Dela via


Microsoft.MachineLearningServices workspaces/connections 2024-10-01

Bicep resource definition

The workspaces/connections resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.MachineLearningServices/workspaces/connections resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.MachineLearningServices/workspaces/connections@2024-10-01' = {
  name: 'string'
  properties: {
    category: 'string'
    expiryTime: 'string'
    isSharedToAll: bool
    metadata: {
      {customized property}: 'string'
    }
    sharedUserList: [
      'string'
    ]
    target: 'string'
    value: 'string'
    valueFormat: 'string'
    authType: 'string'
    // For remaining properties, see WorkspaceConnectionPropertiesV2 objects
  }
}

WorkspaceConnectionPropertiesV2 objects

Set the authType property to specify the type of object.

For AAD, use:

{
  authType: 'AAD'
}

For AccessKey, use:

{
  authType: 'AccessKey'
  credentials: {
    accessKeyId: 'string'
    secretAccessKey: 'string'
  }
}

For AccountKey, use:

{
  authType: 'AccountKey'
  credentials: {
    key: 'string'
  }
}

For ApiKey, use:

{
  authType: 'ApiKey'
  credentials: {
    key: 'string'
  }
}

For CustomKeys, use:

{
  authType: 'CustomKeys'
  credentials: {
    keys: {
      {customized property}: 'string'
    }
  }
}

For ManagedIdentity, use:

{
  authType: 'ManagedIdentity'
  credentials: {
    clientId: 'string'
    resourceId: 'string'
  }
}

For None, use:

{
  authType: 'None'
}

For OAuth2, use:

{
  authType: 'OAuth2'
  credentials: {
    authUrl: 'string'
    clientId: 'string'
    clientSecret: 'string'
    developerToken: 'string'
    password: 'string'
    refreshToken: 'string'
    tenantId: 'string'
    username: 'string'
  }
}

For PAT, use:

{
  authType: 'PAT'
  credentials: {
    pat: 'string'
  }
}

For SAS, use:

{
  authType: 'SAS'
  credentials: {
    sas: 'string'
  }
}

For ServicePrincipal, use:

{
  authType: 'ServicePrincipal'
  credentials: {
    clientId: 'string'
    clientSecret: 'string'
    tenantId: 'string'
  }
}

For UsernamePassword, use:

{
  authType: 'UsernamePassword'
  credentials: {
    password: 'string'
    securityToken: 'string'
    username: 'string'
  }
}

Property values

AADAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'AAD' (required)

AccessKeyAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'AccessKey' (required)
credentials WorkspaceConnectionAccessKey

AccountKeyAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'AccountKey' (required)
credentials WorkspaceConnectionAccountKey

ApiKeyAuthWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'ApiKey' (required)
credentials Api key object for workspace connection credential. WorkspaceConnectionApiKey

CustomKeys

Name Description Value
keys Dictionary of <string> CustomKeys

CustomKeys

Name Description Value

CustomKeysWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'CustomKeys' (required)
credentials Custom Keys credential object CustomKeys

ManagedIdentityAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'ManagedIdentity' (required)
credentials WorkspaceConnectionManagedIdentity

Microsoft.MachineLearningServices/workspaces/connections

Name Description Value
name The resource name string

Constraints:
Pattern = ^[a-zA-Z0-9][a-zA-Z0-9_-]{2,32}$ (required)
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: workspaces
properties WorkspaceConnectionPropertiesV2 (required)

NoneAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'None' (required)

OAuth2AuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'OAuth2' (required)
credentials ClientId and ClientSecret are required. Other properties are optional
depending on each OAuth2 provider's implementation.
WorkspaceConnectionOAuth2

PATAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'PAT' (required)
credentials WorkspaceConnectionPersonalAccessToken

SASAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'SAS' (required)
credentials WorkspaceConnectionSharedAccessSignature

ServicePrincipalAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'ServicePrincipal' (required)
credentials WorkspaceConnectionServicePrincipal

UsernamePasswordAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'UsernamePassword' (required)
credentials WorkspaceConnectionUsernamePassword

WorkspaceConnectionAccessKey

Name Description Value
accessKeyId string
secretAccessKey string

WorkspaceConnectionAccountKey

Name Description Value
key string

Constraints:
Sensitive value. Pass in as a secure parameter.

WorkspaceConnectionApiKey

Name Description Value
key string

WorkspaceConnectionManagedIdentity

Name Description Value
clientId string
resourceId string

WorkspaceConnectionOAuth2

Name Description Value
authUrl Required by Concur connection category string
clientId Client id in the format of UUID string

Constraints:
Min length = 36
Max length = 36
Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$
clientSecret string

Constraints:
Sensitive value. Pass in as a secure parameter.
developerToken Required by GoogleAdWords connection category string

Constraints:
Sensitive value. Pass in as a secure parameter.
password string

Constraints:
Sensitive value. Pass in as a secure parameter.
refreshToken Required by GoogleBigQuery, GoogleAdWords, Hubspot, QuickBooks, Square, Xero, Zoho
where user needs to get RefreshToken offline
string

Constraints:
Sensitive value. Pass in as a secure parameter.
tenantId Required by QuickBooks and Xero connection categories string
username Concur, ServiceNow auth server AccessToken grant type is 'Password'
which requires UsernamePassword
string

WorkspaceConnectionPersonalAccessToken

Name Description Value
pat string

WorkspaceConnectionPropertiesV2

Name Description Value
authType Set to 'AAD' for type AADAuthTypeWorkspaceConnectionProperties. Set to 'AccessKey' for type AccessKeyAuthTypeWorkspaceConnectionProperties. Set to 'AccountKey' for type AccountKeyAuthTypeWorkspaceConnectionProperties. Set to 'ApiKey' for type ApiKeyAuthWorkspaceConnectionProperties. Set to 'CustomKeys' for type CustomKeysWorkspaceConnectionProperties. Set to 'ManagedIdentity' for type ManagedIdentityAuthTypeWorkspaceConnectionProperties. Set to 'None' for type NoneAuthTypeWorkspaceConnectionProperties. Set to 'OAuth2' for type OAuth2AuthTypeWorkspaceConnectionProperties. Set to 'PAT' for type PATAuthTypeWorkspaceConnectionProperties. Set to 'SAS' for type SASAuthTypeWorkspaceConnectionProperties. Set to 'ServicePrincipal' for type ServicePrincipalAuthTypeWorkspaceConnectionProperties. Set to 'UsernamePassword' for type UsernamePasswordAuthTypeWorkspaceConnectionProperties. 'AAD'
'AccessKey'
'AccountKey'
'ApiKey'
'CustomKeys'
'ManagedIdentity'
'None'
'OAuth2'
'PAT'
'SAS'
'ServicePrincipal'
'UsernamePassword' (required)
category Category of the connection 'ADLSGen2'
'AIServices'
'AmazonMws'
'AmazonRdsForOracle'
'AmazonRdsForSqlServer'
'AmazonRedshift'
'AmazonS3Compatible'
'ApiKey'
'AzureBlob'
'AzureDatabricksDeltaLake'
'AzureDataExplorer'
'AzureMariaDb'
'AzureMySqlDb'
'AzureOneLake'
'AzureOpenAI'
'AzurePostgresDb'
'AzureSqlDb'
'AzureSqlMi'
'AzureSynapseAnalytics'
'AzureTableStorage'
'BingLLMSearch'
'Cassandra'
'CognitiveSearch'
'CognitiveService'
'Concur'
'ContainerRegistry'
'CosmosDb'
'CosmosDbMongoDbApi'
'Couchbase'
'CustomKeys'
'Db2'
'Drill'
'Dynamics'
'DynamicsAx'
'DynamicsCrm'
'Elasticsearch'
'Eloqua'
'FileServer'
'FtpServer'
'GenericContainerRegistry'
'GenericHttp'
'GenericRest'
'Git'
'GoogleAdWords'
'GoogleBigQuery'
'GoogleCloudStorage'
'Greenplum'
'Hbase'
'Hdfs'
'Hive'
'Hubspot'
'Impala'
'Informix'
'Jira'
'Magento'
'ManagedOnlineEndpoint'
'MariaDb'
'Marketo'
'MicrosoftAccess'
'MongoDbAtlas'
'MongoDbV2'
'MySql'
'Netezza'
'ODataRest'
'Odbc'
'Office365'
'OpenAI'
'Oracle'
'OracleCloudStorage'
'OracleServiceCloud'
'PayPal'
'Phoenix'
'Pinecone'
'PostgreSql'
'Presto'
'PythonFeed'
'QuickBooks'
'Redis'
'Responsys'
'S3'
'Salesforce'
'SalesforceMarketingCloud'
'SalesforceServiceCloud'
'SapBw'
'SapCloudForCustomer'
'SapEcc'
'SapHana'
'SapOpenHub'
'SapTable'
'Serp'
'Serverless'
'ServiceNow'
'Sftp'
'SharePointOnlineList'
'Shopify'
'Snowflake'
'Spark'
'SqlServer'
'Square'
'Sybase'
'Teradata'
'Vertica'
'WebTable'
'Xero'
'Zoho'
expiryTime string
isSharedToAll bool
metadata Store user metadata for this connection WorkspaceConnectionPropertiesV2Metadata
sharedUserList string[]
target string
value Value details of the workspace connection. string
valueFormat format for the workspace connection value 'JSON'

