Microsoft.DataLakeStore accounts
Bicep resource definition
The accounts resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.DataLakeStore/accounts resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.DataLakeStore/accounts@2016-11-01' = {
identity: {
type: 'SystemAssigned'
}
location: 'string'
name: 'string'
properties: {
defaultGroup: 'string'
encryptionConfig: {
keyVaultMetaInfo: {
encryptionKeyName: 'string'
encryptionKeyVersion: 'string'
keyVaultResourceId: 'string'
}
type: 'string'
}
encryptionState: 'string'
firewallAllowAzureIps: 'string'
firewallRules: [
{
name: 'string'
properties: {
endIpAddress: 'string'
startIpAddress: 'string'
}
}
]
firewallState: 'string'
newTier: 'string'
trustedIdProviders: [
{
name: 'string'
properties: {
idProvider: 'string'
}
}
]
trustedIdProviderState: 'string'
virtualNetworkRules: [
{
name: 'string'
properties: {
subnetId: 'string'
}
}
]
}
tags: {
{customized property}: 'string'
}
}
Property values
CreateDataLakeStoreAccountParametersTags
| Name | Description | Value |
|---|
CreateDataLakeStoreAccountPropertiesOrDataLakeStoreAccountProperties
| Name | Description | Value |
|---|---|---|
| defaultGroup | The default owner group for all new folders and files created in the Data Lake Store account. | string |
| encryptionConfig | The Key Vault encryption configuration. | EncryptionConfig |
| encryptionState | The current state of encryption for this Data Lake Store account. | 'Disabled' 'Enabled' |
| firewallAllowAzureIps | The current state of allowing or disallowing IPs originating within Azure through the firewall. If the firewall is disabled, this is not enforced. | 'Disabled' 'Enabled' |
| firewallRules | The list of firewall rules associated with this Data Lake Store account. | CreateFirewallRuleWithAccountParametersOrFirewallRule[] |
| firewallState | The current state of the IP address firewall for this Data Lake Store account. | 'Disabled' 'Enabled' |
| newTier | The commitment tier to use for next month. | 'Commitment_100TB' 'Commitment_10TB' 'Commitment_1PB' 'Commitment_1TB' 'Commitment_500TB' 'Commitment_5PB' 'Consumption' |
| trustedIdProviders | The list of trusted identity providers associated with this Data Lake Store account. | CreateTrustedIdProviderWithAccountParametersOrTrustedIdProvider[] |
| trustedIdProviderState | The current state of the trusted identity provider feature for this Data Lake Store account. | 'Disabled' 'Enabled' |
| virtualNetworkRules | The list of virtual network rules associated with this Data Lake Store account. | CreateVirtualNetworkRuleWithAccountParametersOrVirtualNetworkRule[] |
CreateFirewallRuleWithAccountParametersOrFirewallRule
| Name | Description | Value |
|---|---|---|
| name | The unique name of the firewall rule to create. | string (required) |
| properties | The firewall rule properties to use when creating a new firewall rule. | CreateOrUpdateFirewallRulePropertiesOrFirewallRuleProperties (required) |
CreateOrUpdateFirewallRulePropertiesOrFirewallRuleProperties
| Name | Description | Value |
|---|---|---|
| endIpAddress | The end IP address for the firewall rule. This can be either ipv4 or ipv6. Start and End should be in the same protocol. | string (required) |
| startIpAddress | The start IP address for the firewall rule. This can be either ipv4 or ipv6. Start and End should be in the same protocol. | string (required) |
CreateOrUpdateTrustedIdProviderPropertiesOrTrustedIdProviderProperties
| Name | Description | Value |
|---|---|---|
| idProvider | The URL of this trusted identity provider. | string (required) |
CreateOrUpdateVirtualNetworkRulePropertiesOrVirtualNetworkRuleProperties
| Name | Description | Value |
|---|---|---|
| subnetId | The resource identifier for the subnet. | string (required) |
CreateTrustedIdProviderWithAccountParametersOrTrustedIdProvider
| Name | Description | Value |
|---|---|---|
| name | The unique name of the trusted identity provider to create. | string (required) |
| properties | The trusted identity provider properties to use when creating a new trusted identity provider. | CreateOrUpdateTrustedIdProviderPropertiesOrTrustedIdProviderProperties (required) |
CreateVirtualNetworkRuleWithAccountParametersOrVirtualNetworkRule
| Name | Description | Value |
|---|---|---|
| name | The unique name of the virtual network rule to create. | string (required) |
| properties | The virtual network rule properties to use when creating a new virtual network rule. | CreateOrUpdateVirtualNetworkRulePropertiesOrVirtualNetworkRuleProperties (required) |
EncryptionConfig
| Name | Description | Value |
|---|---|---|
| keyVaultMetaInfo | The Key Vault information for connecting to user managed encryption keys. | KeyVaultMetaInfo |
| type | The type of encryption configuration being used. Currently the only supported types are 'UserManaged' and 'ServiceManaged'. | 'ServiceManaged' 'UserManaged' (required) |
EncryptionIdentity
| Name | Description | Value |
|---|---|---|
| type | The type of encryption being used. Currently the only supported type is 'SystemAssigned'. | 'SystemAssigned' (required) |
KeyVaultMetaInfo
| Name | Description | Value |
|---|---|---|
| encryptionKeyName | The name of the user managed encryption key. | string (required) |
| encryptionKeyVersion | The version of the user managed encryption key. | string (required) |
| keyVaultResourceId | The resource identifier for the user managed Key Vault being used to encrypt. | string (required) |
Microsoft.DataLakeStore/accounts
| Name | Description | Value |
|---|---|---|
| identity | The Key Vault encryption identity, if any. | EncryptionIdentity |
| location | The resource location. | string (required) |
| name | The resource name | string (required) |
| properties | The Data Lake Store account properties to use for creating. | CreateDataLakeStoreAccountPropertiesOrDataLakeStoreAccountProperties |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
Quickstart samples
The following quickstart samples deploy this resource type.
