private_access
Creates, updates, deletes, gets or lists a private_access resource.
Overview
| Name | private_access |
| Type | Resource |
| Id | databricks_account.provisioning.private_access |
Fields
The following fields are returned by SELECT queries:
- private_access_get
- private_access_list
| Name | Datatype | Description |
|---|---|---|
account_id | string | The Databricks account ID that hosts the private access settings. |
private_access_settings_id | string | Databricks private access settings ID. |
private_access_settings_name | string | The human-readable name of the private access settings object. |
allowed_vpc_endpoint_ids | array | An array of Databricks VPC endpoint IDs. This is the Databricks ID that is returned when registering the VPC endpoint configuration in your Databricks account. This is not the ID of the VPC endpoint in AWS. Only used when private_access_level is set to ENDPOINT. This is an allow list of VPC endpoints that in your account that can connect to your workspace over AWS PrivateLink. If hybrid access to your workspace is enabled by setting public_access_enabled to true, this control only works for PrivateLink connections. To control how your workspace is accessed via public internet, see IP access lists. |
private_access_level | string | The private access level controls which VPC endpoints can connect to the UI or API of any workspace that attaches this private access settings object. `ACCOUNT` level access (the default) allows only VPC endpoints that are registered in your Databricks account connect to your workspace. `ENDPOINT` level access allows only specified VPC endpoints connect to your workspace. For details, see allowed_vpc_endpoint_ids. (ACCOUNT, ENDPOINT) |
public_access_enabled | boolean | Determines if the workspace can be accessed over public internet. For fully private workspaces, you can optionally specify false, but only if you implement both the front-end and the back-end PrivateLink connections. Otherwise, specify true, which means that public access is enabled. |
region | string | The AWS region for workspaces attached to this private access settings object. |
| Name | Datatype | Description |
|---|---|---|
account_id | string | The Databricks account ID that hosts the private access settings. |
private_access_settings_id | string | Databricks private access settings ID. |
private_access_settings_name | string | The human-readable name of the private access settings object. |
allowed_vpc_endpoint_ids | array | An array of Databricks VPC endpoint IDs. This is the Databricks ID that is returned when registering the VPC endpoint configuration in your Databricks account. This is not the ID of the VPC endpoint in AWS. Only used when private_access_level is set to ENDPOINT. This is an allow list of VPC endpoints that in your account that can connect to your workspace over AWS PrivateLink. If hybrid access to your workspace is enabled by setting public_access_enabled to true, this control only works for PrivateLink connections. To control how your workspace is accessed via public internet, see IP access lists. |
private_access_level | string | The private access level controls which VPC endpoints can connect to the UI or API of any workspace that attaches this private access settings object. `ACCOUNT` level access (the default) allows only VPC endpoints that are registered in your Databricks account connect to your workspace. `ENDPOINT` level access allows only specified VPC endpoints connect to your workspace. For details, see allowed_vpc_endpoint_ids. (ACCOUNT, ENDPOINT) |
public_access_enabled | boolean | Determines if the workspace can be accessed over public internet. For fully private workspaces, you can optionally specify false, but only if you implement both the front-end and the back-end PrivateLink connections. Otherwise, specify true, which means that public access is enabled. |
region | string | The AWS region for workspaces attached to this private access settings object. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
private_access_get | select | account_id, private_access_settings_id | Gets a Databricks private access settings configuration, both specified by ID. | |
private_access_list | select | account_id | Lists Databricks private access settings for an account. | |
private_access_create | insert | account_id | Creates a private access settings configuration, which represents network access restrictions for | |
private_access_replace | replace | account_id, private_access_settings_id, customer_facing_private_access_settings | Updates an existing private access settings object, which specifies how your workspace is accessed | |
private_access_delete | delete | account_id, private_access_settings_id | Deletes a Databricks private access settings configuration, both specified by ID. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
account_id | string | |
private_access_settings_id | string |
SELECT examples
- private_access_get
- private_access_list
Gets a Databricks private access settings configuration, both specified by ID.
SELECT
account_id,
private_access_settings_id,
private_access_settings_name,
allowed_vpc_endpoint_ids,
private_access_level,
public_access_enabled,
region
FROM databricks_account.provisioning.private_access
WHERE account_id = '{{ account_id }}' -- required
AND private_access_settings_id = '{{ private_access_settings_id }}' -- required
;
Lists Databricks private access settings for an account.
SELECT
account_id,
private_access_settings_id,
private_access_settings_name,
allowed_vpc_endpoint_ids,
private_access_level,
public_access_enabled,
region
FROM databricks_account.provisioning.private_access
WHERE account_id = '{{ account_id }}' -- required
;
INSERT examples
- private_access_create
- Manifest
Creates a private access settings configuration, which represents network access restrictions for
INSERT INTO databricks_account.provisioning.private_access (
allowed_vpc_endpoint_ids,
private_access_level,
private_access_settings_name,
public_access_enabled,
region,
account_id
)
SELECT
'{{ allowed_vpc_endpoint_ids }}',
'{{ private_access_level }}',
'{{ private_access_settings_name }}',
{{ public_access_enabled }},
'{{ region }}',
'{{ account_id }}'
RETURNING
account_id,
private_access_settings_id,
private_access_settings_name,
allowed_vpc_endpoint_ids,
private_access_level,
public_access_enabled,
region
;
# Description fields are for documentation purposes
- name: private_access
props:
- name: account_id
value: "{{ account_id }}"
description: Required parameter for the private_access resource.
- name: allowed_vpc_endpoint_ids
value:
- "{{ allowed_vpc_endpoint_ids }}"
description: |
An array of Databricks VPC endpoint IDs. This is the Databricks ID returned when registering the VPC endpoint configuration in your Databricks account. This is not the ID of the VPC endpoint in AWS. Only used when private_access_level is set to ENDPOINT. This is an allow list of VPC endpoints registered in your Databricks account that can connect to your workspace over AWS PrivateLink. Note: If hybrid access to your workspace is enabled by setting public_access_enabled to true, this control only works for PrivateLink connections. To control how your workspace is accessed via public internet, see IP access lists.
- name: private_access_level
value: "{{ private_access_level }}"
description: |
The private access level controls which VPC endpoints can connect to the UI or API of any workspace that attaches this private access settings object. `ACCOUNT` level access (the default) allows only VPC endpoints that are registered in your Databricks account connect to your workspace. `ENDPOINT` level access allows only specified VPC endpoints connect to your workspace. For details, see allowed_vpc_endpoint_ids.
- name: private_access_settings_name
value: "{{ private_access_settings_name }}"
description: |
The human-readable name of the private access settings object.
- name: public_access_enabled
value: {{ public_access_enabled }}
description: |
Determines if the workspace can be accessed over public internet. For fully private workspaces, you can optionally specify false, but only if you implement both the front-end and the back-end PrivateLink connections. Otherwise, specify true, which means that public access is enabled.
- name: region
value: "{{ region }}"
description: |
The AWS region for workspaces attached to this private access settings object.
REPLACE examples
- private_access_replace
Updates an existing private access settings object, which specifies how your workspace is accessed
REPLACE databricks_account.provisioning.private_access
SET
customer_facing_private_access_settings = '{{ customer_facing_private_access_settings }}'
WHERE
account_id = '{{ account_id }}' --required
AND private_access_settings_id = '{{ private_access_settings_id }}' --required
AND customer_facing_private_access_settings = '{{ customer_facing_private_access_settings }}' --required
RETURNING
account_id,
private_access_settings_id,
private_access_settings_name,
allowed_vpc_endpoint_ids,
private_access_level,
public_access_enabled,
region;
DELETE examples
- private_access_delete
Deletes a Databricks private access settings configuration, both specified by ID.
DELETE FROM databricks_account.provisioning.private_access
WHERE account_id = '{{ account_id }}' --required
AND private_access_settings_id = '{{ private_access_settings_id }}' --required
;