A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://docs.databricks.com/aws/en/security/network/serverless-network-security/serverless-firewall below:

Configure a firewall for serverless compute access

Configure a firewall for serverless compute access

Preview

This feature is in Public Preview. To join this preview, contact your Databricks account team.

This page describes how to configure a firewall for serverless compute using the Databricks account console UI. You can also use the Network Connectivity Configurations API. Firewall enablement is not supported for Amazon S3 or Amazon DynamoDB.

Overview of firewall enablement for serverless compute​

Serverless network connectivity is managed with network connectivity configurations (NCCs). Account admins create NCCs in the account console, and an NCC can be attached to one or more workspaces. NCCs are account-level regional constructs that are used to manage private endpoint creation and firewall enablement at scale.

An NCC contains a list of IPs. When an NCC is attached to a workspace, serverless compute in that workspace uses one of those IP addresses to connect your resources. You can allow list those networks on your resource firewalls.

NCC firewall enablement is supported from serverless SQL warehouses, jobs, notebooks, Lakeflow Declarative Pipelines, and model serving endpoints.

For more information on NCCs, see What is a network connectivity configuration (NCC)?.

Requirements​ Step 1: Create a network connectivity configuration and copy the stable IPs​

Databricks recommends sharing NCCs among workspaces in the same business unit and those sharing the same region.

  1. As an account admin, go to the account console.
  2. In the sidebar, click Cloud Resources.
  3. Click Network.
  4. Click Network Connectivity Configuration.
  5. Click Add Network Connectivity Configuration.
  6. Type a name for the NCC.
  7. Choose the region. This must match your workspace region.
  8. Click Add.
  9. Click the Default Rules tab.
  10. Under Stable IPs, click Copy all IPs and save the list of IPs.
Step 2: Attach an NCC to workspaces​

You can attach an NCC to up to 50 workspaces in the same region as the NCC.

To use the API to attach an NCC to a workspace, see the Account Workspaces API.

  1. In the account console sidebar, click Workspaces.
  2. Click your workspace's name.
  3. Click Update workspace.
  4. In the Network Connectivity Configuration field, select your NCC. If it's not visible, confirm that you've selected the same region for both the workspace and the NCC.
  5. Click Update.
  6. Wait 10 minutes for the change to take effect.
  7. Restart any running serverless compute resources in the workspace.
Step 3: Update your resource access rules to allowlist the IPs​

Add the stable IPs to your resource access rules.

Creating a storage firewall also affects connectivity from classic compute plane resources to resources. You must also update your resource access rules to allowlist the IPs to connect to them from classic compute resources.

NCC firewall enablement is not supported for Amazon S3 or Amazon DynamoDB. When reading or writing to Amazon S3 buckets in the same region as your workspace, serverless compute resources use direct access to S3 using AWS gateway endpoints. This applies when serverless SQL compute reads and writes to your workspace storage bucket in your AWS account and to other S3 data sources in the same region.

What's next​

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4