<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>article Update your AWS S3 access rules to include Databricks’ control plane VPC IDs by April 15, 2024 in Product Platform Updates</title>
    <link>https://community.databricks.com/t5/product-platform-updates/update-your-aws-s3-access-rules-to-include-databricks-control/ba-p/57398</link>
    <description>&lt;P&gt;IMPORTANT NOTE: we have delayed this feature rollout by 1 month. Please make these changes by April 15, 2024 instead of March 15, 2024, as previously stated.&lt;BR /&gt;----------------------&lt;BR /&gt;&lt;BR /&gt;Databricks’ control plane will soon migrate to using AWS S3 gateway endpoints to access S3 storage, the dedicated solution by AWS for storage access. Action is only required if you use IP-based access rules to restrict access to AWS S3 storage (see below). Failure to take action before March 15, 2024, may lead to communication issues with Databricks, such as unity catalog, S3 commit service, and the file system service. Please read below for additional details.&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Background&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;Some Databricks operations on AWS S3 buckets originate from the Databricks control plane. As a result, today, customers who restrict access to AWS S3 storage must allow access from the &lt;/SPAN&gt;&lt;A href="https://docs.databricks.com/en/resources/supported-regions.html#s3-bucket-access" target="_blank" rel="noopener"&gt;&lt;SPAN&gt;Databricks control plane network address translation (NAT) IPs&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN&gt;.&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;On March 15, 2024, AWS S3 intra-region calls originating from the Databricks control plane will start using S3 gateway endpoints, rather than Databricks’ NAT IPs, as it is the dedicated and scalable solution by AWS for storage access. Therefore, customers who restrict access to AWS S3 storage must also allow access from the S3 gateway endpoints before March 15, 2024.&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;Once the migration to use S3 gateways is completed by Databricks, the Databricks control plane NAT IPs will become obsolete for intra-region communications. Note that if the S3 storage is in a different region than the Databricks control plane, communication will still go over a NAT gateway and therefore will continue to use NAT IPs. If your Databricks control plane and S3 bucket are in the same region and you plan to remove the Databricks control plane NAT IPs from your S3 access rules, please allow until May 15, 2024 before doing so.&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Action Required&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;If you do not have IP access rules to restrict access from the Databricks control plane NAT IPs to AWS S3 buckets, there is no action required.&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;If you have one or more access policies for S3 storage that includes a condition for NAT IPs, you must update your policy to also include Databricks’ &lt;A href="https://docs.databricks.com/en/resources/supported-regions.html#s3-bucket-access" target="_self"&gt;VPC IDs&lt;/A&gt; for these S3 gateway endpoints. Step-by-step instructions, sample policy updates, and resources to help you make this change and an example of the S3 policy can be found below.&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P data-unlink="true"&gt;&lt;STRONG&gt;Step-by-step instructions can be found in AWS documentation&amp;nbsp;&lt;A href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/add-bucket-policy.html" target="_self"&gt;here&lt;/A&gt; and are summarized below for convenience.&lt;/STRONG&gt;&lt;/P&gt;
&lt;OL&gt;
