iac-updates
Using Infrastructure as Code (IaC) to Manage and Update Microsoft Fabric Landing Zones
As Microsoft Fabric evolves, managing your Fabric Landing Zone with Infrastructure as Code (IaC) enables consistent, scalable, and version-controlled changes. While Fabric currently doesn’t expose as many native IaC resources as Azure ARM, several integration points are already available through tools like Terraform, REST APIs, and increasingly, Microsoft Fabric's VSCode extension and Git integration.
Benefits of IaC for Fabric
- Repeatability: Ensure identical workspace, item, and role setups across environments.
- Auditable Changes: Track every modification to domains, workspaces, pipelines, or security roles via Git.
- Test Environments: Quickly deploy a new dev/test domain with the same data pipelines and shortcuts for validation.
- Drift Detection: Use tools like Terraform
planor RESTGETdiffing to catch deviations between source and target states.
Example: Creating a Fabric Workspace with REST & IaC
Here is a minimal example using PowerShell to deploy a workspace via REST:
$token = Get-AzAccessToken -ResourceUrl "https://api.fabric.microsoft.com"
$headers = @{
"Authorization" = "Bearer $($token.Token)"
"Content-Type" = "application/json"
}
$body = @{
name = "trusted-analytics-dev"
description = "Development workspace for trusted analytics"
} | ConvertTo-Json -Depth 3
Invoke-RestMethod -Uri "https://api.fabric.microsoft.com/v1/workspaces" -Method Post -Headers $headers -Body $body
# Example: Updating a Fabric Workspace via REST
$workspaceId = "your-workspace-id-here"
$updateBody = @{
description = "Updated description for trusted analytics"
} | ConvertTo-Json -Depth 3
Invoke-RestMethod -Uri "https://api.fabric.microsoft.com/v1/workspaces/$workspaceId" -Method Patch -Headers $headers -Body $updateBody
You can wrap such logic in GitHub Actions, Azure DevOps pipelines, or Terraform local-exec blocks to integrate into full deployment flows.
Workspace & Domain Provisioning via Terraform
Using Terraform’s REST provider or HTTP provider, you can abstract provisioning logic:
resource "http_request" "fabric_workspace" {
url = "https://api.fabric.microsoft.com/v1/workspaces"
method = "POST"
headers = {
Authorization = "Bearer ${data.azurerm_client_config.current.access_token}"
Content-Type = "application/json"
}
body = jsonencode({
name = "trusted-analytics-dev"
description = "Development workspace for trusted analytics"
})
}
resource "http_request" "fabric_workspace_update" {
url = "https://api.fabric.microsoft.com/v1/workspaces/${var.workspace_id}"
method = "PATCH"
headers = {
Authorization = "Bearer ${data.azurerm_client_config.current.access_token}"
Content-Type = "application/json"
}
body = jsonencode({
description = "Updated description for trusted analytics"
})
}
Using the Fabric CLI for IaC-style Automation
The Fabric CLI (currently in public preview) introduces command-line capabilities to manage Fabric resources declaratively. It supports scripting of common administrative tasks and can be used in CI/CD pipelines.
Example: Creating a workspace using the Fabric CLI
fabric workspace create \
--name "trusted-analytics-dev" \
--description "Development workspace for trusted analytics"
# Example: Updating a workspace description
fabric workspace update \
--id "your-workspace-id" \
--description "Updated description for trusted analytics"
Example: Listing items in a workspace
fabric item list --workspace "trusted-analytics-dev"
You can install the CLI from https://learn.microsoft.com/en-us/fabric/get-started/fabric-cli-install?wt.mc_id=AZ-MVP-5003447 and authenticate via fabric login.
The CLI is particularly useful in GitHub Actions and Azure DevOps for teams looking to script deployments or validations as part of their Fabric Landing Zone lifecycle.
Future Considerations
As Fabric matures:
- Support for YAML-based workspace definitions may evolve.
- Git-based Workspace sync and template deployment will likely become first-class citizens.
- Expect tighter Visual Studio Code and Azure CLI integration.
Best Practices
- Avoid manual UI configuration drift by enforcing deployment via IaC and GitOps.
- Use environment tags and naming conventions (
dev,test,prod) in IaC modules. - Apply idempotent design: your IaC should be safe to run repeatedly.
- Incorporate approval gates and preview diffs in deployment pipelines.
![github-actions[bot] avatar](https://github.com/41898282.png){kind=small}
41898282
TheTrustedAdvisor (Matthias Falland)