WorkspaceConnectionPropertiesV2Metadata

Name Description Value

WorkspaceConnectionServicePrincipal

Name Description Value
clientId string
clientSecret string

Constraints:
Sensitive value. Pass in as a secure parameter.
tenantId string

WorkspaceConnectionSharedAccessSignature

Name Description Value
sas string

WorkspaceConnectionUsernamePassword

Name Description Value
password string
securityToken Optional, required by connections like SalesForce for extra security in addition to UsernamePassword string

Constraints:
Sensitive value. Pass in as a secure parameter.
username string

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File Description
Azure AI Studio basic setup This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure AI Studio basic setup This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure AI Studio basic setup This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure AI Studio Network Restricted This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure AI Studio Network Restricted This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure AI Studio with Microsoft Entra ID Authentication This set of templates demonstrates how to set up Azure AI Studio with Microsoft Entra ID authentication for dependent resources, such as Azure AI Services and Azure Storage.
Deploy Secure Azure AI Studio with a managed virtual network This template creates a secure Azure AI Studio environment with robust network and identity security restrictions.

ARM template resource definition

The workspaces/connections resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.MachineLearningServices/workspaces/connections resource, add the following JSON to your template.

{
  "type": "Microsoft.MachineLearningServices/workspaces/connections",
  "apiVersion": "2024-10-01",
  "name": "string",
  "properties": {
    "category": "string",
    "expiryTime": "string",
    "isSharedToAll": "bool",
    "metadata": {
      "{customized property}": "string"
    },
    "sharedUserList": [ "string" ],
    "target": "string",
    "value": "string",
    "valueFormat": "string",
    "authType": "string"
    // For remaining properties, see WorkspaceConnectionPropertiesV2 objects
  }
}

WorkspaceConnectionPropertiesV2 objects

Set the authType property to specify the type of object.

