Azure Machine Learning Clemens Siebler  

Azure Machine Learning Deployment using Terraform

This post shows how to perform a full Azure Machine Learning deployment using Terraform. This includes enterprise features like setting up VNET-bindings and Private Link. You can reuse this sample and adapt it to your own needs.

In short, the proposed Terraform deployment will roll out the following environment:

Terraform Deployment Overview

This includes:

  • Azure Machine Learning Workspace with Private Link enabled
  • Azure Virtual Network (with a subnet)
  • Azure Storage Account with VNET bindings and Private Link (for Blob and File access)
  • Azure Key Vault with VNET bindings and Private Link
  • Azure Container Registry
  • Azure Application Insights
  • Jumphost for testing (useful if you do not have a VPN connection into the VNET)

Lastly, it is worth nothing that this deployment does not include any resources that typically would be provisioned inside the Azure Machine Learning Workspace, such as Datasets, Compute Clusters, or Compute Instances.

The full code presented in this post can be found in this GitHub repo:

Getting Started

Getting this Terraform deployment up and running for some testing is straight forward:

  1. Clone locally
  2. Install Terraform
  3. Copy terraform.tfvars.example from the repo to terraform.tfvars
  4. Update terraform.tfvars with your desired values (the defaults might work fine for testing though!)
  5. Execute the deployment:
$ terraform init
$ terraform plan
$ terraform apply

After a couple of minutes, our Terraform deployment should be done. As we can see, it has deployed quite a bunch of resources in Azure:

A list of deployed resources in Azure
Deployed Resources

Validating our Setup

Once the deployment has finished, navigate to and select your newly created Workspace. However, you should be greeted with an error message – this is expect, as you are trying to access a Private Link protected Workspace from a location (your laptop) that is most likely not connected to the Virtual Network (yet):

Error message due to not connecting from VNET to Workspace

This is why I’ve decided to include a Jumphost for testing in this deployment. Navigate to the dsvm-jumpbox resource in the resource group and connect to it via RDP using the username/password you’ve defined in terraform.tfvars:

Next, once you are connected, navigate to and you should be greeted with a fully working Azure Machine Learning Workspace:

Properly connected to Workspace

From here, you can use the Workspace as normal. Lastly, for moving this to a production grade setup, you would obviously get rid of the jumphost. Instead, you’d probably connect to the Workspace by either using Azure Express Route or having a VPN connection from your local machine to the VNET.


In conclusion, Terraform makes it very simple to deploy complex Azure Machine Learning setups. I hope this post was helpful – feel free to reuse the code from If you have questions, feel free to reach out in the comments below!

Special thanks go out to my good friend Kapil Arora from HashiCorp, who was kind enough to help me getting started with Terraform!

Leave A Comment