,
primary_user_assigned_identity=example_user_assigned_identity.id,
identity={
"type": "UserAssigned",
"identity_ids": [example_user_assigned_identity.id],
},
encryption={
"user_assigned_identity_id": example_user_assigned_identity.id,
"key_vault_id": example_key_vault.id,
"key_id": example_key.id,
},
opts = pulumi.ResourceOptions(depends_on=[
example_role1,
example_role2,
example_role3,
example_role4,
example_cosmosdb,
]))
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/appinsights"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/machinelearning"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/storage"
"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := core.GetClientConfig(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleInsights, err := appinsights.NewInsights(ctx, "example", &appinsights.InsightsArgs{
Name: pulumi.String("example-ai"),
Location: example.Location,
ResourceGroupName: example.Name,
ApplicationType: pulumi.String("web"),
})
if err != nil {
return err
}
exampleAccount, err := storage.NewAccount(ctx, "example", &storage.AccountArgs{
Name: pulumi.String("examplestorageaccount"),
Location: example.Location,
ResourceGroupName: example.Name,
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("GRS"),
})
if err != nil {
return err
}
exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
Name: pulumi.String("example-keyvalut"),
Location: example.Location,
ResourceGroupName: example.Name,
TenantId: pulumi.String(current.TenantId),
SkuName: pulumi.String("premium"),
PurgeProtectionEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{
Name: pulumi.String("example-identity"),
Location: example.Location,
ResourceGroupName: example.Name,
})
if err != nil {
return err
}
_, err = keyvault.NewAccessPolicy(ctx, "example-identity", &keyvault.AccessPolicyArgs{
KeyVaultId: exampleKeyVault.ID(),
TenantId: pulumi.String(current.TenantId),
ObjectId: exampleUserAssignedIdentity.PrincipalId,
KeyPermissions: pulumi.StringArray{
pulumi.String("WrapKey"),
pulumi.String("UnwrapKey"),
pulumi.String("Get"),
pulumi.String("Recover"),
},
SecretPermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("List"),
pulumi.String("Set"),
pulumi.String("Delete"),
pulumi.String("Recover"),
pulumi.String("Backup"),
pulumi.String("Restore"),
},
})
if err != nil {
return err
}
_, err = keyvault.NewAccessPolicy(ctx, "example-sp", &keyvault.AccessPolicyArgs{
KeyVaultId: exampleKeyVault.ID(),
TenantId: pulumi.String(current.TenantId),
ObjectId: pulumi.String(current.ObjectId),
KeyPermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("Create"),
pulumi.String("Recover"),
pulumi.String("Delete"),
pulumi.String("Purge"),
pulumi.String("GetRotationPolicy"),
},
})
if err != nil {
return err
}
test, err := azuread.LookupServicePrincipal(ctx, &azuread.LookupServicePrincipalArgs{
DisplayName: pulumi.StringRef("Azure Cosmos DB"),
}, nil)
if err != nil {
return err
}
_, err = keyvault.NewAccessPolicy(ctx, "example-cosmosdb", &keyvault.AccessPolicyArgs{
KeyVaultId: exampleKeyVault.ID(),
TenantId: pulumi.String(current.TenantId),
ObjectId: pulumi.String(test.ObjectId),
KeyPermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("Recover"),
pulumi.String("UnwrapKey"),
pulumi.String("WrapKey"),
},
}, pulumi.DependsOn([]pulumi.Resource{
test,
current,
}))
if err != nil {
return err
}
exampleKey, err := keyvault.NewKey(ctx, "example", &keyvault.KeyArgs{
Name: pulumi.String("example-keyvaultkey"),
KeyVaultId: exampleKeyVault.ID(),
KeyType: pulumi.String("RSA"),
KeySize: pulumi.Int(2048),
KeyOpts: pulumi.StringArray{
pulumi.String("decrypt"),
pulumi.String("encrypt"),
pulumi.String("sign"),
pulumi.String("unwrapKey"),
pulumi.String("verify"),
pulumi.String("wrapKey"),
},
}, pulumi.DependsOn([]pulumi.Resource{
exampleKeyVault,
example_sp,
}))
if err != nil {
return err
}
_, err = authorization.NewAssignment(ctx, "example-role1", &authorization.AssignmentArgs{
Scope: exampleKeyVault.ID(),
RoleDefinitionName: pulumi.String("Contributor"),
PrincipalId: exampleUserAssignedIdentity.PrincipalId,
})
if err != nil {
return err
}
_, err = authorization.NewAssignment(ctx, "example-role2", &authorization.AssignmentArgs{
Scope: exampleAccount.ID(),
RoleDefinitionName: pulumi.String("Storage Blob Data Contributor"),
PrincipalId: exampleUserAssignedIdentity.PrincipalId,
})
if err != nil {
return err
}
_, err = authorization.NewAssignment(ctx, "example-role3", &authorization.AssignmentArgs{
Scope: exampleAccount.ID(),
RoleDefinitionName: pulumi.String("Contributor"),
PrincipalId: exampleUserAssignedIdentity.PrincipalId,
})
if err != nil {
return err
}
_, err = authorization.NewAssignment(ctx, "example-role4", &authorization.AssignmentArgs{
Scope: exampleInsights.ID(),
RoleDefinitionName: pulumi.String("Contributor"),
PrincipalId: exampleUserAssignedIdentity.PrincipalId,
})
if err != nil {
return err
}
_, err = machinelearning.NewWorkspace(ctx, "example", &machinelearning.WorkspaceArgs{
Name: pulumi.String("example-workspace"),
Location: example.Location,
ResourceGroupName: example.Name,
ApplicationInsightsId: exampleInsights.ID(),
KeyVaultId: exampleKeyVault.ID(),
StorageAccountId: exampleAccount.ID(),
HighBusinessImpact: pulumi.Bool(true),
PrimaryUserAssignedIdentity: exampleUserAssignedIdentity.ID(),
Identity: &machinelearning.WorkspaceIdentityArgs{
Type: pulumi.String("UserAssigned"),
IdentityIds: pulumi.StringArray{
exampleUserAssignedIdentity.ID(),
},
},
Encryption: &machinelearning.WorkspaceEncryptionArgs{
UserAssignedIdentityId: exampleUserAssignedIdentity.ID(),
KeyVaultId: exampleKeyVault.ID(),
KeyId: exampleKey.ID(),
},
}, pulumi.DependsOn([]pulumi.Resource{
example_role1,
example_role2,
example_role3,
example_role4,
example_cosmosdb,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var current = Azure.Core.GetClientConfig.Invoke();
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleInsights = new Azure.AppInsights.Insights("example", new()
{
Name = "example-ai",
Location = example.Location,
ResourceGroupName = example.Name,
ApplicationType = "web",
});
var exampleAccount = new Azure.Storage.Account("example", new()
{
Name = "examplestorageaccount",
Location = example.Location,
ResourceGroupName = example.Name,
AccountTier = "Standard",
AccountReplicationType = "GRS",
});
var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
{
Name = "example-keyvalut",
Location = example.Location,
ResourceGroupName = example.Name,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
SkuName = "premium",
PurgeProtectionEnabled = true,
});
var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("example", new()
{
Name = "example-identity",
Location = example.Location,
ResourceGroupName = example.Name,
});
var example_identity = new Azure.KeyVault.AccessPolicy("example-identity", new()
{
KeyVaultId = exampleKeyVault.Id,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
ObjectId = exampleUserAssignedIdentity.PrincipalId,
KeyPermissions = new[]
{
"WrapKey",
"UnwrapKey",
"Get",
"Recover",
},
SecretPermissions = new[]
{
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore",
},
});
var example_sp = new Azure.KeyVault.AccessPolicy("example-sp", new()
{
KeyVaultId = exampleKeyVault.Id,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
KeyPermissions = new[]
{
"Get",
"Create",
"Recover",
"Delete",
"Purge",
"GetRotationPolicy",
},
});
var test = AzureAD.GetServicePrincipal.Invoke(new()
{
DisplayName = "Azure Cosmos DB",
});
var example_cosmosdb = new Azure.KeyVault.AccessPolicy("example-cosmosdb", new()
{
KeyVaultId = exampleKeyVault.Id,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
ObjectId = test.Apply(getServicePrincipalResult => getServicePrincipalResult.ObjectId),
KeyPermissions = new[]
{
"Get",
"Recover",
"UnwrapKey",
"WrapKey",
},
}, new CustomResourceOptions
{
DependsOn =
{
test,
current,
},
});
var exampleKey = new Azure.KeyVault.Key("example", new()
{
Name = "example-keyvaultkey",
KeyVaultId = exampleKeyVault.Id,
KeyType = "RSA",
KeySize = 2048,
KeyOpts = new[]
{
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
},
}, new CustomResourceOptions
{
DependsOn =
{
exampleKeyVault,
example_sp,
},
});
var example_role1 = new Azure.Authorization.Assignment("example-role1", new()
{
Scope = exampleKeyVault.Id,
RoleDefinitionName = "Contributor",
PrincipalId = exampleUserAssignedIdentity.PrincipalId,
});
var example_role2 = new Azure.Authorization.Assignment("example-role2", new()
{
Scope = exampleAccount.Id,
RoleDefinitionName = "Storage Blob Data Contributor",
PrincipalId = exampleUserAssignedIdentity.PrincipalId,
});
var example_role3 = new Azure.Authorization.Assignment("example-role3", new()
{
Scope = exampleAccount.Id,
RoleDefinitionName = "Contributor",
PrincipalId = exampleUserAssignedIdentity.PrincipalId,
});
var example_role4 = new Azure.Authorization.Assignment("example-role4", new()
{
Scope = exampleInsights.Id,
RoleDefinitionName = "Contributor",
PrincipalId = exampleUserAssignedIdentity.PrincipalId,
});
var exampleWorkspace = new Azure.MachineLearning.Workspace("example", new()
{
Name = "example-workspace",
Location = example.Location,
ResourceGroupName = example.Name,
ApplicationInsightsId = exampleInsights.Id,
KeyVaultId = exampleKeyVault.Id,
StorageAccountId = exampleAccount.Id,
HighBusinessImpact = true,
PrimaryUserAssignedIdentity = exampleUserAssignedIdentity.Id,
Identity = new Azure.MachineLearning.Inputs.WorkspaceIdentityArgs
{
Type = "UserAssigned",
IdentityIds = new[]
{
exampleUserAssignedIdentity.Id,
},
},
Encryption = new Azure.MachineLearning.Inputs.WorkspaceEncryptionArgs
{
UserAssignedIdentityId = exampleUserAssignedIdentity.Id,
KeyVaultId = exampleKeyVault.Id,
KeyId = exampleKey.Id,
},
}, new CustomResourceOptions
{
DependsOn =
{
example_role1,
example_role2,
example_role3,
example_role4,
example_cosmosdb,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.appinsights.Insights;
import com.pulumi.azure.appinsights.InsightsArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.authorization.UserAssignedIdentity;
import com.pulumi.azure.authorization.UserAssignedIdentityArgs;
import com.pulumi.azure.keyvault.AccessPolicy;
import com.pulumi.azure.keyvault.AccessPolicyArgs;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.inputs.GetServicePrincipalArgs;
import com.pulumi.azure.keyvault.Key;
import com.pulumi.azure.keyvault.KeyArgs;
import com.pulumi.azure.authorization.Assignment;
import com.pulumi.azure.authorization.AssignmentArgs;
import com.pulumi.azure.machinelearning.Workspace;
import com.pulumi.azure.machinelearning.WorkspaceArgs;
import com.pulumi.azure.machinelearning.inputs.WorkspaceIdentityArgs;
import com.pulumi.azure.machinelearning.inputs.WorkspaceEncryptionArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = CoreFunctions.getClientConfig();
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleInsights = new Insights("exampleInsights", InsightsArgs.builder()
.name("example-ai")
.location(example.location())
.resourceGroupName(example.name())
.applicationType("web")
.build());
var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
.name("examplestorageaccount")
.location(example.location())
.resourceGroupName(example.name())
.accountTier("Standard")
.accountReplicationType("GRS")
.build());
var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
.name("example-keyvalut")
.location(example.location())
.resourceGroupName(example.name())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.skuName("premium")
.purgeProtectionEnabled(true)
.build());
var exampleUserAssignedIdentity = new UserAssignedIdentity("exampleUserAssignedIdentity", UserAssignedIdentityArgs.builder()
.name("example-identity")
.location(example.location())
.resourceGroupName(example.name())
.build());
var example_identity = new AccessPolicy("example-identity", AccessPolicyArgs.builder()
.keyVaultId(exampleKeyVault.id())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.objectId(exampleUserAssignedIdentity.principalId())
.keyPermissions(
"WrapKey",
"UnwrapKey",
"Get",
"Recover")
.secretPermissions(
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore")
.build());
var example_sp = new AccessPolicy("example-sp", AccessPolicyArgs.builder()
.keyVaultId(exampleKeyVault.id())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
.keyPermissions(
"Get",
"Create",
"Recover",
"Delete",
"Purge",
"GetRotationPolicy")
.build());
final var test = AzureadFunctions.getServicePrincipal(GetServicePrincipalArgs.builder()
.displayName("Azure Cosmos DB")
.build());
var example_cosmosdb = new AccessPolicy("example-cosmosdb", AccessPolicyArgs.builder()
.keyVaultId(exampleKeyVault.id())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.objectId(test.applyValue(getServicePrincipalResult -> getServicePrincipalResult.objectId()))
.keyPermissions(
"Get",
"Recover",
"UnwrapKey",
"WrapKey")
.build(), CustomResourceOptions.builder()
.dependsOn(
test.applyValue(getServicePrincipalResult -> getServicePrincipalResult),
current.applyValue(getClientConfigResult -> getClientConfigResult))
.build());
var exampleKey = new Key("exampleKey", KeyArgs.builder()
.name("example-keyvaultkey")
.keyVaultId(exampleKeyVault.id())
.keyType("RSA")
.keySize(2048)
.keyOpts(
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey")
.build(), CustomResourceOptions.builder()
.dependsOn(
exampleKeyVault,
example_sp)
.build());
var example_role1 = new Assignment("example-role1", AssignmentArgs.builder()
.scope(exampleKeyVault.id())
.roleDefinitionName("Contributor")
.principalId(exampleUserAssignedIdentity.principalId())
.build());
var example_role2 = new Assignment("example-role2", AssignmentArgs.builder()
.scope(exampleAccount.id())
.roleDefinitionName("Storage Blob Data Contributor")
.principalId(exampleUserAssignedIdentity.principalId())
.build());
var example_role3 = new Assignment("example-role3", AssignmentArgs.builder()
.scope(exampleAccount.id())
.roleDefinitionName("Contributor")
.principalId(exampleUserAssignedIdentity.principalId())
.build());
var example_role4 = new Assignment("example-role4", AssignmentArgs.builder()
.scope(exampleInsights.id())
.roleDefinitionName("Contributor")
.principalId(exampleUserAssignedIdentity.principalId())
.build());
var exampleWorkspace = new Workspace("exampleWorkspace", WorkspaceArgs.builder()
.name("example-workspace")
.location(example.location())
.resourceGroupName(example.name())
.applicationInsightsId(exampleInsights.id())
.keyVaultId(exampleKeyVault.id())
.storageAccountId(exampleAccount.id())
.highBusinessImpact(true)
.primaryUserAssignedIdentity(exampleUserAssignedIdentity.id())
.identity(WorkspaceIdentityArgs.builder()
.type("UserAssigned")
.identityIds(exampleUserAssignedIdentity.id())
.build())
.encryption(WorkspaceEncryptionArgs.builder()
.userAssignedIdentityId(exampleUserAssignedIdentity.id())
.keyVaultId(exampleKeyVault.id())
.keyId(exampleKey.id())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(
example_role1,
example_role2,
example_role3,
example_role4,
example_cosmosdb)
.build());
}
}
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleInsights:
type: azure:appinsights:Insights
name: example
properties:
name: example-ai
location: ${example.location}
resourceGroupName: ${example.name}
applicationType: web
exampleAccount:
type: azure:storage:Account
name: example
properties:
name: examplestorageaccount
location: ${example.location}
resourceGroupName: ${example.name}
accountTier: Standard
accountReplicationType: GRS
exampleKeyVault:
type: azure:keyvault:KeyVault
name: example
properties:
name: example-keyvalut
location: ${example.location}
resourceGroupName: ${example.name}
tenantId: ${current.tenantId}
skuName: premium
purgeProtectionEnabled: true
exampleUserAssignedIdentity:
type: azure:authorization:UserAssignedIdentity
name: example
properties:
name: example-identity
location: ${example.location}
resourceGroupName: ${example.name}
example-identity:
type: azure:keyvault:AccessPolicy
properties:
keyVaultId: ${exampleKeyVault.id}
tenantId: ${current.tenantId}
objectId: ${exampleUserAssignedIdentity.principalId}
keyPermissions:
- WrapKey
- UnwrapKey
- Get
- Recover
secretPermissions:
- Get
- List
- Set
- Delete
- Recover
- Backup
- Restore
example-sp:
type: azure:keyvault:AccessPolicy
properties:
keyVaultId: ${exampleKeyVault.id}
tenantId: ${current.tenantId}
objectId: ${current.objectId}
keyPermissions:
- Get
- Create
- Recover
- Delete
- Purge
- GetRotationPolicy
example-cosmosdb:
type: azure:keyvault:AccessPolicy
properties:
keyVaultId: ${exampleKeyVault.id}
tenantId: ${current.tenantId}
objectId: ${test.objectId}
keyPermissions:
- Get
- Recover
- UnwrapKey
- WrapKey
options:
dependson:
- ${test}
- ${current}
exampleKey:
type: azure:keyvault:Key
name: example
properties:
name: example-keyvaultkey
keyVaultId: ${exampleKeyVault.id}
keyType: RSA
keySize: 2048
keyOpts:
- decrypt
- encrypt
- sign
- unwrapKey
- verify
- wrapKey
options:
dependson:
- ${exampleKeyVault}
- ${["example-sp"]}
example-role1:
type: azure:authorization:Assignment
properties:
scope: ${exampleKeyVault.id}
roleDefinitionName: Contributor
principalId: ${exampleUserAssignedIdentity.principalId}
example-role2:
type: azure:authorization:Assignment
properties:
scope: ${exampleAccount.id}
roleDefinitionName: Storage Blob Data Contributor
principalId: ${exampleUserAssignedIdentity.principalId}
example-role3:
type: azure:authorization:Assignment
properties:
scope: ${exampleAccount.id}
roleDefinitionName: Contributor
principalId: ${exampleUserAssignedIdentity.principalId}
example-role4:
type: azure:authorization:Assignment
properties:
scope: ${exampleInsights.id}
roleDefinitionName: Contributor
principalId: ${exampleUserAssignedIdentity.principalId}
exampleWorkspace:
type: azure:machinelearning:Workspace
name: example
properties:
name: example-workspace
location: ${example.location}
resourceGroupName: ${example.name}
applicationInsightsId: ${exampleInsights.id}
keyVaultId: ${exampleKeyVault.id}
storageAccountId: ${exampleAccount.id}
highBusinessImpact: true
primaryUserAssignedIdentity: ${exampleUserAssignedIdentity.id}
identity:
type: UserAssigned
identityIds:
- ${exampleUserAssignedIdentity.id}
encryption:
userAssignedIdentityId: ${exampleUserAssignedIdentity.id}
keyVaultId: ${exampleKeyVault.id}
keyId: ${exampleKey.id}
options:
dependson:
- ${["example-role1"]}
- ${["example-role2"]}
- ${["example-role3"]}
- ${["example-role4"]}
- ${["example-cosmosdb"]}
variables:
current:
fn::invoke:
Function: azure:core:getClientConfig
Arguments: {}
test:
fn::invoke:
Function: azuread:getServicePrincipal
Arguments:
displayName: Azure Cosmos DB
Create Workspace Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Workspace(name: string, args: WorkspaceArgs, opts?: CustomResourceOptions);
@overload
def Workspace(resource_name: str,
args: WorkspaceArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Workspace(resource_name: str,
opts: Optional[ResourceOptions] = None,
identity: Optional[WorkspaceIdentityArgs] = None,
storage_account_id: Optional[str] = None,
resource_group_name: Optional[str] = None,
application_insights_id: Optional[str] = None,
key_vault_id: Optional[str] = None,
kind: Optional[str] = None,
primary_user_assigned_identity: Optional[str] = None,
friendly_name: Optional[str] = None,
image_build_compute_name: Optional[str] = None,
feature_store: Optional[WorkspaceFeatureStoreArgs] = None,
encryption: Optional[WorkspaceEncryptionArgs] = None,
location: Optional[str] = None,
managed_network: Optional[WorkspaceManagedNetworkArgs] = None,
name: Optional[str] = None,
high_business_impact: Optional[bool] = None,
public_network_access_enabled: Optional[bool] = None,
description: Optional[str] = None,
serverless_compute: Optional[WorkspaceServerlessComputeArgs] = None,
sku_name: Optional[str] = None,
container_registry_id: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
v1_legacy_mode_enabled: Optional[bool] = None)
func NewWorkspace(ctx *Context, name string, args WorkspaceArgs, opts ...ResourceOption) (*Workspace, error)
public Workspace(string name, WorkspaceArgs args, CustomResourceOptions? opts = null)
public Workspace(String name, WorkspaceArgs args)
public Workspace(String name, WorkspaceArgs args, CustomResourceOptions options)
type: azure:machinelearning:Workspace
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args WorkspaceArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args WorkspaceArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args WorkspaceArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args WorkspaceArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args WorkspaceArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var exampleworkspaceResourceResourceFromMachinelearningworkspace = new Azure.MachineLearning.Workspace("exampleworkspaceResourceResourceFromMachinelearningworkspace", new()
{
Identity = new Azure.MachineLearning.Inputs.WorkspaceIdentityArgs
{
Type = "string",
IdentityIds = new[]
{
"string",
},
PrincipalId = "string",
TenantId = "string",
},
StorageAccountId = "string",
ResourceGroupName = "string",
ApplicationInsightsId = "string",
KeyVaultId = "string",
Kind = "string",
PrimaryUserAssignedIdentity = "string",
FriendlyName = "string",
ImageBuildComputeName = "string",
FeatureStore = new Azure.MachineLearning.Inputs.WorkspaceFeatureStoreArgs
{
ComputerSparkRuntimeVersion = "string",
OfflineConnectionName = "string",
OnlineConnectionName = "string",
},
Encryption = new Azure.MachineLearning.Inputs.WorkspaceEncryptionArgs
{
KeyId = "string",
KeyVaultId = "string",
UserAssignedIdentityId = "string",
},
Location = "string",
ManagedNetwork = new Azure.MachineLearning.Inputs.WorkspaceManagedNetworkArgs
{
IsolationMode = "string",
},
Name = "string",
HighBusinessImpact = false,
PublicNetworkAccessEnabled = false,
Description = "string",
ServerlessCompute = new Azure.MachineLearning.Inputs.WorkspaceServerlessComputeArgs
{
PublicIpEnabled = false,
SubnetId = "string",
},
SkuName = "string",
ContainerRegistryId = "string",
Tags =
{
{ "string", "string" },
},
V1LegacyModeEnabled = false,
});
example, err := machinelearning.NewWorkspace(ctx, "exampleworkspaceResourceResourceFromMachinelearningworkspace", &machinelearning.WorkspaceArgs{
Identity: &machinelearning.WorkspaceIdentityArgs{
Type: pulumi.String("string"),
IdentityIds: pulumi.StringArray{
pulumi.String("string"),
},
PrincipalId: pulumi.String("string"),
TenantId: pulumi.String("string"),
},
StorageAccountId: pulumi.String("string"),
ResourceGroupName: pulumi.String("string"),
ApplicationInsightsId: pulumi.String("string"),
KeyVaultId: pulumi.String("string"),
Kind: pulumi.String("string"),
PrimaryUserAssignedIdentity: pulumi.String("string"),
FriendlyName: pulumi.String("string"),
ImageBuildComputeName: pulumi.String("string"),
FeatureStore: &machinelearning.WorkspaceFeatureStoreArgs{
ComputerSparkRuntimeVersion: pulumi.String("string"),
OfflineConnectionName: pulumi.String("string"),
OnlineConnectionName: pulumi.String("string"),
},
Encryption: &machinelearning.WorkspaceEncryptionArgs{
KeyId: pulumi.String("string"),
KeyVaultId: pulumi.String("string"),
UserAssignedIdentityId: pulumi.String("string"),
},
Location: pulumi.String("string"),
ManagedNetwork: &machinelearning.WorkspaceManagedNetworkArgs{
IsolationMode: pulumi.String("string"),
},
Name: pulumi.String("string"),
HighBusinessImpact: pulumi.Bool(false),
PublicNetworkAccessEnabled: pulumi.Bool(false),
Description: pulumi.String("string"),
ServerlessCompute: &machinelearning.WorkspaceServerlessComputeArgs{
PublicIpEnabled: pulumi.Bool(false),
SubnetId: pulumi.String("string"),
},
SkuName: pulumi.String("string"),
ContainerRegistryId: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
V1LegacyModeEnabled: pulumi.Bool(false),
})
var exampleworkspaceResourceResourceFromMachinelearningworkspace = new Workspace("exampleworkspaceResourceResourceFromMachinelearningworkspace", WorkspaceArgs.builder()
.identity(WorkspaceIdentityArgs.builder()
.type("string")
.identityIds("string")
.principalId("string")
.tenantId("string")
.build())
.storageAccountId("string")
.resourceGroupName("string")
.applicationInsightsId("string")
.keyVaultId("string")
.kind("string")
.primaryUserAssignedIdentity("string")
.friendlyName("string")
.imageBuildComputeName("string")
.featureStore(WorkspaceFeatureStoreArgs.builder()
.computerSparkRuntimeVersion("string")
.offlineConnectionName("string")
.onlineConnectionName("string")
.build())
.encryption(WorkspaceEncryptionArgs.builder()
.keyId("string")
.keyVaultId("string")
.userAssignedIdentityId("string")
.build())
.location("string")
.managedNetwork(WorkspaceManagedNetworkArgs.builder()
.isolationMode("string")
.build())
.name("string")
.highBusinessImpact(false)
.publicNetworkAccessEnabled(false)
.description("string")
.serverlessCompute(WorkspaceServerlessComputeArgs.builder()
.publicIpEnabled(false)
.subnetId("string")
.build())
.skuName("string")
.containerRegistryId("string")
.tags(Map.of("string", "string"))
.v1LegacyModeEnabled(false)
.build());
exampleworkspace_resource_resource_from_machinelearningworkspace = azure.machinelearning.Workspace("exampleworkspaceResourceResourceFromMachinelearningworkspace",
identity={
"type": "string",
"identity_ids": ["string"],
"principal_id": "string",
"tenant_id": "string",
},
storage_account_id="string",
resource_group_name="string",
application_insights_id="string",
key_vault_id="string",
kind="string",
primary_user_assigned_identity="string",
friendly_name="string",
image_build_compute_name="string",
feature_store={
"computer_spark_runtime_version": "string",
"offline_connection_name": "string",
"online_connection_name": "string",
},
encryption={
"key_id": "string",
"key_vault_id": "string",
"user_assigned_identity_id": "string",
},
location="string",
managed_network={
"isolation_mode": "string",
},
name="string",
high_business_impact=False,
public_network_access_enabled=False,
description="string",
serverless_compute={
"public_ip_enabled": False,
"subnet_id": "string",
},
sku_name="string",
container_registry_id="string",
tags={
"string": "string",
},
v1_legacy_mode_enabled=False)
const exampleworkspaceResourceResourceFromMachinelearningworkspace = new azure.machinelearning.Workspace("exampleworkspaceResourceResourceFromMachinelearningworkspace", {
identity: {
type: "string",
identityIds: ["string"],
principalId: "string",
tenantId: "string",
},
storageAccountId: "string",
resourceGroupName: "string",
applicationInsightsId: "string",
keyVaultId: "string",
kind: "string",
primaryUserAssignedIdentity: "string",
friendlyName: "string",
imageBuildComputeName: "string",
featureStore: {
computerSparkRuntimeVersion: "string",
offlineConnectionName: "string",
onlineConnectionName: "string",
},
encryption: {
keyId: "string",
keyVaultId: "string",
userAssignedIdentityId: "string",
},
location: "string",
managedNetwork: {
isolationMode: "string",
},
name: "string",
highBusinessImpact: false,
publicNetworkAccessEnabled: false,
description: "string",
serverlessCompute: {
publicIpEnabled: false,
subnetId: "string",
},
skuName: "string",
containerRegistryId: "string",
tags: {
string: "string",
},
v1LegacyModeEnabled: false,
});
type: azure:machinelearning:Workspace
properties:
applicationInsightsId: string
containerRegistryId: string
description: string
encryption:
keyId: string
keyVaultId: string
userAssignedIdentityId: string
featureStore:
computerSparkRuntimeVersion: string
offlineConnectionName: string
onlineConnectionName: string
friendlyName: string
highBusinessImpact: false
identity:
identityIds:
- string
principalId: string
tenantId: string
type: string
imageBuildComputeName: string
keyVaultId: string
kind: string
location: string
managedNetwork:
isolationMode: string
name: string
primaryUserAssignedIdentity: string
publicNetworkAccessEnabled: false
resourceGroupName: string
serverlessCompute:
publicIpEnabled: false
subnetId: string
skuName: string
storageAccountId: string
tags:
string: string
v1LegacyModeEnabled: false
Workspace Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Workspace resource accepts the following input properties:
- Application
Insights stringId - The ID of the Application Insights associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
- Identity
Workspace
Identity - An
identity
block as defined below. - Key
Vault stringId - The ID of key vault associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
- Resource
Group stringName - Specifies the name of the Resource Group in which the Machine Learning Workspace should exist. Changing this forces a new resource to be created.
- Storage
Account stringId The ID of the Storage Account associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
NOTE: The
account_tier
cannot bePremium
in order to associate the Storage Account to this Machine Learning Workspace.- Container
Registry stringId The ID of the container registry associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
NOTE: The
admin_enabled
should betrue
in order to associate the Container Registry to this Machine Learning Workspace.- Description string
- The description of this Machine Learning Workspace.
- Encryption
Workspace
Encryption - An
encryption
block as defined below. Changing this forces a new resource to be created. - Feature
Store WorkspaceFeature Store - A
feature_store
block as defined below. - Friendly
Name string - Display name for this Machine Learning Workspace.
- High
Business boolImpact - Flag to signal High Business Impact (HBI) data in the workspace and reduce diagnostic data collected by the service. Changing this forces a new resource to be created.
- Image
Build stringCompute Name - The compute name for image build of the Machine Learning Workspace.
- Kind string
- The type of the Workspace. Possible values are
Default
,FeatureStore
. Defaults toDefault
- Location string
- Specifies the supported Azure location where the Machine Learning Workspace should exist. Changing this forces a new resource to be created.
- Managed
Network WorkspaceManaged Network - A
managed_network
block as defined below. - Name string
- Specifies the name of the Machine Learning Workspace. Changing this forces a new resource to be created.
- Primary
User stringAssigned Identity - The user assigned identity id that represents the workspace identity.
- Public
Network boolAccess Enabled Enable public access when this Machine Learning Workspace is behind VNet. Defaults to
true
.NOTE:
public_access_behind_virtual_network_enabled
is deprecated and will be removed in favour of the propertypublic_network_access_enabled
.- Serverless
Compute WorkspaceServerless Compute - A
serverless_compute
block as defined below. - Sku
Name string - SKU/edition of the Machine Learning Workspace, possible values are
Free
,Basic
,Standard
andPremium
. Defaults toBasic
. - Dictionary<string, string>
- A mapping of tags to assign to the resource.
- V1Legacy
Mode boolEnabled - Enable V1 API features, enabling
v1_legacy_mode
may prevent you from using features provided by the v2 API. Defaults tofalse
.
- Application
Insights stringId - The ID of the Application Insights associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
- Identity
Workspace
Identity Args - An
identity
block as defined below. - Key
Vault stringId - The ID of key vault associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
- Resource
Group stringName - Specifies the name of the Resource Group in which the Machine Learning Workspace should exist. Changing this forces a new resource to be created.
- Storage
Account stringId The ID of the Storage Account associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
NOTE: The
account_tier
cannot bePremium
in order to associate the Storage Account to this Machine Learning Workspace.- Container
Registry stringId The ID of the container registry associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
NOTE: The
admin_enabled
should betrue
in order to associate the Container Registry to this Machine Learning Workspace.- Description string
- The description of this Machine Learning Workspace.
- Encryption
Workspace
Encryption Args - An
encryption
block as defined below. Changing this forces a new resource to be created. - Feature
Store WorkspaceFeature Store Args - A
feature_store
block as defined below. - Friendly
Name string - Display name for this Machine Learning Workspace.
- High
Business boolImpact - Flag to signal High Business Impact (HBI) data in the workspace and reduce diagnostic data collected by the service. Changing this forces a new resource to be created.
- Image
Build stringCompute Name - The compute name for image build of the Machine Learning Workspace.
- Kind string
- The type of the Workspace. Possible values are
Default
,FeatureStore
. Defaults toDefault
- Location string
- Specifies the supported Azure location where the Machine Learning Workspace should exist. Changing this forces a new resource to be created.
- Managed
Network WorkspaceManaged Network Args - A
managed_network
block as defined below. - Name string
- Specifies the name of the Machine Learning Workspace. Changing this forces a new resource to be created.
- Primary
User stringAssigned Identity - The user assigned identity id that represents the workspace identity.
- Public
Network boolAccess Enabled Enable public access when this Machine Learning Workspace is behind VNet. Defaults to
true
.NOTE:
public_access_behind_virtual_network_enabled
is deprecated and will be removed in favour of the propertypublic_network_access_enabled
.- Serverless
Compute WorkspaceServerless Compute Args - A
serverless_compute
block as defined below. - Sku
Name string - SKU/edition of the Machine Learning Workspace, possible values are
Free
,Basic
,Standard
andPremium
. Defaults toBasic
. - map[string]string
- A mapping of tags to assign to the resource.
- V1Legacy
Mode boolEnabled - Enable V1 API features, enabling
v1_legacy_mode
may prevent you from using features provided by the v2 API. Defaults tofalse
.
- application
Insights StringId - The ID of the Application Insights associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
- identity
Workspace
Identity - An
identity
block as defined below. - key
Vault StringId - The ID of key vault associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
- resource
Group StringName - Specifies the name of the Resource Group in which the Machine Learning Workspace should exist. Changing this forces a new resource to be created.
- storage
Account StringId The ID of the Storage Account associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
NOTE: The
account_tier
cannot bePremium
in order to associate the Storage Account to this Machine Learning Workspace.- container
Registry StringId The ID of the container registry associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
NOTE: The
admin_enabled
should betrue
in order to associate the Container Registry to this Machine Learning Workspace.- description String
- The description of this Machine Learning Workspace.
- encryption
Workspace
Encryption - An
encryption
block as defined below. Changing this forces a new resource to be created. - feature
Store WorkspaceFeature Store - A
feature_store
block as defined below. - friendly
Name String - Display name for this Machine Learning Workspace.
- high
Business BooleanImpact - Flag to signal High Business Impact (HBI) data in the workspace and reduce diagnostic data collected by the service. Changing this forces a new resource to be created.
- image
Build StringCompute Name - The compute name for image build of the Machine Learning Workspace.
- kind String
- The type of the Workspace. Possible values are
Default
,FeatureStore
. Defaults toDefault
- location String
- Specifies the supported Azure location where the Machine Learning Workspace should exist. Changing this forces a new resource to be created.
- managed
Network WorkspaceManaged Network - A
managed_network
block as defined below. - name String
- Specifies the name of the Machine Learning Workspace. Changing this forces a new resource to be created.
- primary
User StringAssigned Identity - The user assigned identity id that represents the workspace identity.
- public
Network BooleanAccess Enabled Enable public access when this Machine Learning Workspace is behind VNet. Defaults to
true
.NOTE:
public_access_behind_virtual_network_enabled
is deprecated and will be removed in favour of the propertypublic_network_access_enabled
.- serverless
Compute WorkspaceServerless Compute - A
serverless_compute
block as defined below. - sku
Name String - SKU/edition of the Machine Learning Workspace, possible values are
Free
,Basic
,Standard
andPremium
. Defaults toBasic
. - Map<String,String>
- A mapping of tags to assign to the resource.
- v1Legacy
Mode BooleanEnabled - Enable V1 API features, enabling
v1_legacy_mode
may prevent you from using features provided by the v2 API. Defaults tofalse
.
- application
Insights stringId - The ID of the Application Insights associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
- identity
Workspace
Identity - An
identity
block as defined below. - key
Vault stringId - The ID of key vault associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
- resource
Group stringName - Specifies the name of the Resource Group in which the Machine Learning Workspace should exist. Changing this forces a new resource to be created.
- storage
Account stringId The ID of the Storage Account associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
NOTE: The
account_tier
cannot bePremium
in order to associate the Storage Account to this Machine Learning Workspace.- container
Registry stringId The ID of the container registry associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
NOTE: The
admin_enabled
should betrue
in order to associate the Container Registry to this Machine Learning Workspace.- description string
- The description of this Machine Learning Workspace.
- encryption
Workspace
Encryption - An
encryption
block as defined below. Changing this forces a new resource to be created. - feature
Store WorkspaceFeature Store - A
feature_store
block as defined below. - friendly
Name string - Display name for this Machine Learning Workspace.
- high
Business booleanImpact - Flag to signal High Business Impact (HBI) data in the workspace and reduce diagnostic data collected by the service. Changing this forces a new resource to be created.
- image
Build stringCompute Name - The compute name for image build of the Machine Learning Workspace.
- kind string
- The type of the Workspace. Possible values are
Default
,FeatureStore
. Defaults toDefault
- location string
- Specifies the supported Azure location where the Machine Learning Workspace should exist. Changing this forces a new resource to be created.
- managed
Network WorkspaceManaged Network - A
managed_network
block as defined below. - name string
- Specifies the name of the Machine Learning Workspace. Changing this forces a new resource to be created.
- primary
User stringAssigned Identity - The user assigned identity id that represents the workspace identity.
- public
Network booleanAccess Enabled Enable public access when this Machine Learning Workspace is behind VNet. Defaults to
true
.NOTE:
public_access_behind_virtual_network_enabled
is deprecated and will be removed in favour of the propertypublic_network_access_enabled
.- serverless
Compute WorkspaceServerless Compute - A
serverless_compute
block as defined below. - sku
Name string - SKU/edition of the Machine Learning Workspace, possible values are
Free
,Basic
,Standard
andPremium
. Defaults toBasic
. - {[key: string]: string}
- A mapping of tags to assign to the resource.
- v1Legacy
Mode booleanEnabled - Enable V1 API features, enabling
v1_legacy_mode
may prevent you from using features provided by the v2 API. Defaults tofalse
.
- application_
insights_ strid - The ID of the Application Insights associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
- identity
Workspace
Identity Args - An
identity
block as defined below. - key_
vault_ strid - The ID of key vault associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
- resource_
group_ strname - Specifies the name of the Resource Group in which the Machine Learning Workspace should exist. Changing this forces a new resource to be created.
- storage_
account_ strid The ID of the Storage Account associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
NOTE: The
account_tier
cannot bePremium
in order to associate the Storage Account to this Machine Learning Workspace.- container_
registry_ strid The ID of the container registry associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
NOTE: The
admin_enabled
should betrue
in order to associate the Container Registry to this Machine Learning Workspace.- description str
- The description of this Machine Learning Workspace.
- encryption
Workspace
Encryption Args - An
encryption
block as defined below. Changing this forces a new resource to be created. - feature_
store WorkspaceFeature Store Args - A
feature_store
block as defined below. - friendly_
name str - Display name for this Machine Learning Workspace.
- high_
business_ boolimpact - Flag to signal High Business Impact (HBI) data in the workspace and reduce diagnostic data collected by the service. Changing this forces a new resource to be created.
- image_
build_ strcompute_ name - The compute name for image build of the Machine Learning Workspace.
- kind str
- The type of the Workspace. Possible values are
Default
,FeatureStore
. Defaults toDefault
- location str
- Specifies the supported Azure location where the Machine Learning Workspace should exist. Changing this forces a new resource to be created.
- managed_
network WorkspaceManaged Network Args - A
managed_network
block as defined below. - name str
- Specifies the name of the Machine Learning Workspace. Changing this forces a new resource to be created.
- primary_
user_ strassigned_ identity - The user assigned identity id that represents the workspace identity.
- public_
network_ boolaccess_ enabled Enable public access when this Machine Learning Workspace is behind VNet. Defaults to
true
.NOTE:
public_access_behind_virtual_network_enabled
is deprecated and will be removed in favour of the propertypublic_network_access_enabled
.- serverless_
compute WorkspaceServerless Compute Args - A
serverless_compute
block as defined below. - sku_
name str - SKU/edition of the Machine Learning Workspace, possible values are
Free
,Basic
,Standard
andPremium
. Defaults toBasic
. - Mapping[str, str]
- A mapping of tags to assign to the resource.
- v1_
legacy_ boolmode_ enabled - Enable V1 API features, enabling
v1_legacy_mode
may prevent you from using features provided by the v2 API. Defaults tofalse
.
- application
Insights StringId - The ID of the Application Insights associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
- identity Property Map
- An
identity
block as defined below. - key
Vault StringId - The ID of key vault associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
- resource
Group StringName - Specifies the name of the Resource Group in which the Machine Learning Workspace should exist. Changing this forces a new resource to be created.
- storage
Account StringId The ID of the Storage Account associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
NOTE: The
account_tier
cannot bePremium
in order to associate the Storage Account to this Machine Learning Workspace.- container
Registry StringId The ID of the container registry associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
NOTE: The
admin_enabled
should betrue
in order to associate the Container Registry to this Machine Learning Workspace.- description String
- The description of this Machine Learning Workspace.
- encryption Property Map
- An
encryption
block as defined below. Changing this forces a new resource to be created. - feature
Store Property Map - A
feature_store
block as defined below. - friendly
Name String - Display name for this Machine Learning Workspace.
- high
Business BooleanImpact - Flag to signal High Business Impact (HBI) data in the workspace and reduce diagnostic data collected by the service. Changing this forces a new resource to be created.
- image
Build StringCompute Name - The compute name for image build of the Machine Learning Workspace.
- kind String
- The type of the Workspace. Possible values are
Default
,FeatureStore
. Defaults toDefault
- location String
- Specifies the supported Azure location where the Machine Learning Workspace should exist. Changing this forces a new resource to be created.
- managed
Network Property Map - A
managed_network
block as defined below. - name String
- Specifies the name of the Machine Learning Workspace. Changing this forces a new resource to be created.
- primary
User StringAssigned Identity - The user assigned identity id that represents the workspace identity.
- public
Network BooleanAccess Enabled Enable public access when this Machine Learning Workspace is behind VNet. Defaults to
true
.NOTE:
public_access_behind_virtual_network_enabled
is deprecated and will be removed in favour of the propertypublic_network_access_enabled
.- serverless
Compute Property Map - A
serverless_compute
block as defined below. - sku
Name String - SKU/edition of the Machine Learning Workspace, possible values are
Free
,Basic
,Standard
andPremium
. Defaults toBasic
. - Map<String>
- A mapping of tags to assign to the resource.
- v1Legacy
Mode BooleanEnabled - Enable V1 API features, enabling
v1_legacy_mode
may prevent you from using features provided by the v2 API. Defaults tofalse
.
Outputs
All input properties are implicitly available as output properties. Additionally, the Workspace resource produces the following output properties:
- Discovery
Url string - The url for the discovery service to identify regional endpoints for machine learning experimentation services.
- Id string
- The provider-assigned unique ID for this managed resource.
- Workspace
Id string - The immutable id associated with this workspace.
- Discovery
Url string - The url for the discovery service to identify regional endpoints for machine learning experimentation services.
- Id string
- The provider-assigned unique ID for this managed resource.
- Workspace
Id string - The immutable id associated with this workspace.
- discovery
Url String - The url for the discovery service to identify regional endpoints for machine learning experimentation services.
- id String
- The provider-assigned unique ID for this managed resource.
- workspace
Id String - The immutable id associated with this workspace.
- discovery
Url string - The url for the discovery service to identify regional endpoints for machine learning experimentation services.
- id string
- The provider-assigned unique ID for this managed resource.
- workspace
Id string - The immutable id associated with this workspace.
- discovery_
url str - The url for the discovery service to identify regional endpoints for machine learning experimentation services.
- id str
- The provider-assigned unique ID for this managed resource.
- workspace_
id str - The immutable id associated with this workspace.
- discovery
Url String - The url for the discovery service to identify regional endpoints for machine learning experimentation services.
- id String
- The provider-assigned unique ID for this managed resource.
- workspace
Id String - The immutable id associated with this workspace.
Look up Existing Workspace Resource
Get an existing Workspace resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: WorkspaceState, opts?: CustomResourceOptions): Workspace
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
application_insights_id: Optional[str] = None,
container_registry_id: Optional[str] = None,
description: Optional[str] = None,
discovery_url: Optional[str] = None,
encryption: Optional[WorkspaceEncryptionArgs] = None,
feature_store: Optional[WorkspaceFeatureStoreArgs] = None,
friendly_name: Optional[str] = None,
high_business_impact: Optional[bool] = None,
identity: Optional[WorkspaceIdentityArgs] = None,
image_build_compute_name: Optional[str] = None,
key_vault_id: Optional[str] = None,
kind: Optional[str] = None,
location: Optional[str] = None,
managed_network: Optional[WorkspaceManagedNetworkArgs] = None,
name: Optional[str] = None,
primary_user_assigned_identity: Optional[str] = None,
public_network_access_enabled: Optional[bool] = None,
resource_group_name: Optional[str] = None,
serverless_compute: Optional[WorkspaceServerlessComputeArgs] = None,
sku_name: Optional[str] = None,
storage_account_id: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
v1_legacy_mode_enabled: Optional[bool] = None,
workspace_id: Optional[str] = None) -> Workspace
func GetWorkspace(ctx *Context, name string, id IDInput, state *WorkspaceState, opts ...ResourceOption) (*Workspace, error)
public static Workspace Get(string name, Input<string> id, WorkspaceState? state, CustomResourceOptions? opts = null)
public static Workspace get(String name, Output<String> id, WorkspaceState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Application
Insights stringId - The ID of the Application Insights associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
- Container
Registry stringId The ID of the container registry associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
NOTE: The
admin_enabled
should betrue
in order to associate the Container Registry to this Machine Learning Workspace.- Description string
- The description of this Machine Learning Workspace.
- Discovery
Url string - The url for the discovery service to identify regional endpoints for machine learning experimentation services.
- Encryption
Workspace
Encryption - An
encryption
block as defined below. Changing this forces a new resource to be created. - Feature
Store WorkspaceFeature Store - A
feature_store
block as defined below. - Friendly
Name string - Display name for this Machine Learning Workspace.
- High
Business boolImpact - Flag to signal High Business Impact (HBI) data in the workspace and reduce diagnostic data collected by the service. Changing this forces a new resource to be created.
- Identity
Workspace
Identity - An
identity
block as defined below. - Image
Build stringCompute Name - The compute name for image build of the Machine Learning Workspace.
- Key
Vault stringId - The ID of key vault associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
- Kind string
- The type of the Workspace. Possible values are
Default
,FeatureStore
. Defaults toDefault
- Location string
- Specifies the supported Azure location where the Machine Learning Workspace should exist. Changing this forces a new resource to be created.
- Managed
Network WorkspaceManaged Network - A
managed_network
block as defined below. - Name string
- Specifies the name of the Machine Learning Workspace. Changing this forces a new resource to be created.
- Primary
User stringAssigned Identity - The user assigned identity id that represents the workspace identity.
- Public
Network boolAccess Enabled Enable public access when this Machine Learning Workspace is behind VNet. Defaults to
true
.NOTE:
public_access_behind_virtual_network_enabled
is deprecated and will be removed in favour of the propertypublic_network_access_enabled
.- Resource
Group stringName - Specifies the name of the Resource Group in which the Machine Learning Workspace should exist. Changing this forces a new resource to be created.
- Serverless
Compute WorkspaceServerless Compute - A
serverless_compute
block as defined below. - Sku
Name string - SKU/edition of the Machine Learning Workspace, possible values are
Free
,Basic
,Standard
andPremium
. Defaults toBasic
. - Storage
Account stringId The ID of the Storage Account associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
NOTE: The
account_tier
cannot bePremium
in order to associate the Storage Account to this Machine Learning Workspace.- Dictionary<string, string>
- A mapping of tags to assign to the resource.
- V1Legacy
Mode boolEnabled - Enable V1 API features, enabling
v1_legacy_mode
may prevent you from using features provided by the v2 API. Defaults tofalse
. - Workspace
Id string - The immutable id associated with this workspace.
- Application
Insights stringId - The ID of the Application Insights associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
- Container
Registry stringId The ID of the container registry associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
NOTE: The
admin_enabled
should betrue
in order to associate the Container Registry to this Machine Learning Workspace.- Description string
- The description of this Machine Learning Workspace.
- Discovery
Url string - The url for the discovery service to identify regional endpoints for machine learning experimentation services.
- Encryption
Workspace
Encryption Args - An
encryption
block as defined below. Changing this forces a new resource to be created. - Feature
Store WorkspaceFeature Store Args - A
feature_store
block as defined below. - Friendly
Name string - Display name for this Machine Learning Workspace.
- High
Business boolImpact - Flag to signal High Business Impact (HBI) data in the workspace and reduce diagnostic data collected by the service. Changing this forces a new resource to be created.
- Identity
Workspace
Identity Args - An
identity
block as defined below. - Image
Build stringCompute Name - The compute name for image build of the Machine Learning Workspace.
- Key
Vault stringId - The ID of key vault associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
- Kind string
- The type of the Workspace. Possible values are
Default
,FeatureStore
. Defaults toDefault
- Location string
- Specifies the supported Azure location where the Machine Learning Workspace should exist. Changing this forces a new resource to be created.
- Managed
Network WorkspaceManaged Network Args - A
managed_network
block as defined below. - Name string
- Specifies the name of the Machine Learning Workspace. Changing this forces a new resource to be created.
- Primary
User stringAssigned Identity - The user assigned identity id that represents the workspace identity.
- Public
Network boolAccess Enabled Enable public access when this Machine Learning Workspace is behind VNet. Defaults to
true
.NOTE:
public_access_behind_virtual_network_enabled
is deprecated and will be removed in favour of the propertypublic_network_access_enabled
.- Resource
Group stringName - Specifies the name of the Resource Group in which the Machine Learning Workspace should exist. Changing this forces a new resource to be created.
- Serverless
Compute WorkspaceServerless Compute Args - A
serverless_compute
block as defined below. - Sku
Name string - SKU/edition of the Machine Learning Workspace, possible values are
Free
,Basic
,Standard
andPremium
. Defaults toBasic
. - Storage
Account stringId The ID of the Storage Account associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
NOTE: The
account_tier
cannot bePremium
in order to associate the Storage Account to this Machine Learning Workspace.- map[string]string
- A mapping of tags to assign to the resource.
- V1Legacy
Mode boolEnabled - Enable V1 API features, enabling
v1_legacy_mode
may prevent you from using features provided by the v2 API. Defaults tofalse
. - Workspace
Id string - The immutable id associated with this workspace.
- application
Insights StringId - The ID of the Application Insights associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
- container
Registry StringId The ID of the container registry associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
NOTE: The
admin_enabled
should betrue
in order to associate the Container Registry to this Machine Learning Workspace.- description String
- The description of this Machine Learning Workspace.
- discovery
Url String - The url for the discovery service to identify regional endpoints for machine learning experimentation services.
- encryption
Workspace
Encryption - An
encryption
block as defined below. Changing this forces a new resource to be created. - feature
Store WorkspaceFeature Store - A
feature_store
block as defined below. - friendly
Name String - Display name for this Machine Learning Workspace.
- high
Business BooleanImpact - Flag to signal High Business Impact (HBI) data in the workspace and reduce diagnostic data collected by the service. Changing this forces a new resource to be created.
- identity
Workspace
Identity - An
identity
block as defined below. - image
Build StringCompute Name - The compute name for image build of the Machine Learning Workspace.
- key
Vault StringId - The ID of key vault associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
- kind String
- The type of the Workspace. Possible values are
Default
,FeatureStore
. Defaults toDefault
- location String
- Specifies the supported Azure location where the Machine Learning Workspace should exist. Changing this forces a new resource to be created.
- managed
Network WorkspaceManaged Network - A
managed_network
block as defined below. - name String
- Specifies the name of the Machine Learning Workspace. Changing this forces a new resource to be created.
- primary
User StringAssigned Identity - The user assigned identity id that represents the workspace identity.
- public
Network BooleanAccess Enabled Enable public access when this Machine Learning Workspace is behind VNet. Defaults to
true
.NOTE:
public_access_behind_virtual_network_enabled
is deprecated and will be removed in favour of the propertypublic_network_access_enabled
.- resource
Group StringName - Specifies the name of the Resource Group in which the Machine Learning Workspace should exist. Changing this forces a new resource to be created.
- serverless
Compute WorkspaceServerless Compute - A
serverless_compute
block as defined below. - sku
Name String - SKU/edition of the Machine Learning Workspace, possible values are
Free
,Basic
,Standard
andPremium
. Defaults toBasic
. - storage
Account StringId The ID of the Storage Account associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
NOTE: The
account_tier
cannot bePremium
in order to associate the Storage Account to this Machine Learning Workspace.- Map<String,String>
- A mapping of tags to assign to the resource.
- v1Legacy
Mode BooleanEnabled - Enable V1 API features, enabling
v1_legacy_mode
may prevent you from using features provided by the v2 API. Defaults tofalse
. - workspace
Id String - The immutable id associated with this workspace.
- application
Insights stringId - The ID of the Application Insights associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
- container
Registry stringId The ID of the container registry associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
NOTE: The
admin_enabled
should betrue
in order to associate the Container Registry to this Machine Learning Workspace.- description string
- The description of this Machine Learning Workspace.
- discovery
Url string - The url for the discovery service to identify regional endpoints for machine learning experimentation services.
- encryption
Workspace
Encryption - An
encryption
block as defined below. Changing this forces a new resource to be created. - feature
Store WorkspaceFeature Store - A
feature_store
block as defined below. - friendly
Name string - Display name for this Machine Learning Workspace.
- high
Business booleanImpact - Flag to signal High Business Impact (HBI) data in the workspace and reduce diagnostic data collected by the service. Changing this forces a new resource to be created.
- identity
Workspace
Identity - An
identity
block as defined below. - image
Build stringCompute Name - The compute name for image build of the Machine Learning Workspace.
- key
Vault stringId - The ID of key vault associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
- kind string
- The type of the Workspace. Possible values are
Default
,FeatureStore
. Defaults toDefault
- location string
- Specifies the supported Azure location where the Machine Learning Workspace should exist. Changing this forces a new resource to be created.
- managed
Network WorkspaceManaged Network - A
managed_network
block as defined below. - name string
- Specifies the name of the Machine Learning Workspace. Changing this forces a new resource to be created.
- primary
User stringAssigned Identity - The user assigned identity id that represents the workspace identity.
- public
Network booleanAccess Enabled Enable public access when this Machine Learning Workspace is behind VNet. Defaults to
true
.NOTE:
public_access_behind_virtual_network_enabled
is deprecated and will be removed in favour of the propertypublic_network_access_enabled
.- resource
Group stringName - Specifies the name of the Resource Group in which the Machine Learning Workspace should exist. Changing this forces a new resource to be created.
- serverless
Compute WorkspaceServerless Compute - A
serverless_compute
block as defined below. - sku
Name string - SKU/edition of the Machine Learning Workspace, possible values are
Free
,Basic
,Standard
andPremium
. Defaults toBasic
. - storage
Account stringId The ID of the Storage Account associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
NOTE: The
account_tier
cannot bePremium
in order to associate the Storage Account to this Machine Learning Workspace.- {[key: string]: string}
- A mapping of tags to assign to the resource.
- v1Legacy
Mode booleanEnabled - Enable V1 API features, enabling
v1_legacy_mode
may prevent you from using features provided by the v2 API. Defaults tofalse
. - workspace
Id string - The immutable id associated with this workspace.
- application_
insights_ strid - The ID of the Application Insights associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
- container_
registry_ strid The ID of the container registry associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
NOTE: The
admin_enabled
should betrue
in order to associate the Container Registry to this Machine Learning Workspace.- description str
- The description of this Machine Learning Workspace.
- discovery_
url str - The url for the discovery service to identify regional endpoints for machine learning experimentation services.
- encryption
Workspace
Encryption Args - An
encryption
block as defined below. Changing this forces a new resource to be created. - feature_
store WorkspaceFeature Store Args - A
feature_store
block as defined below. - friendly_
name str - Display name for this Machine Learning Workspace.
- high_
business_ boolimpact - Flag to signal High Business Impact (HBI) data in the workspace and reduce diagnostic data collected by the service. Changing this forces a new resource to be created.
- identity
Workspace
Identity Args - An
identity
block as defined below. - image_
build_ strcompute_ name - The compute name for image build of the Machine Learning Workspace.
- key_
vault_ strid - The ID of key vault associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
- kind str
- The type of the Workspace. Possible values are
Default
,FeatureStore
. Defaults toDefault
- location str
- Specifies the supported Azure location where the Machine Learning Workspace should exist. Changing this forces a new resource to be created.
- managed_
network WorkspaceManaged Network Args - A
managed_network
block as defined below. - name str
- Specifies the name of the Machine Learning Workspace. Changing this forces a new resource to be created.
- primary_
user_ strassigned_ identity - The user assigned identity id that represents the workspace identity.
- public_
network_ boolaccess_ enabled Enable public access when this Machine Learning Workspace is behind VNet. Defaults to
true
.NOTE:
public_access_behind_virtual_network_enabled
is deprecated and will be removed in favour of the propertypublic_network_access_enabled
.- resource_
group_ strname - Specifies the name of the Resource Group in which the Machine Learning Workspace should exist. Changing this forces a new resource to be created.
- serverless_
compute WorkspaceServerless Compute Args - A
serverless_compute
block as defined below. - sku_
name str - SKU/edition of the Machine Learning Workspace, possible values are
Free
,Basic
,Standard
andPremium
. Defaults toBasic
. - storage_
account_ strid The ID of the Storage Account associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
NOTE: The
account_tier
cannot bePremium
in order to associate the Storage Account to this Machine Learning Workspace.- Mapping[str, str]
- A mapping of tags to assign to the resource.
- v1_
legacy_ boolmode_ enabled - Enable V1 API features, enabling
v1_legacy_mode
may prevent you from using features provided by the v2 API. Defaults tofalse
. - workspace_
id str - The immutable id associated with this workspace.
- application
Insights StringId - The ID of the Application Insights associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
- container
Registry StringId The ID of the container registry associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
NOTE: The
admin_enabled
should betrue
in order to associate the Container Registry to this Machine Learning Workspace.- description String
- The description of this Machine Learning Workspace.
- discovery
Url String - The url for the discovery service to identify regional endpoints for machine learning experimentation services.
- encryption Property Map
- An
encryption
block as defined below. Changing this forces a new resource to be created. - feature
Store Property Map - A
feature_store
block as defined below. - friendly
Name String - Display name for this Machine Learning Workspace.
- high
Business BooleanImpact - Flag to signal High Business Impact (HBI) data in the workspace and reduce diagnostic data collected by the service. Changing this forces a new resource to be created.
- identity Property Map
- An
identity
block as defined below. - image
Build StringCompute Name - The compute name for image build of the Machine Learning Workspace.
- key
Vault StringId - The ID of key vault associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
- kind String
- The type of the Workspace. Possible values are
Default
,FeatureStore
. Defaults toDefault
- location String
- Specifies the supported Azure location where the Machine Learning Workspace should exist. Changing this forces a new resource to be created.
- managed
Network Property Map - A
managed_network
block as defined below. - name String
- Specifies the name of the Machine Learning Workspace. Changing this forces a new resource to be created.
- primary
User StringAssigned Identity - The user assigned identity id that represents the workspace identity.
- public
Network BooleanAccess Enabled Enable public access when this Machine Learning Workspace is behind VNet. Defaults to
true
.NOTE:
public_access_behind_virtual_network_enabled
is deprecated and will be removed in favour of the propertypublic_network_access_enabled
.- resource
Group StringName - Specifies the name of the Resource Group in which the Machine Learning Workspace should exist. Changing this forces a new resource to be created.
- serverless
Compute Property Map - A
serverless_compute
block as defined below. - sku
Name String - SKU/edition of the Machine Learning Workspace, possible values are
Free
,Basic
,Standard
andPremium
. Defaults toBasic
. - storage
Account StringId The ID of the Storage Account associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
NOTE: The
account_tier
cannot bePremium
in order to associate the Storage Account to this Machine Learning Workspace.- Map<String>
- A mapping of tags to assign to the resource.
- v1Legacy
Mode BooleanEnabled - Enable V1 API features, enabling
v1_legacy_mode
may prevent you from using features provided by the v2 API. Defaults tofalse
. - workspace
Id String - The immutable id associated with this workspace.
Supporting Types
WorkspaceEncryption, WorkspaceEncryptionArgs
- Key
Id string - The Key Vault URI to access the encryption key.
- Key
Vault stringId - The ID of the keyVault where the customer owned encryption key is present.
- User
Assigned stringIdentity Id The Key Vault URI to access the encryption key.
Note:
user_assigned_identity_id
must set whenidentity.type
isUserAssigned
or service won't be able to find the assigned permissions.
- Key
Id string - The Key Vault URI to access the encryption key.
- Key
Vault stringId - The ID of the keyVault where the customer owned encryption key is present.
- User
Assigned stringIdentity Id The Key Vault URI to access the encryption key.
Note:
user_assigned_identity_id
must set whenidentity.type
isUserAssigned
or service won't be able to find the assigned permissions.
- key
Id String - The Key Vault URI to access the encryption key.
- key
Vault StringId - The ID of the keyVault where the customer owned encryption key is present.
- user
Assigned StringIdentity Id The Key Vault URI to access the encryption key.
Note:
user_assigned_identity_id
must set whenidentity.type
isUserAssigned
or service won't be able to find the assigned permissions.
- key
Id string - The Key Vault URI to access the encryption key.
- key
Vault stringId - The ID of the keyVault where the customer owned encryption key is present.
- user
Assigned stringIdentity Id The Key Vault URI to access the encryption key.
Note:
user_assigned_identity_id
must set whenidentity.type
isUserAssigned
or service won't be able to find the assigned permissions.
- key_
id str - The Key Vault URI to access the encryption key.
- key_
vault_ strid - The ID of the keyVault where the customer owned encryption key is present.
- user_
assigned_ stridentity_ id The Key Vault URI to access the encryption key.
Note:
user_assigned_identity_id
must set whenidentity.type
isUserAssigned
or service won't be able to find the assigned permissions.
- key
Id String - The Key Vault URI to access the encryption key.
- key
Vault StringId - The ID of the keyVault where the customer owned encryption key is present.
- user
Assigned StringIdentity Id The Key Vault URI to access the encryption key.
Note:
user_assigned_identity_id
must set whenidentity.type
isUserAssigned
or service won't be able to find the assigned permissions.
WorkspaceFeatureStore, WorkspaceFeatureStoreArgs
- Computer
Spark stringRuntime Version - The version of Spark runtime.