For AAD, use:

{
  "authType": "AAD"
}

For AccessKey, use:

{
  "authType": "AccessKey",
  "credentials": {
    "accessKeyId": "string",
    "secretAccessKey": "string"
  }
}

For AccountKey, use:

{
  "authType": "AccountKey",
  "credentials": {
    "key": "string"
  }
}

For ApiKey, use:

{
  "authType": "ApiKey",
  "credentials": {
    "key": "string"
  }
}

For CustomKeys, use:

{
  "authType": "CustomKeys",
  "credentials": {
    "keys": {
      "{customized property}": "string"
    }
  }
}

For ManagedIdentity, use:

{
  "authType": "ManagedIdentity",
  "credentials": {
    "clientId": "string",
    "resourceId": "string"
  }
}

For None, use:

{
  "authType": "None"
}

For OAuth2, use:

{
  "authType": "OAuth2",
  "credentials": {
    "authUrl": "string",
    "clientId": "string",
    "clientSecret": "string",
    "developerToken": "string",
    "password": "string",
    "refreshToken": "string",
    "tenantId": "string",
    "username": "string"
  }
}

For PAT, use:

{
  "authType": "PAT",
  "credentials": {
    "pat": "string"
  }
}

For SAS, use:

{
  "authType": "SAS",
  "credentials": {
    "sas": "string"
  }
}

For ServicePrincipal, use:

{
  "authType": "ServicePrincipal",
  "credentials": {
    "clientId": "string",
    "clientSecret": "string",
    "tenantId": "string"
  }
}

For UsernamePassword, use:

{
  "authType": "UsernamePassword",
  "credentials": {
    "password": "string",
    "securityToken": "string",
    "username": "string"
  }
}

Property values

AADAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'AAD' (required)

AccessKeyAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'AccessKey' (required)
credentials WorkspaceConnectionAccessKey

AccountKeyAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'AccountKey' (required)
credentials WorkspaceConnectionAccountKey

ApiKeyAuthWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'ApiKey' (required)
credentials Api key object for workspace connection credential. WorkspaceConnectionApiKey

CustomKeys

Name Description Value
keys Dictionary of <string> CustomKeys

CustomKeys

Name Description Value

CustomKeysWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'CustomKeys' (required)
credentials Custom Keys credential object CustomKeys

ManagedIdentityAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'ManagedIdentity' (required)
credentials WorkspaceConnectionManagedIdentity

Microsoft.MachineLearningServices/workspaces/connections

Name Description Value
apiVersion The api version '2024-10-01'
name The resource name string

Constraints:
Pattern = ^[a-zA-Z0-9][a-zA-Z0-9_-]{2,32}$ (required)
properties WorkspaceConnectionPropertiesV2 (required)
type The resource type 'Microsoft.MachineLearningServices/workspaces/connections'

NoneAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'None' (required)

OAuth2AuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'OAuth2' (required)
credentials ClientId and ClientSecret are required. Other properties are optional
depending on each OAuth2 provider's implementation.
WorkspaceConnectionOAuth2

PATAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'PAT' (required)
credentials WorkspaceConnectionPersonalAccessToken

SASAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'SAS' (required)
credentials WorkspaceConnectionSharedAccessSignature

ServicePrincipalAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'ServicePrincipal' (required)
credentials WorkspaceConnectionServicePrincipal

UsernamePasswordAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'UsernamePassword' (required)
credentials WorkspaceConnectionUsernamePassword

WorkspaceConnectionAccessKey

Name Description Value
accessKeyId string
secretAccessKey string

WorkspaceConnectionAccountKey

Name Description Value
key string

Constraints:
Sensitive value. Pass in as a secure parameter.

WorkspaceConnectionApiKey

Name Description Value
key string

WorkspaceConnectionManagedIdentity

Name Description Value
clientId string
resourceId string

WorkspaceConnectionOAuth2

Name Description Value
authUrl Required by Concur connection category string
clientId Client id in the format of UUID string

Constraints:
Min length = 36
Max length = 36
Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$
clientSecret string

Constraints:
Sensitive value. Pass in as a secure parameter.
developerToken Required by GoogleAdWords connection category string

Constraints:
Sensitive value. Pass in as a secure parameter.
password string

Constraints:
Sensitive value. Pass in as a secure parameter.
refreshToken Required by GoogleBigQuery, GoogleAdWords, Hubspot, QuickBooks, Square, Xero, Zoho
where user needs to get RefreshToken offline
string

Constraints:
Sensitive value. Pass in as a secure parameter.
tenantId Required by QuickBooks and Xero connection categories string
username Concur, ServiceNow auth server AccessToken grant type is 'Password'
which requires UsernamePassword
string

WorkspaceConnectionPersonalAccessToken

Name Description Value
pat string

WorkspaceConnectionPropertiesV2

Name Description Value
authType Set to 'AAD' for type AADAuthTypeWorkspaceConnectionProperties. Set to 'AccessKey' for type AccessKeyAuthTypeWorkspaceConnectionProperties. Set to 'AccountKey' for type AccountKeyAuthTypeWorkspaceConnectionProperties. Set to 'ApiKey' for type ApiKeyAuthWorkspaceConnectionProperties. Set to 'CustomKeys' for type CustomKeysWorkspaceConnectionProperties. Set to 'ManagedIdentity' for type ManagedIdentityAuthTypeWorkspaceConnectionProperties. Set to 'None' for type NoneAuthTypeWorkspaceConnectionProperties. Set to 'OAuth2' for type OAuth2AuthTypeWorkspaceConnectionProperties. Set to 'PAT' for type PATAuthTypeWorkspaceConnectionProperties. Set to 'SAS' for type SASAuthTypeWorkspaceConnectionProperties. Set to 'ServicePrincipal' for type ServicePrincipalAuthTypeWorkspaceConnectionProperties. Set to 'UsernamePassword' for type UsernamePasswordAuthTypeWorkspaceConnectionProperties. 'AAD'
'AccessKey'
'AccountKey'
'ApiKey'
'CustomKeys'
'ManagedIdentity'
'None'
'OAuth2'
'PAT'
'SAS'
'ServicePrincipal'
'UsernamePassword' (required)
category Category of the connection 'ADLSGen2'
'AIServices'
'AmazonMws'
'AmazonRdsForOracle'
'AmazonRdsForSqlServer'
'AmazonRedshift'
'AmazonS3Compatible'
'ApiKey'
'AzureBlob'
'AzureDatabricksDeltaLake'
'AzureDataExplorer'
'AzureMariaDb'
'AzureMySqlDb'
'AzureOneLake'
'AzureOpenAI'
'AzurePostgresDb'
'AzureSqlDb'
'AzureSqlMi'
'AzureSynapseAnalytics'
'AzureTableStorage'
'BingLLMSearch'
'Cassandra'
'CognitiveSearch'
'CognitiveService'
'Concur'
'ContainerRegistry'
'CosmosDb'
'CosmosDbMongoDbApi'
'Couchbase'
'CustomKeys'
'Db2'
'Drill'
'Dynamics'
'DynamicsAx'
'DynamicsCrm'
'Elasticsearch'
'Eloqua'
'FileServer'
'FtpServer'
'GenericContainerRegistry'
'GenericHttp'
'GenericRest'
'Git'
'GoogleAdWords'
'GoogleBigQuery'
'GoogleCloudStorage'
'Greenplum'
'Hbase'
'Hdfs'
'Hive'
'Hubspot'
'Impala'
'Informix'
'Jira'
'Magento'
'ManagedOnlineEndpoint'
'MariaDb'
'Marketo'
'MicrosoftAccess'
'MongoDbAtlas'
'MongoDbV2'
'MySql'
'Netezza'
'ODataRest'
'Odbc'
'Office365'
'OpenAI'
'Oracle'
'OracleCloudStorage'
'OracleServiceCloud'
'PayPal'
'Phoenix'
'Pinecone'
'PostgreSql'
'Presto'
'PythonFeed'
'QuickBooks'
'Redis'
'Responsys'
'S3'
'Salesforce'
'SalesforceMarketingCloud'
'SalesforceServiceCloud'
'SapBw'
'SapCloudForCustomer'
'SapEcc'
'SapHana'
'SapOpenHub'
'SapTable'
'Serp'
'Serverless'
'ServiceNow'
'Sftp'
'SharePointOnlineList'
'Shopify'
'Snowflake'
'Spark'
'SqlServer'
'Square'
'Sybase'
'Teradata'
'Vertica'
'WebTable'
'Xero'
'Zoho'
expiryTime string
isSharedToAll bool
metadata Store user metadata for this connection WorkspaceConnectionPropertiesV2Metadata
sharedUserList string[]
target string
value Value details of the workspace connection. string
valueFormat format for the workspace connection value 'JSON'

