Workspace
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const current = azure.core.getClientConfig({});
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleInsights = new azure.appinsights.Insights("example", {
name: "workspace-example-ai",
location: example.location,
resourceGroupName: example.name,
applicationType: "web",
});
const exampleKeyVault = new azure.keyvault.KeyVault("example", {
name: "workspaceexamplekeyvault",
location: example.location,
resourceGroupName: example.name,
tenantId: current.then(current => current.tenantId),
skuName: "premium",
});
const exampleAccount = new azure.storage.Account("example", {
name: "workspacestorageaccount",
location: example.location,
resourceGroupName: example.name,
accountTier: "Standard",
accountReplicationType: "GRS",
});
const exampleWorkspace = new azure.machinelearning.Workspace("example", {
name: "example-workspace",
location: example.location,
resourceGroupName: example.name,
applicationInsightsId: exampleInsights.id,
keyVaultId: exampleKeyVault.id,
storageAccountId: exampleAccount.id,
identity: {
type: "SystemAssigned",
},
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
current = azure.core.get_client_config()
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_insights = azure.appinsights.Insights("example",
name="workspace-example-ai",
location=example.location,
resource_group_name=example.name,
application_type="web")
example_key_vault = azure.keyvault.KeyVault("example",
name="workspaceexamplekeyvault",
location=example.location,
resource_group_name=example.name,
tenant_id=current.tenant_id,
sku_name="premium")
example_account = azure.storage.Account("example",
name="workspacestorageaccount",
location=example.location,
resource_group_name=example.name,
account_tier="Standard",
account_replication_type="GRS")
example_workspace = azure.machinelearning.Workspace("example",
name="example-workspace",
location=example.location,
resource_group_name=example.name,
application_insights_id=example_insights.id,
key_vault_id=example_key_vault.id,
storage_account_id=example_account.id,
identity={
"type": "SystemAssigned",
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var current = Azure.Core.GetClientConfig.Invoke();
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleInsights = new Azure.AppInsights.Insights("example", new()
{
Name = "workspace-example-ai",
Location = example.Location,
ResourceGroupName = example.Name,
ApplicationType = "web",
});
var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
{
Name = "workspaceexamplekeyvault",
Location = example.Location,
ResourceGroupName = example.Name,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
SkuName = "premium",
});
var exampleAccount = new Azure.Storage.Account("example", new()
{
Name = "workspacestorageaccount",
Location = example.Location,
ResourceGroupName = example.Name,
AccountTier = "Standard",
AccountReplicationType = "GRS",
});
var exampleWorkspace = new Azure.MachineLearning.Workspace("example", new()
{
Name = "example-workspace",
Location = example.Location,
ResourceGroupName = example.Name,
ApplicationInsightsId = exampleInsights.Id,
KeyVaultId = exampleKeyVault.Id,
StorageAccountId = exampleAccount.Id,
Identity = new Azure.MachineLearning.Inputs.WorkspaceIdentityArgs
{
Type = "SystemAssigned",
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/appinsights"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/machinelearning"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := core.GetClientConfig(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleInsights, err := appinsights.NewInsights(ctx, "example", &appinsights.InsightsArgs{
Name: pulumi.String("workspace-example-ai"),
Location: example.Location,
ResourceGroupName: example.Name,
ApplicationType: pulumi.String("web"),
})
if err != nil {
return err
}
exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
Name: pulumi.String("workspaceexamplekeyvault"),
Location: example.Location,
ResourceGroupName: example.Name,
TenantId: pulumi.String(current.TenantId),
SkuName: pulumi.String("premium"),
})
if err != nil {
return err
}
exampleAccount, err := storage.NewAccount(ctx, "example", &storage.AccountArgs{
Name: pulumi.String("workspacestorageaccount"),
Location: example.Location,
ResourceGroupName: example.Name,
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("GRS"),
})
if err != nil {
return err
}
_, err = machinelearning.NewWorkspace(ctx, "example", &machinelearning.WorkspaceArgs{
Name: pulumi.String("example-workspace"),
Location: example.Location,
ResourceGroupName: example.Name,
ApplicationInsightsId: exampleInsights.ID(),
KeyVaultId: exampleKeyVault.ID(),
StorageAccountId: exampleAccount.ID(),
Identity: &machinelearning.WorkspaceIdentityArgs{
Type: pulumi.String("SystemAssigned"),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.appinsights.Insights;
import com.pulumi.azure.appinsights.InsightsArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.machinelearning.Workspace;
import com.pulumi.azure.machinelearning.WorkspaceArgs;
import com.pulumi.azure.machinelearning.inputs.WorkspaceIdentityArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = CoreFunctions.getClientConfig(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleInsights = new Insights("exampleInsights", InsightsArgs.builder()
.name("workspace-example-ai")
.location(example.location())
.resourceGroupName(example.name())
.applicationType("web")
.build());
var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
.name("workspaceexamplekeyvault")
.location(example.location())
.resourceGroupName(example.name())
.tenantId(current.tenantId())
.skuName("premium")
.build());
var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
.name("workspacestorageaccount")
.location(example.location())
.resourceGroupName(example.name())
.accountTier("Standard")
.accountReplicationType("GRS")
.build());
var exampleWorkspace = new Workspace("exampleWorkspace", WorkspaceArgs.builder()
.name("example-workspace")
.location(example.location())
.resourceGroupName(example.name())
.applicationInsightsId(exampleInsights.id())
.keyVaultId(exampleKeyVault.id())
.storageAccountId(exampleAccount.id())
.identity(WorkspaceIdentityArgs.builder()
.type("SystemAssigned")
.build())
.build());
}
}Content copied to clipboard
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleInsights:
type: azure:appinsights:Insights
name: example
properties:
name: workspace-example-ai
location: ${example.location}
resourceGroupName: ${example.name}
applicationType: web
exampleKeyVault:
type: azure:keyvault:KeyVault
name: example
properties:
name: workspaceexamplekeyvault
location: ${example.location}
resourceGroupName: ${example.name}
tenantId: ${current.tenantId}
skuName: premium
exampleAccount:
type: azure:storage:Account
name: example
properties:
name: workspacestorageaccount
location: ${example.location}
resourceGroupName: ${example.name}
accountTier: Standard
accountReplicationType: GRS
exampleWorkspace:
type: azure:machinelearning:Workspace
name: example
properties:
name: example-workspace
location: ${example.location}
resourceGroupName: ${example.name}
applicationInsightsId: ${exampleInsights.id}
keyVaultId: ${exampleKeyVault.id}
storageAccountId: ${exampleAccount.id}
identity:
type: SystemAssigned
variables:
current:
fn::invoke:
function: azure:core:getClientConfig
arguments: {}Content copied to clipboard
With Data Encryption
Note: The Key Vault must enable purge protection.
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const current = azure.core.getClientConfig({});
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleInsights = new azure.appinsights.Insights("example", {
name: "workspace-example-ai",
location: example.location,
resourceGroupName: example.name,
applicationType: "web",
});
const exampleKeyVault = new azure.keyvault.KeyVault("example", {
name: "workspaceexamplekeyvault",
location: example.location,
resourceGroupName: example.name,
tenantId: current.then(current => current.tenantId),
skuName: "premium",
purgeProtectionEnabled: true,
});
const exampleAccessPolicy = new azure.keyvault.AccessPolicy("example", {
keyVaultId: exampleKeyVault.id,
tenantId: current.then(current => current.tenantId),
objectId: current.then(current => current.objectId),
keyPermissions: [
"Create",
"Get",
"Delete",
"Purge",
"GetRotationPolicy",
],
});
const exampleAccount = new azure.storage.Account("example", {
name: "workspacestorageaccount",
location: example.location,
resourceGroupName: example.name,
accountTier: "Standard",
accountReplicationType: "GRS",
});
const exampleKey = new azure.keyvault.Key("example", {
name: "workspaceexamplekeyvaultkey",
keyVaultId: exampleKeyVault.id,
keyType: "RSA",
keySize: 2048,
keyOpts: [
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
],
}, {
dependsOn: [
exampleKeyVault,
exampleAccessPolicy,
],
});
const exampleWorkspace = new azure.machinelearning.Workspace("example", {
name: "example-workspace",
location: example.location,
resourceGroupName: example.name,
applicationInsightsId: exampleInsights.id,
keyVaultId: exampleKeyVault.id,
storageAccountId: exampleAccount.id,
identity: {
type: "SystemAssigned",
},
encryption: {
keyVaultId: exampleKeyVault.id,
keyId: exampleKey.id,
},
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
current = azure.core.get_client_config()
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_insights = azure.appinsights.Insights("example",
name="workspace-example-ai",
location=example.location,
resource_group_name=example.name,
application_type="web")
example_key_vault = azure.keyvault.KeyVault("example",
name="workspaceexamplekeyvault",
location=example.location,
resource_group_name=example.name,
tenant_id=current.tenant_id,
sku_name="premium",
purge_protection_enabled=True)
example_access_policy = azure.keyvault.AccessPolicy("example",
key_vault_id=example_key_vault.id,
tenant_id=current.tenant_id,
object_id=current.object_id,
key_permissions=[
"Create",
"Get",
"Delete",
"Purge",
"GetRotationPolicy",
])
example_account = azure.storage.Account("example",
name="workspacestorageaccount",
location=example.location,
resource_group_name=example.name,
account_tier="Standard",
account_replication_type="GRS")
example_key = azure.keyvault.Key("example",
name="workspaceexamplekeyvaultkey",
key_vault_id=example_key_vault.id,
key_type="RSA",
key_size=2048,
key_opts=[
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
],
opts = pulumi.ResourceOptions(depends_on=[
example_key_vault,
example_access_policy,
]))
example_workspace = azure.machinelearning.Workspace("example",
name="example-workspace",
location=example.location,
resource_group_name=example.name,
application_insights_id=example_insights.id,
key_vault_id=example_key_vault.id,
storage_account_id=example_account.id,
identity={
"type": "SystemAssigned",
},
encryption={
"key_vault_id": example_key_vault.id,
"key_id": example_key.id,
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var current = Azure.Core.GetClientConfig.Invoke();
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleInsights = new Azure.AppInsights.Insights("example", new()
{
Name = "workspace-example-ai",
Location = example.Location,
ResourceGroupName = example.Name,
ApplicationType = "web",
});
var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
{
Name = "workspaceexamplekeyvault",
Location = example.Location,
ResourceGroupName = example.Name,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
SkuName = "premium",
PurgeProtectionEnabled = true,
});
var exampleAccessPolicy = new Azure.KeyVault.AccessPolicy("example", new()
{
KeyVaultId = exampleKeyVault.Id,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
KeyPermissions = new[]
{
"Create",
"Get",
"Delete",
"Purge",
"GetRotationPolicy",
},
});
var exampleAccount = new Azure.Storage.Account("example", new()
{
Name = "workspacestorageaccount",
Location = example.Location,
ResourceGroupName = example.Name,
AccountTier = "Standard",
AccountReplicationType = "GRS",
});
var exampleKey = new Azure.KeyVault.Key("example", new()
{
Name = "workspaceexamplekeyvaultkey",
KeyVaultId = exampleKeyVault.Id,
KeyType = "RSA",
KeySize = 2048,
KeyOpts = new[]
{
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
},
}, new CustomResourceOptions
{
DependsOn =
{
exampleKeyVault,
exampleAccessPolicy,
},
});
var exampleWorkspace = new Azure.MachineLearning.Workspace("example", new()
{
Name = "example-workspace",
Location = example.Location,
ResourceGroupName = example.Name,
ApplicationInsightsId = exampleInsights.Id,
KeyVaultId = exampleKeyVault.Id,
StorageAccountId = exampleAccount.Id,
Identity = new Azure.MachineLearning.Inputs.WorkspaceIdentityArgs
{
Type = "SystemAssigned",
},
Encryption = new Azure.MachineLearning.Inputs.WorkspaceEncryptionArgs
{
KeyVaultId = exampleKeyVault.Id,
KeyId = exampleKey.Id,
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/appinsights"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/machinelearning"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := core.GetClientConfig(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleInsights, err := appinsights.NewInsights(ctx, "example", &appinsights.InsightsArgs{
Name: pulumi.String("workspace-example-ai"),
Location: example.Location,
ResourceGroupName: example.Name,
ApplicationType: pulumi.String("web"),
})
if err != nil {
return err
}
exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
Name: pulumi.String("workspaceexamplekeyvault"),
Location: example.Location,
ResourceGroupName: example.Name,
TenantId: pulumi.String(current.TenantId),
SkuName: pulumi.String("premium"),
PurgeProtectionEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
exampleAccessPolicy, err := keyvault.NewAccessPolicy(ctx, "example", &keyvault.AccessPolicyArgs{
KeyVaultId: exampleKeyVault.ID(),
TenantId: pulumi.String(current.TenantId),
ObjectId: pulumi.String(current.ObjectId),
KeyPermissions: pulumi.StringArray{
pulumi.String("Create"),
pulumi.String("Get"),
pulumi.String("Delete"),
pulumi.String("Purge"),
pulumi.String("GetRotationPolicy"),
},
})
if err != nil {
return err
}
exampleAccount, err := storage.NewAccount(ctx, "example", &storage.AccountArgs{
Name: pulumi.String("workspacestorageaccount"),
Location: example.Location,
ResourceGroupName: example.Name,
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("GRS"),
})
if err != nil {
return err
}
exampleKey, err := keyvault.NewKey(ctx, "example", &keyvault.KeyArgs{
Name: pulumi.String("workspaceexamplekeyvaultkey"),
KeyVaultId: exampleKeyVault.ID(),
KeyType: pulumi.String("RSA"),
KeySize: pulumi.Int(2048),
KeyOpts: pulumi.StringArray{
pulumi.String("decrypt"),
pulumi.String("encrypt"),
pulumi.String("sign"),
pulumi.String("unwrapKey"),
pulumi.String("verify"),
pulumi.String("wrapKey"),
},
}, pulumi.DependsOn([]pulumi.Resource{
exampleKeyVault,
exampleAccessPolicy,
}))
if err != nil {
return err
}
_, err = machinelearning.NewWorkspace(ctx, "example", &machinelearning.WorkspaceArgs{
Name: pulumi.String("example-workspace"),
Location: example.Location,
ResourceGroupName: example.Name,
ApplicationInsightsId: exampleInsights.ID(),
KeyVaultId: exampleKeyVault.ID(),
StorageAccountId: exampleAccount.ID(),
Identity: &machinelearning.WorkspaceIdentityArgs{
Type: pulumi.String("SystemAssigned"),
},
Encryption: &machinelearning.WorkspaceEncryptionArgs{
KeyVaultId: exampleKeyVault.ID(),
KeyId: exampleKey.ID(),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.appinsights.Insights;
import com.pulumi.azure.appinsights.InsightsArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.keyvault.AccessPolicy;
import com.pulumi.azure.keyvault.AccessPolicyArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.keyvault.Key;
import com.pulumi.azure.keyvault.KeyArgs;
import com.pulumi.azure.machinelearning.Workspace;
import com.pulumi.azure.machinelearning.WorkspaceArgs;
import com.pulumi.azure.machinelearning.inputs.WorkspaceIdentityArgs;
import com.pulumi.azure.machinelearning.inputs.WorkspaceEncryptionArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = CoreFunctions.getClientConfig(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleInsights = new Insights("exampleInsights", InsightsArgs.builder()
.name("workspace-example-ai")
.location(example.location())
.resourceGroupName(example.name())
.applicationType("web")
.build());
var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
.name("workspaceexamplekeyvault")
.location(example.location())
.resourceGroupName(example.name())
.tenantId(current.tenantId())
.skuName("premium")
.purgeProtectionEnabled(true)
.build());
var exampleAccessPolicy = new AccessPolicy("exampleAccessPolicy", AccessPolicyArgs.builder()
.keyVaultId(exampleKeyVault.id())
.tenantId(current.tenantId())
.objectId(current.objectId())
.keyPermissions(
"Create",
"Get",
"Delete",
"Purge",
"GetRotationPolicy")
.build());
var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
.name("workspacestorageaccount")
.location(example.location())
.resourceGroupName(example.name())
.accountTier("Standard")
.accountReplicationType("GRS")
.build());
var exampleKey = new Key("exampleKey", KeyArgs.builder()
.name("workspaceexamplekeyvaultkey")
.keyVaultId(exampleKeyVault.id())
.keyType("RSA")
.keySize(2048)
.keyOpts(
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey")
.build(), CustomResourceOptions.builder()
.dependsOn(
exampleKeyVault,
exampleAccessPolicy)
.build());
var exampleWorkspace = new Workspace("exampleWorkspace", WorkspaceArgs.builder()
.name("example-workspace")
.location(example.location())
.resourceGroupName(example.name())
.applicationInsightsId(exampleInsights.id())
.keyVaultId(exampleKeyVault.id())
.storageAccountId(exampleAccount.id())
.identity(WorkspaceIdentityArgs.builder()
.type("SystemAssigned")
.build())
.encryption(WorkspaceEncryptionArgs.builder()
.keyVaultId(exampleKeyVault.id())
.keyId(exampleKey.id())
.build())
.build());
}
}Content copied to clipboard
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleInsights:
type: azure:appinsights:Insights
name: example
properties:
name: workspace-example-ai
location: ${example.location}
resourceGroupName: ${example.name}
applicationType: web
exampleKeyVault:
type: azure:keyvault:KeyVault
name: example
properties:
name: workspaceexamplekeyvault
location: ${example.location}
resourceGroupName: ${example.name}
tenantId: ${current.tenantId}
skuName: premium
purgeProtectionEnabled: true
exampleAccessPolicy:
type: azure:keyvault:AccessPolicy
name: example
properties:
keyVaultId: ${exampleKeyVault.id}
tenantId: ${current.tenantId}
objectId: ${current.objectId}
keyPermissions:
- Create
- Get
- Delete
- Purge
- GetRotationPolicy
exampleAccount:
type: azure:storage:Account
name: example
properties:
name: workspacestorageaccount
location: ${example.location}
resourceGroupName: ${example.name}
accountTier: Standard
accountReplicationType: GRS
exampleKey:
type: azure:keyvault:Key
name: example
properties:
name: workspaceexamplekeyvaultkey
keyVaultId: ${exampleKeyVault.id}
keyType: RSA
keySize: 2048
keyOpts:
- decrypt
- encrypt
- sign
- unwrapKey
- verify
- wrapKey
options:
dependsOn:
- ${exampleKeyVault}
- ${exampleAccessPolicy}
exampleWorkspace:
type: azure:machinelearning:Workspace
name: example
properties:
name: example-workspace
location: ${example.location}
resourceGroupName: ${example.name}
applicationInsightsId: ${exampleInsights.id}
keyVaultId: ${exampleKeyVault.id}
storageAccountId: ${exampleAccount.id}
identity:
type: SystemAssigned
encryption:
keyVaultId: ${exampleKeyVault.id}
keyId: ${exampleKey.id}
variables:
current:
fn::invoke:
function: azure:core:getClientConfig
arguments: {}Content copied to clipboard
With User Assigned Identity And Data Encryption
Note: The Key Vault must enable purge protection.
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as azuread from "@pulumi/azuread";
const current = azure.core.getClientConfig({});
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleInsights = new azure.appinsights.Insights("example", {
name: "example-ai",
location: example.location,
resourceGroupName: example.name,
applicationType: "web",
});
const exampleAccount = new azure.storage.Account("example", {
name: "examplestorageaccount",
location: example.location,
resourceGroupName: example.name,
accountTier: "Standard",
accountReplicationType: "GRS",
});
const exampleKeyVault = new azure.keyvault.KeyVault("example", {
name: "example-keyvalut",
location: example.location,
resourceGroupName: example.name,
tenantId: current.then(current => current.tenantId),
skuName: "premium",
purgeProtectionEnabled: true,
});
const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", {
name: "example-identity",
location: example.location,
resourceGroupName: example.name,
});
const example_identity = new azure.keyvault.AccessPolicy("example-identity", {
keyVaultId: exampleKeyVault.id,
tenantId: current.then(current => current.tenantId),
objectId: exampleUserAssignedIdentity.principalId,
keyPermissions: [
"WrapKey",
"UnwrapKey",
"Get",
"Recover",
],
secretPermissions: [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore",
],
});
const example_sp = new azure.keyvault.AccessPolicy("example-sp", {
keyVaultId: exampleKeyVault.id,
tenantId: current.then(current => current.tenantId),
objectId: current.then(current => current.objectId),
keyPermissions: [
"Get",
"Create",
"Recover",
"Delete",
"Purge",
"GetRotationPolicy",
],
});
const test = azuread.getServicePrincipal({
displayName: "Azure Cosmos DB",
});
const example_cosmosdb = new azure.keyvault.AccessPolicy("example-cosmosdb", {
keyVaultId: exampleKeyVault.id,
tenantId: current.then(current => current.tenantId),
objectId: test.then(test => test.objectId),
keyPermissions: [
"Get",
"Recover",
"UnwrapKey",
"WrapKey",
],
}, {
dependsOn: [
test,
current,
],
});
const exampleKey = new azure.keyvault.Key("example", {
name: "example-keyvaultkey",
keyVaultId: exampleKeyVault.id,
keyType: "RSA",
keySize: 2048,
keyOpts: [
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
],
}, {
dependsOn: [
exampleKeyVault,
example_sp,
],
});
const example_role1 = new azure.authorization.Assignment("example-role1", {
scope: exampleKeyVault.id,
roleDefinitionName: "Contributor",
principalId: exampleUserAssignedIdentity.principalId,
});
const example_role2 = new azure.authorization.Assignment("example-role2", {
scope: exampleAccount.id,
roleDefinitionName: "Storage Blob Data Contributor",
principalId: exampleUserAssignedIdentity.principalId,
});
const example_role3 = new azure.authorization.Assignment("example-role3", {
scope: exampleAccount.id,
roleDefinitionName: "Contributor",
principalId: exampleUserAssignedIdentity.principalId,
});
const example_role4 = new azure.authorization.Assignment("example-role4", {
scope: exampleInsights.id,
roleDefinitionName: "Contributor",
principalId: exampleUserAssignedIdentity.principalId,
});
const exampleWorkspace = new azure.machinelearning.Workspace("example", {
name: "example-workspace",
location: example.location,
resourceGroupName: example.name,
applicationInsightsId: exampleInsights.id,
keyVaultId: exampleKeyVault.id,
storageAccountId: exampleAccount.id,
highBusinessImpact: true,
primaryUserAssignedIdentity: exampleUserAssignedIdentity.id,
identity: {
type: "UserAssigned",
identityIds: [exampleUserAssignedIdentity.id],
},
encryption: {
userAssignedIdentityId: exampleUserAssignedIdentity.id,
keyVaultId: exampleKeyVault.id,
keyId: exampleKey.id,
},
}, {
dependsOn: [
example_role1,
example_role2,
example_role3,
example_role4,
example_cosmosdb,
],
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
import pulumi_azuread as azuread
current = azure.core.get_client_config()
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_insights = azure.appinsights.Insights("example",
name="example-ai",
location=example.location,
resource_group_name=example.name,
application_type="web")
example_account = azure.storage.Account("example",
name="examplestorageaccount",
location=example.location,
resource_group_name=example.name,
account_tier="Standard",
account_replication_type="GRS")
example_key_vault = azure.keyvault.KeyVault("example",
name="example-keyvalut",
location=example.location,
resource_group_name=example.name,
tenant_id=current.tenant_id,
sku_name="premium",
purge_protection_enabled=True)
example_user_assigned_identity = azure.authorization.UserAssignedIdentity("example",
name="example-identity",
location=example.location,
resource_group_name=example.name)
example_identity = azure.keyvault.AccessPolicy("example-identity",
key_vault_id=example_key_vault.id,
tenant_id=current.tenant_id,
object_id=example_user_assigned_identity.principal_id,
key_permissions=[
"WrapKey",
"UnwrapKey",
"Get",
"Recover",
],
secret_permissions=[
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore",
])
example_sp = azure.keyvault.AccessPolicy("example-sp",
key_vault_id=example_key_vault.id,
tenant_id=current.tenant_id,
object_id=current.object_id,
key_permissions=[
"Get",
"Create",
"Recover",
"Delete",
"Purge",
"GetRotationPolicy",
])
test = azuread.get_service_principal(display_name="Azure Cosmos DB")
example_cosmosdb = azure.keyvault.AccessPolicy("example-cosmosdb",
key_vault_id=example_key_vault.id,
tenant_id=current.tenant_id,
object_id=test.object_id,
key_permissions=[
"Get",
"Recover",
"UnwrapKey",
"WrapKey",
],
opts = pulumi.ResourceOptions(depends_on=[
test,
current,
]))
example_key = azure.keyvault.Key("example",
name="example-keyvaultkey",
key_vault_id=example_key_vault.id,
key_type="RSA",
key_size=2048,
key_opts=[
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
],
opts = pulumi.ResourceOptions(depends_on=[
example_key_vault,
example_sp,
]))
example_role1 = azure.authorization.Assignment("example-role1",
scope=example_key_vault.id,
role_definition_name="Contributor",
principal_id=example_user_assigned_identity.principal_id)
example_role2 = azure.authorization.Assignment("example-role2",
scope=example_account.id,
role_definition_name="Storage Blob Data Contributor",
principal_id=example_user_assigned_identity.principal_id)
example_role3 = azure.authorization.Assignment("example-role3",
scope=example_account.id,
role_definition_name="Contributor",
principal_id=example_user_assigned_identity.principal_id)
example_role4 = azure.authorization.Assignment("example-role4",
scope=example_insights.id,
role_definition_name="Contributor",
principal_id=example_user_assigned_identity.principal_id)
example_workspace = azure.machinelearning.Workspace("example",
name="example-workspace",
location=example.location,
resource_group_name=example.name,
application_insights_id=example_insights.id,
key_vault_id=example_key_vault.id,
storage_account_id=example_account.id,
high_business_impact=True,
primary_user_assigned_identity=example_user_assigned_identity.id,
identity={
"type": "UserAssigned",
"identity_ids": [example_user_assigned_identity.id],
},
encryption={
"user_assigned_identity_id": example_user_assigned_identity.id,
"key_vault_id": example_key_vault.id,
"key_id": example_key.id,
},
opts = pulumi.ResourceOptions(depends_on=[
example_role1,
example_role2,
example_role3,
example_role4,
example_cosmosdb,
]))Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var current = Azure.Core.GetClientConfig.Invoke();
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleInsights = new Azure.AppInsights.Insights("example", new()
{
Name = "example-ai",
Location = example.Location,
ResourceGroupName = example.Name,
ApplicationType = "web",
});
var exampleAccount = new Azure.Storage.Account("example", new()
{
Name = "examplestorageaccount",
Location = example.Location,
ResourceGroupName = example.Name,
AccountTier = "Standard",
AccountReplicationType = "GRS",
});
var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
{
Name = "example-keyvalut",
Location = example.Location,
ResourceGroupName = example.Name,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
SkuName = "premium",
PurgeProtectionEnabled = true,
});
var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("example", new()
{
Name = "example-identity",
Location = example.Location,
ResourceGroupName = example.Name,
});
var example_identity = new Azure.KeyVault.AccessPolicy("example-identity", new()
{
KeyVaultId = exampleKeyVault.Id,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
ObjectId = exampleUserAssignedIdentity.PrincipalId,
KeyPermissions = new[]
{
"WrapKey",
"UnwrapKey",
"Get",
"Recover",
},
SecretPermissions = new[]
{
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore",
},
});
var example_sp = new Azure.KeyVault.AccessPolicy("example-sp", new()
{
KeyVaultId = exampleKeyVault.Id,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
KeyPermissions = new[]
{
"Get",
"Create",
"Recover",
"Delete",
"Purge",
"GetRotationPolicy",
},
});
var test = AzureAD.GetServicePrincipal.Invoke(new()
{
DisplayName = "Azure Cosmos DB",
});
var example_cosmosdb = new Azure.KeyVault.AccessPolicy("example-cosmosdb", new()
{
KeyVaultId = exampleKeyVault.Id,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
ObjectId = test.Apply(getServicePrincipalResult => getServicePrincipalResult.ObjectId),
KeyPermissions = new[]
{
"Get",
"Recover",
"UnwrapKey",
"WrapKey",
},
}, new CustomResourceOptions
{
DependsOn =
{
test,
current,
},
});
var exampleKey = new Azure.KeyVault.Key("example", new()
{
Name = "example-keyvaultkey",
KeyVaultId = exampleKeyVault.Id,
KeyType = "RSA",
KeySize = 2048,
KeyOpts = new[]
{
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
},
}, new CustomResourceOptions
{
DependsOn =
{
exampleKeyVault,
example_sp,
},
});
var example_role1 = new Azure.Authorization.Assignment("example-role1", new()
{
Scope = exampleKeyVault.Id,
RoleDefinitionName = "Contributor",
PrincipalId = exampleUserAssignedIdentity.PrincipalId,
});
var example_role2 = new Azure.Authorization.Assignment("example-role2", new()
{
Scope = exampleAccount.Id,
RoleDefinitionName = "Storage Blob Data Contributor",
PrincipalId = exampleUserAssignedIdentity.PrincipalId,
});
var example_role3 = new Azure.Authorization.Assignment("example-role3", new()
{
Scope = exampleAccount.Id,
RoleDefinitionName = "Contributor",
PrincipalId = exampleUserAssignedIdentity.PrincipalId,
});
var example_role4 = new Azure.Authorization.Assignment("example-role4", new()
{
Scope = exampleInsights.Id,
RoleDefinitionName = "Contributor",
PrincipalId = exampleUserAssignedIdentity.PrincipalId,
});
var exampleWorkspace = new Azure.MachineLearning.Workspace("example", new()
{
Name = "example-workspace",
Location = example.Location,
ResourceGroupName = example.Name,
ApplicationInsightsId = exampleInsights.Id,
KeyVaultId = exampleKeyVault.Id,
StorageAccountId = exampleAccount.Id,
HighBusinessImpact = true,
PrimaryUserAssignedIdentity = exampleUserAssignedIdentity.Id,
Identity = new Azure.MachineLearning.Inputs.WorkspaceIdentityArgs
{
Type = "UserAssigned",
IdentityIds = new[]
{
exampleUserAssignedIdentity.Id,
},
},
Encryption = new Azure.MachineLearning.Inputs.WorkspaceEncryptionArgs
{
UserAssignedIdentityId = exampleUserAssignedIdentity.Id,
KeyVaultId = exampleKeyVault.Id,
KeyId = exampleKey.Id,
},
}, new CustomResourceOptions
{
DependsOn =
{
example_role1,
example_role2,
example_role3,
example_role4,
example_cosmosdb,
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/appinsights"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/machinelearning"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/storage"
"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := core.GetClientConfig(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleInsights, err := appinsights.NewInsights(ctx, "example", &appinsights.InsightsArgs{
Name: pulumi.String("example-ai"),
Location: example.Location,
ResourceGroupName: example.Name,
ApplicationType: pulumi.String("web"),
})
if err != nil {
return err
}
exampleAccount, err := storage.NewAccount(ctx, "example", &storage.AccountArgs{
Name: pulumi.String("examplestorageaccount"),
Location: example.Location,
ResourceGroupName: example.Name,
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("GRS"),
})
if err != nil {
return err
}
exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
Name: pulumi.String("example-keyvalut"),
Location: example.Location,
ResourceGroupName: example.Name,
TenantId: pulumi.String(current.TenantId),
SkuName: pulumi.String("premium"),
PurgeProtectionEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{
Name: pulumi.String("example-identity"),
Location: example.Location,
ResourceGroupName: example.Name,
})
if err != nil {
return err
}
_, err = keyvault.NewAccessPolicy(ctx, "example-identity", &keyvault.AccessPolicyArgs{
KeyVaultId: exampleKeyVault.ID(),
TenantId: pulumi.String(current.TenantId),
ObjectId: exampleUserAssignedIdentity.PrincipalId,
KeyPermissions: pulumi.StringArray{
pulumi.String("WrapKey"),
pulumi.String("UnwrapKey"),
pulumi.String("Get"),
pulumi.String("Recover"),
},
SecretPermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("List"),
pulumi.String("Set"),
pulumi.String("Delete"),
pulumi.String("Recover"),
pulumi.String("Backup"),
pulumi.String("Restore"),
},
})
if err != nil {
return err
}
example_sp, err := keyvault.NewAccessPolicy(ctx, "example-sp", &keyvault.AccessPolicyArgs{
KeyVaultId: exampleKeyVault.ID(),
TenantId: pulumi.String(current.TenantId),
ObjectId: pulumi.String(current.ObjectId),
KeyPermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("Create"),
pulumi.String("Recover"),
pulumi.String("Delete"),
pulumi.String("Purge"),
pulumi.String("GetRotationPolicy"),
},
})
if err != nil {
return err
}
test, err := azuread.LookupServicePrincipal(ctx, &azuread.LookupServicePrincipalArgs{
DisplayName: pulumi.StringRef("Azure Cosmos DB"),
}, nil)
if err != nil {
return err
}
example_cosmosdb, err := keyvault.NewAccessPolicy(ctx, "example-cosmosdb", &keyvault.AccessPolicyArgs{
KeyVaultId: exampleKeyVault.ID(),
TenantId: pulumi.String(current.TenantId),
ObjectId: pulumi.String(test.ObjectId),
KeyPermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("Recover"),
pulumi.String("UnwrapKey"),
pulumi.String("WrapKey"),
},
}, pulumi.DependsOn([]pulumi.Resource{
test,
current,
}))
if err != nil {
return err
}
exampleKey, err := keyvault.NewKey(ctx, "example", &keyvault.KeyArgs{
Name: pulumi.String("example-keyvaultkey"),
KeyVaultId: exampleKeyVault.ID(),
KeyType: pulumi.String("RSA"),
KeySize: pulumi.Int(2048),
KeyOpts: pulumi.StringArray{
pulumi.String("decrypt"),
pulumi.String("encrypt"),
pulumi.String("sign"),
pulumi.String("unwrapKey"),
pulumi.String("verify"),
pulumi.String("wrapKey"),
},
}, pulumi.DependsOn([]pulumi.Resource{
exampleKeyVault,
example_sp,
}))
if err != nil {
return err
}
example_role1, err := authorization.NewAssignment(ctx, "example-role1", &authorization.AssignmentArgs{
Scope: exampleKeyVault.ID(),
RoleDefinitionName: pulumi.String("Contributor"),
PrincipalId: exampleUserAssignedIdentity.PrincipalId,
})
if err != nil {
return err
}
example_role2, err := authorization.NewAssignment(ctx, "example-role2", &authorization.AssignmentArgs{
Scope: exampleAccount.ID(),
RoleDefinitionName: pulumi.String("Storage Blob Data Contributor"),
PrincipalId: exampleUserAssignedIdentity.PrincipalId,
})
if err != nil {
return err
}
example_role3, err := authorization.NewAssignment(ctx, "example-role3", &authorization.AssignmentArgs{
Scope: exampleAccount.ID(),
RoleDefinitionName: pulumi.String("Contributor"),
PrincipalId: exampleUserAssignedIdentity.PrincipalId,
})
if err != nil {
return err
}
example_role4, err := authorization.NewAssignment(ctx, "example-role4", &authorization.AssignmentArgs{
Scope: exampleInsights.ID(),
RoleDefinitionName: pulumi.String("Contributor"),
PrincipalId: exampleUserAssignedIdentity.PrincipalId,
})
if err != nil {
return err
}
_, err = machinelearning.NewWorkspace(ctx, "example", &machinelearning.WorkspaceArgs{
Name: pulumi.String("example-workspace"),
Location: example.Location,
ResourceGroupName: example.Name,
ApplicationInsightsId: exampleInsights.ID(),
KeyVaultId: exampleKeyVault.ID(),
StorageAccountId: exampleAccount.ID(),
HighBusinessImpact: pulumi.Bool(true),
PrimaryUserAssignedIdentity: exampleUserAssignedIdentity.ID(),
Identity: &machinelearning.WorkspaceIdentityArgs{
Type: pulumi.String("UserAssigned"),
IdentityIds: pulumi.StringArray{
exampleUserAssignedIdentity.ID(),
},
},
Encryption: &machinelearning.WorkspaceEncryptionArgs{
UserAssignedIdentityId: exampleUserAssignedIdentity.ID(),
KeyVaultId: exampleKeyVault.ID(),
KeyId: exampleKey.ID(),
},
}, pulumi.DependsOn([]pulumi.Resource{
example_role1,
example_role2,
example_role3,
example_role4,
example_cosmosdb,
}))
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.appinsights.Insights;
import com.pulumi.azure.appinsights.InsightsArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.authorization.UserAssignedIdentity;
import com.pulumi.azure.authorization.UserAssignedIdentityArgs;
import com.pulumi.azure.keyvault.AccessPolicy;
import com.pulumi.azure.keyvault.AccessPolicyArgs;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.inputs.GetServicePrincipalArgs;
import com.pulumi.azure.keyvault.Key;
import com.pulumi.azure.keyvault.KeyArgs;
import com.pulumi.azure.authorization.Assignment;
import com.pulumi.azure.authorization.AssignmentArgs;
import com.pulumi.azure.machinelearning.Workspace;
import com.pulumi.azure.machinelearning.WorkspaceArgs;
import com.pulumi.azure.machinelearning.inputs.WorkspaceIdentityArgs;
import com.pulumi.azure.machinelearning.inputs.WorkspaceEncryptionArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = CoreFunctions.getClientConfig(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleInsights = new Insights("exampleInsights", InsightsArgs.builder()
.name("example-ai")
.location(example.location())
.resourceGroupName(example.name())
.applicationType("web")
.build());
var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
.name("examplestorageaccount")
.location(example.location())
.resourceGroupName(example.name())
.accountTier("Standard")
.accountReplicationType("GRS")
.build());
var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
.name("example-keyvalut")
.location(example.location())
.resourceGroupName(example.name())
.tenantId(current.tenantId())
.skuName("premium")
.purgeProtectionEnabled(true)
.build());
var exampleUserAssignedIdentity = new UserAssignedIdentity("exampleUserAssignedIdentity", UserAssignedIdentityArgs.builder()
.name("example-identity")
.location(example.location())
.resourceGroupName(example.name())
.build());
var example_identity = new AccessPolicy("example-identity", AccessPolicyArgs.builder()
.keyVaultId(exampleKeyVault.id())
.tenantId(current.tenantId())
.objectId(exampleUserAssignedIdentity.principalId())
.keyPermissions(
"WrapKey",
"UnwrapKey",
"Get",
"Recover")
.secretPermissions(
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore")
.build());
var example_sp = new AccessPolicy("example-sp", AccessPolicyArgs.builder()
.keyVaultId(exampleKeyVault.id())
.tenantId(current.tenantId())
.objectId(current.objectId())
.keyPermissions(
"Get",
"Create",
"Recover",
"Delete",
"Purge",
"GetRotationPolicy")
.build());
final var test = AzureadFunctions.getServicePrincipal(GetServicePrincipalArgs.builder()
.displayName("Azure Cosmos DB")
.build());
var example_cosmosdb = new AccessPolicy("example-cosmosdb", AccessPolicyArgs.builder()
.keyVaultId(exampleKeyVault.id())
.tenantId(current.tenantId())
.objectId(test.objectId())
.keyPermissions(
"Get",
"Recover",
"UnwrapKey",
"WrapKey")
.build(), CustomResourceOptions.builder()
.dependsOn(
test,
current)
.build());
var exampleKey = new Key("exampleKey", KeyArgs.builder()
.name("example-keyvaultkey")
.keyVaultId(exampleKeyVault.id())
.keyType("RSA")
.keySize(2048)
.keyOpts(
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey")
.build(), CustomResourceOptions.builder()
.dependsOn(
exampleKeyVault,
example_sp)
.build());
var example_role1 = new Assignment("example-role1", AssignmentArgs.builder()
.scope(exampleKeyVault.id())
.roleDefinitionName("Contributor")
.principalId(exampleUserAssignedIdentity.principalId())
.build());
var example_role2 = new Assignment("example-role2", AssignmentArgs.builder()
.scope(exampleAccount.id())
.roleDefinitionName("Storage Blob Data Contributor")
.principalId(exampleUserAssignedIdentity.principalId())
.build());
var example_role3 = new Assignment("example-role3", AssignmentArgs.builder()
.scope(exampleAccount.id())
.roleDefinitionName("Contributor")
.principalId(exampleUserAssignedIdentity.principalId())
.build());
var example_role4 = new Assignment("example-role4", AssignmentArgs.builder()
.scope(exampleInsights.id())
.roleDefinitionName("Contributor")
.principalId(exampleUserAssignedIdentity.principalId())
.build());
var exampleWorkspace = new Workspace("exampleWorkspace", WorkspaceArgs.builder()
.name("example-workspace")
.location(example.location())
.resourceGroupName(example.name())
.applicationInsightsId(exampleInsights.id())
.keyVaultId(exampleKeyVault.id())
.storageAccountId(exampleAccount.id())
.highBusinessImpact(true)
.primaryUserAssignedIdentity(exampleUserAssignedIdentity.id())
.identity(WorkspaceIdentityArgs.builder()
.type("UserAssigned")
.identityIds(exampleUserAssignedIdentity.id())
.build())
.encryption(WorkspaceEncryptionArgs.builder()
.userAssignedIdentityId(exampleUserAssignedIdentity.id())
.keyVaultId(exampleKeyVault.id())
.keyId(exampleKey.id())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(
example_role1,
example_role2,
example_role3,
example_role4,
example_cosmosdb)
.build());
}
}Content copied to clipboard
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleInsights:
type: azure:appinsights:Insights
name: example
properties:
name: example-ai
location: ${example.location}
resourceGroupName: ${example.name}
applicationType: web
exampleAccount:
type: azure:storage:Account
name: example
properties:
name: examplestorageaccount
location: ${example.location}
resourceGroupName: ${example.name}
accountTier: Standard
accountReplicationType: GRS
exampleKeyVault:
type: azure:keyvault:KeyVault
name: example