&lt;LI&gt;&lt;SPAN&gt;Sign in to the AWS Management Console and open the Amazon S3 console at &lt;/SPAN&gt;&lt;A href="https://console.aws.amazon.com/s3/" target="_blank" rel="noopener"&gt;&lt;SPAN&gt;https://console.aws.amazon.com/s3/&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN&gt;.&lt;/SPAN&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;SPAN&gt;Select &lt;/SPAN&gt;&lt;I&gt;&lt;SPAN&gt;Buckets&lt;/SPAN&gt;&lt;/I&gt;&lt;SPAN&gt; in the left-hand navigation&lt;/SPAN&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;SPAN&gt;In the &lt;/SPAN&gt;&lt;I&gt;&lt;SPAN&gt;Buckets&lt;/SPAN&gt;&lt;/I&gt;&lt;SPAN&gt; list, choose the name of the bucket that you want to create a bucket policy for.&lt;/SPAN&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;SPAN&gt;Choose the Permissions tab.&lt;/SPAN&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;SPAN&gt;Under Bucket policy, choose Edit. The Edit bucket policy page appears.&lt;/SPAN&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;SPAN&gt;On the &lt;/SPAN&gt;&lt;I&gt;&lt;SPAN&gt;Edit bucket policy&lt;/SPAN&gt;&lt;/I&gt;&lt;SPAN&gt; page, create a policy with the relevant VPC IDs (sample policy and link to VPC IDs are available below).&lt;/SPAN&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;SPAN&gt;Choose &lt;/SPAN&gt;&lt;I&gt;&lt;SPAN&gt;Save changes&lt;/SPAN&gt;&lt;/I&gt;&lt;/LI&gt;
&lt;/OL&gt;
&lt;P&gt;&lt;STRONG&gt;Sample policy update:&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;LI-CODE lang="markup"&gt;Sample policy update:
Current config policy that includes Databricks' NAT IPs
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowDatabricks",
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject",
        "s3:ListBucket",
        "s3:GetBucketLocation"
      ],
      "Principal": "*",
       "Resource": [
        "arn:aws:s3:::&amp;lt;bucket_name&amp;gt;/*",
        "arn:aws:s3:::&amp;lt;bucket_name&amp;gt;"
      ],
      "Condition": {
        "ArnEquals": {
          "aws:PrincipalArn": "&amp;lt;role arn&amp;gt;"
        },
        "IpAddress": {
          "aws:SourceIp": "&amp;lt;databricks ip block&amp;gt;"
        }
      }
    }
  ]
}


Updated config policy to allow traffic from the Databricks Control Plane VPC IDs &amp;amp; NAT IPs.
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowDatabricks-public-ip",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject",
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::&amp;lt;bucket_name&amp;gt;/*",
                "arn:aws:s3:::&amp;lt;bucket_name&amp;gt;"
            ],
            "Condition": {
      "ArnEquals": {
        "aws:PrincipalArn": "&amp;lt;role arn&amp;gt;"
      },
                "IpAddress": {
                    "aws:SourceIp": "&amp;lt;databricks ip block&amp;gt;"
                }
            }
        },
        {
            "Sid": "AllowDatabricks-s3-gateway",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject",
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::&amp;lt;bucket_name&amp;gt;/*",
                "arn:aws:s3:::&amp;lt;bucket_name&amp;gt;"
            ],
            "Condition": {
      "ArnEquals": {
        "aws:PrincipalArn": "&amp;lt;role arn&amp;gt;"
      },
                "StringEquals": {
                    "aws:SourceVPC": "&amp;lt;databricks VPC&amp;gt;"
                }
            }
        }
    ]
}&lt;/LI-CODE&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Other resources:&lt;/STRONG&gt;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;SPAN&gt;Databricks public documentation on restricting access to AWS S3 buckets can be found &lt;/SPAN&gt;&lt;A href="https://docs.databricks.com/en/administration-guide/cloud-configurations/aws/customer-managed-vpc.html#optional-restrict-access-to-s3-buckets" target="_blank" rel="noopener"&gt;&lt;SPAN&gt;here&lt;/SPAN&gt;&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;SPAN&gt;Databricks public documentation for the VPC IDs that must be allow-listed can be found&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://docs.databricks.com/en/resources/supported-regions.html#s3-bucket-access" target="_blank" rel="noopener"&gt;&lt;SPAN&gt;here&lt;/SPAN&gt;&lt;/A&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&lt;SPAN&gt;Please c&lt;/SPAN&gt;&lt;SPAN&gt;ontact&amp;nbsp;&lt;A href="mailto:help@databricks.com" target="_self"&gt;help@databricks.com&lt;/A&gt;&amp;nbsp;with any questions about this change.&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;Thank you,&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;Databricks&lt;/SPAN&gt;&lt;/P&gt;</description>