WorkspaceConnectionPropertiesV2Metadata

Name Description Value

WorkspaceConnectionServicePrincipal

Name Description Value
clientId string
clientSecret string

Constraints:
Sensitive value. Pass in as a secure parameter.
tenantId string

WorkspaceConnectionSharedAccessSignature

Name Description Value
sas string

WorkspaceConnectionUsernamePassword

Name Description Value
password string
securityToken Optional, required by connections like SalesForce for extra security in addition to UsernamePassword string

Constraints:
Sensitive value. Pass in as a secure parameter.
username string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Azure AI Studio basic setup

Deploy to Azure
This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure AI Studio basic setup

Deploy to Azure
This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure AI Studio basic setup

Deploy to Azure
This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure AI Studio Network Restricted

Deploy to Azure
This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure AI Studio Network Restricted

Deploy to Azure
This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure AI Studio with Microsoft Entra ID Authentication

Deploy to Azure
This set of templates demonstrates how to set up Azure AI Studio with Microsoft Entra ID authentication for dependent resources, such as Azure AI Services and Azure Storage.
Deploy Secure Azure AI Studio with a managed virtual network

Deploy to Azure
This template creates a secure Azure AI Studio environment with robust network and identity security restrictions.

Terraform (AzAPI provider) resource definition

The workspaces/connections resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.MachineLearningServices/workspaces/connections resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.MachineLearningServices/workspaces/connections@2024-10-01"
  name = "string"
  body = jsonencode({
    properties = {
      category = "string"
      expiryTime = "string"
      isSharedToAll = bool
      metadata = {
        {customized property} = "string"
      }
      sharedUserList = [
        "string"
      ]
      target = "string"
      value = "string"
      valueFormat = "string"
      authType = "string"
      // For remaining properties, see WorkspaceConnectionPropertiesV2 objects
    }
  })
}

WorkspaceConnectionPropertiesV2 objects

Set the authType property to specify the type of object.

For AAD, use:

{
  authType = "AAD"
}

For AccessKey, use:

{
  authType = "AccessKey"
  credentials = {
    accessKeyId = "string"
    secretAccessKey = "string"
  }
}

For AccountKey, use:

{
  authType = "AccountKey"
  credentials = {
    key = "string"
  }
}

For ApiKey, use:

{
  authType = "ApiKey"
  credentials = {
    key = "string"
  }
}

For CustomKeys, use:

{
  authType = "CustomKeys"
  credentials = {
    keys = {
      {customized property} = "string"
    }
  }
}

For ManagedIdentity, use:

{
  authType = "ManagedIdentity"
  credentials = {
    clientId = "string"
    resourceId = "string"
  }
}

For None, use:

{
  authType = "None"
}

For OAuth2, use:

{
  authType = "OAuth2"
  credentials = {
    authUrl = "string"
    clientId = "string"
    clientSecret = "string"
    developerToken = "string"
    password = "string"
    refreshToken = "string"
    tenantId = "string"
    username = "string"
  }
}

For PAT, use:

{
  authType = "PAT"
  credentials = {
    pat = "string"
  }
}

For SAS, use:

{
  authType = "SAS"
  credentials = {
    sas = "string"
  }
}

For ServicePrincipal, use:

{
  authType = "ServicePrincipal"
  credentials = {
    clientId = "string"
    clientSecret = "string"
    tenantId = "string"
  }
}

For UsernamePassword, use:

