Last reviewed: May 2026
Build the AWS services on the DP-700 exam with plain Terraform — one block at a time, each tied back to an exam domain. The same code works on OpenTofu.
By the end of this lab you'll have provisioned, with plain Terraform, the streaming-ingestion substrate Microsoft Fabric Data Engineers reach for — an Event Hubs namespace + an event hub as the streaming source, an ADLS Gen2 storage account with bronze/silver/gold medallion containers, a Fabric F2 capacity for the Fabric workspace to land in, and Log Analytics for observability. Fabric Event Streams + Lakehouses are created inside the workspace via the Fabric portal pointing at this substrate.
Drop the snippets into a single main.tf, run terraform init, then terraform apply step-by-step.
>= 1.5 or OpenTofu >= 1.6.az login).Fabric + Event Hubs combined ~$275/month while running. The same anti-pattern from DP-600 applies — capacity bills 24/7; destroy or pause promptly.
Standard Azure opener.
terraform {
required_version = ">= 1.5"
required_providers {
azurerm = { source = "hashicorp/azurerm", version = "~> 4.0" }
random = { source = "hashicorp/random", version = "~> 3.6" }
}
}
provider "azurerm" {
features {}
}
resource "random_id" "suffix" {
byte_length = 3
}
data "azurerm_client_config" "current" {}
locals {
tags = {
Project = "certlabpro-dp-700"
ManagedBy = "terraform"
}
}
resource "azurerm_resource_group" "main" {
name = "certlabpro-dp-700-rg"
location = "eastus"
tags = local.tags
}Event Hubs is Azure's high-throughput event ingestion service — the canonical source for streaming data into Fabric Event Streams. DP-700's Implement and manage data ingestion domain tests this combo directly: real-time events land in Event Hubs, Fabric Event Streams subscribe and route them into a Lakehouse or KQL database, downstream queries see the data within seconds.
We use the Basic tier (cheapest, single throughput unit) with 1-day retention. The exam's Standard vs Premium trade-off question is about capture-to-storage features (Capture writes events to ADLS automatically) and longer retention — Basic doesn't have those, but it's the lab-cheap option.
resource "azurerm_eventhub_namespace" "main" {
name = "ehns-dp700-${random_id.suffix.hex}"
resource_group_name = azurerm_resource_group.main.name
location = azurerm_resource_group.main.location
sku = "Basic"
capacity = 1
tags = local.tags
}
resource "azurerm_eventhub" "stream" {
name = "ingest"
namespace_id = azurerm_eventhub_namespace.main.id
partition_count = 2
message_retention = 1
}The medallion architecture (bronze / silver / gold) is the DP-700 Implement and manage an analytics solution reference data-modeling pattern: raw ingested data in bronze/, cleaned and validated in silver/, business-aggregated in gold/. Fabric Lakehouse tables live on top of this exact layout.
We provision an ADLS Gen2 storage account (hierarchical namespace = on, required for Delta Lake tables) with the three container layers. Fabric Lakehouse shortcuts can point at this storage account directly, so Fabric reads/writes here without copying data into OneLake.
resource "azurerm_storage_account" "lake" {
name = "dp700lake${random_id.suffix.hex}"
resource_group_name = azurerm_resource_group.main.name
location = azurerm_resource_group.main.location
account_tier = "Standard"
account_replication_type = "LRS"
account_kind = "StorageV2"
is_hns_enabled = true
https_traffic_only_enabled = true
min_tls_version = "TLS1_2"
allow_nested_items_to_be_public = false
tags = local.tags
}
resource "azurerm_storage_container" "bronze" {
name = "bronze"
storage_account_id = azurerm_storage_account.lake.id
container_access_type = "private"
}
resource "azurerm_storage_container" "silver" {
name = "silver"
storage_account_id = azurerm_storage_account.lake.id
container_access_type = "private"
}
resource "azurerm_storage_container" "gold" {
name = "gold"
storage_account_id = azurerm_storage_account.lake.id
container_access_type = "private"
}Same Fabric capacity primitive as DP-600 — the F2 SKU is the smallest dev-friendly size. The DP-700 angle is different though: where DP-600 focused on the analytics modeling workloads, DP-700 focuses on the data-ingestion side. Eventstreams, Spark notebooks, and Data Pipelines all run inside this capacity.
Log Analytics receives the Fabric capacity diagnostics (throttling, query duration) — DP-700's Maintain and optimize domain leans on this for incident response when a streaming pipeline starts dropping events.
With capacity in place, the full DP-700 streaming substrate is shaped: Event Hubs → Fabric Event Stream → Lakehouse table on the ADLS Gen2 storage account. The application work (creating the Event Stream, defining the Lakehouse, writing transforms) happens in the Fabric portal.
resource "azurerm_fabric_capacity" "main" {
name = "fab-dp700-${random_id.suffix.hex}"
resource_group_name = azurerm_resource_group.main.name
location = azurerm_resource_group.main.location
administration_members = [
data.azurerm_client_config.current.object_id,
]
sku {
name = "F2"
tier = "Fabric"
}
tags = local.tags
}
resource "azurerm_log_analytics_workspace" "main" {
name = "log-dp700"
resource_group_name = azurerm_resource_group.main.name
location = azurerm_resource_group.main.location
sku = "PerGB2018"
retention_in_days = 30
tags = local.tags
}
resource "azurerm_monitor_diagnostic_setting" "fabric" {
name = "diag"
target_resource_id = azurerm_fabric_capacity.main.id
log_analytics_workspace_id = azurerm_log_analytics_workspace.main.id
metric {
category = "AllMetrics"
enabled = true
}
}
resource "azurerm_monitor_diagnostic_setting" "event_hubs" {
name = "diag"
target_resource_id = azurerm_eventhub_namespace.main.id
log_analytics_workspace_id = azurerm_log_analytics_workspace.main.id
enabled_log {
category_group = "allLogs"
}
metric {
category = "AllMetrics"
enabled = true
}
}terraform destroy tears down everything. Fabric F2 capacity is the line item (~$262/month). Pause via the Azure portal if you want to keep the resource around but stop billing. Event Hubs Basic is ~$11/month — destroyable independently if you want to keep Fabric.
DP-700 covers more streaming + batch surfaces this lab can't fit — Fabric Event Streams themselves (no Terraform support today; create via Fabric portal), KQL databases / Eventhouses, Data Pipelines (Data Factory inside Fabric), Spark notebooks, Real-Time Intelligence dashboards, and the Power BI semantic model integration.
We stick to the substrate that Fabric Eventstreams + Lakehouses attach to — Event Hubs as the source, ADLS Gen2 as the sink, Fabric capacity as the compute. Once you provision this base, every DP-700 workload (Stream → Lakehouse, Stream → KQL, Pipeline → Warehouse) is a Fabric-portal exercise on top of this Terraform shell.
For service-by-service coverage, see the Browse and Editorial sections of this cert page.