Secure Databricks Serverless Compute environment
Leaving your house unlocked feels unsafe, right? The same goes for your Azure subscription. Microsoft keeps it secure by default, and you need to unlock parts (Azure Resource Providers) as needed. There are a lot of them, this is why we programmatically register Azure Resource Providers.
An Azure Resource Provider is a set of REST operations enabling functionality for specific Azure services, like Microsoft.KeyVault for managing vaults, secrets, keys, and certificates.
Azure Resource Providers protect your Azure Subscription from unwanted deployments that could lead to high costs or organizational harm.
Once an Azure Resource Provider is registered in your subscription, you can manage these resources using various SDKs, CLIs, or the Azure Portal.
The resource provider defines the Azure resources you can deploy to your Azure Subscription. A resource type's name follows the format: {resource-provider}/{resource-type}. The resource type for a key vault is Microsoft.KeyVault/vaults..
By default Azure registers 15 Azure Resource Providers n your Azure Subscription. But these are not the Azure Resource Providers you need for a new cloud-native data & analytics platform such as FFA TITAN.
In order to automatically we need to set up two things, (1) security, and (2) powershell-script
To programmatically Register Azure Resource Providers you need to have a Microsoft Entra User Account or a -Service Principal that has the ‘contributor
’-role assigned to it in your Azure Subscription. However, when you would need to deploy a new cloud-native data & analytics platform addtitional resource providers must be regsitered.
For FFA TITAN to be deployed we need a lot of providers to be registered and we can register them in two ways:
As humans we prefer to be lazy over tired any time of the day. So at Food For Analytics we’ve written a small powershell-script that can be executed locally, remotely, or within azure devops-pipeline for bootstrapping your Azure Subscription. We do the latter, as we roll out FFA TITAN to multiple tenants and subscriptions. Manually bootstrapping them is error prone and we get tired. no bueno.
Our powershell-script for programmatically registering Azure Resource Providers:
Az
module is installed.PSCredential
object.Wandisco
).note: this is a script that registers a wide set of Azure Resource Providers. I strongly recommend to only register the providers that you actually need to deploy your own platform in your Azure Subscription (we did this as well).
This PowerShell script helps automate the registration of necessary Azure Resource Providers, ensuring efficient and error-free setup of your Azure environment. For best practices, register only the providers essential for your specific platform deployment.
Microsoft.SerialConsole
Microsoft.Commerce
Microsoft.MarketplaceOrdering
microsoft.support
Microsoft.ADHybridHealthService
Microsoft.Authorization
Microsoft.Billing
Microsoft.ClassicSubscription
Microsoft.Consumption
Microsoft.CostManagement
Microsoft.Features
Microsoft.Portal
Microsoft.ResourceGraph
Microsoft.Resources
Registering a large number of Azure Resource Providers programmatically can have performance impacts such as increased execution time and potential API rate limiting.
Get-AzResourceProvider | Where-Object {$_.RegistrationState -eq 'Registered'}
Secure Databricks Serverless Compute environment