{
  authType = "UsernamePassword"
  credentials = {
    password = "string"
    securityToken = "string"
    username = "string"
  }
}

Property values

AADAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'AAD' (required)

AccessKeyAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'AccessKey' (required)
credentials WorkspaceConnectionAccessKey

AccountKeyAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'AccountKey' (required)
credentials WorkspaceConnectionAccountKey

ApiKeyAuthWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'ApiKey' (required)
credentials Api key object for workspace connection credential. WorkspaceConnectionApiKey

CustomKeys

Name Description Value
keys Dictionary of <string> CustomKeys

CustomKeys

Name Description Value

CustomKeysWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'CustomKeys' (required)
credentials Custom Keys credential object CustomKeys

ManagedIdentityAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'ManagedIdentity' (required)
credentials WorkspaceConnectionManagedIdentity

Microsoft.MachineLearningServices/workspaces/connections

Name Description Value
name The resource name string

Constraints:
Pattern = ^[a-zA-Z0-9][a-zA-Z0-9_-]{2,32}$ (required)
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: workspaces
properties WorkspaceConnectionPropertiesV2 (required)
type The resource type "Microsoft.MachineLearningServices/workspaces/connections@2024-10-01"

NoneAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'None' (required)

OAuth2AuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'OAuth2' (required)
credentials ClientId and ClientSecret are required. Other properties are optional
depending on each OAuth2 provider's implementation.
WorkspaceConnectionOAuth2

PATAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'PAT' (required)
credentials WorkspaceConnectionPersonalAccessToken

SASAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'SAS' (required)
credentials WorkspaceConnectionSharedAccessSignature

ServicePrincipalAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'ServicePrincipal' (required)
credentials WorkspaceConnectionServicePrincipal

UsernamePasswordAuthTypeWorkspaceConnectionProperties

Name Description Value
authType Authentication type of the connection target 'UsernamePassword' (required)
credentials WorkspaceConnectionUsernamePassword

WorkspaceConnectionAccessKey

Name Description Value
accessKeyId string
secretAccessKey string

WorkspaceConnectionAccountKey

Name Description Value
key string

Constraints:
Sensitive value. Pass in as a secure parameter.

WorkspaceConnectionApiKey

Name Description Value
key string

WorkspaceConnectionManagedIdentity

Name Description Value
clientId string
resourceId string

WorkspaceConnectionOAuth2

Name Description Value
authUrl Required by Concur connection category string
clientId Client id in the format of UUID string

Constraints:
Min length = 36
Max length = 36
Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$
clientSecret string

Constraints:
Sensitive value. Pass in as a secure parameter.
developerToken Required by GoogleAdWords connection category string

Constraints:
Sensitive value. Pass in as a secure parameter.
password string

Constraints:
Sensitive value. Pass in as a secure parameter.
refreshToken Required by GoogleBigQuery, GoogleAdWords, Hubspot, QuickBooks, Square, Xero, Zoho
where user needs to get RefreshToken offline
string

Constraints:
Sensitive value. Pass in as a secure parameter.
tenantId Required by QuickBooks and Xero connection categories string
username Concur, ServiceNow auth server AccessToken grant type is 'Password'
which requires UsernamePassword
string

WorkspaceConnectionPersonalAccessToken

Name Description Value
pat string

WorkspaceConnectionPropertiesV2

Name Description Value
authType Set to 'AAD' for type AADAuthTypeWorkspaceConnectionProperties. Set to 'AccessKey' for type AccessKeyAuthTypeWorkspaceConnectionProperties. Set to 'AccountKey' for type AccountKeyAuthTypeWorkspaceConnectionProperties. Set to 'ApiKey' for type ApiKeyAuthWorkspaceConnectionProperties. Set to 'CustomKeys' for type CustomKeysWorkspaceConnectionProperties. Set to 'ManagedIdentity' for type ManagedIdentityAuthTypeWorkspaceConnectionProperties. Set to 'None' for type NoneAuthTypeWorkspaceConnectionProperties. Set to 'OAuth2' for type OAuth2AuthTypeWorkspaceConnectionProperties. Set to 'PAT' for type PATAuthTypeWorkspaceConnectionProperties. Set to 'SAS' for type SASAuthTypeWorkspaceConnectionProperties. Set to 'ServicePrincipal' for type ServicePrincipalAuthTypeWorkspaceConnectionProperties. Set to 'UsernamePassword' for type UsernamePasswordAuthTypeWorkspaceConnectionProperties. 'AAD'
'AccessKey'
'AccountKey'
'ApiKey'
'CustomKeys'
'ManagedIdentity'
'None'
'OAuth2'
'PAT'
'SAS'
'ServicePrincipal'
'UsernamePassword' (required)
category Category of the connection 'ADLSGen2'
'AIServices'
'AmazonMws'
'AmazonRdsForOracle'
'AmazonRdsForSqlServer'
'AmazonRedshift'
'AmazonS3Compatible'
'ApiKey'
'AzureBlob'
'AzureDatabricksDeltaLake'
'AzureDataExplorer'
'AzureMariaDb'
'AzureMySqlDb'
'AzureOneLake'
'AzureOpenAI'
'AzurePostgresDb'
'AzureSqlDb'
'AzureSqlMi'
'AzureSynapseAnalytics'
'AzureTableStorage'
'BingLLMSearch'
'Cassandra'
'CognitiveSearch'
'CognitiveService'
'Concur'
'ContainerRegistry'
'CosmosDb'
'CosmosDbMongoDbApi'
'Couchbase'
'CustomKeys'
'Db2'
'Drill'
'Dynamics'
'DynamicsAx'
'DynamicsCrm'
'Elasticsearch'
'Eloqua'
'FileServer'
'FtpServer'
'GenericContainerRegistry'
'GenericHttp'
'GenericRest'
'Git'
'GoogleAdWords'
'GoogleBigQuery'
'GoogleCloudStorage'
'Greenplum'
'Hbase'
'Hdfs'
'Hive'
'Hubspot'
'Impala'
'Informix'
'Jira'
'Magento'
'ManagedOnlineEndpoint'
'MariaDb'
'Marketo'
'MicrosoftAccess'
'MongoDbAtlas'
'MongoDbV2'
'MySql'
'Netezza'
'ODataRest'
'Odbc'
'Office365'
'OpenAI'
'Oracle'
'OracleCloudStorage'
'OracleServiceCloud'
'PayPal'
'Phoenix'
'Pinecone'
'PostgreSql'
'Presto'
'PythonFeed'
'QuickBooks'
'Redis'
'Responsys'
'S3'
'Salesforce'
'SalesforceMarketingCloud'
'SalesforceServiceCloud'
'SapBw'
'SapCloudForCustomer'
'SapEcc'
'SapHana'
'SapOpenHub'
'SapTable'
'Serp'
'Serverless'
'ServiceNow'
'Sftp'
'SharePointOnlineList'
'Shopify'
'Snowflake'
'Spark'
'SqlServer'
'Square'
'Sybase'
'Teradata'
'Vertica'
'WebTable'
'Xero'
'Zoho'
expiryTime string
isSharedToAll bool
metadata Store user metadata for this connection WorkspaceConnectionPropertiesV2Metadata
sharedUserList string[]
target string
value Value details of the workspace connection. string
valueFormat format for the workspace connection value 'JSON'

WorkspaceConnectionPropertiesV2Metadata

Name Description Value

WorkspaceConnectionServicePrincipal

Name Description Value
clientId string
clientSecret string

Constraints:
Sensitive value. Pass in as a secure parameter.
tenantId string

WorkspaceConnectionSharedAccessSignature

Name Description Value
sas string

WorkspaceConnectionUsernamePassword

Name Description Value
password string
securityToken Optional, required by connections like SalesForce for extra security in addition to UsernamePassword string

Constraints:
Sensitive value. Pass in as a secure parameter.
username string