โ03-29-2023 07:50 AM
Hello, good morning everyone, I have a problem, I have IP access List activated in my Databricks workspace and I have connections to powerBI and Azure DevOps, in Power BI I have already added all the public IP ranges that Azure gives me, which are about 380 approximate, but in Azure DevOps I have added some public IPs from the CentralUS region and sometimes it works and sometimes it doesn't, now the problem is that if I add the entire US region there are more than 1000 IPs and I pass the range allowed by the IP access list, someone Do you have any idea how I can make Azure services connect directly without asking for public IP or some way to simplify.
In my Azure DevOps I have a pipeline that is executed and what makes it connect to the workspace to perform the CI/CD and having it blocked by IP Access List, it does not let me execute the pipeline since they are IP ranges from AzureCloud and they are quite
โ03-29-2023 01:46 PM
@David Cantosโ If there are lot of IP addresses you can block subnet or did you tried below api to restrict
curl -X POST -n \
https://<databricks-instance>/api/2.0/ip-access-lists
-d '{
"label": "office",
"list_type": "ALLOW",
"ip_addresses": [
"1.1.1.1",
"2.2.2.2/21"
]
}'
โ03-29-2023 02:15 PM
Hello Karthik, If what you say is correct but the issue is that they are ranges of IPs that Azure gives for example:
1.1.1.0/24
1.2.2.0/24
1.3.4.0/24
and so there are more than 1000 IPs, I was looking for another way to do it.
โ03-30-2023 06:50 AM
@David Cantosโ all thease IP's will be tied to subnet right if i am not wrong, can you add subnet instead of IP's. if i am not wrong based on IP access list article it looks we have limit of 1000 IP's to get restricted
โ04-01-2023 10:26 PM
@David Cantosโ :
Yes, managing IP access lists for Azure services can be challenging as the IP ranges can change frequently. One way to simplify this is to use Azure Private Link to connect to your Databricks workspace. With Private Link, you can connect to your workspace using a private IP address within your Azure Virtual Network, rather than relying on public IP addresses. This provides a more secure and reliable connection to your workspace, as you can restrict network access to only those resources within your Virtual Network.
To set up Private Link for your Databricks workspace, you need to create an Azure Private Endpoint within your Virtual Network, and then associate this endpoint with your workspace. This will create a private IP address for your workspace that can be used to connect to it from within your Virtual Network.
Once you have set up Private Link, you no longer need to manage IP access lists for Azure services that need to connect to your workspace, as they can connect directly using the private IP address. This can simplify your security configuration and make it more secure.
You can find more information on setting up Private Link for Databricks workspaces in the Azure documentation:
โ04-03-2023 11:42 PM
Hi @David Cantosโ
Hope all is well! Just wanted to check in if you were able to resolve your issue and would you be happy to share the solution or mark an answer as best? Else please let us know if you need more help.
We'd love to hear from you.
Thanks!
Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโt want to miss the chance to attend and share knowledge.
If there isnโt a group near you, start one and help create a community that brings people together.
Request a New Group