properties:
name: example-keyvalut
location: ${example.location}
resourceGroupName: ${example.name}
tenantId: ${current.tenantId}
skuName: premium
purgeProtectionEnabled: true
exampleUserAssignedIdentity:
type: azure:authorization:UserAssignedIdentity
name: example
properties:
name: example-identity
location: ${example.location}
resourceGroupName: ${example.name}
example-identity:
type: azure:keyvault:AccessPolicy
properties:
keyVaultId: ${exampleKeyVault.id}
tenantId: ${current.tenantId}
objectId: ${exampleUserAssignedIdentity.principalId}
keyPermissions:
- WrapKey
- UnwrapKey
- Get
- Recover
secretPermissions:
- Get
- List
- Set
- Delete
- Recover
- Backup
- Restore
example-sp:
type: azure:keyvault:AccessPolicy
properties:
keyVaultId: ${exampleKeyVault.id}
tenantId: ${current.tenantId}
objectId: ${current.objectId}
keyPermissions:
- Get
- Create
- Recover
- Delete
- Purge
- GetRotationPolicy
example-cosmosdb:
type: azure:keyvault:AccessPolicy
properties:
keyVaultId: ${exampleKeyVault.id}
tenantId: ${current.tenantId}
objectId: ${test.objectId}
keyPermissions:
- Get
- Recover
- UnwrapKey
- WrapKey
options:
dependsOn:
- ${test}
- ${current}
exampleKey:
type: azure:keyvault:Key
name: example
properties:
name: example-keyvaultkey
keyVaultId: ${exampleKeyVault.id}
keyType: RSA
keySize: 2048
keyOpts:
- decrypt
- encrypt
- sign
- unwrapKey
- verify
- wrapKey
options:
dependsOn:
- ${exampleKeyVault}
- ${["example-sp"]}
example-role1:
type: azure:authorization:Assignment
properties:
scope: ${exampleKeyVault.id}
roleDefinitionName: Contributor
principalId: ${exampleUserAssignedIdentity.principalId}
example-role2:
type: azure:authorization:Assignment
properties:
scope: ${exampleAccount.id}
roleDefinitionName: Storage Blob Data Contributor
principalId: ${exampleUserAssignedIdentity.principalId}
example-role3:
type: azure:authorization:Assignment
properties:
scope: ${exampleAccount.id}
roleDefinitionName: Contributor
principalId: ${exampleUserAssignedIdentity.principalId}
example-role4:
type: azure:authorization:Assignment
properties:
scope: ${exampleInsights.id}
roleDefinitionName: Contributor
principalId: ${exampleUserAssignedIdentity.principalId}
exampleWorkspace:
type: azure:machinelearning:Workspace
name: example
properties:
name: example-workspace
location: ${example.location}
resourceGroupName: ${example.name}
applicationInsightsId: ${exampleInsights.id}
keyVaultId: ${exampleKeyVault.id}
storageAccountId: ${exampleAccount.id}
highBusinessImpact: true
primaryUserAssignedIdentity: ${exampleUserAssignedIdentity.id}
identity:
type: UserAssigned
identityIds:
- ${exampleUserAssignedIdentity.id}
encryption:
userAssignedIdentityId: ${exampleUserAssignedIdentity.id}
keyVaultId: ${exampleKeyVault.id}
keyId: ${exampleKey.id}
options:
dependsOn:
- ${["example-role1"]}
- ${["example-role2"]}
- ${["example-role3"]}
- ${["example-role4"]}
- ${["example-cosmosdb"]}
variables:
current:
fn::invoke:
function: azure:core:getClientConfig
arguments: {}
test:
fn::invoke:
function: azuread:getServicePrincipal
arguments:
displayName: Azure Cosmos DBContent copied to clipboard
API Providers
This resource uses the following Azure API Providers:
Microsoft.MachineLearningServices: 2024-04-01
Import
Machine Learning Workspace can be imported using the resource id, e.g.
$ pulumi import azure:machinelearning/workspace:Workspace example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.MachineLearningServices/workspaces/workspace1Content copied to clipboard
Properties
Link copied to clipboard
The ID of the Application Insights associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
Link copied to clipboard
The ID of the container registry associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
Link copied to clipboard
The description of this Machine Learning Workspace.
Link copied to clipboard
The url for the discovery service to identify regional endpoints for machine learning experimentation services.
Link copied to clipboard
An encryption block as defined below. Changing this forces a new resource to be created.
Link copied to clipboard
A feature_store block as defined below.
Link copied to clipboard
Display name for this Machine Learning Workspace.
Link copied to clipboard
Flag to signal High Business Impact (HBI) data in the workspace and reduce diagnostic data collected by the service. Changing this forces a new resource to be created.
Link copied to clipboard
An identity block as defined below.
Link copied to clipboard
The compute name for image build of the Machine Learning Workspace.
Link copied to clipboard
The ID of key vault associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
Link copied to clipboard
A managed_network block as defined below.
Link copied to clipboard
The user assigned identity id that represents the workspace identity.
Link copied to clipboard
Enable public access when this Machine Learning Workspace is behind VNet. Defaults to true.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Specifies the name of the Resource Group in which the Machine Learning Workspace should exist. Changing this forces a new resource to be created.
Link copied to clipboard
A serverless_compute block as defined below.
Link copied to clipboard
The ID of the Storage Account associated with this Machine Learning Workspace. Changing this forces a new resource to be created.
Link copied to clipboard
Enable V1 API features, enabling v1_legacy_mode may prevent you from using features provided by the v2 API. Defaults to false.
Link copied to clipboard
The immutable id associated with this workspace.