Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The accounts resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.DataLakeStore/accounts resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.DataLakeStore/accounts@2016-11-01' = {
identity: {
type: 'SystemAssigned'
}
location: 'string'
name: 'string'
properties: {
defaultGroup: 'string'
encryptionConfig: {
keyVaultMetaInfo: {
encryptionKeyName: 'string'
encryptionKeyVersion: 'string'
keyVaultResourceId: 'string'
}
type: 'string'
}
encryptionState: 'string'
firewallAllowAzureIps: 'string'
firewallRules: [
{
name: 'string'
properties: {
endIpAddress: 'string'
startIpAddress: 'string'
}
}
]
firewallState: 'string'
newTier: 'string'
trustedIdProviders: [
{
name: 'string'
properties: {
idProvider: 'string'
}
}
]
trustedIdProviderState: 'string'
virtualNetworkRules: [
{
name: 'string'
properties: {
subnetId: 'string'
}
}
]
}
tags: {
{customized property}: 'string'
}
}
Property Values
Microsoft.DataLakeStore/accounts
| Name | Description | Value |
|---|---|---|
| identity | The Key Vault encryption identity, if any. | EncryptionIdentity |
| location | The resource location. | string (required) |
| name | The resource name | string (required) |
| properties | The Data Lake Store account properties to use for creating. | CreateDataLakeStoreAccountPropertiesOrDataLakeStoreAccountProperties |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
CreateDataLakeStoreAccountParametersTags
| Name | Description | Value |
|---|
CreateDataLakeStoreAccountPropertiesOrDataLakeStoreAccountProperties
| Name | Description | Value |
|---|---|---|
| defaultGroup | The default owner group for all new folders and files created in the Data Lake Store account. | string |
| encryptionConfig | The Key Vault encryption configuration. | EncryptionConfig |
| encryptionState | The current state of encryption for this Data Lake Store account. | 'Disabled' 'Enabled' |
| firewallAllowAzureIps | The current state of allowing or disallowing IPs originating within Azure through the firewall. If the firewall is disabled, this is not enforced. | 'Disabled' 'Enabled' |
| firewallRules | The list of firewall rules associated with this Data Lake Store account. | CreateFirewallRuleWithAccountParametersOrFirewallRule[] |
| firewallState | The current state of the IP address firewall for this Data Lake Store account. | 'Disabled' 'Enabled' |
| newTier | The commitment tier to use for next month. | 'Commitment_100TB' 'Commitment_10TB' 'Commitment_1PB' 'Commitment_1TB' 'Commitment_500TB' 'Commitment_5PB' 'Consumption' |
| trustedIdProviders | The list of trusted identity providers associated with this Data Lake Store account. | CreateTrustedIdProviderWithAccountParametersOrTrustedIdProvider[] |
| trustedIdProviderState | The current state of the trusted identity provider feature for this Data Lake Store account. | 'Disabled' 'Enabled' |
| virtualNetworkRules | The list of virtual network rules associated with this Data Lake Store account. | CreateVirtualNetworkRuleWithAccountParametersOrVirtualNetworkRule[] |
CreateFirewallRuleWithAccountParametersOrFirewallRule
| Name | Description | Value |
|---|---|---|
| name | The unique name of the firewall rule to create. | string (required) |
| properties | The firewall rule properties to use when creating a new firewall rule. | CreateOrUpdateFirewallRulePropertiesOrFirewallRuleProperties (required) |
CreateOrUpdateFirewallRulePropertiesOrFirewallRuleProperties
| Name | Description | Value |
|---|---|---|
| endIpAddress | The end IP address for the firewall rule. This can be either ipv4 or ipv6. Start and End should be in the same protocol. | string (required) |
| startIpAddress | The start IP address for the firewall rule. This can be either ipv4 or ipv6. Start and End should be in the same protocol. | string (required) |
CreateOrUpdateTrustedIdProviderPropertiesOrTrustedIdProviderProperties
| Name | Description | Value |
|---|---|---|
| idProvider | The URL of this trusted identity provider. | string (required) |
CreateOrUpdateVirtualNetworkRulePropertiesOrVirtualNetworkRuleProperties
| Name | Description | Value |
|---|---|---|
| subnetId | The resource identifier for the subnet. | string (required) |
CreateTrustedIdProviderWithAccountParametersOrTrustedIdProvider
| Name | Description | Value |
|---|---|---|
| name | The unique name of the trusted identity provider to create. | string (required) |
| properties | The trusted identity provider properties to use when creating a new trusted identity provider. | CreateOrUpdateTrustedIdProviderPropertiesOrTrustedIdProviderProperties (required) |
CreateVirtualNetworkRuleWithAccountParametersOrVirtualNetworkRule
| Name | Description | Value |
|---|---|---|
| name | The unique name of the virtual network rule to create. | string (required) |
