cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PrivateLink Validation Error - When trying to access to Workspace

ambigus9
New Contributor III

‎11-19-2024 09:46 AM

We have a workspace that had been deployed on AWS customer architecture using Terraform privatelink: https://registry.terraform.io/providers/databricks/databricks/latest/docs/guides/aws-private-link-wo...

The fact is when we disable the Public Access:

ambigus9_0-1732035784493.png

We are getting "login.html?error=private-link-validation-error"

ambigus9_1-1732035847145.png

We have the security group of Data Plane and Workspace configured as follows:

Data Plane Security Group - Inbound Rules:

ambigus9_2-1732037994364.png

Data Plane Security Group - Outbound Rules:ambigus9_3-1732038098998.png

Workspaces Security Group - Inbound Rules:ambigus9_4-1732038186707.png

Workspaces Security Group - Outbound Rules:

ambigus9_5-1732038251073.png

Any help will be appreciated

 

 

 

 

 

 

Labels:
7 REPLIES 7

Walter_C
Databricks Employee
Databricks Employee

‎11-19-2024 11:15 AM

If you create a VM inside the same VPC of your workspace are you able to access the workspace? Also have you granted access to all the ports as provided in docs https://docs.databricks.com/en/security/network/classic/privatelink.html#step-1-configure-aws-networ... 

 

ambigus9
New Contributor III
In response to Walter_C

‎11-21-2024 06:21 AM - edited ‎11-21-2024 06:34 AM

We created a Windows VM inside the same VPC and we can access to the workspace. But, testing with the On-premise of our client network doesn't work.

The ports are configured as docs:

ambigus9_0-1732198461143.png

We validated for the Network ACLs and we have this configuration:

ambigus9_0-1732199573945.png

ambigus9_1-1732199611839.png

 

 

0 Kudos

Walter_C
Databricks Employee
Databricks Employee

‎11-21-2024 07:05 AM

Have you created the Direct Connect set up for the on prem network:

ambigus9
New Contributor III
In response to Walter_C

‎11-21-2024 02:57 PM

We created a record A on AWS Route53 an the redirection works, However, now we have a warning due to SSL certificates. We configure as follows:

Record typeRecord NameValue
Adatabricks.my_website.com10.0.0.1,10.0.0.2

Aditionally, How we can register a CNAME using the cloud.databricks.com domain?

According to the docs we must setup as follows: 

Record typeRecord NameValue
CNAMEdbc-01abcd23-4b0e.cloud.databricks.comdatabricks.my_website.com

However, we only can take the hosted zone on Route53:

Record typeRecord NameValue
CNAMEdbc-01abcd23-4b0e.my_website.comdatabricks.my_website.com

Thanks for your help!

0 Kudos

Walter_C
Databricks Employee
Databricks Employee

‎11-22-2024 11:22 AM

Do you have capability to submit a support ticket so we can assist further on the validations?

0 Kudos

ambigus9
New Contributor III
In response to Walter_C

‎11-22-2024 12:48 PM

Currently I can't make a submit of a support ticket, I trying to submit

ambigus9_1-1732308454011.png

But I can't:

ambigus9_0-1732308403418.png

 

0 Kudos

Walter_C
Databricks Employee
Databricks Employee

‎11-25-2024 03:44 PM

Can you share your workspace id so I can do a validation?

 

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements