Azure v6.28.0, Oct 3 25

We recommend using Azure Native.

Azure v6.28.0 published on Friday, Oct 3, 2025 by Pulumi

pulumi/pulumi-azure

azure.databricks.Workspace

We recommend using Azure Native.

Azure v6.28.0 published on Friday, Oct 3, 2025 by Pulumi

pulumi/pulumi-azure

Import

Databrick Workspaces can be imported using the resource id, e.g.

$ pulumi import azure:databricks/workspace:Workspace workspace1 /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Databricks/workspaces/workspace1

Create Workspace Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Workspace(name: string, args: WorkspaceArgs, opts?: CustomResourceOptions);

@overload
def Workspace(resource_name: str,
              args: WorkspaceArgs,
              opts: Optional[ResourceOptions] = None)

@overload
def Workspace(resource_name: str,
              opts: Optional[ResourceOptions] = None,
              resource_group_name: Optional[str] = None,
              sku: Optional[str] = None,
              managed_disk_cmk_rotation_to_latest_version_enabled: Optional[bool] = None,
              managed_resource_group_name: Optional[str] = None,
              enhanced_security_compliance: Optional[WorkspaceEnhancedSecurityComplianceArgs] = None,
              infrastructure_encryption_enabled: Optional[bool] = None,
              load_balancer_backend_address_pool_id: Optional[str] = None,
              location: Optional[str] = None,
              managed_disk_cmk_key_vault_id: Optional[str] = None,
              managed_disk_cmk_key_vault_key_id: Optional[str] = None,
              access_connector_id: Optional[str] = None,
              default_storage_firewall_enabled: Optional[bool] = None,
              managed_services_cmk_key_vault_id: Optional[str] = None,
              managed_services_cmk_key_vault_key_id: Optional[str] = None,
              name: Optional[str] = None,
              network_security_group_rules_required: Optional[str] = None,
              public_network_access_enabled: Optional[bool] = None,
              customer_managed_key_enabled: Optional[bool] = None,
              custom_parameters: Optional[WorkspaceCustomParametersArgs] = None,
              tags: Optional[Mapping[str, str]] = None)

func NewWorkspace(ctx *Context, name string, args WorkspaceArgs, opts ...ResourceOption) (*Workspace, error)

public Workspace(string name, WorkspaceArgs args, CustomResourceOptions? opts = null)

public Workspace(String name, WorkspaceArgs args)
public Workspace(String name, WorkspaceArgs args, CustomResourceOptions options)

type: azure:databricks:Workspace
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args WorkspaceArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args WorkspaceArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args WorkspaceArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args WorkspaceArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args WorkspaceArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var azureWorkspaceResource = new Azure.DataBricks.Workspace("azureWorkspaceResource", new()
{
    ResourceGroupName = "string",
    Sku = "string",
    ManagedDiskCmkRotationToLatestVersionEnabled = false,
    ManagedResourceGroupName = "string",
    EnhancedSecurityCompliance = new Azure.DataBricks.Inputs.WorkspaceEnhancedSecurityComplianceArgs
    {
        AutomaticClusterUpdateEnabled = false,
        ComplianceSecurityProfileEnabled = false,
        ComplianceSecurityProfileStandards = new[]
        {
            "string",
        },
        EnhancedSecurityMonitoringEnabled = false,
    },
    InfrastructureEncryptionEnabled = false,
    LoadBalancerBackendAddressPoolId = "string",
    Location = "string",
    ManagedDiskCmkKeyVaultId = "string",
    ManagedDiskCmkKeyVaultKeyId = "string",
    AccessConnectorId = "string",
    DefaultStorageFirewallEnabled = false,
    ManagedServicesCmkKeyVaultId = "string",
    ManagedServicesCmkKeyVaultKeyId = "string",
    Name = "string",
    NetworkSecurityGroupRulesRequired = "string",
    PublicNetworkAccessEnabled = false,
    CustomerManagedKeyEnabled = false,
    CustomParameters = new Azure.DataBricks.Inputs.WorkspaceCustomParametersArgs
    {
        MachineLearningWorkspaceId = "string",
        NatGatewayName = "string",
        NoPublicIp = false,
        PrivateSubnetName = "string",
        PrivateSubnetNetworkSecurityGroupAssociationId = "string",
        PublicIpName = "string",
        PublicSubnetName = "string",
        PublicSubnetNetworkSecurityGroupAssociationId = "string",
        StorageAccountName = "string",
        StorageAccountSkuName = "string",
        VirtualNetworkId = "string",
        VnetAddressPrefix = "string",
    },
    Tags = 
    {
        { "string", "string" },
    },
});

example, err := databricks.NewWorkspace(ctx, "azureWorkspaceResource", &databricks.WorkspaceArgs{
	ResourceGroupName: pulumi.String("string"),
	Sku:               pulumi.String("string"),
	ManagedDiskCmkRotationToLatestVersionEnabled: pulumi.Bool(false),
	ManagedResourceGroupName:                     pulumi.String("string"),
	EnhancedSecurityCompliance: &databricks.WorkspaceEnhancedSecurityComplianceArgs{
		AutomaticClusterUpdateEnabled:    pulumi.Bool(false),
		ComplianceSecurityProfileEnabled: pulumi.Bool(false),
		ComplianceSecurityProfileStandards: pulumi.StringArray{
			pulumi.String("string"),
		},
		EnhancedSecurityMonitoringEnabled: pulumi.Bool(false),
	},
	InfrastructureEncryptionEnabled:   pulumi.Bool(false),
	LoadBalancerBackendAddressPoolId:  pulumi.String("string"),
	Location:                          pulumi.String("string"),
	ManagedDiskCmkKeyVaultId:          pulumi.String("string"),
	ManagedDiskCmkKeyVaultKeyId:       pulumi.String("string"),
	AccessConnectorId:                 pulumi.String("string"),
	DefaultStorageFirewallEnabled:     pulumi.Bool(false),
	ManagedServicesCmkKeyVaultId:      pulumi.String("string"),
	ManagedServicesCmkKeyVaultKeyId:   pulumi.String("string"),
	Name:                              pulumi.String("string"),
	NetworkSecurityGroupRulesRequired: pulumi.String("string"),
	PublicNetworkAccessEnabled:        pulumi.Bool(false),
	CustomerManagedKeyEnabled:         pulumi.Bool(false),
	CustomParameters: &databricks.WorkspaceCustomParametersArgs{
		MachineLearningWorkspaceId: pulumi.String("string"),
		NatGatewayName:             pulumi.String("string"),
		NoPublicIp:                 pulumi.Bool(false),
		PrivateSubnetName:          pulumi.String("string"),
		PrivateSubnetNetworkSecurityGroupAssociationId: pulumi.String("string"),
		PublicIpName:     pulumi.String("string"),
		PublicSubnetName: pulumi.String("string"),
		PublicSubnetNetworkSecurityGroupAssociationId: pulumi.String("string"),
		StorageAccountName:                            pulumi.String("string"),
		StorageAccountSkuName:                         pulumi.String("string"),
		VirtualNetworkId:                              pulumi.String("string"),
		VnetAddressPrefix:                             pulumi.String("string"),
	},
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
})

var azureWorkspaceResource = new com.pulumi.azure.databricks.Workspace("azureWorkspaceResource", com.pulumi.azure.databricks.WorkspaceArgs.builder()
    .resourceGroupName("string")
    .sku("string")
    .managedDiskCmkRotationToLatestVersionEnabled(false)
    .managedResourceGroupName("string")
    .enhancedSecurityCompliance(WorkspaceEnhancedSecurityComplianceArgs.builder()
        .automaticClusterUpdateEnabled(false)
        .complianceSecurityProfileEnabled(false)
        .complianceSecurityProfileStandards("string")
        .enhancedSecurityMonitoringEnabled(false)
        .build())
    .infrastructureEncryptionEnabled(false)
    .loadBalancerBackendAddressPoolId("string")
    .location("string")
    .managedDiskCmkKeyVaultId("string")
    .managedDiskCmkKeyVaultKeyId("string")
    .accessConnectorId("string")
    .defaultStorageFirewallEnabled(false)
    .managedServicesCmkKeyVaultId("string")
    .managedServicesCmkKeyVaultKeyId("string")
    .name("string")
    .networkSecurityGroupRulesRequired("string")
    .publicNetworkAccessEnabled(false)
    .customerManagedKeyEnabled(false)
    .customParameters(WorkspaceCustomParametersArgs.builder()
        .machineLearningWorkspaceId("string")
        .natGatewayName("string")
        .noPublicIp(false)
        .privateSubnetName("string")
        .privateSubnetNetworkSecurityGroupAssociationId("string")
        .publicIpName("string")
        .publicSubnetName("string")
        .publicSubnetNetworkSecurityGroupAssociationId("string")
        .storageAccountName("string")
        .storageAccountSkuName("string")
        .virtualNetworkId("string")
        .vnetAddressPrefix("string")
        .build())
    .tags(Map.of("string", "string"))
    .build());

azure_workspace_resource = azure.databricks.Workspace("azureWorkspaceResource",
    resource_group_name="string",
    sku="string",
    managed_disk_cmk_rotation_to_latest_version_enabled=False,
    managed_resource_group_name="string",
    enhanced_security_compliance={
        "automatic_cluster_update_enabled": False,
        "compliance_security_profile_enabled": False,
        "compliance_security_profile_standards": ["string"],
        "enhanced_security_monitoring_enabled": False,
    },
    infrastructure_encryption_enabled=False,
    load_balancer_backend_address_pool_id="string",
    location="string",
    managed_disk_cmk_key_vault_id="string",
    managed_disk_cmk_key_vault_key_id="string",
    access_connector_id="string",
    default_storage_firewall_enabled=False,
    managed_services_cmk_key_vault_id="string",
    managed_services_cmk_key_vault_key_id="string",
    name="string",
    network_security_group_rules_required="string",
    public_network_access_enabled=False,
    customer_managed_key_enabled=False,
    custom_parameters={
        "machine_learning_workspace_id": "string",
        "nat_gateway_name": "string",
        "no_public_ip": False,
        "private_subnet_name": "string",
        "private_subnet_network_security_group_association_id": "string",
        "public_ip_name": "string",
        "public_subnet_name": "string",
        "public_subnet_network_security_group_association_id": "string",
        "storage_account_name": "string",
        "storage_account_sku_name": "string",
        "virtual_network_id": "string",
        "vnet_address_prefix": "string",
    },
    tags={
        "string": "string",
    })

