cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Workspace Catalog Connection to 'on-prem' MS SQL Server

Go to solution
MoodyDirk
New Contributor III

‎09-17-2025 09:08 AM

Hi, first post/question here ...

I'm trying to add a MS SQL Connection to my workspace (us-west-2) Catalog. Connection type is SQL Server, Host equal the public IP of that Server, port is the default 1433. (Server is a AWS EC2 instance)

All attempts to connect fail with the generic 'TCP?IP connection to the host XXXX, port failed ...'.

Portquery confirms that the Server is listening on the public IP and port. 

I'm pretty sure that the problem is that the workspace's public IP is not 'whitelisted' (EC2 Inbound Security rule) for the SQL Server. I've added all Databricks outbound IPs I could find, but no success.

How can I find my workspaces' outbound IP address?

Thank you for any feedback!

Dirk

 

 

 

 

 

 

 

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
nayan_wylde
Esteemed Contributor

‎09-17-2025 09:42 AM

Databricks publishes outbound IP ranges per region. For  us-west-2 see the Databricks IP addresses and domains page – it lists the CIDR blocks used for outbound traffic from the control plane and clusters. You need to whitelist these ranges in your SQL Server security group

View solution in original post

4 REPLIES 4

Go to solution
nayan_wylde
Esteemed Contributor

‎09-17-2025 09:42 AM

Databricks publishes outbound IP ranges per region. For  us-west-2 see the Databricks IP addresses and domains page – it lists the CIDR blocks used for outbound traffic from the control plane and clusters. You need to whitelist these ranges in your SQL Server security group

Go to solution
BS_THE_ANALYST
Esteemed Contributor III

‎09-17-2025 09:47 AM

@MoodyDirk also, if you haven't checked out the docs for AWS x Databricks x SQL Server:
https://docs.databricks.com/aws/en/ingestion/lakeflow-connect/sql-server-source-setup 

BS_THE_ANALYST_0-1758127602307.png

All the best,
BS

0 Kudos

Go to solution
szymon_dybczak
Esteemed Contributor III

‎09-17-2025 09:59 AM

Hi @MoodyDirk ,

If you whitelist all IPs  used in us-west-2 from the page mentioned by @nayan_wylde  it should work. 

But the proper way from security perspective would be to deploy databricks workspace into customer managed vpc and provide stable outbound IP address (for instance using NAT Gateway).

That way you need to only add single IP address and that address is stable and managed by you. 

Databricks can change addresses they are using at any time.

0 Kudos

Go to solution
MoodyDirk
New Contributor III

‎09-17-2025 10:34 AM

Thank You to all responses.

I've added 44.234.192.32/28 and 52.27.216.188/32 as a (for now) All traffic inbound rule.

But no success ...

I'll keep looking and trying.

We're currently evaluating with a Serverless Cloud workspace, but at the end might go the AWS VPC route, installing our own AWS Databricks cluster.

 

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local community—sign up today to get started!

Sign Up Now
Announcements