cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Connect to resource in another AWS account using transit gateway, not working

NakedSnake
New Contributor III

‎01-27-2023 07:37 AM

I`m trying to reach a service hosted in another AWS account through transit gateway. Databricks environment was created using Terraform, from the template available in the official documentation.

Placing a VM in Databricks` private subnets makes us able to access the service. However, any of the machines in Databricks cluster cannot reach it. Every time we get `connection refused` error when using netcat.

When testing, also created a new VM using Databricks AMI image and placed it in the same network as the cluster machines, and it can reach the service. But the cluster machines cannot. This custom VM can ping and nc Databricks machines, but the cluster machines get connection refused when trying to do the opposite way. And they are in the same subnet and same RG. RG rules are OK for internal traffic.

Need some help to figure it out.

Thank you!

0 Kudos
1 REPLY 1

Anonymous
Not applicable

‎04-10-2023 07:34 AM

@Thomaz Moreira​ :

It sounds like there might be an issue with the network configuration of your Databricks cluster. Here are a few things you can check:

  1. Make sure that your Databricks cluster is in the same VPC as your service in the other AWS account, and that it is properly configured to use the transit gateway as its default route to reach resources in other accounts.
  2. Check the network security group (NSG) rules for your Databricks cluster. Make sure that the NSG allows traffic to and from the IP addresses or security groups of the resources in the other AWS account that you are trying to access.
  3. Check the route tables for your subnets. Make sure that there is a route that allows traffic to flow from your Databricks cluster to the transit gateway, and that there is a route that allows traffic to flow from the transit gateway to the service in the other AWS account.
  4. Check if there is any network ACL (NACL) rules that might be blocking traffic from your Databricks cluster to the transit gateway or from the transit gateway to the service in the other AWS account.
  5. If you are using a VPN or Direct Connect to connect to the transit gateway, make sure that the routing configuration on the on-premises network is correct and allows traffic to flow to and from the resources in the other AWS account.

I would recommend checking these configurations and verifying that they are properly set up. If you still cannot connect to your service, it may be helpful to enable VPC flow logs to troubleshoot the traffic flow between your Databricks cluster and the service in the other AWS account.

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements