Bicep Module Documentation
← Back to Overview
Module databricks-workspace
databricksWorkspace
| Property | Value | Description |
|---|---|---|
| general (required) | general | |
| skuName (required) | 'premium' 'standard' 'trial' |
The SKU of the resource. |
| managedResourceGroupName (required) | string | The managed resource group Name. (should not be created before deploying Databricks) |
| parameters | parameters | The workspaces custom parameters. |
| publicNetworkAccess | 'Disabled' 'Enabled' |
The network access type for accessing workspace. Set value to disabled to access workspace only via private link. |
| requiredNsgRules | 'AllRules' 'NoAzureDatabricksRules' |
Gets or sets a value indicating whether data plane (clusters) to control plane communication happen over private endpoint. Supported values are AllRules and NoAzureDatabricksRules. |
| privateLinkUiApi | privateLink | Settings for the private endpoint and private link for this resource [databricks_ui_api]. |
| privateLinkBrowserAuthentication | privateLink | Settings for the private endpoint and private link for this resource [browser_authentication]. |
amlWorkspaceId
| Property | Value | Description |
|---|---|---|
| value (required) | string | The value which should be used for this field. |
customPrivateSubnetName
| Property | Value | Description |
|---|---|---|
| value (required) | string | The value which should be used for this field. |
customPublicSubnetName
| Property | Value | Description |
|---|---|---|
| value (required) | string | The value which should be used for this field. |
customVirtualNetworkId
| Property | Value | Description |
|---|---|---|
| value (required) | string | The value which should be used for this field. |
enableNoPublicIp
| Property | Value | Description |
|---|---|---|
| value (required) | bool | The value which should be used for this field. |
loadBalancerBackendPoolName
| Property | Value | Description |
|---|---|---|
| value (required) | string | The value which should be used for this field. |
loadBalancerId
| Property | Value | Description |
|---|---|---|
| value (required) | string | The value which should be used for this field. |
natGatewayName
| Property | Value | Description |
|---|---|---|
| value (required) | string | The value which should be used for this field. |
prepareEncryption
| Property | Value | Description |
|---|---|---|
| value (required) | bool | The value which should be used for this field. |
publicIpName
| Property | Value | Description |
|---|---|---|
| value (required) | string | The value which should be used for this field. |
requireInfrastructureEncryption
| Property | Value | Description |
|---|---|---|
| value (required) | bool | The value which should be used for this field. |
storageAccountName
| Property | Value | Description |
|---|---|---|
| value (required) | string | The value which should be used for this field. |
storageAccountSkuName
| Property | Value | Description |
|---|---|---|
| value (required) | string | The value which should be used for this field. |
vnetAddressPrefix
| Property | Value | Description |
|---|---|---|
| value (required) | string | The value which should be used for this field. |
parameters
| Property | Value | Description |
|---|---|---|
| amlWorkspaceId | amlWorkspaceId | The ID of a Azure Machine Learning workspace to link with Databricks workspace |
| customPrivateSubnetName | customPrivateSubnetName | The name of the Private Subnet within the Virtual Network |
| customPublicSubnetName | customPublicSubnetName | The name of a Public Subnet within the Virtual Network |
| customVirtualNetworkId | customVirtualNetworkId | The ID of a Virtual Network where this Databricks Cluster should be created |
| enableNoPublicIp | enableNoPublicIp | Boolean indicating whether the public IP should be disabled. Default value is true |
| loadBalancerBackendPoolName | loadBalancerBackendPoolName | Name of the outbound Load Balancer Backend Pool for Secure Cluster Connectivity (No Public IP). |
| loadBalancerId | loadBalancerId | Resource URI of Outbound Load balancer for Secure Cluster Connectivity (No Public IP) workspace. |
| natGatewayName | natGatewayName | Name of the NAT gateway for Secure Cluster Connectivity (No Public IP) workspace subnets. |
| prepareEncryption | prepareEncryption | Prepare the workspace for encryption. Enables the Managed Identity for managed storage account. |
| publicIpName | publicIpName | Name of the Public IP for No Public IP workspace with managed vNet. |
| requireInfrastructureEncryption | requireInfrastructureEncryption | A boolean indicating whether or not the DBFS root file system will be enabled with secondary layer of encryption with platform managed keys for data at rest. |