| properties | The virtual network rule properties to use when creating a new virtual network rule. | CreateOrUpdateVirtualNetworkRulePropertiesOrVirtualNetworkRuleProperties (required) |
EncryptionConfig
| Name | Description | Value |
|---|---|---|
| keyVaultMetaInfo | The Key Vault information for connecting to user managed encryption keys. | KeyVaultMetaInfo |
| type | The type of encryption configuration being used. Currently the only supported types are 'UserManaged' and 'ServiceManaged'. | 'ServiceManaged' 'UserManaged' (required) |
EncryptionIdentity
| Name | Description | Value |
|---|---|---|
| type | The type of encryption being used. Currently the only supported type is 'SystemAssigned'. | 'SystemAssigned' (required) |
KeyVaultMetaInfo
| Name | Description | Value |
|---|---|---|
| encryptionKeyName | The name of the user managed encryption key. | string (required) |
| encryptionKeyVersion | The version of the user managed encryption key. | string (required) |
| keyVaultResourceId | The resource identifier for the user managed Key Vault being used to encrypt. | string (required) |
Usage Examples
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
| Bicep File | Description |
|---|---|
| Deploy Data Lake Store account with encryption(Data Lake) | This template allows you to deploy an Azure Data Lake Store account with data encryption enabled. This account uses the Data Lake store account to manage the encryption key. |
ARM template resource definition
The accounts resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.DataLakeStore/accounts resource, add the following JSON to your template.
{
"type": "Microsoft.DataLakeStore/accounts",
"apiVersion": "2016-11-01",
"name": "string",
"identity": {
"type": "SystemAssigned"
},
"location": "string",
"properties": {
"defaultGroup": "string",
"encryptionConfig": {
"keyVaultMetaInfo": {
"encryptionKeyName": "string",
"encryptionKeyVersion": "string",
"keyVaultResourceId": "string"
},
"type": "string"
},
"encryptionState": "string",
"firewallAllowAzureIps": "string",
"firewallRules": [
{
"name": "string",
"properties": {
"endIpAddress": "string",
"startIpAddress": "string"
}
}
],
"firewallState": "string",
"newTier": "string",
"trustedIdProviders": [
{
"name": "string",
"properties": {
"idProvider": "string"
}
}
],
"trustedIdProviderState": "string",
"virtualNetworkRules": [
{
"name": "string",
"properties": {
"subnetId": "string"
}
}
]
},
"tags": {
"{customized property}": "string"
}
}
Property Values
Microsoft.DataLakeStore/accounts
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2016-11-01' |
| identity | The Key Vault encryption identity, if any. | EncryptionIdentity |
| location | The resource location. | string (required) |
| name | The resource name | string (required) |
| properties | The Data Lake Store account properties to use for creating. | CreateDataLakeStoreAccountPropertiesOrDataLakeStoreAccountProperties |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| type | The resource type | 'Microsoft.DataLakeStore/accounts' |
CreateDataLakeStoreAccountParametersTags
| Name | Description | Value |
|---|
CreateDataLakeStoreAccountPropertiesOrDataLakeStoreAccountProperties
| Name | Description | Value |
|---|---|---|
| defaultGroup | The default owner group for all new folders and files created in the Data Lake Store account. | string |
| encryptionConfig | The Key Vault encryption configuration. | EncryptionConfig |
| encryptionState | The current state of encryption for this Data Lake Store account. | 'Disabled' 'Enabled' |
| firewallAllowAzureIps | The current state of allowing or disallowing IPs originating within Azure through the firewall. If the firewall is disabled, this is not enforced. | 'Disabled' 'Enabled' |
| firewallRules | The list of firewall rules associated with this Data Lake Store account. | CreateFirewallRuleWithAccountParametersOrFirewallRule[] |
| firewallState | The current state of the IP address firewall for this Data Lake Store account. | 'Disabled' 'Enabled' |
| newTier | The commitment tier to use for next month. | 'Commitment_100TB' 'Commitment_10TB' 'Commitment_1PB' 'Commitment_1TB' 'Commitment_500TB' 'Commitment_5PB' 'Consumption' |
| trustedIdProviders | The list of trusted identity providers associated with this Data Lake Store account. | CreateTrustedIdProviderWithAccountParametersOrTrustedIdProvider[] |
| trustedIdProviderState | The current state of the trusted identity provider feature for this Data Lake Store account. | 'Disabled' 'Enabled' |
| virtualNetworkRules | The list of virtual network rules associated with this Data Lake Store account. | CreateVirtualNetworkRuleWithAccountParametersOrVirtualNetworkRule[] |
CreateFirewallRuleWithAccountParametersOrFirewallRule
| Name | Description | Value |
|---|---|---|
| name | The unique name of the firewall rule to create. | string (required) |
