cancel
Showing results for 
Search instead for 
Did you mean: 
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Showing results for 
Search instead for 
Did you mean: 

Call an Azure Function App with Access Restrictions from a Databricks Workspace

erigaud
Honored Contributor

Hello,

As the title says, I am trying to call an function from an Azure Function App configured with access restrictions from a python notebook in my Databricks workspace. The Function App resource is in a different subscription as the Databricks workspace.

I should point out that when I disable the access restrictions from the function app and enable the connection from all networks, the call from Databricks works fine. This suggests that there are missing rules in the restrictions, but I do not know which one to add. Also note that our workspace has Secure Cluster Connectivity enabled, meaning we do not have a public IP in the managed resource group of our workspace.

I tried adding our cluster IP address to the network rules of the function app, but this does not seem to work. 

Do you have an id of what rules/ip ranges should be added to the access restriction rules of the function app in order for this to work ? 

Thank you very much

1 ACCEPTED SOLUTION

Accepted Solutions

erigaud
Honored Contributor

Update : 
Problem was fixed ! 
The key was to set an VNET rule in the access restriction, giving access directly to the subnets used by Databricks.

It seems like for Microsoft to Microsoft connections, the IP addresses are not used, so adding the IP ranges in the rule does nothing, but adding the subnet directly works.

View solution in original post

2 REPLIES 2

erigaud
Honored Contributor

Hello @Retired_mod,

You mention that :

  • You can find the list of dynamic IP ranges in the Databricks documentation.

Do you have a link to that point of the documentation ? I have not been able to find it. Thank you !

erigaud
Honored Contributor

Update : 
Problem was fixed ! 
The key was to set an VNET rule in the access restriction, giving access directly to the subnets used by Databricks.

It seems like for Microsoft to Microsoft connections, the IP addresses are not used, so adding the IP ranges in the rule does nothing, but adding the subnet directly works.

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group