databricks logo
Databricks v1.14.0, May 23 23

databricks.IpAccessList

Explore with Pulumi AI

Security-conscious enterprises that use cloud SaaS applications need to restrict access to their own employees. Authentication helps to prove user identity, but that does not enforce network location of the users. Accessing a cloud service from an unsecured network can pose security risks to an enterprise, especially when the user may have authorized access to sensitive or personal data. Enterprise network perimeters apply security policies and limit access to external services (for example, firewalls, proxies, DLP, and logging), so access beyond these controls are assumed to be untrusted. Please see IP Access List for full feature documentation.

Note The total number of IP addresses and CIDR scopes provided across all ACL Lists in a workspace can not exceed 1000. Refer to the docs above for specifics.

The following resources are often used in the same context:

  • End to end workspace management guide.
  • Provisioning AWS Databricks E2 with a Hub & Spoke firewall for data exfiltration protection guide.
  • databricks.MwsNetworks to configure VPC & subnets for new workspaces within AWS.
  • databricks.MwsPrivateAccessSettings to create a Private Access Setting that can be used as part of a databricks.MwsWorkspaces resource to create a Databricks Workspace that leverages AWS PrivateLink.
  • databricks.Permissions to manage access control in Databricks workspace.
  • databricks.SqlPermissions to manage data object access control lists in Databricks workspaces for things like tables, views, databases, and more.

Example Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;

return await Deployment.RunAsync(() => 
{
    var @this = new Databricks.WorkspaceConf("this", new()
    {
        CustomConfig = 
        {
            { "enableIpAccessLists", true },
        },
    });

    var allowed_list = new Databricks.IpAccessList("allowed-list", new()
    {
        Label = "allow_in",
        ListType = "ALLOW",
        IpAddresses = new[]
        {
            "1.1.1.1",
            "1.2.3.0/24",
            "1.2.5.0/24",
        },
    }, new CustomResourceOptions
    {
        DependsOn = new[]
        {
            @this,
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		this, err := databricks.NewWorkspaceConf(ctx, "this", &databricks.WorkspaceConfArgs{
			CustomConfig: pulumi.AnyMap{
				"enableIpAccessLists": pulumi.Any(true),
			},
		})
		if err != nil {
			return err
		}
		_, err = databricks.NewIpAccessList(ctx, "allowed-list", &databricks.IpAccessListArgs{
			Label:    pulumi.String("allow_in"),
			ListType: pulumi.String("ALLOW"),
			IpAddresses: pulumi.StringArray{
				pulumi.String("1.1.1.1"),
				pulumi.String("1.2.3.0/24"),
				pulumi.String("1.2.5.0/24"),
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			this,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.WorkspaceConf;
import com.pulumi.databricks.WorkspaceConfArgs;
import com.pulumi.databricks.IpAccessList;
import com.pulumi.databricks.IpAccessListArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var this_ = new WorkspaceConf("this", WorkspaceConfArgs.builder()        
            .customConfig(Map.of("enableIpAccessLists", true))
            .build());

        var allowed_list = new IpAccessList("allowed-list", IpAccessListArgs.builder()        
            .label("allow_in")
            .listType("ALLOW")
            .ipAddresses(            
                "1.1.1.1",
                "1.2.3.0/24",
                "1.2.5.0/24")
            .build(), CustomResourceOptions.builder()
                .dependsOn(this_)
                .build());

    }
}
import pulumi
import pulumi_databricks as databricks

this = databricks.WorkspaceConf("this", custom_config={
    "enableIpAccessLists": True,
})
allowed_list = databricks.IpAccessList("allowed-list",
    label="allow_in",
    list_type="ALLOW",
    ip_addresses=[
        "1.1.1.1",
        "1.2.3.0/24",
        "1.2.5.0/24",
    ],
    opts=pulumi.ResourceOptions(depends_on=[this]))
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";

const _this = new databricks.WorkspaceConf("this", {customConfig: {
    enableIpAccessLists: true,
}});
const allowed_list = new databricks.IpAccessList("allowed-list", {
    label: "allow_in",
    listType: "ALLOW",
    ipAddresses: [
        "1.1.1.1",
        "1.2.3.0/24",
        "1.2.5.0/24",
    ],
}, {
    dependsOn: [_this],
});
resources:
  this:
    type: databricks:WorkspaceConf
    properties:
      customConfig:
        enableIpAccessLists: true
  allowed-list:
    type: databricks:IpAccessList
    properties:
      label: allow_in
      listType: ALLOW
      ipAddresses:
        - 1.1.1.1
        - 1.2.3.0/24
        - 1.2.5.0/24
    options:
      dependson:
        - ${this}