const azureWorkspaceResource = new azure.databricks.Workspace("azureWorkspaceResource", {
    resourceGroupName: "string",
    sku: "string",
    managedDiskCmkRotationToLatestVersionEnabled: false,
    managedResourceGroupName: "string",
    enhancedSecurityCompliance: {
        automaticClusterUpdateEnabled: false,
        complianceSecurityProfileEnabled: false,
        complianceSecurityProfileStandards: ["string"],
        enhancedSecurityMonitoringEnabled: false,
    },
    infrastructureEncryptionEnabled: false,
    loadBalancerBackendAddressPoolId: "string",
    location: "string",
    managedDiskCmkKeyVaultId: "string",
    managedDiskCmkKeyVaultKeyId: "string",
    accessConnectorId: "string",
    defaultStorageFirewallEnabled: false,
    managedServicesCmkKeyVaultId: "string",
    managedServicesCmkKeyVaultKeyId: "string",
    name: "string",
    networkSecurityGroupRulesRequired: "string",
    publicNetworkAccessEnabled: false,
    customerManagedKeyEnabled: false,
    customParameters: {
        machineLearningWorkspaceId: "string",
        natGatewayName: "string",
        noPublicIp: false,
        privateSubnetName: "string",
        privateSubnetNetworkSecurityGroupAssociationId: "string",
        publicIpName: "string",
        publicSubnetName: "string",
        publicSubnetNetworkSecurityGroupAssociationId: "string",
        storageAccountName: "string",
        storageAccountSkuName: "string",
        virtualNetworkId: "string",
        vnetAddressPrefix: "string",
    },
    tags: {
        string: "string",
    },
});

type: azure:databricks:Workspace
properties:
    accessConnectorId: string
    customParameters:
        machineLearningWorkspaceId: string
        natGatewayName: string
        noPublicIp: false
        privateSubnetName: string
        privateSubnetNetworkSecurityGroupAssociationId: string
        publicIpName: string
        publicSubnetName: string
        publicSubnetNetworkSecurityGroupAssociationId: string
        storageAccountName: string
        storageAccountSkuName: string
        virtualNetworkId: string
        vnetAddressPrefix: string
    customerManagedKeyEnabled: false
    defaultStorageFirewallEnabled: false
    enhancedSecurityCompliance:
        automaticClusterUpdateEnabled: false
        complianceSecurityProfileEnabled: false
        complianceSecurityProfileStandards:
            - string
        enhancedSecurityMonitoringEnabled: false
    infrastructureEncryptionEnabled: false
    loadBalancerBackendAddressPoolId: string
    location: string
    managedDiskCmkKeyVaultId: string
    managedDiskCmkKeyVaultKeyId: string
    managedDiskCmkRotationToLatestVersionEnabled: false
    managedResourceGroupName: string
    managedServicesCmkKeyVaultId: string
    managedServicesCmkKeyVaultKeyId: string
    name: string
    networkSecurityGroupRulesRequired: string
    publicNetworkAccessEnabled: false
    resourceGroupName: string
    sku: string
    tags:
        string: string

Workspace Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Workspace resource accepts the following input properties:

ResourceGroupName string: The name of the Resource Group in which the Databricks Workspace should exist. Changing this forces a new resource to be created.
Sku string: The sku to use for the Databricks Workspace. Possible values are standard, premium, or trial.
Note: Downgrading to a trial sku from a standard or premium sku will force a new resource to be created.
AccessConnectorId string: Access Connector ID to use when default storage account firewall is enabled.
Note: The access_connector_id field is only required if default_storage_firewall_enabled is set to true.
CustomParameters WorkspaceCustomParameters: A custom_parameters block as documented below.
CustomerManagedKeyEnabled bool: Is the workspace enabled for customer managed key encryption? If true this enables the Managed Identity for the managed storage account. Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium.
DefaultStorageFirewallEnabled bool: Disallow public access to default storage account. Defaults to false.
EnhancedSecurityCompliance WorkspaceEnhancedSecurityCompliance: An enhanced_security_compliance block as documented below. This feature is only valid if sku is set to premium.
InfrastructureEncryptionEnabled bool: Is the Databricks File System root file system enabled with a secondary layer of encryption with platform managed keys? Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium. Changing this forces a new resource to be created.
LoadBalancerBackendAddressPoolId string: Resource ID of the Outbound Load balancer Backend Address Pool for Secure Cluster Connectivity (No Public IP) workspace with managed virtual network. Changing this forces a new resource to be created.
Location string: Specifies the supported Azure location where the resource has to be created. Changing this forces a new resource to be created.
ManagedDiskCmkKeyVaultId string
ManagedDiskCmkKeyVaultKeyId string: Customer managed encryption properties for the Databricks Workspace managed disks.
ManagedDiskCmkRotationToLatestVersionEnabled bool: Whether customer managed keys for disk encryption will automatically be rotated to the latest version.
ManagedResourceGroupName string: The name of the resource group where Azure should place the managed Databricks resources. Changing this forces a new resource to be created.
Note: Make sure that this field is unique if you have multiple Databrick Workspaces deployed in your subscription and choose to not have the managed_resource_group_name auto generated by the Azure Resource Provider. Having multiple Databrick Workspaces deployed in the same subscription with the same manage_resource_group_name may result in some resources that cannot be deleted.
ManagedServicesCmkKeyVaultId string
ManagedServicesCmkKeyVaultKeyId string: Customer managed encryption properties for the Databricks Workspace managed resources(e.g. Notebooks and Artifacts).
Name string: Specifies the name of the Databricks Workspace resource. Changing this forces a new resource to be created.
NetworkSecurityGroupRulesRequired string: Does the data plane (clusters) to control plane communication happen over private link endpoint only or publicly? Possible values AllRules, NoAzureDatabricksRules or NoAzureServiceRules. Required when public_network_access_enabled is set to false.
PublicNetworkAccessEnabled bool: Allow public access for accessing workspace. Set value to false to access workspace only via private link endpoint. Possible values include true or false. Defaults to true.
Tags Dictionary<string, string>: A mapping of tags to assign to the resource.

ResourceGroupName string: The name of the Resource Group in which the Databricks Workspace should exist. Changing this forces a new resource to be created.
Sku string: The sku to use for the Databricks Workspace. Possible values are standard, premium, or trial.
Note: Downgrading to a trial sku from a standard or premium sku will force a new resource to be created.
AccessConnectorId string: Access Connector ID to use when default storage account firewall is enabled.
Note: The access_connector_id field is only required if default_storage_firewall_enabled is set to true.
CustomParameters WorkspaceCustomParametersArgs: A custom_parameters block as documented below.
CustomerManagedKeyEnabled bool: Is the workspace enabled for customer managed key encryption? If true this enables the Managed Identity for the managed storage account. Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium.
DefaultStorageFirewallEnabled bool: Disallow public access to default storage account. Defaults to false.
EnhancedSecurityCompliance WorkspaceEnhancedSecurityComplianceArgs: An enhanced_security_compliance block as documented below. This feature is only valid if sku is set to premium.
InfrastructureEncryptionEnabled bool: Is the Databricks File System root file system enabled with a secondary layer of encryption with platform managed keys? Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium. Changing this forces a new resource to be created.
LoadBalancerBackendAddressPoolId string: Resource ID of the Outbound Load balancer Backend Address Pool for Secure Cluster Connectivity (No Public IP) workspace with managed virtual network. Changing this forces a new resource to be created.
Location string: Specifies the supported Azure location where the resource has to be created. Changing this forces a new resource to be created.
ManagedDiskCmkKeyVaultId string
ManagedDiskCmkKeyVaultKeyId string: Customer managed encryption properties for the Databricks Workspace managed disks.
ManagedDiskCmkRotationToLatestVersionEnabled bool: Whether customer managed keys for disk encryption will automatically be rotated to the latest version.
ManagedResourceGroupName string: The name of the resource group where Azure should place the managed Databricks resources. Changing this forces a new resource to be created.
Note: Make sure that this field is unique if you have multiple Databrick Workspaces deployed in your subscription and choose to not have the managed_resource_group_name auto generated by the Azure Resource Provider. Having multiple Databrick Workspaces deployed in the same subscription with the same manage_resource_group_name may result in some resources that cannot be deleted.
ManagedServicesCmkKeyVaultId string
ManagedServicesCmkKeyVaultKeyId string: Customer managed encryption properties for the Databricks Workspace managed resources(e.g. Notebooks and Artifacts).
Name string: Specifies the name of the Databricks Workspace resource. Changing this forces a new resource to be created.
NetworkSecurityGroupRulesRequired string: Does the data plane (clusters) to control plane communication happen over private link endpoint only or publicly? Possible values AllRules, NoAzureDatabricksRules or NoAzureServiceRules. Required when public_network_access_enabled is set to false.
PublicNetworkAccessEnabled bool: Allow public access for accessing workspace. Set value to false to access workspace only via private link endpoint. Possible values include true or false. Defaults to true.
Tags map[string]string: A mapping of tags to assign to the resource.