| Bicep File | Description |
|---|---|
| Deploy Data Lake Store account with encryption(Data Lake) | This template allows you to deploy an Azure Data Lake Store account with data encryption enabled. This account uses the Data Lake store account to manage the encryption key. |
ARM template resource definition
The accounts resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.DataLakeStore/accounts resource, add the following JSON to your template.
{
"type": "Microsoft.DataLakeStore/accounts",
"apiVersion": "2016-11-01",
"name": "string",
"identity": {
"type": "SystemAssigned"
},
"location": "string",
"properties": {
"defaultGroup": "string",
"encryptionConfig": {
"keyVaultMetaInfo": {
"encryptionKeyName": "string",
"encryptionKeyVersion": "string",
"keyVaultResourceId": "string"
},
"type": "string"
},
"encryptionState": "string",
"firewallAllowAzureIps": "string",
"firewallRules": [
{
"name": "string",
"properties": {
"endIpAddress": "string",
"startIpAddress": "string"
}
}
],
"firewallState": "string",
"newTier": "string",
"trustedIdProviders": [
{
"name": "string",
"properties": {
"idProvider": "string"
}
}
],
"trustedIdProviderState": "string",
"virtualNetworkRules": [
{
"name": "string",
"properties": {
"subnetId": "string"
}
}
]
},
"tags": {
"{customized property}": "string"
}
}
Property values
CreateDataLakeStoreAccountParametersTags
| Name | Description | Value |
|---|
CreateDataLakeStoreAccountPropertiesOrDataLakeStoreAccountProperties
| Name | Description | Value |
|---|---|---|
| defaultGroup | The default owner group for all new folders and files created in the Data Lake Store account. | string |
| encryptionConfig | The Key Vault encryption configuration. | EncryptionConfig |
| encryptionState | The current state of encryption for this Data Lake Store account. | 'Disabled' 'Enabled' |
| firewallAllowAzureIps | The current state of allowing or disallowing IPs originating within Azure through the firewall. If the firewall is disabled, this is not enforced. | 'Disabled' 'Enabled' |
| firewallRules | The list of firewall rules associated with this Data Lake Store account. | CreateFirewallRuleWithAccountParametersOrFirewallRule[] |
| firewallState | The current state of the IP address firewall for this Data Lake Store account. | 'Disabled' 'Enabled' |
| newTier | The commitment tier to use for next month. | 'Commitment_100TB' 'Commitment_10TB' 'Commitment_1PB' 'Commitment_1TB' 'Commitment_500TB' 'Commitment_5PB' 'Consumption' |
| trustedIdProviders | The list of trusted identity providers associated with this Data Lake Store account. | CreateTrustedIdProviderWithAccountParametersOrTrustedIdProvider[] |
| trustedIdProviderState | The current state of the trusted identity provider feature for this Data Lake Store account. | 'Disabled' 'Enabled' |
| virtualNetworkRules | The list of virtual network rules associated with this Data Lake Store account. | CreateVirtualNetworkRuleWithAccountParametersOrVirtualNetworkRule[] |
CreateFirewallRuleWithAccountParametersOrFirewallRule
| Name | Description | Value |
|---|---|---|
| name | The unique name of the firewall rule to create. | string (required) |
| properties | The firewall rule properties to use when creating a new firewall rule. | CreateOrUpdateFirewallRulePropertiesOrFirewallRuleProperties (required) |
CreateOrUpdateFirewallRulePropertiesOrFirewallRuleProperties
| Name | Description | Value |
|---|---|---|
| endIpAddress | The end IP address for the firewall rule. This can be either ipv4 or ipv6. Start and End should be in the same protocol. | string (required) |
| startIpAddress | The start IP address for the firewall rule. This can be either ipv4 or ipv6. Start and End should be in the same protocol. | string (required) |
CreateOrUpdateTrustedIdProviderPropertiesOrTrustedIdProviderProperties
| Name | Description | Value |
|---|---|---|
| idProvider | The URL of this trusted identity provider. | string (required) |
CreateOrUpdateVirtualNetworkRulePropertiesOrVirtualNetworkRuleProperties
| Name | Description | Value |
|---|---|---|
| subnetId | The resource identifier for the subnet. | string (required) |
CreateTrustedIdProviderWithAccountParametersOrTrustedIdProvider
| Name | Description | Value |
|---|---|---|
| name | The unique name of the trusted identity provider to create. | string (required) |
| properties | The trusted identity provider properties to use when creating a new trusted identity provider. | CreateOrUpdateTrustedIdProviderPropertiesOrTrustedIdProviderProperties (required) |
CreateVirtualNetworkRuleWithAccountParametersOrVirtualNetworkRule
| Name | Description | Value |
|---|---|---|
| name | The unique name of the virtual network rule to create. | string (required) |
| properties | The virtual network rule properties to use when creating a new virtual network rule. | CreateOrUpdateVirtualNetworkRulePropertiesOrVirtualNetworkRuleProperties (required) |
EncryptionConfig
| Name | Description | Value |
|---|---|---|
| keyVaultMetaInfo | The Key Vault information for connecting to user managed encryption keys. | KeyVaultMetaInfo |
| type | The type of encryption configuration being used. Currently the only supported types are 'UserManaged' and 'ServiceManaged'. | 'ServiceManaged' 'UserManaged' (required) |
EncryptionIdentity
| Name | Description | Value |
|---|---|---|
| type | The type of encryption being used. Currently the only supported type is 'SystemAssigned'. | 'SystemAssigned' (required) |
KeyVaultMetaInfo
| Name | Description | Value |
|---|---|---|
| encryptionKeyName | The name of the user managed encryption key. | string (required) |
| encryptionKeyVersion | The version of the user managed encryption key. | string (required) |
| keyVaultResourceId | The resource identifier for the user managed Key Vault being used to encrypt. | string (required) |
Microsoft.DataLakeStore/accounts
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2016-11-01' |
| identity | The Key Vault encryption identity, if any. | EncryptionIdentity |
| location | The resource location. | string (required) |
| name | The resource name | string (required) |
| properties | The Data Lake Store account properties to use for creating. | CreateDataLakeStoreAccountPropertiesOrDataLakeStoreAccountProperties |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| type | The resource type | 'Microsoft.DataLakeStore/accounts' |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Deploy Azure Data Lake Store with no data encryption |
This template allows you to deploy an Azure Data Lake Store account with data encryption disabled. |
| Deploy Data Lake Analytics on new Data Lake Store |
This template allows you to deploy a new Data Lake Analytics account on a new Data Lake Store account. |
| Deploy Data Lake Store account with encryption(Data Lake) |
This template allows you to deploy an Azure Data Lake Store account with data encryption enabled. This account uses the Data Lake store account to manage the encryption key. |
| Deploy Data Lake Store account with encryption(Key Vault) |
This template allows you to deploy an Azure Data Lake Store account with data encryption enabled. This account uses Azure Key Vault to manage the encryption key. |
| Deploy HDInsight on new Data Lake Store and Storage |
This template allows you to deploy a new Linux HDInsight cluster with new Data Lake Store and Storage accounts. |
Terraform (AzAPI provider) resource definition
The accounts resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.DataLakeStore/accounts resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.DataLakeStore/accounts@2016-11-01"
name = "string"
identity = {
type = "SystemAssigned"
}
location = "string"
tags = {
{customized property} = "string"
}
body = jsonencode({
properties = {
defaultGroup = "string"
encryptionConfig = {
keyVaultMetaInfo = {
encryptionKeyName = "string"
encryptionKeyVersion = "string"
keyVaultResourceId = "string"
}
type = "string"
}
encryptionState = "string"
firewallAllowAzureIps = "string"
firewallRules = [
{
name = "string"
properties = {
endIpAddress = "string"
startIpAddress = "string"
}
}
]
firewallState = "string"
newTier = "string"
trustedIdProviders = [
{
name = "string"
properties = {
idProvider = "string"
}
}
]
trustedIdProviderState = "string"
virtualNetworkRules = [
{
name = "string"
properties = {
subnetId = "string"
}
}
]
}
})
}
Property values
CreateDataLakeStoreAccountParametersTags
| Name | Description | Value |
|---|
CreateDataLakeStoreAccountPropertiesOrDataLakeStoreAccountProperties
| Name | Description | Value |
|---|---|---|
| defaultGroup | The default owner group for all new folders and files created in the Data Lake Store account. | string |
| encryptionConfig | The Key Vault encryption configuration. | EncryptionConfig |
| encryptionState | The current state of encryption for this Data Lake Store account. | 'Disabled' 'Enabled' |
