Configuration Reference
Complete Terraform variable reference for all Power BI integration modules — OneLake, Storage Account, and Function App.
This page documents all Terraform variables across the three deployment modules. Use this as a quick reference when configuring terraform.tfvars files.
OneLake Module (infra/onelake)
Required Variables
| Variable | Type | Description |
|---|
subscription_id | string | Azure subscription ID (auto-detected if not set) |
Optional Variables
| Variable | Type | Default | Description |
|---|
prefix | string | — | Short prefix for resource names (3–10 chars). Derived from resource_group_name if not set |
resource_group_name | string | {prefix}-rg | Resource group name |
create_resource_group | bool | false | Create a new resource group |
location | string | westeurope | Azure region |
fabric_tenant_id | string | auto | Azure AD tenant ID |
create_fabric_capacity | bool | true | Create new Fabric capacity |
fabric_capacity_sku | string | F2 | Capacity SKU: F2, F4, F8, F16, F32, F64 |
fabric_capacity_admin_emails | list(string) | [] | Admin emails (defaults to current user) |
existing_fabric_capacity_id | string | — | Use existing capacity instead of creating |
fabric_workspace_fqn | string | {prefix}-workspace | Workspace display name |
fabric_lakehouse_name | string | {prefix}lakehouse | Lakehouse name |
one_lake_subpath | string | "" | Subpath under /Files/ in lakehouse |
create_custom_onelake_app | bool | true | Create Azure AD app for OneLake auth |
assign_directory_roles | bool | true | Assign directory roles (requires Global Admin) |
assign_graph_permissions | bool | true | Assign Graph API permissions (requires Global Admin) |
create_custom_roles | bool | true | Create custom Azure roles |
create_workspace_role_assignment | bool | true | Grant workspace access to service principal |
upload_type | string | onelake | Upload destination: onelake or storageaccount |
Outputs
| Output | Sensitive | Description |
|---|
resource_group_name | No | Resource group name |
location | No | Azure region |
subscription_id | No | Azure subscription ID |
fabric_tenant_id | No | Azure AD tenant ID |
prefix | No | Resource naming prefix |
onelake_dfs_path | No | OneLake DFS path for the lakehouse |
onelake_app_client_id | No | Custom OneLake app client ID |
onelake_app_client_secret | Yes | Custom OneLake app client secret |
fabric_capacity_id | No | Fabric capacity resource ID |
fabric_workspace_id | No | Fabric workspace GUID |
fabric_lakehouse_id | No | Fabric lakehouse GUID |
fabric_workspace_name | No | Workspace display name |
fabric_lakehouse_name | No | Lakehouse display name |
function_app_template_tfvars | No | Pre-filled tfvars for Function App module |
Storage Account Module (infra/storageaccount)
Optional Variables
All variables have defaults or are optional.
| Variable | Type | Default | Description |
|---|
prefix | string | — | Short prefix for resource names (3–10 chars) |
resource_group_name | string | {prefix}-rg | Resource group name |
create_resource_group | bool | false | Create a new resource group |
location | string | westeurope | Azure region |
subscription_id | string | auto | Azure subscription ID |
fabric_tenant_id | string | auto | Azure AD tenant ID |
storage_use_existing | bool | false | Use existing storage account |
existing_storage_account_name | string | — | Name of existing storage account |
existing_storage_account_rg | string | — | Resource group of existing storage account |
upload_storage_account_name | string | auto | Name for new storage account |
upload_storage_container_name | string | incoming | Container name |
upload_subpath | string | "" | Subpath within container |
upload_type | string | storageaccount | Upload destination |
blob_readers_id | list(string) | [] | Principal IDs to grant Blob Reader access |
blob_readers_email | list(string) | [] | Emails to grant Blob Reader access (looked up) |
Outputs
| Output | Sensitive | Description |
|---|
resource_group_name | No | Resource group name |
location | No | Azure region |
subscription_id | No | Azure subscription ID |
prefix | No | Resource naming prefix |
storage_connection_string | Yes | Storage account connection string |
storage_account_url | No | Storage account blob endpoint |
storage_container_name | No | Upload container name |
storage_account_name | No | Storage account name |
function_app_template_tfvars | No | Pre-filled tfvars for Function App module |
Required Variables
| Variable | Type | Description |
|---|
s3_access_key_id | string | AWS access key ID (sensitive) |
s3_secret_access_key | string | AWS secret access key (sensitive) |
s3_bucket | string | S3 bucket name |
copy_parquet_schedule | string | CRON schedule with seconds, e.g. 0 */15 * * * * |
Optional Variables
| Variable | Type | Default | Description |
|---|
prefix | string | — | Short prefix for resource names |
resource_group_name | string | {prefix}-rg | Resource group name |
create_resource_group | bool | false | Create a new resource group |
location | string | westeurope | Azure region |
subscription_id | string | auto | Azure subscription ID |
s3_region | string | us-east-1 | AWS region of the S3 bucket |
s3_prefix | string | "" | S3 path prefix for filtering |
measurements_time_range_days | string | 14 | Days to look back for measurements (1–365) |
upload_type | string | onelake | onelake or storageaccount |
upload_subpath | string | "" | Subpath within upload target |
log_level | string | INFO | DEBUG, INFO, WARNING, ERROR, CRITICAL |
OneLake Variables (required when upload_type = "onelake"):
| Variable | Type | Default | Description |
|---|
fabric_tenant_id | string | auto | Azure AD tenant ID |
fabric_client_id | string | — | OneLake app client ID |
fabric_client_secret | string | — | OneLake app client secret (sensitive) |
fabric_workspace_fqn | string | — | Workspace display name |
fabric_workspace_id | string | — | Workspace GUID |
fabric_lakehouse_name | string | — | Lakehouse name |
fabric_lakehouse_id | string | — | Lakehouse GUID |
one_lake_subpath | string | "" | Subpath under /Files/ |
Storage Account Variables (required when upload_type = "storageaccount"):
| Variable | Type | Default | Description |
|---|
storage_connection_string | string | — | Storage account connection string (sensitive) |
storage_account_url | string | — | Storage account blob endpoint |
upload_storage_container | string | — | Container name for uploads |
Outputs
| Output | Sensitive | Description |
|---|
function_app_name | No | Function App name |
function_app_default_hostname | No | Function App hostname |
function_app_id | No | Function App resource ID |
function_app_identity_principal_id | No | Managed identity principal ID |
application_insights_app_id | No | Application Insights app ID |
application_insights_instrumentation_key | Yes | Instrumentation key |
application_insights_connection_string | Yes | AI connection string |
log_analytics_workspace_id | No | Log Analytics workspace ID |
resource_group_name | No | Resource group name |
Provider Requirements
All modules require:
terraform {
required_version = ">= 1.5.0"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = ">= 3.100.0"
}
}
}
The OneLake module additionally requires azuread (≥ 2.47.0) and fabric (≥ 0.1.0) providers.
Example: Complete OneLake Deployment
# infra/onelake/terraform.tfvars
subscription_id = "00000000-0000-0000-0000-000000000000"
resource_group_name = "rg-haltian-onelake"
create_resource_group = true
location = "westeurope"
prefix = "haltian"
create_fabric_capacity = false
existing_fabric_capacity_id = "/subscriptions/.../Microsoft.Fabric/capacities/..."
one_lake_subpath = "upload/"
# azure-function/terraform/terraform.tfvars
# (generated by: terraform output function_app_template_tfvars)
subscription_id = "00000000-0000-0000-0000-000000000000"
resource_group_name = "rg-haltian-onelake"
create_resource_group = false
location = "westeurope"
prefix = "haltian"
upload_type = "onelake"
fabric_tenant_id = "11111111-1111-1111-1111-111111111111"
fabric_client_id = "22222222-2222-2222-2222-222222222222"
fabric_client_secret = "generated-secret-value"
fabric_workspace_fqn = "haltian-workspace"
fabric_workspace_id = "33333333-3333-3333-3333-333333333333"
fabric_lakehouse_name = "haltianlakehouse"
fabric_lakehouse_id = "44444444-4444-4444-4444-444444444444"
# S3 credentials (from Haltian)
s3_access_key_id = "AKIAIOSFODNN7EXAMPLE"
s3_secret_access_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
s3_bucket = "haltian-data-export"
s3_region = "eu-west-1"
copy_parquet_schedule = "0 */15 * * * *"
measurements_time_range_days = "14"
Example: Complete Storage Account Deployment
# infra/storageaccount/terraform.tfvars
subscription_id = "00000000-0000-0000-0000-000000000000"
resource_group_name = "rg-haltian-storage"
create_resource_group = true
location = "westeurope"
prefix = "haltian"
upload_storage_container_name = "incoming"
blob_readers_email = ["analyst@yourcompany.com"]
# azure-function/terraform/terraform.tfvars
# (generated by: terraform output function_app_template_tfvars)
subscription_id = "00000000-0000-0000-0000-000000000000"
resource_group_name = "rg-haltian-storage"
create_resource_group = false
location = "westeurope"
prefix = "haltian"
upload_type = "storageaccount"
storage_connection_string = "DefaultEndpointsProtocol=https;AccountName=..."
storage_account_url = "https://haltianuploadstora.blob.core.windows.net/"
upload_storage_container = "incoming"
# S3 credentials (from Haltian)
s3_access_key_id = "AKIAIOSFODNN7EXAMPLE"
s3_secret_access_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
s3_bucket = "haltian-data-export"
s3_region = "eu-west-1"
copy_parquet_schedule = "0 */15 * * * *"
measurements_time_range_days = "14"