resourceGroupName String: The name of the Resource Group in which the Databricks Workspace should exist. Changing this forces a new resource to be created.
sku String: The sku to use for the Databricks Workspace. Possible values are standard, premium, or trial.
Note: Downgrading to a trial sku from a standard or premium sku will force a new resource to be created.
accessConnectorId String: Access Connector ID to use when default storage account firewall is enabled.
Note: The access_connector_id field is only required if default_storage_firewall_enabled is set to true.
customParameters WorkspaceCustomParameters: A custom_parameters block as documented below.
customerManagedKeyEnabled Boolean: Is the workspace enabled for customer managed key encryption? If true this enables the Managed Identity for the managed storage account. Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium.
defaultStorageFirewallEnabled Boolean: Disallow public access to default storage account. Defaults to false.
enhancedSecurityCompliance WorkspaceEnhancedSecurityCompliance: An enhanced_security_compliance block as documented below. This feature is only valid if sku is set to premium.
infrastructureEncryptionEnabled Boolean: Is the Databricks File System root file system enabled with a secondary layer of encryption with platform managed keys? Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium. Changing this forces a new resource to be created.
loadBalancerBackendAddressPoolId String: Resource ID of the Outbound Load balancer Backend Address Pool for Secure Cluster Connectivity (No Public IP) workspace with managed virtual network. Changing this forces a new resource to be created.
location String: Specifies the supported Azure location where the resource has to be created. Changing this forces a new resource to be created.
managedDiskCmkKeyVaultId String
managedDiskCmkKeyVaultKeyId String: Customer managed encryption properties for the Databricks Workspace managed disks.
managedDiskCmkRotationToLatestVersionEnabled Boolean: Whether customer managed keys for disk encryption will automatically be rotated to the latest version.
managedResourceGroupName String: The name of the resource group where Azure should place the managed Databricks resources. Changing this forces a new resource to be created.
Note: Make sure that this field is unique if you have multiple Databrick Workspaces deployed in your subscription and choose to not have the managed_resource_group_name auto generated by the Azure Resource Provider. Having multiple Databrick Workspaces deployed in the same subscription with the same manage_resource_group_name may result in some resources that cannot be deleted.
managedServicesCmkKeyVaultId String
managedServicesCmkKeyVaultKeyId String: Customer managed encryption properties for the Databricks Workspace managed resources(e.g. Notebooks and Artifacts).
name String: Specifies the name of the Databricks Workspace resource. Changing this forces a new resource to be created.
networkSecurityGroupRulesRequired String: Does the data plane (clusters) to control plane communication happen over private link endpoint only or publicly? Possible values AllRules, NoAzureDatabricksRules or NoAzureServiceRules. Required when public_network_access_enabled is set to false.
publicNetworkAccessEnabled Boolean: Allow public access for accessing workspace. Set value to false to access workspace only via private link endpoint. Possible values include true or false. Defaults to true.
tags Map<String,String>: A mapping of tags to assign to the resource.

resourceGroupName string: The name of the Resource Group in which the Databricks Workspace should exist. Changing this forces a new resource to be created.
sku string: The sku to use for the Databricks Workspace. Possible values are standard, premium, or trial.
Note: Downgrading to a trial sku from a standard or premium sku will force a new resource to be created.
accessConnectorId string: Access Connector ID to use when default storage account firewall is enabled.
Note: The access_connector_id field is only required if default_storage_firewall_enabled is set to true.
customParameters WorkspaceCustomParameters: A custom_parameters block as documented below.
customerManagedKeyEnabled boolean: Is the workspace enabled for customer managed key encryption? If true this enables the Managed Identity for the managed storage account. Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium.
defaultStorageFirewallEnabled boolean: Disallow public access to default storage account. Defaults to false.
enhancedSecurityCompliance WorkspaceEnhancedSecurityCompliance: An enhanced_security_compliance block as documented below. This feature is only valid if sku is set to premium.
infrastructureEncryptionEnabled boolean: Is the Databricks File System root file system enabled with a secondary layer of encryption with platform managed keys? Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium. Changing this forces a new resource to be created.
loadBalancerBackendAddressPoolId string: Resource ID of the Outbound Load balancer Backend Address Pool for Secure Cluster Connectivity (No Public IP) workspace with managed virtual network. Changing this forces a new resource to be created.
location string: Specifies the supported Azure location where the resource has to be created. Changing this forces a new resource to be created.
managedDiskCmkKeyVaultId string
managedDiskCmkKeyVaultKeyId string: Customer managed encryption properties for the Databricks Workspace managed disks.
managedDiskCmkRotationToLatestVersionEnabled boolean: Whether customer managed keys for disk encryption will automatically be rotated to the latest version.
managedResourceGroupName string: The name of the resource group where Azure should place the managed Databricks resources. Changing this forces a new resource to be created.
Note: Make sure that this field is unique if you have multiple Databrick Workspaces deployed in your subscription and choose to not have the managed_resource_group_name auto generated by the Azure Resource Provider. Having multiple Databrick Workspaces deployed in the same subscription with the same manage_resource_group_name may result in some resources that cannot be deleted.
managedServicesCmkKeyVaultId string
managedServicesCmkKeyVaultKeyId string: Customer managed encryption properties for the Databricks Workspace managed resources(e.g. Notebooks and Artifacts).
name string: Specifies the name of the Databricks Workspace resource. Changing this forces a new resource to be created.
networkSecurityGroupRulesRequired string: Does the data plane (clusters) to control plane communication happen over private link endpoint only or publicly? Possible values AllRules, NoAzureDatabricksRules or NoAzureServiceRules. Required when public_network_access_enabled is set to false.
publicNetworkAccessEnabled boolean: Allow public access for accessing workspace. Set value to false to access workspace only via private link endpoint. Possible values include true or false. Defaults to true.
tags {[key: string]: string}: A mapping of tags to assign to the resource.

resource_group_name str: The name of the Resource Group in which the Databricks Workspace should exist. Changing this forces a new resource to be created.
sku str: The sku to use for the Databricks Workspace. Possible values are standard, premium, or trial.
Note: Downgrading to a trial sku from a standard or premium sku will force a new resource to be created.
access_connector_id str: Access Connector ID to use when default storage account firewall is enabled.
Note: The access_connector_id field is only required if default_storage_firewall_enabled is set to true.
custom_parameters WorkspaceCustomParametersArgs: A custom_parameters block as documented below.
customer_managed_key_enabled bool: Is the workspace enabled for customer managed key encryption? If true this enables the Managed Identity for the managed storage account. Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium.
default_storage_firewall_enabled bool: Disallow public access to default storage account. Defaults to false.
enhanced_security_compliance WorkspaceEnhancedSecurityComplianceArgs: An enhanced_security_compliance block as documented below. This feature is only valid if sku is set to premium.
infrastructure_encryption_enabled bool: Is the Databricks File System root file system enabled with a secondary layer of encryption with platform managed keys? Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium. Changing this forces a new resource to be created.
load_balancer_backend_address_pool_id str: Resource ID of the Outbound Load balancer Backend Address Pool for Secure Cluster Connectivity (No Public IP) workspace with managed virtual network. Changing this forces a new resource to be created.
location str: Specifies the supported Azure location where the resource has to be created. Changing this forces a new resource to be created.
managed_disk_cmk_key_vault_id str
managed_disk_cmk_key_vault_key_id str: Customer managed encryption properties for the Databricks Workspace managed disks.
managed_disk_cmk_rotation_to_latest_version_enabled bool: Whether customer managed keys for disk encryption will automatically be rotated to the latest version.
managed_resource_group_name str: The name of the resource group where Azure should place the managed Databricks resources. Changing this forces a new resource to be created.
Note: Make sure that this field is unique if you have multiple Databrick Workspaces deployed in your subscription and choose to not have the managed_resource_group_name auto generated by the Azure Resource Provider. Having multiple Databrick Workspaces deployed in the same subscription with the same manage_resource_group_name may result in some resources that cannot be deleted.
managed_services_cmk_key_vault_id str
managed_services_cmk_key_vault_key_id str: Customer managed encryption properties for the Databricks Workspace managed resources(e.g. Notebooks and Artifacts).
name str: Specifies the name of the Databricks Workspace resource. Changing this forces a new resource to be created.
network_security_group_rules_required str: Does the data plane (clusters) to control plane communication happen over private link endpoint only or publicly? Possible values AllRules, NoAzureDatabricksRules or NoAzureServiceRules. Required when public_network_access_enabled is set to false.
public_network_access_enabled bool: Allow public access for accessing workspace. Set value to false to access workspace only via private link endpoint. Possible values include true or false. Defaults to true.
tags Mapping[str, str]: A mapping of tags to assign to the resource.

resourceGroupName String: The name of the Resource Group in which the Databricks Workspace should exist. Changing this forces a new resource to be created.
sku String: The sku to use for the Databricks Workspace. Possible values are standard, premium, or trial.
Note: Downgrading to a trial sku from a standard or premium sku will force a new resource to be created.
accessConnectorId String: Access Connector ID to use when default storage account firewall is enabled.
Note: The access_connector_id field is only required if default_storage_firewall_enabled is set to true.
customParameters Property Map: A custom_parameters block as documented below.
customerManagedKeyEnabled Boolean: Is the workspace enabled for customer managed key encryption? If true this enables the Managed Identity for the managed storage account. Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium.
defaultStorageFirewallEnabled Boolean: Disallow public access to default storage account. Defaults to false.
enhancedSecurityCompliance Property Map: An enhanced_security_compliance block as documented below. This feature is only valid if sku is set to premium.
infrastructureEncryptionEnabled Boolean: Is the Databricks File System root file system enabled with a secondary layer of encryption with platform managed keys? Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium. Changing this forces a new resource to be created.
loadBalancerBackendAddressPoolId String: Resource ID of the Outbound Load balancer Backend Address Pool for Secure Cluster Connectivity (No Public IP) workspace with managed virtual network. Changing this forces a new resource to be created.
location String: Specifies the supported Azure location where the resource has to be created. Changing this forces a new resource to be created.
managedDiskCmkKeyVaultId String
managedDiskCmkKeyVaultKeyId String: Customer managed encryption properties for the Databricks Workspace managed disks.
managedDiskCmkRotationToLatestVersionEnabled Boolean: Whether customer managed keys for disk encryption will automatically be rotated to the latest version.
managedResourceGroupName String: The name of the resource group where Azure should place the managed Databricks resources. Changing this forces a new resource to be created.
Note: Make sure that this field is unique if you have multiple Databrick Workspaces deployed in your subscription and choose to not have the managed_resource_group_name auto generated by the Azure Resource Provider. Having multiple Databrick Workspaces deployed in the same subscription with the same manage_resource_group_name may result in some resources that cannot be deleted.
managedServicesCmkKeyVaultId String
managedServicesCmkKeyVaultKeyId String: Customer managed encryption properties for the Databricks Workspace managed resources(e.g. Notebooks and Artifacts).
name String: Specifies the name of the Databricks Workspace resource. Changing this forces a new resource to be created.
networkSecurityGroupRulesRequired String: Does the data plane (clusters) to control plane communication happen over private link endpoint only or publicly? Possible values AllRules, NoAzureDatabricksRules or NoAzureServiceRules. Required when public_network_access_enabled is set to false.
publicNetworkAccessEnabled Boolean: Allow public access for accessing workspace. Set value to false to access workspace only via private link endpoint. Possible values include true or false. Defaults to true.
tags Map<String>: A mapping of tags to assign to the resource.