| properties | The firewall rule properties to use when creating a new firewall rule. | CreateOrUpdateFirewallRulePropertiesOrFirewallRuleProperties (required) |
CreateOrUpdateFirewallRulePropertiesOrFirewallRuleProperties
| Name | Description | Value |
|---|---|---|
| endIpAddress | The end IP address for the firewall rule. This can be either ipv4 or ipv6. Start and End should be in the same protocol. | string (required) |
| startIpAddress | The start IP address for the firewall rule. This can be either ipv4 or ipv6. Start and End should be in the same protocol. | string (required) |
CreateOrUpdateTrustedIdProviderPropertiesOrTrustedIdProviderProperties
| Name | Description | Value |
|---|---|---|
| idProvider | The URL of this trusted identity provider. | string (required) |
CreateOrUpdateVirtualNetworkRulePropertiesOrVirtualNetworkRuleProperties
| Name | Description | Value |
|---|---|---|
| subnetId | The resource identifier for the subnet. | string (required) |
CreateTrustedIdProviderWithAccountParametersOrTrustedIdProvider
| Name | Description | Value |
|---|---|---|
| name | The unique name of the trusted identity provider to create. | string (required) |
| properties | The trusted identity provider properties to use when creating a new trusted identity provider. | CreateOrUpdateTrustedIdProviderPropertiesOrTrustedIdProviderProperties (required) |
CreateVirtualNetworkRuleWithAccountParametersOrVirtualNetworkRule
| Name | Description | Value |
|---|---|---|
| name | The unique name of the virtual network rule to create. | string (required) |
| properties | The virtual network rule properties to use when creating a new virtual network rule. | CreateOrUpdateVirtualNetworkRulePropertiesOrVirtualNetworkRuleProperties (required) |
EncryptionConfig
| Name | Description | Value |
|---|---|---|
| keyVaultMetaInfo | The Key Vault information for connecting to user managed encryption keys. | KeyVaultMetaInfo |
| type | The type of encryption configuration being used. Currently the only supported types are 'UserManaged' and 'ServiceManaged'. | 'ServiceManaged' 'UserManaged' (required) |
EncryptionIdentity
| Name | Description | Value |
|---|---|---|
| type | The type of encryption being used. Currently the only supported type is 'SystemAssigned'. | 'SystemAssigned' (required) |
KeyVaultMetaInfo
| Name | Description | Value |
|---|---|---|
| encryptionKeyName | The name of the user managed encryption key. | string (required) |
| encryptionKeyVersion | The version of the user managed encryption key. | string (required) |
| keyVaultResourceId | The resource identifier for the user managed Key Vault being used to encrypt. | string (required) |
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Deploy Azure Data Lake Store with no data encryption |
This template allows you to deploy an Azure Data Lake Store account with data encryption disabled. |
| Deploy Data Lake Analytics on new Data Lake Store |
This template allows you to deploy a new Data Lake Analytics account on a new Data Lake Store account. |
| Deploy Data Lake Store account with encryption(Data Lake) |
This template allows you to deploy an Azure Data Lake Store account with data encryption enabled. This account uses the Data Lake store account to manage the encryption key. |
| Deploy Data Lake Store account with encryption(Key Vault) |
This template allows you to deploy an Azure Data Lake Store account with data encryption enabled. This account uses Azure Key Vault to manage the encryption key. |
| Deploy HDInsight on new Data Lake Store and Storage |
This template allows you to deploy a new Linux HDInsight cluster with new Data Lake Store and Storage accounts. |
Terraform (AzAPI provider) resource definition
The accounts resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.DataLakeStore/accounts resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.DataLakeStore/accounts@2016-11-01"
name = "string"
parent_id = "string"
identity {
type = "string"
identity_ids = [
"string"
]
}
location = "string"
tags = {
{customized property} = "string"
}
body = {
properties = {
defaultGroup = "string"
encryptionConfig = {
keyVaultMetaInfo = {
encryptionKeyName = "string"
encryptionKeyVersion = "string"
keyVaultResourceId = "string"
}
type = "string"
}
encryptionState = "string"
firewallAllowAzureIps = "string"
firewallRules = [
{
name = "string"
properties = {
endIpAddress = "string"
startIpAddress = "string"
}
}
]
firewallState = "string"
newTier = "string"
trustedIdProviders = [
{
name = "string"
properties = {
idProvider = "string"
}
}
]
trustedIdProviderState = "string"
virtualNetworkRules = [
{
name = "string"
properties = {
subnetId = "string"
}
}
]
}
}
}
Property Values
Microsoft.DataLakeStore/accounts
| Name | Description | Value |
|---|---|---|
| identity | The Key Vault encryption identity, if any. | EncryptionIdentity |
| location | The resource location. | string (required) |