    <pubDate>Tue, 12 Mar 2024 23:01:56 GMT</pubDate>
    <dc:creator>AlexEsibov</dc:creator>
    <dc:date>2024-03-12T23:01:56Z</dc:date>
    <item>
      <title>Update your AWS S3 access rules to include Databricks’ control plane VPC IDs by April 15, 2024</title>
      <link>https://community.databricks.com/t5/product-platform-updates/update-your-aws-s3-access-rules-to-include-databricks-control/ba-p/57398</link>
      <description>&lt;P&gt;IMPORTANT NOTE: we have delayed this feature rollout by 1 month. Please make these changes by April 15, 2024 instead of March 15, 2024, as previously stated.&lt;BR /&gt;----------------------&lt;BR /&gt;&lt;BR /&gt;Databricks’ control plane will soon migrate to using AWS S3 gateway endpoints to access S3 storage, the dedicated solution by AWS for storage access. Action is only required if you use IP-based access rules to restrict access to AWS S3 storage (see below). Failure to take action before March 15, 2024, may lead to communication issues with Databricks, such as unity catalog, S3 commit service, and the file system service. Please read below for additional details.&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Background&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;Some Databricks operations on AWS S3 buckets originate from the Databricks control plane. As a result, today, customers who restrict access to AWS S3 storage must allow access from the &lt;/SPAN&gt;&lt;A href="https://docs.databricks.com/en/resources/supported-regions.html#s3-bucket-access" target="_blank" rel="noopener"&gt;&lt;SPAN&gt;Databricks control plane network address translation (NAT) IPs&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN&gt;.&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;On March 15, 2024, AWS S3 intra-region calls originating from the Databricks control plane will start using S3 gateway endpoints, rather than Databricks’ NAT IPs, as it is the dedicated and scalable solution by AWS for storage access. Therefore, customers who restrict access to AWS S3 storage must also allow access from the S3 gateway endpoints before March 15, 2024.&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;Once the migration to use S3 gateways is completed by Databricks, the Databricks control plane NAT IPs will become obsolete for intra-region communications. Note that if the S3 storage is in a different region than the Databricks control plane, communication will still go over a NAT gateway and therefore will continue to use NAT IPs. If your Databricks control plane and S3 bucket are in the same region and you plan to remove the Databricks control plane NAT IPs from your S3 access rules, please allow until May 15, 2024 before doing so.&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Action Required&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;If you do not have IP access rules to restrict access from the Databricks control plane NAT IPs to AWS S3 buckets, there is no action required.&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;If you have one or more access policies for S3 storage that includes a condition for NAT IPs, you must update your policy to also include Databricks’ &lt;A href="https://docs.databricks.com/en/resources/supported-regions.html#s3-bucket-access" target="_self"&gt;VPC IDs&lt;/A&gt; for these S3 gateway endpoints. Step-by-step instructions, sample policy updates, and resources to help you make this change and an example of the S3 policy can be found below.&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P data-unlink="true"&gt;&lt;STRONG&gt;Step-by-step instructions can be found in AWS documentation&amp;nbsp;&lt;A href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/add-bucket-policy.html" target="_self"&gt;here&lt;/A&gt; and are summarized below for convenience.&lt;/STRONG&gt;&lt;/P&gt;
&lt;OL&gt;
