I have an Azure subscription with a virtual network that is not open to the internet but open to a corporate network. Here, I have created a no-public-IP instance of data bricks. And I am surprised that I can access it via the URL from elsewhere. The end-points are specified to be compatible with our internal network, but it is not the case.
How can I ensure that only users from the internal network/VPN can access the databricks instance?
CodePudding user response:
To enable or disable the IP access list feature, call the enable or disable the IP access list API (PATCH /workspace-conf).
curl -X PATCH -n \
https://<databricks-instance>/api/2.0/workspace-conf \
-d '{
"enableIpAccessLists": "true"
}'
To add an IP access list, call the add an IP access list API (POST /ip-access-lists).
In the JSON request body, specify:
• label — Label for this list.
• list_type — Either ALLOW (allow list) or BLOCK (a block list, which means exclude even if in allow list).
• ip_addresses — A JSON array of IP addresses and CIDR ranges, as String values.
To update an IP access list:
Call the list all IP access lists API (GET /ip-access-lists), and find the ID of the list you want to update.
Call the update an IP access list API (PATCH /ip-access-lists/). In the JSON request body, specify at least one of the following values to update:
• label — Label for this list.
• list_type — Either ALLOW (allow list) or BLOCK (block list, which means exclude even if in allow list).
• ip_addresses — A JSON array of IP addresses and CIDR ranges, as String values.
• enabled — Specifies whether this list is enabled. Pass true or false.