Databricks Community

vg33 · 2 weeks ago

I have a Databricks workspace on AWS (serverless compute). I created a network policy with "Allow access to all destinations" enabled and attached it to my workspace. When I run a Python notebook and try to make an HTTP request or curl to any external URL (api.hubapi.com, google.com) I get "Could not resolve host" error.

I need my serverless notebooks to make outbound API calls to HubSpot's API at api.hubapi.com.

What configuration am I missing to enable outbound internet access on serverless compute?

Workspace: dbc-85c26050-f022.cloud.databricks.com

Lu_Wang_ENB_DBX · 2 weeks ago

Most likely the egress policy change hasn’t actually taken effect on the serverless compute that’s running your notebook.

Check these things in order:

Verify the network policy itself (Account Console → Security → Networking → Context-based ingress & egress):
- On the Egress tab, confirm the policy is set to “Allow access to all destinations” (not restricted).
- Confirm that this policy is associated with your workspace (Network Policy column for that workspace).
Restart serverless compute so it picks up the new policy:
- Stop all serverless clusters / all-purpose compute attached to the workspace, then start a new serverless cluster and re-attach your notebook.
- Internet-access mode changes only take effect after this restart and can otherwise lag up to 24 hours.

Retest from the fresh session:

import requests
requests.get("https://api.hubapi.com").status_code

If it still fails, check denial logs:
```
SELECT *
FROM system.access.outbound_network
WHERE host ILIKE '%hubapi.com%' OR host ILIKE '%google.com%'
ORDER BY event_time DESC
LIMIT 100;
```
- If you see DROP entries, your egress/firewall config is still blocking; share this query output in a Databricks support ticket.
- If there are no entries for those hosts, open a support ticket with your workspace ID and a failing notebook run ID so platform can investigate.

View solution in original post

Lu_Wang_ENB_DBX · 2 weeks ago

Most likely the egress policy change hasn’t actually taken effect on the serverless compute that’s running your notebook.

Check these things in order:

Verify the network policy itself (Account Console → Security → Networking → Context-based ingress & egress):
- On the Egress tab, confirm the policy is set to “Allow access to all destinations” (not restricted).
- Confirm that this policy is associated with your workspace (Network Policy column for that workspace).
Restart serverless compute so it picks up the new policy:
- Stop all serverless clusters / all-purpose compute attached to the workspace, then start a new serverless cluster and re-attach your notebook.
- Internet-access mode changes only take effect after this restart and can otherwise lag up to 24 hours.

Retest from the fresh session:

import requests
requests.get("https://api.hubapi.com").status_code

If it still fails, check denial logs:
```
SELECT *
FROM system.access.outbound_network
WHERE host ILIKE '%hubapi.com%' OR host ILIKE '%google.com%'
ORDER BY event_time DESC
LIMIT 100;
```
- If you see DROP entries, your egress/firewall config is still blocking; share this query output in a Databricks support ticket.
- If there are no entries for those hosts, open a support ticket with your workspace ID and a failing notebook run ID so platform can investigate.

Databricks Community

Network Configuration

Solution Accelerator Series | Digital Twins

Community Alert: Free BrickTalk on Supply Chain Management with Databricks!

🌟 Community Pulse: Your Weekly Roundup! April 20 – 26, 2026

The Lakebase Hub: Official Community Space for Lakebase Insights

Take Control: Customer-Managed Keys for Lakebase Postgres