&lt;LI&gt;&lt;SPAN&gt;Sign in to the AWS Management Console and open the Amazon S3 console at &lt;/SPAN&gt;&lt;A href="https://console.aws.amazon.com/s3/" target="_blank" rel="noopener"&gt;&lt;SPAN&gt;https://console.aws.amazon.com/s3/&lt;/SPAN&gt;&lt;/A&gt;&lt;SPAN&gt;.&lt;/SPAN&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;SPAN&gt;Select &lt;/SPAN&gt;&lt;I&gt;&lt;SPAN&gt;Buckets&lt;/SPAN&gt;&lt;/I&gt;&lt;SPAN&gt; in the left-hand navigation&lt;/SPAN&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;SPAN&gt;In the &lt;/SPAN&gt;&lt;I&gt;&lt;SPAN&gt;Buckets&lt;/SPAN&gt;&lt;/I&gt;&lt;SPAN&gt; list, choose the name of the bucket that you want to create a bucket policy for.&lt;/SPAN&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;SPAN&gt;Choose the Permissions tab.&lt;/SPAN&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;SPAN&gt;Under Bucket policy, choose Edit. The Edit bucket policy page appears.&lt;/SPAN&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;SPAN&gt;On the &lt;/SPAN&gt;&lt;I&gt;&lt;SPAN&gt;Edit bucket policy&lt;/SPAN&gt;&lt;/I&gt;&lt;SPAN&gt; page, create a policy with the relevant VPC IDs (sample policy and link to VPC IDs are available below).&lt;/SPAN&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;SPAN&gt;Choose &lt;/SPAN&gt;&lt;I&gt;&lt;SPAN&gt;Save changes&lt;/SPAN&gt;&lt;/I&gt;&lt;/LI&gt;
&lt;/OL&gt;
&lt;P&gt;&lt;STRONG&gt;Sample policy update:&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;LI-CODE lang="markup"&gt;Sample policy update:
Current config policy that includes Databricks' NAT IPs
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowDatabricks",
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject",
        "s3:ListBucket",
        "s3:GetBucketLocation"
      ],
      "Principal": "*",
       "Resource": [
        "arn:aws:s3:::&amp;lt;bucket_name&amp;gt;/*",
        "arn:aws:s3:::&amp;lt;bucket_name&amp;gt;"
      ],
      "Condition": {
        "ArnEquals": {
          "aws:PrincipalArn": "&amp;lt;role arn&amp;gt;"
        },
        "IpAddress": {
          "aws:SourceIp": "&amp;lt;databricks ip block&amp;gt;"
        }
      }
    }
  ]
}


Updated config policy to allow traffic from the Databricks Control Plane VPC IDs &amp;amp; NAT IPs.
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowDatabricks-public-ip",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject",
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::&amp;lt;bucket_name&amp;gt;/*",
                "arn:aws:s3:::&amp;lt;bucket_name&amp;gt;"
            ],
            "Condition": {
      "ArnEquals": {
        "aws:PrincipalArn": "&amp;lt;role arn&amp;gt;"
      },
                "IpAddress": {
                    "aws:SourceIp": "&amp;lt;databricks ip block&amp;gt;"
                }
            }
        },
        {
            "Sid": "AllowDatabricks-s3-gateway",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject",
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::&amp;lt;bucket_name&amp;gt;/*",
                "arn:aws:s3:::&amp;lt;bucket_name&amp;gt;"
            ],
            "Condition": {
      "ArnEquals": {
        "aws:PrincipalArn": "&amp;lt;role arn&amp;gt;"
      },
                "StringEquals": {
                    "aws:SourceVPC": "&amp;lt;databricks VPC&amp;gt;"
                }
            }
        }
    ]
}&lt;/LI-CODE&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Other resources:&lt;/STRONG&gt;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;SPAN&gt;Databricks public documentation on restricting access to AWS S3 buckets can be found &lt;/SPAN&gt;&lt;A href="https://docs.databricks.com/en/administration-guide/cloud-configurations/aws/customer-managed-vpc.html#optional-restrict-access-to-s3-buckets" target="_blank" rel="noopener"&gt;&lt;SPAN&gt;here&lt;/SPAN&gt;&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;SPAN&gt;Databricks public documentation for the VPC IDs that must be allow-listed can be found&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://docs.databricks.com/en/resources/supported-regions.html#s3-bucket-access" target="_blank" rel="noopener"&gt;&lt;SPAN&gt;here&lt;/SPAN&gt;&lt;/A&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&lt;SPAN&gt;Please c&lt;/SPAN&gt;&lt;SPAN&gt;ontact&amp;nbsp;&lt;A href="mailto:help@databricks.com" target="_self"&gt;help@databricks.com&lt;/A&gt;&amp;nbsp;with any questions about this change.&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;Thank you,&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;Databricks&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Tue, 12 Mar 2024 23:01:56 GMT</pubDate>
