subcategory |
---|
Security |
Security-conscious enterprises that use cloud SaaS applications need to restrict access to their own employees. Authentication helps to prove user identity, but that does not enforce network location of the users. Accessing a cloud service from an unsecured network can pose security risks to an enterprise, especially when the user may have authorized access to sensitive or personal data. Enterprise network perimeters apply security policies and limit access to external services (for example, firewalls, proxies, DLP, and logging), so access beyond these controls are assumed to be untrusted. Please see IP Access List for full feature documentation.
-> The total number of IP addresses and CIDR scopes provided across all ACL Lists in a workspace can not exceed 1000. Refer to the docs above for specifics.
resource "databricks_workspace_conf" "this" {
custom_config = {
"enableIpAccessLists" = true
}
}
resource "databricks_ip_access_list" "allowed-list" {
label = "allow_in"
list_type = "ALLOW"
ip_addresses = [
"1.1.1.1",
"1.2.3.0/24",
"1.2.5.0/24"
]
depends_on = [databricks_workspace_conf.this]
}
The following arguments are supported:
list_type
- Can only be "ALLOW" or "BLOCK".ip_addresses
- A string list of IP addresses and CIDR ranges.label
- This is the display name for the given IP ACL List.enabled
- (Optional) Booleantrue
orfalse
indicating whether this list should be active. Defaults totrue
In addition to all arguments above, the following attributes are exported:
id
- Canonical unique identifier for the IP Access List, same aslist_id
.list_id
- Canonical unique identifier for the IP Access List.
The databricks_ip_access_list can be imported using id:
terraform import databricks_ip_access_list.this <list-id>
The following resources are often used in the same context:
- End to end workspace management guide.
- Provisioning AWS Databricks workspaces with a Hub & Spoke firewall for data exfiltration protection guide.
- databricks_mws_networks to configure VPC & subnets for new workspaces within AWS.
- databricks_mws_private_access_settings to create a Private Access Setting that can be used as part of a databricks_mws_workspaces resource to create a Databricks Workspace that leverages AWS PrivateLink.
- databricks_permissions to manage access control in Databricks workspace.
- databricks_sql_permissions to manage data object access control lists in Databricks workspaces for things like tables, views, databases, and more.