Azure Purview is a unified data governance solution that helps you manage and govern your on-premises, multi-cloud, and software-as-a-service (SaaS) data.
This article intends to show you how to leverage Bicep, a domain-specific language (DSL) that uses a declarative syntax to deploy Azure Purview.
- An active Azure subscription
- Permission to create resources in the subscription
- Azure Biccep installed — bit.ly/bicep-install
- Azure PowerShell
We will author a Bicep template that creates an instance of Azure Purview to automate data discovery by providing data scanning and classification as a service for assets across your data estate.
By connecting to data across your on-premises, multi-cloud, and software-as-a-service (SaaS) sources, Purview creates an up-to-date map of your information. It identifies and classifies sensitive data, and provides end-to-end linage. Data consumers are able to discover data across your organization, and data administrators are able to audit, secure, and ensure the right use of your data.
The solution will include the following files:
- 📄 main.bicep: This is the Bicep template
- 📄 azuredeploy.parameters.json: This parameter file contains the values to use for deploying your Bicep template.
Let’s get started!
The first step is to create a file called ‘main.bicep’ and we will start by defining a few parameters for the Azure Purview instance.
Create a new file in your working directory and name it ‘main.bicep’. We will define the following parameters:
@description('Name of the resource')
param purviewname string@description('Deployment region')
param location string@description('Deployment environment')
param env string
We will define the following resources:
resource purviewname_env 'Microsoft.Purview/accounts@2021-07-01' = {
name: '${purviewname}${env}'
location: location
identity: {
type: 'SystemAssigned'
}
properties: {
publicNetworkAccess: 'Enabled'
}tags: {}
dependsOn: []
}
You will notice that we’re not using the SKU property, as of the time of writing this property is ‘read-only’ and therefore the SKU will be ‘Standard’ by default.
Create a new file named ‘azuredeploy.parameters.json’. The code below shows the definition of the parameters file:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"purviewname": {
"value": ""
},
"location": {
"value": ""
},
"env": {
"value": ""
}
}
}
We will use the command below to deploy our Bicep template:
$date = Get-Date -Format "MM-dd-yyyy"
$deploymentName = "AzInsiderDeployment"+"$date"New-AzResourceGroupDeployment -Name $deploymentName -ResourceGroupName azinsider_demo -TemplateFile .main.bicep -TemplateParameterFile .azuredeploy.parameters.json -c
Tip: You can create a script.ps1 and just run the script to perform this deployment.
Note we leverage the What-IF operation to validate our deployment before performing the actual deployment operation.
The image below shows the preview of the deployment:
Then, we will execute the deployment. The image below shows the deployment output:
You can find the code of this solution in the following URL, feel free to contribute!
Now in the Azure Portal you should see the instance of the Azure Purview service as shown below:
Once the Azure Purview account is created, you can use the Purview Studio to access and manage it. There are two ways to open Purview Studio.
- In the Azure portal. Select the “Open Purview Studio” tile on the overview page.
- Browse to https://web.purview.azure.com
The image below shows Purview Studio:
Along with this article, we reviewed how you can leverage Infrastructure as Code using Bicep Language to create an instance of Azure Purview and how to access it through the Purview Studio.
The next step is to ensure you have a user-assigned managed identity that can authenticate directly with resources using Azure Active Directory and use ‘Collections’, an Azure Purview tool to manage ownership and access control across assets, sources, and information.
👉 Join the AzInsider email list here.
-Dave R