      <guid>https://community.databricks.com/t5/product-platform-updates/update-your-aws-s3-access-rules-to-include-databricks-control/ba-p/57398</guid>
      <dc:creator>AlexEsibov</dc:creator>
      <dc:date>2024-03-12T23:01:56Z</dc:date>
    </item>
    <item>
      <title>Re: Update your AWS S3 access rules to include Databricks’ control plane VPC IDs by March 15, 2024</title>
      <link>https://community.databricks.com/t5/product-platform-updates/update-your-aws-s3-access-rules-to-include-databricks-control/bc-p/61729#M2</link>
      <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/89926"&gt;@AlexEsibov&lt;/a&gt;&lt;/P&gt;&lt;P&gt;Would it be possible to have Databricks create a CloudFormation configuration script to update the bucket policy?&lt;/P&gt;</description>
      <pubDate>Fri, 23 Feb 2024 15:31:38 GMT</pubDate>
      <guid>https://community.databricks.com/t5/product-platform-updates/update-your-aws-s3-access-rules-to-include-databricks-control/bc-p/61729#M2</guid>
      <dc:creator>Iretex</dc:creator>
      <dc:date>2024-02-23T15:31:38Z</dc:date>
    </item>
    <item>
      <title>Re: Update your AWS S3 access rules to include Databricks’ control plane VPC IDs by March 15, 2024</title>
      <link>https://community.databricks.com/t5/product-platform-updates/update-your-aws-s3-access-rules-to-include-databricks-control/bc-p/62151#M3</link>
      <description>&lt;P&gt;Hi &lt;a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/89926"&gt;@AlexEsibov&lt;/a&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Are there any opportunities for helper scripts that can be used by Admins to quick run and get some feedback on breaking changes like these? As an account admin, managing multiple workspace - having a helper script like such would save time (mostly on reviewing terraform code) and also would be helpful for verification post making the requested fix.&lt;/P&gt;</description>
      <pubDate>Tue, 27 Feb 2024 20:12:05 GMT</pubDate>
      <guid>https://community.databricks.com/t5/product-platform-updates/update-your-aws-s3-access-rules-to-include-databricks-control/bc-p/62151#M3</guid>
      <dc:creator>AnirbanDas</dc:creator>
      <dc:date>2024-02-27T20:12:05Z</dc:date>
    </item>
    <item>
      <title>Re: Update your AWS S3 access rules to include Databricks’ control plane VPC IDs by March 15, 2024</title>
      <link>https://community.databricks.com/t5/product-platform-updates/update-your-aws-s3-access-rules-to-include-databricks-control/bc-p/62166#M4</link>
      <description>&lt;P&gt;&lt;a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/100704"&gt;@Iretex&lt;/a&gt;&amp;nbsp;&amp;nbsp;&lt;a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/52759"&gt;@AnirbanDas&lt;/a&gt;&amp;nbsp;we explored this route but the challenge we ran into with automation is that customers may have configured these policies with nuanced differences. This is why we landed on including the above example; there is also a nice CloudFormation configuration template available here:&amp;nbsp;&lt;A href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-policy.html" target="_blank"&gt;https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-policy.html&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;Hope this helps!&lt;/P&gt;</description>
      <pubDate>Wed, 28 Feb 2024 00:51:27 GMT</pubDate>
      <guid>https://community.databricks.com/t5/product-platform-updates/update-your-aws-s3-access-rules-to-include-databricks-control/bc-p/62166#M4</guid>
      <dc:creator>AlexEsibov</dc:creator>
      <dc:date>2024-02-28T00:51:27Z</dc:date>
    </item>
  </channel>
</rss>