| name | The resource name | string (required) |
| properties | The Data Lake Store account properties to use for creating. | CreateDataLakeStoreAccountPropertiesOrDataLakeStoreAccountProperties |
| tags | Resource tags | Dictionary of tag names and values. |
| type | The resource type | "Microsoft.DataLakeStore/accounts@2016-11-01" |
CreateDataLakeStoreAccountParametersTags
| Name | Description | Value |
|---|
CreateDataLakeStoreAccountPropertiesOrDataLakeStoreAccountProperties
| Name | Description | Value |
|---|---|---|
| defaultGroup | The default owner group for all new folders and files created in the Data Lake Store account. | string |
| encryptionConfig | The Key Vault encryption configuration. | EncryptionConfig |
| encryptionState | The current state of encryption for this Data Lake Store account. | 'Disabled' 'Enabled' |
| firewallAllowAzureIps | The current state of allowing or disallowing IPs originating within Azure through the firewall. If the firewall is disabled, this is not enforced. | 'Disabled' 'Enabled' |
| firewallRules | The list of firewall rules associated with this Data Lake Store account. | CreateFirewallRuleWithAccountParametersOrFirewallRule[] |
| firewallState | The current state of the IP address firewall for this Data Lake Store account. | 'Disabled' 'Enabled' |
| newTier | The commitment tier to use for next month. | 'Commitment_100TB' 'Commitment_10TB' 'Commitment_1PB' 'Commitment_1TB' 'Commitment_500TB' 'Commitment_5PB' 'Consumption' |
| trustedIdProviders | The list of trusted identity providers associated with this Data Lake Store account. | CreateTrustedIdProviderWithAccountParametersOrTrustedIdProvider[] |
| trustedIdProviderState | The current state of the trusted identity provider feature for this Data Lake Store account. | 'Disabled' 'Enabled' |
| virtualNetworkRules | The list of virtual network rules associated with this Data Lake Store account. | CreateVirtualNetworkRuleWithAccountParametersOrVirtualNetworkRule[] |
CreateFirewallRuleWithAccountParametersOrFirewallRule
| Name | Description | Value |
|---|---|---|
| name | The unique name of the firewall rule to create. | string (required) |
| properties | The firewall rule properties to use when creating a new firewall rule. | CreateOrUpdateFirewallRulePropertiesOrFirewallRuleProperties (required) |
CreateOrUpdateFirewallRulePropertiesOrFirewallRuleProperties
| Name | Description | Value |
|---|---|---|
| endIpAddress | The end IP address for the firewall rule. This can be either ipv4 or ipv6. Start and End should be in the same protocol. | string (required) |
| startIpAddress | The start IP address for the firewall rule. This can be either ipv4 or ipv6. Start and End should be in the same protocol. | string (required) |
CreateOrUpdateTrustedIdProviderPropertiesOrTrustedIdProviderProperties
| Name | Description | Value |
|---|---|---|
| idProvider | The URL of this trusted identity provider. | string (required) |
CreateOrUpdateVirtualNetworkRulePropertiesOrVirtualNetworkRuleProperties
| Name | Description | Value |
|---|---|---|
| subnetId | The resource identifier for the subnet. | string (required) |
CreateTrustedIdProviderWithAccountParametersOrTrustedIdProvider
| Name | Description | Value |
|---|---|---|
| name | The unique name of the trusted identity provider to create. | string (required) |
| properties | The trusted identity provider properties to use when creating a new trusted identity provider. | CreateOrUpdateTrustedIdProviderPropertiesOrTrustedIdProviderProperties (required) |
CreateVirtualNetworkRuleWithAccountParametersOrVirtualNetworkRule
| Name | Description | Value |
|---|---|---|
| name | The unique name of the virtual network rule to create. | string (required) |
| properties | The virtual network rule properties to use when creating a new virtual network rule. | CreateOrUpdateVirtualNetworkRulePropertiesOrVirtualNetworkRuleProperties (required) |
EncryptionConfig
| Name | Description | Value |
|---|---|---|
| keyVaultMetaInfo | The Key Vault information for connecting to user managed encryption keys. | KeyVaultMetaInfo |
| type | The type of encryption configuration being used. Currently the only supported types are 'UserManaged' and 'ServiceManaged'. | 'ServiceManaged' 'UserManaged' (required) |
EncryptionIdentity
| Name | Description | Value |
|---|---|---|
| type | The type of encryption being used. Currently the only supported type is 'SystemAssigned'. | 'SystemAssigned' (required) |
KeyVaultMetaInfo
| Name | Description | Value |
|---|---|---|
| encryptionKeyName | The name of the user managed encryption key. | string (required) |
| encryptionKeyVersion | The version of the user managed encryption key. | string (required) |
| keyVaultResourceId | The resource identifier for the user managed Key Vault being used to encrypt. | string (required) |