Quickstart: Share data using Azure Data Share and ARM template

Learn how to set up a new Azure Data Share from an Azure storage account by using an Azure Resource Manager template (ARM template). And, start sharing your data with customers and partners outside of your Azure organization. For a list of the supported data stores, see Supported data stores in Azure Data Share.

An Azure Resource Manager template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. The template uses declarative syntax. You describe your intended deployment without writing the sequence of programming commands to create the deployment.

If your environment meets the prerequisites and you're familiar with using ARM templates, select the Deploy to Azure button. The template will open in the Azure portal.

Prerequisites

If you don't have an Azure subscription, create a free account before you begin.

Review the template

The template used in this quickstart is from Azure Quickstart Templates.

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "metadata": {
    "_generator": {
      "name": "bicep",
      "version": "0.5.6.12127",
      "templateHash": "9068130575551523333"
    }
  },
  "parameters": {
    "projectName": {
      "type": "string",
      "metadata": {
        "description": "Specify a project name that is used to generate resource names."
      }
    },
    "location": {
      "type": "string",
      "defaultValue": "[resourceGroup().location]",
      "metadata": {
        "description": "Specify the location for the resources."
      }
    },
    "invitationEmail": {
      "type": "string",
      "metadata": {
        "description": "Specify an email address for receiving data share invitations."
      }
    },
    "syncInterval": {
      "type": "string",
      "defaultValue": "Day",
      "allowedValues": [
        "Day",
        "Hour"
      ],
      "metadata": {
        "description": "Specify snapshot schedule recurrence."
      }
    },
    "syncTime": {
      "type": "string",
      "defaultValue": "[utcNow('yyyy-MM-ddTHH:mm:ssZ')]",
      "metadata": {
        "description": "Specify snapshot schedule start time."
      }
    }
  },
  "variables": {
    "storageAccountName": "[format('{0}store', parameters('projectName'))]",
    "containerName": "[format('{0}container', parameters('projectName'))]",
    "dataShareAccountName": "[format('{0}shareaccount', parameters('projectName'))]",
    "dataShareName": "[format('{0}share', parameters('projectName'))]",
    "roleAssignmentName": "[guid(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), variables('storageBlobDataReaderRoleDefinitionId'), resourceId('Microsoft.DataShare/accounts', variables('dataShareAccountName')))]",
    "inviteName": "[format('{0}invite', variables('dataShareName'))]",
    "storageBlobDataReaderRoleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1')]"
  },
  "resources": [
    {
      "type": "Microsoft.Storage/storageAccounts",
      "apiVersion": "2021-04-01",
      "name": "[variables('storageAccountName')]",
      "location": "[parameters('location')]",
      "sku": {
        "name": "Standard_LRS"
      },
      "kind": "StorageV2",
      "properties": {
        "accessTier": "Hot"
      }
    },
    {
      "type": "Microsoft.Storage/storageAccounts/blobServices/containers",
      "apiVersion": "2021-04-01",
      "name": "[format('{0}/default/{1}', variables('storageAccountName'), variables('containerName'))]",
      "dependsOn": [
        "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
      ]
    },
    {
      "type": "Microsoft.DataShare/accounts",
      "apiVersion": "2021-08-01",
      "name": "[variables('dataShareAccountName')]",
      "location": "[parameters('location')]",
      "identity": {
        "type": "SystemAssigned"
      },
      "properties": {}
    },
    {
      "type": "Microsoft.DataShare/accounts/shares",
      "apiVersion": "2021-08-01",
      "name": "[format('{0}/{1}', variables('dataShareAccountName'), variables('dataShareName'))]",
      "properties": {
        "shareKind": "CopyBased"
      },
      "dependsOn": [
        "[resourceId('Microsoft.DataShare/accounts', variables('dataShareAccountName'))]"
      ]
    },
    {
      "type": "Microsoft.Authorization/roleAssignments",
      "apiVersion": "2020-04-01-preview",
      "scope": "[format('Microsoft.Storage/storageAccounts/{0}', variables('storageAccountName'))]",
      "name": "[variables('roleAssignmentName')]",
      "properties": {
        "roleDefinitionId": "[variables('storageBlobDataReaderRoleDefinitionId')]",
        "principalId": "[reference(resourceId('Microsoft.DataShare/accounts', variables('dataShareAccountName')), '2021-08-01', 'full').identity.principalId]",
        "principalType": "ServicePrincipal"
      },
      "dependsOn": [
        "[resourceId('Microsoft.DataShare/accounts', variables('dataShareAccountName'))]",
        "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]"
      ]
    },
    {
      "type": "Microsoft.DataShare/accounts/shares/dataSets",
      "apiVersion": "2021-08-01",
      "name": "[format('{0}/{1}/{2}', variables('dataShareAccountName'), variables('dataShareName'), variables('containerName'))]",
      "kind": "Container",
      "properties": {
        "subscriptionId": "[subscription().subscriptionId]",
        "resourceGroup": "[resourceGroup().name]",
        "storageAccountName": "[variables('storageAccountName')]",
        "containerName": "[variables('containerName')]"
      },
      "dependsOn": [
        "[resourceId('Microsoft.Storage/storageAccounts/blobServices/containers', split(format('{0}/default/{1}', variables('storageAccountName'), variables('containerName')), '/')[0], split(format('{0}/default/{1}', variables('storageAccountName'), variables('containerName')), '/')[1], split(format('{0}/default/{1}', variables('storageAccountName'), variables('containerName')), '/')[2])]",
        "[resourceId('Microsoft.DataShare/accounts/shares', variables('dataShareAccountName'), variables('dataShareName'))]",
        "[resourceId('Microsoft.DataShare/accounts/shares/invitations', variables('dataShareAccountName'), variables('dataShareName'), variables('inviteName'))]",
        "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
        "[resourceId('Microsoft.DataShare/accounts/shares/synchronizationSettings', variables('dataShareAccountName'), variables('dataShareName'), format('{0}_synchronizationSetting', variables('dataShareName')))]"
      ]
    },
    {
      "type": "Microsoft.DataShare/accounts/shares/invitations",
      "apiVersion": "2021-08-01",
      "name": "[format('{0}/{1}/{2}', variables('dataShareAccountName'), variables('dataShareName'), variables('inviteName'))]",
      "properties": {
        "targetEmail": "[parameters('invitationEmail')]"
      },
      "dependsOn": [
        "[resourceId('Microsoft.DataShare/accounts/shares', variables('dataShareAccountName'), variables('dataShareName'))]"
      ]
    },
    {
      "type": "Microsoft.DataShare/accounts/shares/synchronizationSettings",
      "apiVersion": "2021-08-01",
      "name": "[format('{0}/{1}/{2}', variables('dataShareAccountName'), variables('dataShareName'), format('{0}_synchronizationSetting', variables('dataShareName')))]",
      "kind": "ScheduleBased",
      "properties": {
        "recurrenceInterval": "[parameters('syncInterval')]",
        "synchronizationTime": "[parameters('syncTime')]"
      },
      "dependsOn": [
        "[resourceId('Microsoft.DataShare/accounts/shares', variables('dataShareAccountName'), variables('dataShareName'))]"
      ]
    }
  ]
}

The following resources are defined in the template:

• Microsoft.Storage/storageAccounts:
• Microsoft.Storage/storageAccounts/blobServices/containers
• Microsoft.DataShare/accounts
• Microsoft.DataShare/accounts/shares
• Microsoft.Storage/storageAccounts/providers/roleAssignments
• Microsoft.DataShare/accounts/shares/dataSets
• Microsoft.DataShare/accounts/shares/invitations
• Microsoft.DataShare/accounts/shares/synchronizationSettings

The template performs the following tasks:

• Create a storage account and a container used as the Data share data source.
• Create a Data share account and a Data share.
• Create a role assignment to grant the Storage Blob Data Reader role to the source data share resource. See Roles and requirements for Azure Data Share.
• Add a dataset to the Date share.
• Add recipients to the Data share.
• Enable a snapshot schedule for the Data share.

This template is created for learning purposes. In practice, you usually have some data in an existing storage account. You would need to create the role assignment before running a template or a script to create the dataset. Sometimes, you might get the following error message when you deploy the template:

"Missing permissions for DataShareAcccount on resource 'subscriptions/<SUBSCRIPTION ID>/resourceGroups/<RESOURCE GROUP NAME>/providers/Microsoft.Storage/storageAccounts/<STORAGE ACCOUNT NAME>' (Code: 5006)"

It's because the deployment is trying to create the dataset before the Azure role assignment gets finalized. Despite the error message, the deployment could be successful. You would still be able to walk through Review deployed resources.

Deploy the template

1. Select the following image to sign in to Azure and open the template.

   

2. Select or enter the following values:

   • Subscription: select an Azure subscription used to create the data share and the other resources.
   • Resource group: select Create new to create a new resource group or select an existing resource group.
   • Location: select a location for the resource group.
   • Project Name: enter a project name. The project name is used for generating resource names. See the variable definitions in the previous template.
   • location: select a location for the resources. You can use the same location for the resource group.
   • Invitation Email: enter the data share recipient's Azure sign in email address. Email alias doesn't work.

   Use the default value for the rest of the settings.

3. select I agree to the terms and conditions stated above, and the select Purchase.

Review deployed resources

1. Sign in to the Azure portal.

2. Open the data share account that you created.

3. From the left menu, select Send Shares. You shall see the storage account listed.

4. Select the storage account. Under Details, you shall see the synchronization setting as you configured in the template.

   

5. Select Invitations from the top. You shall see the email address that you specified when you deploy the template. The Status shall be Pending.

Clean up resources

When no longer needed, delete the resource group, which deletes the resources in the resource group.

$resourceGroupName = Read-Host -Prompt "Enter the resource group name"
Remove-AzResourceGroup -Name $resourceGroupName
Write-Host "Press [ENTER] to continue..."

Next steps

In this quickstart, you learnt how to create an Azure data share and invite recipients. To learn more about how a data consumer can accept and receive a data share, continue to the accept and receive data tutorial.