| firewallAllowAzureIps | The current state of allowing or disallowing IPs originating within Azure through the firewall. If the firewall is disabled, this is not enforced. | 'Disabled' 'Enabled' |
| firewallRules | The list of firewall rules associated with this Data Lake Store account. | CreateFirewallRuleWithAccountParametersOrFirewallRule[] |
| firewallState | The current state of the IP address firewall for this Data Lake Store account. | 'Disabled' 'Enabled' |
| newTier | The commitment tier to use for next month. | 'Commitment_100TB' 'Commitment_10TB' 'Commitment_1PB' 'Commitment_1TB' 'Commitment_500TB' 'Commitment_5PB' 'Consumption' |
| trustedIdProviders | The list of trusted identity providers associated with this Data Lake Store account. | CreateTrustedIdProviderWithAccountParametersOrTrustedIdProvider[] |
| trustedIdProviderState | The current state of the trusted identity provider feature for this Data Lake Store account. | 'Disabled' 'Enabled' |
| virtualNetworkRules | The list of virtual network rules associated with this Data Lake Store account. | CreateVirtualNetworkRuleWithAccountParametersOrVirtualNetworkRule[] |
CreateFirewallRuleWithAccountParametersOrFirewallRule
| Name | Description | Value |
|---|---|---|
| name | The unique name of the firewall rule to create. | string (required) |
| properties | The firewall rule properties to use when creating a new firewall rule. | CreateOrUpdateFirewallRulePropertiesOrFirewallRuleProperties (required) |
CreateOrUpdateFirewallRulePropertiesOrFirewallRuleProperties
| Name | Description | Value |
|---|---|---|
| endIpAddress | The end IP address for the firewall rule. This can be either ipv4 or ipv6. Start and End should be in the same protocol. | string (required) |
| startIpAddress | The start IP address for the firewall rule. This can be either ipv4 or ipv6. Start and End should be in the same protocol. | string (required) |
CreateOrUpdateTrustedIdProviderPropertiesOrTrustedIdProviderProperties
| Name | Description | Value |
|---|---|---|
| idProvider | The URL of this trusted identity provider. | string (required) |
CreateOrUpdateVirtualNetworkRulePropertiesOrVirtualNetworkRuleProperties
| Name | Description | Value |
|---|---|---|
| subnetId | The resource identifier for the subnet. | string (required) |
CreateTrustedIdProviderWithAccountParametersOrTrustedIdProvider
| Name | Description | Value |
|---|---|---|
| name | The unique name of the trusted identity provider to create. | string (required) |
| properties | The trusted identity provider properties to use when creating a new trusted identity provider. | CreateOrUpdateTrustedIdProviderPropertiesOrTrustedIdProviderProperties (required) |
CreateVirtualNetworkRuleWithAccountParametersOrVirtualNetworkRule
| Name | Description | Value |
|---|---|---|
| name | The unique name of the virtual network rule to create. | string (required) |
| properties | The virtual network rule properties to use when creating a new virtual network rule. | CreateOrUpdateVirtualNetworkRulePropertiesOrVirtualNetworkRuleProperties (required) |
EncryptionConfig
| Name | Description | Value |
|---|---|---|
| keyVaultMetaInfo | The Key Vault information for connecting to user managed encryption keys. | KeyVaultMetaInfo |
| type | The type of encryption configuration being used. Currently the only supported types are 'UserManaged' and 'ServiceManaged'. | 'ServiceManaged' 'UserManaged' (required) |
EncryptionIdentity
| Name | Description | Value |
|---|---|---|
| type | The type of encryption being used. Currently the only supported type is 'SystemAssigned'. | 'SystemAssigned' (required) |
KeyVaultMetaInfo
| Name | Description | Value |
|---|---|---|
| encryptionKeyName | The name of the user managed encryption key. | string (required) |
| encryptionKeyVersion | The version of the user managed encryption key. | string (required) |
| keyVaultResourceId | The resource identifier for the user managed Key Vault being used to encrypt. | string (required) |
Microsoft.DataLakeStore/accounts
| Name | Description | Value |
|---|---|---|
| identity | The Key Vault encryption identity, if any. | EncryptionIdentity |
| location | The resource location. | string (required) |
| name | The resource name | string (required) |
| properties | The Data Lake Store account properties to use for creating. | CreateDataLakeStoreAccountPropertiesOrDataLakeStoreAccountProperties |
| tags | Resource tags | Dictionary of tag names and values. |
| type | The resource type | "Microsoft.DataLakeStore/accounts@2016-11-01" |