Outputs

All input properties are implicitly available as output properties. Additionally, the Workspace resource produces the following output properties:

DiskEncryptionSetId string: The ID of Managed Disk Encryption Set created by the Databricks Workspace.
Id string: The provider-assigned unique ID for this managed resource.
ManagedDiskIdentities List<WorkspaceManagedDiskIdentity>: A managed_disk_identity block as documented below.
ManagedResourceGroupId string: The ID of the Managed Resource Group created by the Databricks Workspace.
StorageAccountIdentities List<WorkspaceStorageAccountIdentity>: A storage_account_identity block as documented below.
WorkspaceId string: The unique identifier of the databricks workspace in Databricks control plane.
WorkspaceUrl string: The workspace URL which is of the format 'adb-{workspaceId}.{random}.azuredatabricks.net'

DiskEncryptionSetId string: The ID of Managed Disk Encryption Set created by the Databricks Workspace.
Id string: The provider-assigned unique ID for this managed resource.
ManagedDiskIdentities []WorkspaceManagedDiskIdentity: A managed_disk_identity block as documented below.
ManagedResourceGroupId string: The ID of the Managed Resource Group created by the Databricks Workspace.
StorageAccountIdentities []WorkspaceStorageAccountIdentity: A storage_account_identity block as documented below.
WorkspaceId string: The unique identifier of the databricks workspace in Databricks control plane.
WorkspaceUrl string: The workspace URL which is of the format 'adb-{workspaceId}.{random}.azuredatabricks.net'

diskEncryptionSetId String: The ID of Managed Disk Encryption Set created by the Databricks Workspace.
id String: The provider-assigned unique ID for this managed resource.
managedDiskIdentities List<WorkspaceManagedDiskIdentity>: A managed_disk_identity block as documented below.
managedResourceGroupId String: The ID of the Managed Resource Group created by the Databricks Workspace.
storageAccountIdentities List<WorkspaceStorageAccountIdentity>: A storage_account_identity block as documented below.
workspaceId String: The unique identifier of the databricks workspace in Databricks control plane.
workspaceUrl String: The workspace URL which is of the format 'adb-{workspaceId}.{random}.azuredatabricks.net'

diskEncryptionSetId string: The ID of Managed Disk Encryption Set created by the Databricks Workspace.
id string: The provider-assigned unique ID for this managed resource.
managedDiskIdentities WorkspaceManagedDiskIdentity[]: A managed_disk_identity block as documented below.
managedResourceGroupId string: The ID of the Managed Resource Group created by the Databricks Workspace.
storageAccountIdentities WorkspaceStorageAccountIdentity[]: A storage_account_identity block as documented below.
workspaceId string: The unique identifier of the databricks workspace in Databricks control plane.
workspaceUrl string: The workspace URL which is of the format 'adb-{workspaceId}.{random}.azuredatabricks.net'

disk_encryption_set_id str: The ID of Managed Disk Encryption Set created by the Databricks Workspace.
id str: The provider-assigned unique ID for this managed resource.
managed_disk_identities Sequence[WorkspaceManagedDiskIdentity]: A managed_disk_identity block as documented below.
managed_resource_group_id str: The ID of the Managed Resource Group created by the Databricks Workspace.
storage_account_identities Sequence[WorkspaceStorageAccountIdentity]: A storage_account_identity block as documented below.
workspace_id str: The unique identifier of the databricks workspace in Databricks control plane.
workspace_url str: The workspace URL which is of the format 'adb-{workspaceId}.{random}.azuredatabricks.net'

diskEncryptionSetId String: The ID of Managed Disk Encryption Set created by the Databricks Workspace.
id String: The provider-assigned unique ID for this managed resource.
managedDiskIdentities List<Property Map>: A managed_disk_identity block as documented below.
managedResourceGroupId String: The ID of the Managed Resource Group created by the Databricks Workspace.
storageAccountIdentities List<Property Map>: A storage_account_identity block as documented below.
workspaceId String: The unique identifier of the databricks workspace in Databricks control plane.
workspaceUrl String: The workspace URL which is of the format 'adb-{workspaceId}.{random}.azuredatabricks.net'

Look up Existing Workspace Resource

Get an existing Workspace resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: WorkspaceState, opts?: CustomResourceOptions): Workspace

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access_connector_id: Optional[str] = None,
        custom_parameters: Optional[WorkspaceCustomParametersArgs] = None,
        customer_managed_key_enabled: Optional[bool] = None,
        default_storage_firewall_enabled: Optional[bool] = None,
        disk_encryption_set_id: Optional[str] = None,
        enhanced_security_compliance: Optional[WorkspaceEnhancedSecurityComplianceArgs] = None,
        infrastructure_encryption_enabled: Optional[bool] = None,
        load_balancer_backend_address_pool_id: Optional[str] = None,
        location: Optional[str] = None,
        managed_disk_cmk_key_vault_id: Optional[str] = None,
        managed_disk_cmk_key_vault_key_id: Optional[str] = None,
        managed_disk_cmk_rotation_to_latest_version_enabled: Optional[bool] = None,
        managed_disk_identities: Optional[Sequence[WorkspaceManagedDiskIdentityArgs]] = None,
        managed_resource_group_id: Optional[str] = None,
        managed_resource_group_name: Optional[str] = None,
        managed_services_cmk_key_vault_id: Optional[str] = None,
        managed_services_cmk_key_vault_key_id: Optional[str] = None,
        name: Optional[str] = None,
        network_security_group_rules_required: Optional[str] = None,
        public_network_access_enabled: Optional[bool] = None,
        resource_group_name: Optional[str] = None,
        sku: Optional[str] = None,
        storage_account_identities: Optional[Sequence[WorkspaceStorageAccountIdentityArgs]] = None,
        tags: Optional[Mapping[str, str]] = None,
        workspace_id: Optional[str] = None,
        workspace_url: Optional[str] = None) -> Workspace

func GetWorkspace(ctx *Context, name string, id IDInput, state *WorkspaceState, opts ...ResourceOption) (*Workspace, error)

public static Workspace Get(string name, Input<string> id, WorkspaceState? state, CustomResourceOptions? opts = null)

public static Workspace get(String name, Output<String> id, WorkspaceState state, CustomResourceOptions options)

resources:  _:    type: azure:databricks:Workspace    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccessConnectorId string: Access Connector ID to use when default storage account firewall is enabled.
Note: The access_connector_id field is only required if default_storage_firewall_enabled is set to true.
CustomParameters WorkspaceCustomParameters: A custom_parameters block as documented below.
CustomerManagedKeyEnabled bool: Is the workspace enabled for customer managed key encryption? If true this enables the Managed Identity for the managed storage account. Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium.
DefaultStorageFirewallEnabled bool: Disallow public access to default storage account. Defaults to false.
DiskEncryptionSetId string: The ID of Managed Disk Encryption Set created by the Databricks Workspace.
EnhancedSecurityCompliance WorkspaceEnhancedSecurityCompliance: An enhanced_security_compliance block as documented below. This feature is only valid if sku is set to premium.
InfrastructureEncryptionEnabled bool: Is the Databricks File System root file system enabled with a secondary layer of encryption with platform managed keys? Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium. Changing this forces a new resource to be created.
LoadBalancerBackendAddressPoolId string: Resource ID of the Outbound Load balancer Backend Address Pool for Secure Cluster Connectivity (No Public IP) workspace with managed virtual network. Changing this forces a new resource to be created.
Location string: Specifies the supported Azure location where the resource has to be created. Changing this forces a new resource to be created.
ManagedDiskCmkKeyVaultId string
ManagedDiskCmkKeyVaultKeyId string: Customer managed encryption properties for the Databricks Workspace managed disks.
ManagedDiskCmkRotationToLatestVersionEnabled bool: Whether customer managed keys for disk encryption will automatically be rotated to the latest version.
ManagedDiskIdentities List<WorkspaceManagedDiskIdentity>: A managed_disk_identity block as documented below.
ManagedResourceGroupId string: The ID of the Managed Resource Group created by the Databricks Workspace.
ManagedResourceGroupName string: The name of the resource group where Azure should place the managed Databricks resources. Changing this forces a new resource to be created.
Note: Make sure that this field is unique if you have multiple Databrick Workspaces deployed in your subscription and choose to not have the managed_resource_group_name auto generated by the Azure Resource Provider. Having multiple Databrick Workspaces deployed in the same subscription with the same manage_resource_group_name may result in some resources that cannot be deleted.
ManagedServicesCmkKeyVaultId string
ManagedServicesCmkKeyVaultKeyId string: Customer managed encryption properties for the Databricks Workspace managed resources(e.g. Notebooks and Artifacts).
Name string: Specifies the name of the Databricks Workspace resource. Changing this forces a new resource to be created.
NetworkSecurityGroupRulesRequired string: Does the data plane (clusters) to control plane communication happen over private link endpoint only or publicly? Possible values AllRules, NoAzureDatabricksRules or NoAzureServiceRules. Required when public_network_access_enabled is set to false.
PublicNetworkAccessEnabled bool: Allow public access for accessing workspace. Set value to false to access workspace only via private link endpoint. Possible values include true or false. Defaults to true.
ResourceGroupName string: The name of the Resource Group in which the Databricks Workspace should exist. Changing this forces a new resource to be created.
Sku string: The sku to use for the Databricks Workspace. Possible values are standard, premium, or trial.
Note: Downgrading to a trial sku from a standard or premium sku will force a new resource to be created.
StorageAccountIdentities List<WorkspaceStorageAccountIdentity>: A storage_account_identity block as documented below.
Tags Dictionary<string, string>: A mapping of tags to assign to the resource.
WorkspaceId string: The unique identifier of the databricks workspace in Databricks control plane.
WorkspaceUrl string: The workspace URL which is of the format 'adb-{workspaceId}.{random}.azuredatabricks.net'

AccessConnectorId string: Access Connector ID to use when default storage account firewall is enabled.
Note: The access_connector_id field is only required if default_storage_firewall_enabled is set to true.
CustomParameters WorkspaceCustomParametersArgs: A custom_parameters block as documented below.
CustomerManagedKeyEnabled bool: Is the workspace enabled for customer managed key encryption? If true this enables the Managed Identity for the managed storage account. Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium.
DefaultStorageFirewallEnabled bool: Disallow public access to default storage account. Defaults to false.
DiskEncryptionSetId string: The ID of Managed Disk Encryption Set created by the Databricks Workspace.
EnhancedSecurityCompliance WorkspaceEnhancedSecurityComplianceArgs: An enhanced_security_compliance block as documented below. This feature is only valid if sku is set to premium.
InfrastructureEncryptionEnabled bool: Is the Databricks File System root file system enabled with a secondary layer of encryption with platform managed keys? Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium. Changing this forces a new resource to be created.
LoadBalancerBackendAddressPoolId string: Resource ID of the Outbound Load balancer Backend Address Pool for Secure Cluster Connectivity (No Public IP) workspace with managed virtual network. Changing this forces a new resource to be created.
Location string: Specifies the supported Azure location where the resource has to be created. Changing this forces a new resource to be created.
ManagedDiskCmkKeyVaultId string
ManagedDiskCmkKeyVaultKeyId string: Customer managed encryption properties for the Databricks Workspace managed disks.
ManagedDiskCmkRotationToLatestVersionEnabled bool: Whether customer managed keys for disk encryption will automatically be rotated to the latest version.
ManagedDiskIdentities []WorkspaceManagedDiskIdentityArgs: A managed_disk_identity block as documented below.
ManagedResourceGroupId string: The ID of the Managed Resource Group created by the Databricks Workspace.
ManagedResourceGroupName string: The name of the resource group where Azure should place the managed Databricks resources. Changing this forces a new resource to be created.
Note: Make sure that this field is unique if you have multiple Databrick Workspaces deployed in your subscription and choose to not have the managed_resource_group_name auto generated by the Azure Resource Provider. Having multiple Databrick Workspaces deployed in the same subscription with the same manage_resource_group_name may result in some resources that cannot be deleted.
ManagedServicesCmkKeyVaultId string
ManagedServicesCmkKeyVaultKeyId string: Customer managed encryption properties for the Databricks Workspace managed resources(e.g. Notebooks and Artifacts).
Name string: Specifies the name of the Databricks Workspace resource. Changing this forces a new resource to be created.
NetworkSecurityGroupRulesRequired string: Does the data plane (clusters) to control plane communication happen over private link endpoint only or publicly? Possible values AllRules, NoAzureDatabricksRules or NoAzureServiceRules. Required when public_network_access_enabled is set to false.
PublicNetworkAccessEnabled bool: Allow public access for accessing workspace. Set value to false to access workspace only via private link endpoint. Possible values include true or false. Defaults to true.
ResourceGroupName string: The name of the Resource Group in which the Databricks Workspace should exist. Changing this forces a new resource to be created.
Sku string: The sku to use for the Databricks Workspace. Possible values are standard, premium, or trial.
Note: Downgrading to a trial sku from a standard or premium sku will force a new resource to be created.
StorageAccountIdentities []WorkspaceStorageAccountIdentityArgs: A storage_account_identity block as documented below.
Tags map[string]string: A mapping of tags to assign to the resource.
WorkspaceId string: The unique identifier of the databricks workspace in Databricks control plane.
WorkspaceUrl string: The workspace URL which is of the format 'adb-{workspaceId}.{random}.azuredatabricks.net'

accessConnectorId String: Access Connector ID to use when default storage account firewall is enabled.
Note: The access_connector_id field is only required if default_storage_firewall_enabled is set to true.
customParameters WorkspaceCustomParameters: A custom_parameters block as documented below.
customerManagedKeyEnabled Boolean: Is the workspace enabled for customer managed key encryption? If true this enables the Managed Identity for the managed storage account. Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium.
defaultStorageFirewallEnabled Boolean: Disallow public access to default storage account. Defaults to false.
diskEncryptionSetId String: The ID of Managed Disk Encryption Set created by the Databricks Workspace.
enhancedSecurityCompliance WorkspaceEnhancedSecurityCompliance: An enhanced_security_compliance block as documented below. This feature is only valid if sku is set to premium.
infrastructureEncryptionEnabled Boolean: Is the Databricks File System root file system enabled with a secondary layer of encryption with platform managed keys? Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium. Changing this forces a new resource to be created.
loadBalancerBackendAddressPoolId String: Resource ID of the Outbound Load balancer Backend Address Pool for Secure Cluster Connectivity (No Public IP) workspace with managed virtual network. Changing this forces a new resource to be created.
location String: Specifies the supported Azure location where the resource has to be created. Changing this forces a new resource to be created.
managedDiskCmkKeyVaultId String
managedDiskCmkKeyVaultKeyId String: Customer managed encryption properties for the Databricks Workspace managed disks.
managedDiskCmkRotationToLatestVersionEnabled Boolean: Whether customer managed keys for disk encryption will automatically be rotated to the latest version.
managedDiskIdentities List<WorkspaceManagedDiskIdentity>: A managed_disk_identity block as documented below.
managedResourceGroupId String: The ID of the Managed Resource Group created by the Databricks Workspace.
managedResourceGroupName String: The name of the resource group where Azure should place the managed Databricks resources. Changing this forces a new resource to be created.
Note: Make sure that this field is unique if you have multiple Databrick Workspaces deployed in your subscription and choose to not have the managed_resource_group_name auto generated by the Azure Resource Provider. Having multiple Databrick Workspaces deployed in the same subscription with the same manage_resource_group_name may result in some resources that cannot be deleted.
managedServicesCmkKeyVaultId String
managedServicesCmkKeyVaultKeyId String: Customer managed encryption properties for the Databricks Workspace managed resources(e.g. Notebooks and Artifacts).
name String: Specifies the name of the Databricks Workspace resource. Changing this forces a new resource to be created.
networkSecurityGroupRulesRequired String: Does the data plane (clusters) to control plane communication happen over private link endpoint only or publicly? Possible values AllRules, NoAzureDatabricksRules or NoAzureServiceRules. Required when public_network_access_enabled is set to false.
publicNetworkAccessEnabled Boolean: Allow public access for accessing workspace. Set value to false to access workspace only via private link endpoint. Possible values include true or false. Defaults to true.
resourceGroupName String: The name of the Resource Group in which the Databricks Workspace should exist. Changing this forces a new resource to be created.
sku String: The sku to use for the Databricks Workspace. Possible values are standard, premium, or trial.
Note: Downgrading to a trial sku from a standard or premium sku will force a new resource to be created.
storageAccountIdentities List<WorkspaceStorageAccountIdentity>: A storage_account_identity block as documented below.
tags Map<String,String>: A mapping of tags to assign to the resource.
workspaceId String: The unique identifier of the databricks workspace in Databricks control plane.
workspaceUrl String: The workspace URL which is of the format 'adb-{workspaceId}.{random}.azuredatabricks.net'

accessConnectorId string: Access Connector ID to use when default storage account firewall is enabled.
Note: The access_connector_id field is only required if default_storage_firewall_enabled is set to true.
customParameters WorkspaceCustomParameters: A custom_parameters block as documented below.
customerManagedKeyEnabled boolean: Is the workspace enabled for customer managed key encryption? If true this enables the Managed Identity for the managed storage account. Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium.
defaultStorageFirewallEnabled boolean: Disallow public access to default storage account. Defaults to false.
diskEncryptionSetId string: The ID of Managed Disk Encryption Set created by the Databricks Workspace.
enhancedSecurityCompliance WorkspaceEnhancedSecurityCompliance: An enhanced_security_compliance block as documented below. This feature is only valid if sku is set to premium.
infrastructureEncryptionEnabled boolean: Is the Databricks File System root file system enabled with a secondary layer of encryption with platform managed keys? Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium. Changing this forces a new resource to be created.
loadBalancerBackendAddressPoolId string: Resource ID of the Outbound Load balancer Backend Address Pool for Secure Cluster Connectivity (No Public IP) workspace with managed virtual network. Changing this forces a new resource to be created.
location string: Specifies the supported Azure location where the resource has to be created. Changing this forces a new resource to be created.
managedDiskCmkKeyVaultId string
managedDiskCmkKeyVaultKeyId string: Customer managed encryption properties for the Databricks Workspace managed disks.
managedDiskCmkRotationToLatestVersionEnabled boolean: Whether customer managed keys for disk encryption will automatically be rotated to the latest version.
managedDiskIdentities WorkspaceManagedDiskIdentity[]: A managed_disk_identity block as documented below.
managedResourceGroupId string: The ID of the Managed Resource Group created by the Databricks Workspace.
managedResourceGroupName string: The name of the resource group where Azure should place the managed Databricks resources. Changing this forces a new resource to be created.
Note: Make sure that this field is unique if you have multiple Databrick Workspaces deployed in your subscription and choose to not have the managed_resource_group_name auto generated by the Azure Resource Provider. Having multiple Databrick Workspaces deployed in the same subscription with the same manage_resource_group_name may result in some resources that cannot be deleted.
managedServicesCmkKeyVaultId string
managedServicesCmkKeyVaultKeyId string: Customer managed encryption properties for the Databricks Workspace managed resources(e.g. Notebooks and Artifacts).
name string: Specifies the name of the Databricks Workspace resource. Changing this forces a new resource to be created.
networkSecurityGroupRulesRequired string: Does the data plane (clusters) to control plane communication happen over private link endpoint only or publicly? Possible values AllRules, NoAzureDatabricksRules or NoAzureServiceRules. Required when public_network_access_enabled is set to false.
publicNetworkAccessEnabled boolean: Allow public access for accessing workspace. Set value to false to access workspace only via private link endpoint. Possible values include true or false. Defaults to true.
resourceGroupName string: The name of the Resource Group in which the Databricks Workspace should exist. Changing this forces a new resource to be created.
sku string: The sku to use for the Databricks Workspace. Possible values are standard, premium, or trial.
Note: Downgrading to a trial sku from a standard or premium sku will force a new resource to be created.
storageAccountIdentities WorkspaceStorageAccountIdentity[]: A storage_account_identity block as documented below.
tags {[key: string]: string}: A mapping of tags to assign to the resource.
workspaceId string: The unique identifier of the databricks workspace in Databricks control plane.
workspaceUrl string: The workspace URL which is of the format 'adb-{workspaceId}.{random}.azuredatabricks.net'

access_connector_id str: Access Connector ID to use when default storage account firewall is enabled.
Note: The access_connector_id field is only required if default_storage_firewall_enabled is set to true.
custom_parameters WorkspaceCustomParametersArgs: A custom_parameters block as documented below.
customer_managed_key_enabled bool: Is the workspace enabled for customer managed key encryption? If true this enables the Managed Identity for the managed storage account. Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium.
default_storage_firewall_enabled bool: Disallow public access to default storage account. Defaults to false.
disk_encryption_set_id str: The ID of Managed Disk Encryption Set created by the Databricks Workspace.
enhanced_security_compliance WorkspaceEnhancedSecurityComplianceArgs: An enhanced_security_compliance block as documented below. This feature is only valid if sku is set to premium.
infrastructure_encryption_enabled bool: Is the Databricks File System root file system enabled with a secondary layer of encryption with platform managed keys? Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium. Changing this forces a new resource to be created.
load_balancer_backend_address_pool_id str: Resource ID of the Outbound Load balancer Backend Address Pool for Secure Cluster Connectivity (No Public IP) workspace with managed virtual network. Changing this forces a new resource to be created.
location str: Specifies the supported Azure location where the resource has to be created. Changing this forces a new resource to be created.
managed_disk_cmk_key_vault_id str
managed_disk_cmk_key_vault_key_id str: Customer managed encryption properties for the Databricks Workspace managed disks.
managed_disk_cmk_rotation_to_latest_version_enabled bool: Whether customer managed keys for disk encryption will automatically be rotated to the latest version.
managed_disk_identities Sequence[WorkspaceManagedDiskIdentityArgs]: A managed_disk_identity block as documented below.
managed_resource_group_id str: The ID of the Managed Resource Group created by the Databricks Workspace.
managed_resource_group_name str: The name of the resource group where Azure should place the managed Databricks resources. Changing this forces a new resource to be created.
Note: Make sure that this field is unique if you have multiple Databrick Workspaces deployed in your subscription and choose to not have the managed_resource_group_name auto generated by the Azure Resource Provider. Having multiple Databrick Workspaces deployed in the same subscription with the same manage_resource_group_name may result in some resources that cannot be deleted.
managed_services_cmk_key_vault_id str
managed_services_cmk_key_vault_key_id str: Customer managed encryption properties for the Databricks Workspace managed resources(e.g. Notebooks and Artifacts).
name str: Specifies the name of the Databricks Workspace resource. Changing this forces a new resource to be created.
network_security_group_rules_required str: Does the data plane (clusters) to control plane communication happen over private link endpoint only or publicly? Possible values AllRules, NoAzureDatabricksRules or NoAzureServiceRules. Required when public_network_access_enabled is set to false.
public_network_access_enabled bool: Allow public access for accessing workspace. Set value to false to access workspace only via private link endpoint. Possible values include true or false. Defaults to true.
resource_group_name str: The name of the Resource Group in which the Databricks Workspace should exist. Changing this forces a new resource to be created.
sku str: The sku to use for the Databricks Workspace. Possible values are standard, premium, or trial.
Note: Downgrading to a trial sku from a standard or premium sku will force a new resource to be created.
storage_account_identities Sequence[WorkspaceStorageAccountIdentityArgs]: A storage_account_identity block as documented below.
tags Mapping[str, str]: A mapping of tags to assign to the resource.
workspace_id str: The unique identifier of the databricks workspace in Databricks control plane.
workspace_url str: The workspace URL which is of the format 'adb-{workspaceId}.{random}.azuredatabricks.net'

accessConnectorId String: Access Connector ID to use when default storage account firewall is enabled.
Note: The access_connector_id field is only required if default_storage_firewall_enabled is set to true.
customParameters Property Map: A custom_parameters block as documented below.
customerManagedKeyEnabled Boolean: Is the workspace enabled for customer managed key encryption? If true this enables the Managed Identity for the managed storage account. Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium.
defaultStorageFirewallEnabled Boolean: Disallow public access to default storage account. Defaults to false.
diskEncryptionSetId String: The ID of Managed Disk Encryption Set created by the Databricks Workspace.
enhancedSecurityCompliance Property Map: An enhanced_security_compliance block as documented below. This feature is only valid if sku is set to premium.
infrastructureEncryptionEnabled Boolean: Is the Databricks File System root file system enabled with a secondary layer of encryption with platform managed keys? Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium. Changing this forces a new resource to be created.
loadBalancerBackendAddressPoolId String: Resource ID of the Outbound Load balancer Backend Address Pool for Secure Cluster Connectivity (No Public IP) workspace with managed virtual network. Changing this forces a new resource to be created.
location String: Specifies the supported Azure location where the resource has to be created. Changing this forces a new resource to be created.
managedDiskCmkKeyVaultId String
managedDiskCmkKeyVaultKeyId String: Customer managed encryption properties for the Databricks Workspace managed disks.
managedDiskCmkRotationToLatestVersionEnabled Boolean: Whether customer managed keys for disk encryption will automatically be rotated to the latest version.
managedDiskIdentities List<Property Map>: A managed_disk_identity block as documented below.
managedResourceGroupId String: The ID of the Managed Resource Group created by the Databricks Workspace.
managedResourceGroupName String: The name of the resource group where Azure should place the managed Databricks resources. Changing this forces a new resource to be created.
Note: Make sure that this field is unique if you have multiple Databrick Workspaces deployed in your subscription and choose to not have the managed_resource_group_name auto generated by the Azure Resource Provider. Having multiple Databrick Workspaces deployed in the same subscription with the same manage_resource_group_name may result in some resources that cannot be deleted.
managedServicesCmkKeyVaultId String
managedServicesCmkKeyVaultKeyId String: Customer managed encryption properties for the Databricks Workspace managed resources(e.g. Notebooks and Artifacts).
name String: Specifies the name of the Databricks Workspace resource. Changing this forces a new resource to be created.
networkSecurityGroupRulesRequired String: Does the data plane (clusters) to control plane communication happen over private link endpoint only or publicly? Possible values AllRules, NoAzureDatabricksRules or NoAzureServiceRules. Required when public_network_access_enabled is set to false.
publicNetworkAccessEnabled Boolean: Allow public access for accessing workspace. Set value to false to access workspace only via private link endpoint. Possible values include true or false. Defaults to true.
resourceGroupName String: The name of the Resource Group in which the Databricks Workspace should exist. Changing this forces a new resource to be created.
sku String: The sku to use for the Databricks Workspace. Possible values are standard, premium, or trial.
Note: Downgrading to a trial sku from a standard or premium sku will force a new resource to be created.
storageAccountIdentities List<Property Map>: A storage_account_identity block as documented below.
tags Map<String>: A mapping of tags to assign to the resource.
workspaceId String: The unique identifier of the databricks workspace in Databricks control plane.
workspaceUrl String: The workspace URL which is of the format 'adb-{workspaceId}.{random}.azuredatabricks.net'

Supporting Types

WorkspaceCustomParameters, WorkspaceCustomParametersArgs

MachineLearningWorkspaceId string: The ID of a Azure Machine Learning workspace to link with Databricks workspace. Changing this forces a new resource to be created.
NatGatewayName string: Name of the NAT gateway for Secure Cluster Connectivity (No Public IP) workspace subnets (only for workspace with managed virtual network). Defaults to nat-gateway. Changing this forces a new resource to be created.
NoPublicIp bool: Are public IP Addresses not allowed? Possible values are true or false. Defaults to true.
Note: Updating no_public_ip parameter is only allowed if the value is changing from false to true and only for VNet-injected workspaces.
Note: In v3.104.0 and higher of the provider the no_public_ip parameter will now default to true instead of false.
PrivateSubnetName string: The name of the Private Subnet within the Virtual Network. Required if virtual_network_id is set. Changing this forces a new resource to be created.
PrivateSubnetNetworkSecurityGroupAssociationId string: The resource ID of the azure.network.SubnetNetworkSecurityGroupAssociation resource which is referred to by the private_subnet_name field. This is the same as the ID of the subnet referred to by the private_subnet_name field. Required if virtual_network_id is set.
PublicIpName string: Name of the Public IP for No Public IP workspace with managed virtual network. Defaults to nat-gw-public-ip. Changing this forces a new resource to be created.
PublicSubnetName string: The name of the Public Subnet within the Virtual Network. Required if virtual_network_id is set. Changing this forces a new resource to be created.
PublicSubnetNetworkSecurityGroupAssociationId string: The resource ID of the azure.network.SubnetNetworkSecurityGroupAssociation resource which is referred to by the public_subnet_name field. This is the same as the ID of the subnet referred to by the public_subnet_name field. Required if virtual_network_id is set.
StorageAccountName string: Default Databricks File Storage account name. Defaults to a randomized name(e.g. dbstoragel6mfeghoe5kxu). Changing this forces a new resource to be created.
StorageAccountSkuName string: Storage account SKU name. Possible values include Standard_LRS, Standard_GRS, Standard_RAGRS, Standard_GZRS, Standard_RAGZRS, Standard_ZRS, Premium_LRS or Premium_ZRS. Defaults to Standard_GRS.
VirtualNetworkId string: The ID of a Virtual Network where this Databricks Cluster should be created. Changing this forces a new resource to be created.
VnetAddressPrefix string: Address prefix for Managed virtual network. Defaults to 10.139. Changing this forces a new resource to be created.
Note: Databricks requires that a network security group is associated with the public and private subnets when a virtual_network_id has been defined. Both public and private subnets must be delegated to Microsoft.Databricks/workspaces. For more information about subnet delegation see the product documentation.

MachineLearningWorkspaceId string: The ID of a Azure Machine Learning workspace to link with Databricks workspace. Changing this forces a new resource to be created.
NatGatewayName string: Name of the NAT gateway for Secure Cluster Connectivity (No Public IP) workspace subnets (only for workspace with managed virtual network). Defaults to nat-gateway. Changing this forces a new resource to be created.
NoPublicIp bool: Are public IP Addresses not allowed? Possible values are true or false. Defaults to true.
Note: Updating no_public_ip parameter is only allowed if the value is changing from false to true and only for VNet-injected workspaces.
Note: In v3.104.0 and higher of the provider the no_public_ip parameter will now default to true instead of false.
PrivateSubnetName string: The name of the Private Subnet within the Virtual Network. Required if virtual_network_id is set. Changing this forces a new resource to be created.
PrivateSubnetNetworkSecurityGroupAssociationId string: The resource ID of the azure.network.SubnetNetworkSecurityGroupAssociation resource which is referred to by the private_subnet_name field. This is the same as the ID of the subnet referred to by the private_subnet_name field. Required if virtual_network_id is set.
PublicIpName string: Name of the Public IP for No Public IP workspace with managed virtual network. Defaults to nat-gw-public-ip. Changing this forces a new resource to be created.
PublicSubnetName string: The name of the Public Subnet within the Virtual Network. Required if virtual_network_id is set. Changing this forces a new resource to be created.
PublicSubnetNetworkSecurityGroupAssociationId string: The resource ID of the azure.network.SubnetNetworkSecurityGroupAssociation resource which is referred to by the public_subnet_name field. This is the same as the ID of the subnet referred to by the public_subnet_name field. Required if virtual_network_id is set.
StorageAccountName string: Default Databricks File Storage account name. Defaults to a randomized name(e.g. dbstoragel6mfeghoe5kxu). Changing this forces a new resource to be created.
StorageAccountSkuName string: Storage account SKU name. Possible values include Standard_LRS, Standard_GRS, Standard_RAGRS, Standard_GZRS, Standard_RAGZRS, Standard_ZRS, Premium_LRS or Premium_ZRS. Defaults to Standard_GRS.
VirtualNetworkId string: The ID of a Virtual Network where this Databricks Cluster should be created. Changing this forces a new resource to be created.
VnetAddressPrefix string: Address prefix for Managed virtual network. Defaults to 10.139. Changing this forces a new resource to be created.
Note: Databricks requires that a network security group is associated with the public and private subnets when a virtual_network_id has been defined. Both public and private subnets must be delegated to Microsoft.Databricks/workspaces. For more information about subnet delegation see the product documentation.

machineLearningWorkspaceId String: The ID of a Azure Machine Learning workspace to link with Databricks workspace. Changing this forces a new resource to be created.
natGatewayName String: Name of the NAT gateway for Secure Cluster Connectivity (No Public IP) workspace subnets (only for workspace with managed virtual network). Defaults to nat-gateway. Changing this forces a new resource to be created.
noPublicIp Boolean: Are public IP Addresses not allowed? Possible values are true or false. Defaults to true.
Note: Updating no_public_ip parameter is only allowed if the value is changing from false to true and only for VNet-injected workspaces.
Note: In v3.104.0 and higher of the provider the no_public_ip parameter will now default to true instead of false.
privateSubnetName String: The name of the Private Subnet within the Virtual Network. Required if virtual_network_id is set. Changing this forces a new resource to be created.
privateSubnetNetworkSecurityGroupAssociationId String: The resource ID of the azure.network.SubnetNetworkSecurityGroupAssociation resource which is referred to by the private_subnet_name field. This is the same as the ID of the subnet referred to by the private_subnet_name field. Required if virtual_network_id is set.
publicIpName String: Name of the Public IP for No Public IP workspace with managed virtual network. Defaults to nat-gw-public-ip. Changing this forces a new resource to be created.
publicSubnetName String: The name of the Public Subnet within the Virtual Network. Required if virtual_network_id is set. Changing this forces a new resource to be created.
publicSubnetNetworkSecurityGroupAssociationId String: The resource ID of the azure.network.SubnetNetworkSecurityGroupAssociation resource which is referred to by the public_subnet_name field. This is the same as the ID of the subnet referred to by the public_subnet_name field. Required if virtual_network_id is set.
storageAccountName String: Default Databricks File Storage account name. Defaults to a randomized name(e.g. dbstoragel6mfeghoe5kxu). Changing this forces a new resource to be created.
storageAccountSkuName String: Storage account SKU name. Possible values include Standard_LRS, Standard_GRS, Standard_RAGRS, Standard_GZRS, Standard_RAGZRS, Standard_ZRS, Premium_LRS or Premium_ZRS. Defaults to Standard_GRS.
virtualNetworkId String: The ID of a Virtual Network where this Databricks Cluster should be created. Changing this forces a new resource to be created.
vnetAddressPrefix String: Address prefix for Managed virtual network. Defaults to 10.139. Changing this forces a new resource to be created.
Note: Databricks requires that a network security group is associated with the public and private subnets when a virtual_network_id has been defined. Both public and private subnets must be delegated to Microsoft.Databricks/workspaces. For more information about subnet delegation see the product documentation.

machineLearningWorkspaceId string: The ID of a Azure Machine Learning workspace to link with Databricks workspace. Changing this forces a new resource to be created.
natGatewayName string: Name of the NAT gateway for Secure Cluster Connectivity (No Public IP) workspace subnets (only for workspace with managed virtual network). Defaults to nat-gateway. Changing this forces a new resource to be created.
noPublicIp boolean: Are public IP Addresses not allowed? Possible values are true or false. Defaults to true.
Note: Updating no_public_ip parameter is only allowed if the value is changing from false to true and only for VNet-injected workspaces.
Note: In v3.104.0 and higher of the provider the no_public_ip parameter will now default to true instead of false.
privateSubnetName string: The name of the Private Subnet within the Virtual Network. Required if virtual_network_id is set. Changing this forces a new resource to be created.
privateSubnetNetworkSecurityGroupAssociationId string: The resource ID of the azure.network.SubnetNetworkSecurityGroupAssociation resource which is referred to by the private_subnet_name field. This is the same as the ID of the subnet referred to by the private_subnet_name field. Required if virtual_network_id is set.
publicIpName string: Name of the Public IP for No Public IP workspace with managed virtual network. Defaults to nat-gw-public-ip. Changing this forces a new resource to be created.
publicSubnetName string: The name of the Public Subnet within the Virtual Network. Required if virtual_network_id is set. Changing this forces a new resource to be created.
publicSubnetNetworkSecurityGroupAssociationId string: The resource ID of the azure.network.SubnetNetworkSecurityGroupAssociation resource which is referred to by the public_subnet_name field. This is the same as the ID of the subnet referred to by the public_subnet_name field. Required if virtual_network_id is set.
storageAccountName string: Default Databricks File Storage account name. Defaults to a randomized name(e.g. dbstoragel6mfeghoe5kxu). Changing this forces a new resource to be created.
storageAccountSkuName string: Storage account SKU name. Possible values include Standard_LRS, Standard_GRS, Standard_RAGRS, Standard_GZRS, Standard_RAGZRS, Standard_ZRS, Premium_LRS or Premium_ZRS. Defaults to Standard_GRS.
virtualNetworkId string: The ID of a Virtual Network where this Databricks Cluster should be created. Changing this forces a new resource to be created.
vnetAddressPrefix string: Address prefix for Managed virtual network. Defaults to 10.139. Changing this forces a new resource to be created.
Note: Databricks requires that a network security group is associated with the public and private subnets when a virtual_network_id has been defined. Both public and private subnets must be delegated to Microsoft.Databricks/workspaces. For more information about subnet delegation see the product documentation.

machine_learning_workspace_id str: The ID of a Azure Machine Learning workspace to link with Databricks workspace. Changing this forces a new resource to be created.
nat_gateway_name str: Name of the NAT gateway for Secure Cluster Connectivity (No Public IP) workspace subnets (only for workspace with managed virtual network). Defaults to nat-gateway. Changing this forces a new resource to be created.
no_public_ip bool: Are public IP Addresses not allowed? Possible values are true or false. Defaults to true.
Note: Updating no_public_ip parameter is only allowed if the value is changing from false to true and only for VNet-injected workspaces.
Note: In v3.104.0 and higher of the provider the no_public_ip parameter will now default to true instead of false.
private_subnet_name str: The name of the Private Subnet within the Virtual Network. Required if virtual_network_id is set. Changing this forces a new resource to be created.
private_subnet_network_security_group_association_id str: The resource ID of the azure.network.SubnetNetworkSecurityGroupAssociation resource which is referred to by the private_subnet_name field. This is the same as the ID of the subnet referred to by the private_subnet_name field. Required if virtual_network_id is set.
public_ip_name str: Name of the Public IP for No Public IP workspace with managed virtual network. Defaults to nat-gw-public-ip. Changing this forces a new resource to be created.
public_subnet_name str: The name of the Public Subnet within the Virtual Network. Required if virtual_network_id is set. Changing this forces a new resource to be created.
public_subnet_network_security_group_association_id str: The resource ID of the azure.network.SubnetNetworkSecurityGroupAssociation resource which is referred to by the public_subnet_name field. This is the same as the ID of the subnet referred to by the public_subnet_name field. Required if virtual_network_id is set.
storage_account_name str: Default Databricks File Storage account name. Defaults to a randomized name(e.g. dbstoragel6mfeghoe5kxu). Changing this forces a new resource to be created.
storage_account_sku_name str: Storage account SKU name. Possible values include Standard_LRS, Standard_GRS, Standard_RAGRS, Standard_GZRS, Standard_RAGZRS, Standard_ZRS, Premium_LRS or Premium_ZRS. Defaults to Standard_GRS.
virtual_network_id str: The ID of a Virtual Network where this Databricks Cluster should be created. Changing this forces a new resource to be created.
vnet_address_prefix str: Address prefix for Managed virtual network. Defaults to 10.139. Changing this forces a new resource to be created.
Note: Databricks requires that a network security group is associated with the public and private subnets when a virtual_network_id has been defined. Both public and private subnets must be delegated to Microsoft.Databricks/workspaces. For more information about subnet delegation see the product documentation.

machineLearningWorkspaceId String: The ID of a Azure Machine Learning workspace to link with Databricks workspace. Changing this forces a new resource to be created.
natGatewayName String: Name of the NAT gateway for Secure Cluster Connectivity (No Public IP) workspace subnets (only for workspace with managed virtual network). Defaults to nat-gateway. Changing this forces a new resource to be created.
noPublicIp Boolean: Are public IP Addresses not allowed? Possible values are true or false. Defaults to true.
Note: Updating no_public_ip parameter is only allowed if the value is changing from false to true and only for VNet-injected workspaces.
Note: In v3.104.0 and higher of the provider the no_public_ip parameter will now default to true instead of false.
privateSubnetName String: The name of the Private Subnet within the Virtual Network. Required if virtual_network_id is set. Changing this forces a new resource to be created.
privateSubnetNetworkSecurityGroupAssociationId String: The resource ID of the azure.network.SubnetNetworkSecurityGroupAssociation resource which is referred to by the private_subnet_name field. This is the same as the ID of the subnet referred to by the private_subnet_name field. Required if virtual_network_id is set.
publicIpName String: Name of the Public IP for No Public IP workspace with managed virtual network. Defaults to nat-gw-public-ip. Changing this forces a new resource to be created.
publicSubnetName String: The name of the Public Subnet within the Virtual Network. Required if virtual_network_id is set. Changing this forces a new resource to be created.
publicSubnetNetworkSecurityGroupAssociationId String: The resource ID of the azure.network.SubnetNetworkSecurityGroupAssociation resource which is referred to by the public_subnet_name field. This is the same as the ID of the subnet referred to by the public_subnet_name field. Required if virtual_network_id is set.
storageAccountName String: Default Databricks File Storage account name. Defaults to a randomized name(e.g. dbstoragel6mfeghoe5kxu). Changing this forces a new resource to be created.
storageAccountSkuName String: Storage account SKU name. Possible values include Standard_LRS, Standard_GRS, Standard_RAGRS, Standard_GZRS, Standard_RAGZRS, Standard_ZRS, Premium_LRS or Premium_ZRS. Defaults to Standard_GRS.
virtualNetworkId String: The ID of a Virtual Network where this Databricks Cluster should be created. Changing this forces a new resource to be created.
vnetAddressPrefix String: Address prefix for Managed virtual network. Defaults to 10.139. Changing this forces a new resource to be created.
Note: Databricks requires that a network security group is associated with the public and private subnets when a virtual_network_id has been defined. Both public and private subnets must be delegated to Microsoft.Databricks/workspaces. For more information about subnet delegation see the product documentation.

