MicrosoftHi CharithCaldera and thanks for this great content!
I'm trying to do the same thing, but using Bicep instead of ARM.
The issue I'm facing with is about the need of running the deployment two times, because the first run ends with error code:"WorkspaceActivationRequired" even if the CMK in the Key Vault has the needed RBAC authorization of the System Assigned Managed Identity of Synapse Workspace.
Maybe the activation step (API "Microsoft.Synapse/workspaces/keys" where we setup isActiveCMK: true) is in the wrong order of deployment and comes before the RBAC authorization step is completed --> but I make sure this doesn't happen using depends on (activation step depends on RBAC authorization).
Do you have any suggestion about this specific issue?
Thanks in advance,
Luca Bovo
EDIT: after a bunch of tests and deployment analysis I discovered that my deploy was failing due to some jobs of type Microsoft.Synapse/workspaces/dedicatedSQLminimalTlsSettings + Microsoft.Synapse/workspaces/trustedServiceByPassConfiguration + Microsoft.Synapse/workspaces/securityAlertPolicies which requires an ACTIVATED Synapse Workspace.
My temporary solution is to put the steps in this order and dependencies (each one from the previous one):
1. Microsoft.Synapse/workspaces --> Synapse Workspace
2. Microsoft.Authorization/roleAssignments --> RBAC of Synapse MSI for CMK in Key Vault
3. Microsoft.Synapse/workspaces/keys --> assign CMK Keys and trigger Workspace Activation
4. Microsoft.Synapse/workspaces/firewallRules --> using a for cicle with decorator "@batchSize(1)" that serializes jobs one at a time --> this way during firewall rules deployment the Workspace Activation operation is taken to completion (about 2 minutes)
5. Microsoft.Synapse/workspaces/dedicatedSQLminimalTlsSettings + Microsoft.Synapse/workspaces/trustedServiceByPassConfiguration + Microsoft.Synapse/workspaces/securityAlertPolicies --> final security configurations (this time they can find an activated Workspace)
