Mode 1: Full SRA (Default)
Description
SRA creates and manages all infrastructure including the hub VNET, Key Vault, firewall, and spoke workspace network.
What Gets Created
| Resource | Component | Created by SRA |
|---|---|---|
| Hub Resource Group | Hub VNET + Azure Firewall | ✓ |
| Webauth Workspace | ✓ | |
| CMK KeyVault | ✓ | |
| Route Table | ✓ | |
| Spoke Resource Group | Workspace | ✓ |
| Spoke VNET | ✓ | |
| Back-end Private Endpoint | ✓ | |
| UC Storage Account | ✓ | |
| Account Console | NCC (Network Connectivity Config) | ✓ |
| Network Policy | ✓ | |
| Metastore | ✓ |
Configuration
create_hub = true # Default
create_workspace_vnet = true # Default
Required Variables
databricks_account_id = "00000000-0000-0000-0000-000000000000"
location = "westus2"
subscription_id = "ffffffff-ffff-ffff-ffff-ffffffffffff"
resource_suffix = "spoke"
hub_resource_suffix = "srahub"
hub_vnet_cidr = "10.0.0.0/22"
workspace_vnet = {
cidr = "10.0.4.0/22"
}
tags = {
Owner = "user@example.com"
}
Required Variable Summary
databricks_account_idlocationsubscription_idresource_suffixhub_resource_suffixhub_vnet_cidrworkspace_vnet.cidr
Template Variables File
Use template.example.tfvars as the template for this type of deployment.
Next Steps
- Copy
template.example.tfvarstoterraform.tfvars - Fill in required variables
- Review Configuration Reference for optional features
- Follow Getting Started deployment steps