Databricks

dcantos · ‎03-29-2023

Hello, good morning everyone, I have a problem, I have IP access List activated in my Databricks workspace and I have connections to powerBI and Azure DevOps, in Power BI I have already added all the public IP ranges that Azure gives me, which are about 380 approximate, but in Azure DevOps I have added some public IPs from the CentralUS region and sometimes it works and sometimes it doesn't, now the problem is that if I add the entire US region there are more than 1000 IPs and I pass the range allowed by the IP access list, someone Do you have any idea how I can make Azure services connect directly without asking for public IP or some way to simplify.

In my Azure DevOps I have a pipeline that is executed and what makes it connect to the workspace to perform the CI/CD and having it blocked by IP Access List, it does not let me execute the pipeline since they are IP ranges from AzureCloud and they are quite

karthik_p · ‎03-29-2023

@David Cantos If there are lot of IP addresses you can block subnet or did you tried below api to restrict

curl -X POST -n \

https://<databricks-instance>/api/2.0/ip-access-lists

-d '{

"label": "office",

"list_type": "ALLOW",

"ip_addresses": [

"1.1.1.1",

"2.2.2.2/21"

]

}'

dcantos · ‎03-29-2023

Hello Karthik, If what you say is correct but the issue is that they are ranges of IPs that Azure gives for example:

1.1.1.0/24

1.2.2.0/24

1.3.4.0/24

and so there are more than 1000 IPs, I was looking for another way to do it.

karthik_p · ‎03-30-2023

@David Cantos all thease IP's will be tied to subnet right if i am not wrong, can you add subnet instead of IP's. if i am not wrong based on IP access list article it looks we have limit of 1000 IP's to get restricted

Anonymous · ‎04-01-2023

@David Cantos :

Yes, managing IP access lists for Azure services can be challenging as the IP ranges can change frequently. One way to simplify this is to use Azure Private Link to connect to your Databricks workspace. With Private Link, you can connect to your workspace using a private IP address within your Azure Virtual Network, rather than relying on public IP addresses. This provides a more secure and reliable connection to your workspace, as you can restrict network access to only those resources within your Virtual Network.

To set up Private Link for your Databricks workspace, you need to create an Azure Private Endpoint within your Virtual Network, and then associate this endpoint with your workspace. This will create a private IP address for your workspace that can be used to connect to it from within your Virtual Network.

Once you have set up Private Link, you no longer need to manage IP access lists for Azure services that need to connect to your workspace, as they can connect directly using the private IP address. This can simplify your security configuration and make it more secure.

You can find more information on setting up Private Link for Databricks workspaces in the Azure documentation:

https://docs.microsoft.com/en-us/azure/databricks/administration-guide/cloud-configurations/azure/pr...

Anonymous · ‎04-03-2023

Hi @David Cantos

Hope all is well! Just wanted to check in if you were able to resolve your issue and would you be happy to share the solution or mark an answer as best? Else please let us know if you need more help.

We'd love to hear from you.

Thanks!

Databricks

IP Access list Databricks

Registration now open! Databricks Data + AI Summit 2024

Meet DBRX, the New Standard for High-Quality LLMs

Data Warehousing in the Era of AI