Create IpAccessList Resource

new IpAccessList(name: string, args: IpAccessListArgs, opts?: CustomResourceOptions);
@overload
def IpAccessList(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 enabled: Optional[bool] = None,
                 ip_addresses: Optional[Sequence[str]] = None,
                 label: Optional[str] = None,
                 list_type: Optional[str] = None)
@overload
def IpAccessList(resource_name: str,
                 args: IpAccessListArgs,
                 opts: Optional[ResourceOptions] = None)
func NewIpAccessList(ctx *Context, name string, args IpAccessListArgs, opts ...ResourceOption) (*IpAccessList, error)
public IpAccessList(string name, IpAccessListArgs args, CustomResourceOptions? opts = null)
public IpAccessList(String name, IpAccessListArgs args)
public IpAccessList(String name, IpAccessListArgs args, CustomResourceOptions options)
type: databricks:IpAccessList
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args IpAccessListArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args IpAccessListArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args IpAccessListArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args IpAccessListArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args IpAccessListArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

IpAccessList Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The IpAccessList resource accepts the following input properties:

IpAddresses List<string>

A string list of IP addresses and CIDR ranges.

Label string

This is the display name for the given IP ACL List.

ListType string

Can only be "ALLOW" or "BLOCK".

Enabled bool

Boolean true or false indicating whether this list should be active. Defaults to true

IpAddresses []string

A string list of IP addresses and CIDR ranges.

Label string

This is the display name for the given IP ACL List.

ListType string

Can only be "ALLOW" or "BLOCK".

Enabled bool

Boolean true or false indicating whether this list should be active. Defaults to true

ipAddresses List<String>

A string list of IP addresses and CIDR ranges.

label String

This is the display name for the given IP ACL List.

listType String

Can only be "ALLOW" or "BLOCK".

enabled Boolean

Boolean true or false indicating whether this list should be active. Defaults to true

ipAddresses string[]

A string list of IP addresses and CIDR ranges.

label string

This is the display name for the given IP ACL List.

listType string

Can only be "ALLOW" or "BLOCK".

enabled boolean

Boolean true or false indicating whether this list should be active. Defaults to true

ip_addresses Sequence[str]

A string list of IP addresses and CIDR ranges.

label str

This is the display name for the given IP ACL List.

list_type str

Can only be "ALLOW" or "BLOCK".

enabled bool

Boolean true or false indicating whether this list should be active. Defaults to true

ipAddresses List<String>

A string list of IP addresses and CIDR ranges.

label String

This is the display name for the given IP ACL List.

listType String

Can only be "ALLOW" or "BLOCK".

enabled Boolean

Boolean true or false indicating whether this list should be active. Defaults to true

Outputs

All input properties are implicitly available as output properties. Additionally, the IpAccessList resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Look up Existing IpAccessList Resource

Get an existing IpAccessList resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: IpAccessListState, opts?: CustomResourceOptions): IpAccessList
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        enabled: Optional[bool] = None,
        ip_addresses: Optional[Sequence[str]] = None,
        label: Optional[str] = None,
        list_type: Optional[str] = None) -> IpAccessList
func GetIpAccessList(ctx *Context, name string, id IDInput, state *IpAccessListState, opts ...ResourceOption) (*IpAccessList, error)
public static IpAccessList Get(string name, Input<string> id, IpAccessListState? state, CustomResourceOptions? opts = null)
public static IpAccessList get(String name, Output<String> id, IpAccessListState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Enabled bool

Boolean true or false indicating whether this list should be active. Defaults to true

IpAddresses List<string>

A string list of IP addresses and CIDR ranges.

Label string

This is the display name for the given IP ACL List.

ListType string

Can only be "ALLOW" or "BLOCK".

Enabled bool

Boolean true or false indicating whether this list should be active. Defaults to true

IpAddresses []string

A string list of IP addresses and CIDR ranges.

Label string

This is the display name for the given IP ACL List.

ListType string

Can only be "ALLOW" or "BLOCK".

enabled Boolean

Boolean true or false indicating whether this list should be active. Defaults to true

ipAddresses List<String>

A string list of IP addresses and CIDR ranges.

label String

This is the display name for the given IP ACL List.

listType String

Can only be "ALLOW" or "BLOCK".

enabled boolean

Boolean true or false indicating whether this list should be active. Defaults to true

ipAddresses string[]

A string list of IP addresses and CIDR ranges.

label string

This is the display name for the given IP ACL List.

listType string

Can only be "ALLOW" or "BLOCK".

enabled bool

Boolean true or false indicating whether this list should be active. Defaults to true

ip_addresses Sequence[str]

A string list of IP addresses and CIDR ranges.

label str

This is the display name for the given IP ACL List.

list_type str

Can only be "ALLOW" or "BLOCK".

enabled Boolean

Boolean true or false indicating whether this list should be active. Defaults to true

ipAddresses List<String>

A string list of IP addresses and CIDR ranges.

label String

This is the display name for the given IP ACL List.

listType String

Can only be "ALLOW" or "BLOCK".

Import

The databricks_ip_access_list can be imported using idbash

 $ pulumi import databricks:index/ipAccessList:IpAccessList this <list-id>

Package Details

Repository
databricks pulumi/pulumi-databricks
License
Apache-2.0
Notes

This Pulumi package is based on the databricks Terraform Provider.