Synapse - create managed private endpoint for storage account

Paolo Panvini 21 Reputation points


we have a pipeline in bicep which creates a Synapse workspace.

We would like to change it in order to automatize the creation of the managed private endpoint of the storage account and we followed the bicep API described here:

so in the property DataLakeStorageAccountDetails we added the flag createManagedPrivateEndpoint with value true and then we added the resourceId with the resource Id of the storage account.

The deploy doesn't work and it ends with the error:

 [\r\n {\r\n \"code\": \"BadRequest\",\r\n \"message\": \"{\\r\\n \\\"error\\\": {\\r\\n \\\"code\\\": \\\"ValidationFailed\\\",\\r\\n \\\"message\\\": \\\"Workspace request validation failed, check error details for more information\\\",\\r\\n \\\"details\\\": [\\r\\n {\\r\\n \\\"code\\\": \\\"DefaultDataLakeStorageCannotBeUpdated\\\",\\r\\n \\\"message\\\": \\\"Default data lake storage cannot be updated. resourceId: /subscriptions/............, createManagedPrivateEndpoint: \\\"\\r\\n }\\r\\n ]\\r\\n }\\r\\n}\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}"}]}}  

Do you know the reason of this error?

Thank you


Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,348 questions
0 comments No comments
{count} votes

Accepted answer
  1. ShaikMaheer-MSFT 37,896 Reputation points Microsoft Employee

    Hi @Paolo Panvini ,

    Thank you for posting query in Microsoft Q&A Platform.

    As per implementation, it seems data lake storage is already created and while deploying synapse workspace you are trying to update that existing data lake storage to have private end point. hence, we see error saying Data lake storage cannot be updated.

    Could you please consider having Private end point for your data lake storage while deploying Data lake storage itself? So that we can avoid this error.

    Please let us know how it goes. Thank you.

1 additional answer

Sort by: Most helpful
  1. Paolo Panvini 21 Reputation points

    Hello @ShaikMaheer-MSFT

    As we saw that with the bicep API there was a problem,
    we changed the deployment process and we used az cli for creating the managed private endpoint and to approve it on the storage account.