WorkspaceEnhancedSecurityCompliance, WorkspaceEnhancedSecurityComplianceArgs

AutomaticClusterUpdateEnabled bool: Enables automatic cluster updates for this workspace. Defaults to false.
ComplianceSecurityProfileEnabled bool: Enables compliance security profile for this workspace. Defaults to false.
Note: Changing the value of compliance_security_profile_enabled from true to false forces a replacement of the Databricks workspace.
Note: The attributes automatic_cluster_update_enabled and enhanced_security_monitoring_enabled must be set to true in order to set compliance_security_profile_enabled to true.
ComplianceSecurityProfileStandards List<string>: A list of standards to enforce on this workspace. Possible values include HIPAA and PCI_DSS.
Note: compliance_security_profile_enabled must be set to true in order to use compliance_security_profile_standards.
Note: Removing a standard from the compliance_security_profile_standards list forces a replacement of the Databricks workspace.
EnhancedSecurityMonitoringEnabled bool: Enables enhanced security monitoring for this workspace. Defaults to false.

AutomaticClusterUpdateEnabled bool: Enables automatic cluster updates for this workspace. Defaults to false.
ComplianceSecurityProfileEnabled bool: Enables compliance security profile for this workspace. Defaults to false.
Note: Changing the value of compliance_security_profile_enabled from true to false forces a replacement of the Databricks workspace.
Note: The attributes automatic_cluster_update_enabled and enhanced_security_monitoring_enabled must be set to true in order to set compliance_security_profile_enabled to true.
ComplianceSecurityProfileStandards []string: A list of standards to enforce on this workspace. Possible values include HIPAA and PCI_DSS.
Note: compliance_security_profile_enabled must be set to true in order to use compliance_security_profile_standards.
Note: Removing a standard from the compliance_security_profile_standards list forces a replacement of the Databricks workspace.
EnhancedSecurityMonitoringEnabled bool: Enables enhanced security monitoring for this workspace. Defaults to false.

automaticClusterUpdateEnabled Boolean: Enables automatic cluster updates for this workspace. Defaults to false.
complianceSecurityProfileEnabled Boolean: Enables compliance security profile for this workspace. Defaults to false.
Note: Changing the value of compliance_security_profile_enabled from true to false forces a replacement of the Databricks workspace.
Note: The attributes automatic_cluster_update_enabled and enhanced_security_monitoring_enabled must be set to true in order to set compliance_security_profile_enabled to true.
complianceSecurityProfileStandards List<String>: A list of standards to enforce on this workspace. Possible values include HIPAA and PCI_DSS.
Note: compliance_security_profile_enabled must be set to true in order to use compliance_security_profile_standards.
Note: Removing a standard from the compliance_security_profile_standards list forces a replacement of the Databricks workspace.
enhancedSecurityMonitoringEnabled Boolean: Enables enhanced security monitoring for this workspace. Defaults to false.

automaticClusterUpdateEnabled boolean: Enables automatic cluster updates for this workspace. Defaults to false.
complianceSecurityProfileEnabled boolean: Enables compliance security profile for this workspace. Defaults to false.
Note: Changing the value of compliance_security_profile_enabled from true to false forces a replacement of the Databricks workspace.
Note: The attributes automatic_cluster_update_enabled and enhanced_security_monitoring_enabled must be set to true in order to set compliance_security_profile_enabled to true.
complianceSecurityProfileStandards string[]: A list of standards to enforce on this workspace. Possible values include HIPAA and PCI_DSS.
Note: compliance_security_profile_enabled must be set to true in order to use compliance_security_profile_standards.
Note: Removing a standard from the compliance_security_profile_standards list forces a replacement of the Databricks workspace.
enhancedSecurityMonitoringEnabled boolean: Enables enhanced security monitoring for this workspace. Defaults to false.

automatic_cluster_update_enabled bool: Enables automatic cluster updates for this workspace. Defaults to false.
compliance_security_profile_enabled bool: Enables compliance security profile for this workspace. Defaults to false.
Note: Changing the value of compliance_security_profile_enabled from true to false forces a replacement of the Databricks workspace.
Note: The attributes automatic_cluster_update_enabled and enhanced_security_monitoring_enabled must be set to true in order to set compliance_security_profile_enabled to true.
compliance_security_profile_standards Sequence[str]: A list of standards to enforce on this workspace. Possible values include HIPAA and PCI_DSS.
Note: compliance_security_profile_enabled must be set to true in order to use compliance_security_profile_standards.
Note: Removing a standard from the compliance_security_profile_standards list forces a replacement of the Databricks workspace.
enhanced_security_monitoring_enabled bool: Enables enhanced security monitoring for this workspace. Defaults to false.

automaticClusterUpdateEnabled Boolean: Enables automatic cluster updates for this workspace. Defaults to false.
complianceSecurityProfileEnabled Boolean: Enables compliance security profile for this workspace. Defaults to false.
Note: Changing the value of compliance_security_profile_enabled from true to false forces a replacement of the Databricks workspace.
Note: The attributes automatic_cluster_update_enabled and enhanced_security_monitoring_enabled must be set to true in order to set compliance_security_profile_enabled to true.
complianceSecurityProfileStandards List<String>: A list of standards to enforce on this workspace. Possible values include HIPAA and PCI_DSS.
Note: compliance_security_profile_enabled must be set to true in order to use compliance_security_profile_standards.
Note: Removing a standard from the compliance_security_profile_standards list forces a replacement of the Databricks workspace.
enhancedSecurityMonitoringEnabled Boolean: Enables enhanced security monitoring for this workspace. Defaults to false.

WorkspaceManagedDiskIdentity, WorkspaceManagedDiskIdentityArgs

PrincipalId string: The principal UUID for the internal databricks storage account needed to provide access to the workspace for enabling Customer Managed Keys.
TenantId string: The UUID of the tenant where the internal databricks storage account was created.
Type string: The type of the internal databricks storage account.

PrincipalId string: The principal UUID for the internal databricks storage account needed to provide access to the workspace for enabling Customer Managed Keys.
TenantId string: The UUID of the tenant where the internal databricks storage account was created.
Type string: The type of the internal databricks storage account.

principalId String: The principal UUID for the internal databricks storage account needed to provide access to the workspace for enabling Customer Managed Keys.
tenantId String: The UUID of the tenant where the internal databricks storage account was created.
type String: The type of the internal databricks storage account.

principalId string: The principal UUID for the internal databricks storage account needed to provide access to the workspace for enabling Customer Managed Keys.
tenantId string: The UUID of the tenant where the internal databricks storage account was created.
type string: The type of the internal databricks storage account.

principal_id str: The principal UUID for the internal databricks storage account needed to provide access to the workspace for enabling Customer Managed Keys.
tenant_id str: The UUID of the tenant where the internal databricks storage account was created.
type str: The type of the internal databricks storage account.

principalId String: The principal UUID for the internal databricks storage account needed to provide access to the workspace for enabling Customer Managed Keys.
tenantId String: The UUID of the tenant where the internal databricks storage account was created.
type String: The type of the internal databricks storage account.

WorkspaceStorageAccountIdentity, WorkspaceStorageAccountIdentityArgs

PrincipalId string: The principal UUID for the internal databricks storage account needed to provide access to the workspace for enabling Customer Managed Keys.
TenantId string: The UUID of the tenant where the internal databricks storage account was created.
Type string: The type of the internal databricks storage account.

PrincipalId string: The principal UUID for the internal databricks storage account needed to provide access to the workspace for enabling Customer Managed Keys.
TenantId string: The UUID of the tenant where the internal databricks storage account was created.
Type string: The type of the internal databricks storage account.

principalId String: The principal UUID for the internal databricks storage account needed to provide access to the workspace for enabling Customer Managed Keys.
tenantId String: The UUID of the tenant where the internal databricks storage account was created.
type String: The type of the internal databricks storage account.

principalId string: The principal UUID for the internal databricks storage account needed to provide access to the workspace for enabling Customer Managed Keys.
tenantId string: The UUID of the tenant where the internal databricks storage account was created.
type string: The type of the internal databricks storage account.

principal_id str: The principal UUID for the internal databricks storage account needed to provide access to the workspace for enabling Customer Managed Keys.
tenant_id str: The UUID of the tenant where the internal databricks storage account was created.
type str: The type of the internal databricks storage account.

principalId String: The principal UUID for the internal databricks storage account needed to provide access to the workspace for enabling Customer Managed Keys.
tenantId String: The UUID of the tenant where the internal databricks storage account was created.
type String: The type of the internal databricks storage account.

Package Details

Repository: Azure Classic pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.

We recommend using Azure Native.

Azure v6.28.0 published on Friday, Oct 3, 2025 by Pulumi

pulumi/pulumi-azure

azure.databricks.Workspace

On this page

On this page

Import

Create Workspace Resource

Constructor syntax

Parameters

Constructor example

Workspace Resource Properties

Inputs

Outputs

Look up Existing Workspace Resource

Supporting Types

WorkspaceCustomParameters, WorkspaceCustomParametersArgs

WorkspaceEnhancedSecurityCompliance, WorkspaceEnhancedSecurityComplianceArgs

WorkspaceManagedDiskIdentity, WorkspaceManagedDiskIdentityArgs

WorkspaceStorageAccountIdentity, WorkspaceStorageAccountIdentityArgs

Package Details

On this page

On this page