Home > Enterprise >  No public IP address - still accessible without VPN
No public IP address - still accessible without VPN

Time:08-27

I have an Azure subscription with a virtual network that is not open to the internet but open to a corporate network. Here, I have created a no-public-IP instance of data bricks. And I am surprised that I can access it via the URL from elsewhere. The end-points are specified to be compatible with our internal network, but it is not the case.

How can I ensure that only users from the internal network/VPN can access the databricks instance?

CodePudding user response:

To enable or disable the IP access list feature, call the enable or disable the IP access list API (PATCH /workspace-conf).

curl -X PATCH -n \
  https://<databricks-instance>/api/2.0/workspace-conf \
  -d '{
    "enableIpAccessLists": "true"
    }'

To add an IP access list, call the add an IP access list API (POST /ip-access-lists).

In the JSON request body, specify:

label — Label for this list.

list_type — Either ALLOW (allow list) or BLOCK (a block list, which means exclude even if in allow list).

ip_addresses — A JSON array of IP addresses and CIDR ranges, as String values.

To update an IP access list:

  1. Call the list all IP access lists API (GET /ip-access-lists), and find the ID of the list you want to update.

  2. Call the update an IP access list API (PATCH /ip-access-lists/). In the JSON request body, specify at least one of the following values to update:

label — Label for this list.

list_type — Either ALLOW (allow list) or BLOCK (block list, which means exclude even if in allow list).

ip_addresses — A JSON array of IP addresses and CIDR ranges, as String values.

enabled — Specifies whether this list is enabled. Pass true or false.

Reference - https://docs.microsoft.com/en-us/azure/databricks/security/network/ip-access-list#enable-or-disable-the-ip-access-list-feature-for-a-workspace

  • Related