- Offline
Connection stringName - The name of offline store connection.
- Online
Connection stringName The name of online store connection.
Note:
feature_store
must be set whenkind
isFeatureStore
- Computer
Spark stringRuntime Version - The version of Spark runtime.
- Offline
Connection stringName - The name of offline store connection.
- Online
Connection stringName The name of online store connection.
Note:
feature_store
must be set whenkind
isFeatureStore
- computer
Spark StringRuntime Version - The version of Spark runtime.
- offline
Connection StringName - The name of offline store connection.
- online
Connection StringName The name of online store connection.
Note:
feature_store
must be set whenkind
isFeatureStore
- computer
Spark stringRuntime Version - The version of Spark runtime.
- offline
Connection stringName - The name of offline store connection.
- online
Connection stringName The name of online store connection.
Note:
feature_store
must be set whenkind
isFeatureStore
- computer_
spark_ strruntime_ version - The version of Spark runtime.
- offline_
connection_ strname - The name of offline store connection.
- online_
connection_ strname The name of online store connection.
Note:
feature_store
must be set whenkind
isFeatureStore
- computer
Spark StringRuntime Version - The version of Spark runtime.
- offline
Connection StringName - The name of offline store connection.
- online
Connection StringName The name of online store connection.
Note:
feature_store
must be set whenkind
isFeatureStore
WorkspaceIdentity, WorkspaceIdentityArgs
- Type string
- Specifies the type of Managed Service Identity that should be configured on this Machine Learning Workspace. Possible values are
SystemAssigned
,UserAssigned
,SystemAssigned, UserAssigned
(to enable both). - Identity
Ids List<string> Specifies a list of User Assigned Managed Identity IDs to be assigned to this Machine Learning Workspace.
NOTE: This is required when
type
is set toUserAssigned
orSystemAssigned, UserAssigned
.- Principal
Id string - The Principal ID associated with this Managed Service Identity.
- Tenant
Id string - The Tenant ID associated with this Managed Service Identity.
- Type string
- Specifies the type of Managed Service Identity that should be configured on this Machine Learning Workspace. Possible values are
SystemAssigned
,UserAssigned
,SystemAssigned, UserAssigned
(to enable both). - Identity
Ids []string Specifies a list of User Assigned Managed Identity IDs to be assigned to this Machine Learning Workspace.
NOTE: This is required when
type
is set toUserAssigned
orSystemAssigned, UserAssigned
.- Principal
Id string - The Principal ID associated with this Managed Service Identity.
- Tenant
Id string - The Tenant ID associated with this Managed Service Identity.
- type String
- Specifies the type of Managed Service Identity that should be configured on this Machine Learning Workspace. Possible values are
SystemAssigned
,UserAssigned
,SystemAssigned, UserAssigned
(to enable both). - identity
Ids List<String> Specifies a list of User Assigned Managed Identity IDs to be assigned to this Machine Learning Workspace.
NOTE: This is required when
type
is set toUserAssigned
orSystemAssigned, UserAssigned
.- principal
Id String - The Principal ID associated with this Managed Service Identity.
- tenant
Id String - The Tenant ID associated with this Managed Service Identity.
- type string
- Specifies the type of Managed Service Identity that should be configured on this Machine Learning Workspace. Possible values are
SystemAssigned
,UserAssigned
,SystemAssigned, UserAssigned
(to enable both). - identity
Ids string[] Specifies a list of User Assigned Managed Identity IDs to be assigned to this Machine Learning Workspace.
NOTE: This is required when
type
is set toUserAssigned
orSystemAssigned, UserAssigned
.- principal
Id string - The Principal ID associated with this Managed Service Identity.
- tenant
Id string - The Tenant ID associated with this Managed Service Identity.
- type str
- Specifies the type of Managed Service Identity that should be configured on this Machine Learning Workspace. Possible values are
SystemAssigned
,UserAssigned
,SystemAssigned, UserAssigned
(to enable both). - identity_
ids Sequence[str] Specifies a list of User Assigned Managed Identity IDs to be assigned to this Machine Learning Workspace.
NOTE: This is required when
type
is set toUserAssigned
orSystemAssigned, UserAssigned
.- principal_
id str - The Principal ID associated with this Managed Service Identity.
- tenant_
id str - The Tenant ID associated with this Managed Service Identity.
- type String
- Specifies the type of Managed Service Identity that should be configured on this Machine Learning Workspace. Possible values are
SystemAssigned
,UserAssigned
,SystemAssigned, UserAssigned
(to enable both). - identity
Ids List<String> Specifies a list of User Assigned Managed Identity IDs to be assigned to this Machine Learning Workspace.
NOTE: This is required when
type
is set toUserAssigned
orSystemAssigned, UserAssigned
.- principal
Id String - The Principal ID associated with this Managed Service Identity.
- tenant
Id String - The Tenant ID associated with this Managed Service Identity.
WorkspaceManagedNetwork, WorkspaceManagedNetworkArgs
- Isolation
Mode string - The isolation mode of the Machine Learning Workspace. Possible values are
Disabled
,AllowOnlyApprovedOutbound
, andAllowInternetOutbound
- Isolation
Mode string - The isolation mode of the Machine Learning Workspace. Possible values are
Disabled
,AllowOnlyApprovedOutbound
, andAllowInternetOutbound
- isolation
Mode String - The isolation mode of the Machine Learning Workspace. Possible values are
Disabled
,AllowOnlyApprovedOutbound
, andAllowInternetOutbound
- isolation
Mode string - The isolation mode of the Machine Learning Workspace. Possible values are
Disabled
,AllowOnlyApprovedOutbound
, andAllowInternetOutbound
- isolation_
mode str - The isolation mode of the Machine Learning Workspace. Possible values are
Disabled
,AllowOnlyApprovedOutbound
, andAllowInternetOutbound
- isolation
Mode String - The isolation mode of the Machine Learning Workspace. Possible values are
Disabled
,AllowOnlyApprovedOutbound
, andAllowInternetOutbound
WorkspaceServerlessCompute, WorkspaceServerlessComputeArgs
- Public
Ip boolEnabled Should serverless compute nodes deployed in a custom Virtual Network have public IP addresses enabled for a workspace with private endpoint? Defaults to
false
.Note:
public_ip_enabled
cannot be updated fromtrue
tofalse
whensubnet_id
is not set.public_ip_enabled
must be set totrue
ifsubnet_id
is not set and whenpublic_network_access_enabled
isfalse
.- Subnet
Id string - The ID of an existing Virtual Network Subnet in which the serverless compute nodes should be deployed to.
- Public
Ip boolEnabled Should serverless compute nodes deployed in a custom Virtual Network have public IP addresses enabled for a workspace with private endpoint? Defaults to
false
.Note:
public_ip_enabled
cannot be updated fromtrue
tofalse
whensubnet_id
is not set.public_ip_enabled
must be set totrue
ifsubnet_id
is not set and whenpublic_network_access_enabled
isfalse
.- Subnet
Id string - The ID of an existing Virtual Network Subnet in which the serverless compute nodes should be deployed to.
- public
Ip BooleanEnabled Should serverless compute nodes deployed in a custom Virtual Network have public IP addresses enabled for a workspace with private endpoint? Defaults to
false
.Note:
public_ip_enabled
cannot be updated fromtrue
tofalse
whensubnet_id
is not set.public_ip_enabled
must be set totrue
ifsubnet_id
is not set and whenpublic_network_access_enabled
isfalse
.- subnet
Id String - The ID of an existing Virtual Network Subnet in which the serverless compute nodes should be deployed to.
- public
Ip booleanEnabled Should serverless compute nodes deployed in a custom Virtual Network have public IP addresses enabled for a workspace with private endpoint? Defaults to
false
.Note:
public_ip_enabled
cannot be updated fromtrue
tofalse
whensubnet_id
is not set.public_ip_enabled
must be set totrue
ifsubnet_id
is not set and whenpublic_network_access_enabled
isfalse
.- subnet
Id string - The ID of an existing Virtual Network Subnet in which the serverless compute nodes should be deployed to.
- public_
ip_ boolenabled Should serverless compute nodes deployed in a custom Virtual Network have public IP addresses enabled for a workspace with private endpoint? Defaults to
false
.Note:
public_ip_enabled
cannot be updated fromtrue
tofalse
whensubnet_id
is not set.public_ip_enabled
must be set totrue
ifsubnet_id
is not set and whenpublic_network_access_enabled
isfalse
.- subnet_
id str - The ID of an existing Virtual Network Subnet in which the serverless compute nodes should be deployed to.
- public
Ip BooleanEnabled Should serverless compute nodes deployed in a custom Virtual Network have public IP addresses enabled for a workspace with private endpoint? Defaults to
false
.Note:
public_ip_enabled
cannot be updated fromtrue
tofalse
whensubnet_id
is not set.public_ip_enabled
must be set totrue
ifsubnet_id
is not set and whenpublic_network_access_enabled
isfalse
.- subnet
Id String - The ID of an existing Virtual Network Subnet in which the serverless compute nodes should be deployed to.
Import
Machine Learning Workspace can be imported using the resource id
, e.g.
$ pulumi import azure:machinelearning/workspace:Workspace example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.MachineLearningServices/workspaces/workspace1
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurerm
Terraform Provider.