- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
4 weeks ago
We are testing Azure Databricks Lakebase Autoscaling with Public Network Access disabled and standard inbound Private Link enabled.
The workspace UI works privately through VPN, but the Lakebase Data API hostname still resolves to a public IP and returns:
HTTP 403: Public access is not allowed for workspace
According to the docs, Service Direct Private Link is not required when using only the Data API.
Has anyone successfully used Lakebase Data API privately with Public Network Access disabled?
If yes, what DNS or Private Link configuration is required? Should the Data API hostname resolve through the workspace inbound Private Link, or is another private endpoint/DNS setup needed?
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi @POCUSER ,
Yes, the Lakebase Data API can be used privately with Public Network Access disabled. Because the Data API is a REST endpoint (Lakebase Data API), it goes through your workspace’s standard inbound (front-end) Private Link, the databricks_ui_api endpoint on port 443, not a dedicated one.
Service Direct Private Link (the port-5432 endpoint for performance-intensive services) is not required for the Data API. The docs state it directly: “If your applications connect only through the Data API, you don’t need this endpoint.” See Private Link for Lakebase Autoscaling and Configure inbound Private Link for performance-intensive services.
So this is a DNS issue, not a missing Private Link. With Public Network Access disabled, your DNS must resolve the Data API hostname to the private IP of your existing inbound private endpoint (the privatelink.azuredatabricks. zone, databricks_ui_api A record). The 403 is consistent with DNS still resolving the hostname to a public IP instead of your private endpoint. Confirm with nslookup that it returns the private IP. See Configure Inbound Private Link for the DNS verification steps.
