Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
In aws databricks documentation, frontend PrivateLink assumes a separate transit VPC connected via Direct Connect/VPN. However, I'm implementing a different architecture using Tailscale for private network access.
My setup: Tailscale subnet router deployed directly within the same VPC as the Databricks workspace (no separate transit VPC) Subnet router advertises the entire VPC CIDR, making all workspace resources accessible to Tailscale clients. Existing backend workspace VPC endpoint already configured for cluster-to-control-plane REST API communication
My question: since my Tailscale subnet router can directly reach the backend endpoint's private IP within the same VPC, could I theoretically reuse this existing workspace endpoint for frontend user access as well instead of creating a separate frontend endpoint?