| storageAccountName | storageAccountName | Default DBFS storage account name. |
| storageAccountSkuName | storageAccountSkuName | Storage account SKU name, ex: Standard_GRS, Standard_LRS. Refer https://aka.ms/storageskus for valid inputs. |
| vnetAddressPrefix | vnetAddressPrefix | Address prefix for Managed virtual network. Default value for this input is 10.139. |
naming
| Property | Value | Description |
|---|---|---|
| forceFunctionAsFullName | bool | Use the function value as the full name of the resource |
| abbreviation | string | Override the abbreviation of this resource with this parameter |
| environment | string | The resource environment (for example: dev, tst, acc, prd) |
| location | string | The resource location (for example: weu, we, westeurope) |
| customer | string | The name of the customer |
| delimiter | string | The delimiter between resources (default: -) |
| nameFormat | Array containing any of: 'abbreviation' 'customer' 'environment' 'function' 'location' 'param1' 'param2' 'param3' 'useCaseName' |
The order of the array defines the order of elements in the naming scheme |
| param1 | string | Extra parameter self defined |
| param2 | string | Extra parameter self defined |
| param3 | string | Extra parameter self defined |
| function (required) | string | Function of the resource [can be app, db, security,...] |
| useCaseName | string | Name of the use case [can be hub, spoke,...] |
| suffix | string | Suffix for the resource, if empty non will be appended, otherwise will be added to the end [can be index, ...] |
| forceDefaultNaming | bool | Force the CAF naming instead of default company naming |
resourceLock
| Property | Value | Description |
|---|---|---|
| name | string | Character limit: 1-90. Valid characters: Alphanumerics, periods, underscores, hyphens, and parenthesis. Can't end in period. |
| level (required) | 'CanNotDelete' 'ReadOnly' |
The level of the lock. Possible values are: CanNotDelete and ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. Read-Only locks must be commented to be able to deploy again |
| notes | string | Notes about the lock. Maximum of 512 characters. |
| owners | resourceLockOwner[] | The owners of the lock |
resourceLockOwner
| Property | Value | Description |
|---|---|---|
| applicationId (required) | string | The application ID of the lock owner. |
roleAssignment
| Property | Value | Description |
|---|---|---|
| principalId (required) | string | The principal ID |
| roleDefinitionId (required) | string | The role definition ID, data file can be used for this |
| condition | string | Condition on the role assignment |
| conditionVersion | string | Version of the condition. Currently the only accepted value is "2.0" |
| delegatedManagedIdentityResourceId | string | Id of the delegated managed identity resource |
| description | string | Description of role assignment |
general
| Property | Value | Description |
|---|---|---|
| tags | object | Tags of the resource [hashtable] |
| location (required) | string | Location of the resource |
| naming (required) | naming | Naming module of the resource |
| resourceGroupName (required) | string | Name of the resource group where the resource should be located |
| sharedNaming (required) | naming | Reference to the default naming |
| roleAssignments | roleAssignment[] | Role assignments on the resource |
| resourceLocks | resourceLock[] | Resource Locks on the resource |
privateLink
| Property | Value | Description |
|---|---|---|
| pepNaming | naming | Name of the private endpoint |
| nicNaming | naming | Name of the network interface of the private endpoint |
| privateLinkNaming | naming | Name of the private link connection |
| subnets (required) | subnets[] | Id of the subnets and optionally the name of the resourcegroup in which the private endpoint should be created |
| dnsZoneIds (required) | string[] | List of DNS zone ids that need to be linked |
subnets
| Property | Value | Description |
|---|---|---|
| resourceGroupName | string | Resourcegroup (default: resourcegroup defined here => resourceGroup of pep resource => resourceGroup of subnet) |
| id (required) | string | Id of the subnet |
| location | string | Location if Vnet is in different location |
Changelog
2.2.0 (2025-12-01)
Features
- add private endpoints
2.1.2 (2025-09-24)
Bug Fixes
- remove deployment name + cleanup
2.1.1 (2025-04-11)
Bug Fixes
- naming connected resources when forceFunctionAsFullName or forceDefaultNaming is true
2.1.0 (2025-03-26)
Features
- add resourceName output
2.0.0 (2025-03-17)
⚠ BREAKING CHANGES
- remove role-assignment principalType parameter
Features
- remove role-assignment principalType parameter
1.0.0 (2025-02-11)
⚠ BREAKING CHANGES
- add initial version
Features
- add initial version