Skip to content

Latest commit

 

History

History
104 lines (80 loc) · 6.76 KB

mws_private_access_settings.md

File metadata and controls

104 lines (80 loc) · 6.76 KB
subcategory
Deployment

databricks_mws_private_access_settings Resource

Allows you to create a Private Access Setting resource that can be used as part of a databricks_mws_workspaces resource to create a Databricks Workspace that leverages AWS PrivateLink or GCP Private Service Connect

It is strongly recommended that customers read the Enable AWS Private Link Enable GCP Private Service Connect documentation before trying to leverage this resource.

Example Usage

Databricks on AWS usage

-> Initialize provider with alias = "mws", host = "https://accounts.cloud.databricks.com" and use provider = databricks.mws

resource "databricks_mws_private_access_settings" "pas" {
  provider                     = databricks.mws
  account_id                   = var.databricks_account_id
  private_access_settings_name = "Private Access Settings for ${local.prefix}"
  region                       = var.region
  public_access_enabled        = true
}

The databricks_mws_private_access_settings.pas.private_access_settings_id can then be used as part of a databricks_mws_workspaces resource:

resource "databricks_mws_workspaces" "this" {
  provider                   = databricks.mws
  aws_region                 = var.region
  workspace_name             = local.prefix
  credentials_id             = databricks_mws_credentials.this.credentials_id
  storage_configuration_id   = databricks_mws_storage_configurations.this.storage_configuration_id
  network_id                 = databricks_mws_networks.this.network_id
  private_access_settings_id = databricks_mws_private_access_settings.pas.private_access_settings_id
  pricing_tier               = "ENTERPRISE"
  depends_on                 = [databricks_mws_networks.this]
}

Databricks on GCP usage

-> Initialize provider with alias = "mws", host = "https://accounts.gcp.databricks.com" and use provider = databricks.mws

resource "databricks_mws_workspaces" "this" {
  provider       = databricks.mws
  workspace_name = "gcp-workspace"
  location       = var.subnet_region
  cloud_resource_container {
    gcp {
      project_id = var.google_project
    }
  }
  gke_config {
    connectivity_type = "PRIVATE_NODE_PUBLIC_MASTER"
    master_ip_range   = "10.3.0.0/28"
  }
  network_id                 = databricks_mws_networks.this.network_id
  private_access_settings_id = databricks_mws_private_access_settings.pas.private_access_settings_id
  pricing_tier               = "PREMIUM"
  depends_on                 = [databricks_mws_networks.this]
}

Argument Reference

The following arguments are available:

  • private_access_settings_name - Name of Private Access Settings in Databricks Account
  • public_access_enabled (Boolean, Optional, false by default on AWS, true by default on GCP) - If true, the databricks_mws_workspaces can be accessed over the databricks_mws_vpc_endpoint as well as over the public network. In such a case, you could also configure an databricks_ip_access_list for the workspace, to restrict the source networks that could be used to access it over the public network. If false, the workspace can be accessed only over VPC endpoints, and not over the public network. Once explicitly set, this field becomes mandatory.
  • region - Region of AWS VPC or the Google Cloud VPC network
  • private_access_level - (Optional) The private access level controls which VPC endpoints can connect to the UI or API of any workspace that attaches this private access settings object. ACCOUNT level access (default) lets only databricks_mws_vpc_endpoint that are registered in your Databricks account connect to your databricks_mws_workspaces. ENDPOINT level access lets only specified databricks_mws_vpc_endpoint connect to your workspace. Please see the allowed_vpc_endpoint_ids documentation for more details.
  • allowed_vpc_endpoint_ids - (Optional) An array of databricks_mws_vpc_endpoint vpc_endpoint_id (not id). Only used when private_access_level is set to ENDPOINT. This is an allow list of databricks_mws_vpc_endpoint that in your account that can connect to your databricks_mws_workspaces over AWS PrivateLink. If hybrid access to your workspace is enabled by setting public_access_enabled to true, then this control only works for PrivateLink connections. To control how your workspace is accessed via public internet, see the article for databricks_ip_access_list.

Attribute Reference

In addition to all arguments above, the following attributes are exported:

  • id - the ID of the Private Access Settings in form of account_id/private_access_settings_id.
  • private_access_settings_id - Canonical unique identifier of Private Access Settings in Databricks Account
  • status - (AWS only) Status of Private Access Settings

Import

This resource can be imported by Databricks account ID and private access settings ID.

terraform import databricks_mws_private_access_settings.this '<account_id>/<private_access_settings_id>'

Related Resources

The following resources are used in the same context: