1. Packages
  2. Databricks
  3. API Docs
  4. IpAccessList
Databricks v1.27.0 published on Tuesday, Dec 5, 2023 by Pulumi

databricks.IpAccessList

Explore with Pulumi AI

databricks logo
Databricks v1.27.0 published on Tuesday, Dec 5, 2023 by Pulumi

    Security-conscious enterprises that use cloud SaaS applications need to restrict access to their own employees. Authentication helps to prove user identity, but that does not enforce network location of the users. Accessing a cloud service from an unsecured network can pose security risks to an enterprise, especially when the user may have authorized access to sensitive or personal data. Enterprise network perimeters apply security policies and limit access to external services (for example, firewalls, proxies, DLP, and logging), so access beyond these controls are assumed to be untrusted. Please see IP Access List for full feature documentation.

    Note The total number of IP addresses and CIDR scopes provided across all ACL Lists in a workspace can not exceed 1000. Refer to the docs above for specifics.

    The following resources are often used in the same context:

    • End to end workspace management guide.
    • Provisioning AWS Databricks E2 with a Hub & Spoke firewall for data exfiltration protection guide.
    • databricks.MwsNetworks to configure VPC & subnets for new workspaces within AWS.
    • databricks.MwsPrivateAccessSettings to create a Private Access Setting that can be used as part of a databricks.MwsWorkspaces resource to create a Databricks Workspace that leverages AWS PrivateLink.
    • databricks.Permissions to manage access control in Databricks workspace.
    • databricks.SqlPermissions to manage data object access control lists in Databricks workspaces for things like tables, views, databases, and more.

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Databricks = Pulumi.Databricks;
    
    return await Deployment.RunAsync(() => 
    {
        var @this = new Databricks.WorkspaceConf("this", new()
        {
            CustomConfig = 
            {
                { "enableIpAccessLists", true },
            },
        });
    
        var allowed_list = new Databricks.IpAccessList("allowed-list", new()
        {
            Label = "allow_in",
            ListType = "ALLOW",
            IpAddresses = new[]
            {
                "1.1.1.1",
                "1.2.3.0/24",
                "1.2.5.0/24",
            },
        }, new CustomResourceOptions
        {
            DependsOn = new[]
            {
                @this,
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		this, err := databricks.NewWorkspaceConf(ctx, "this", &databricks.WorkspaceConfArgs{
    			CustomConfig: pulumi.Map{
    				"enableIpAccessLists": pulumi.Any(true),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = databricks.NewIpAccessList(ctx, "allowed-list", &databricks.IpAccessListArgs{
    			Label:    pulumi.String("allow_in"),
    			ListType: pulumi.String("ALLOW"),
    			IpAddresses: pulumi.StringArray{
    				pulumi.String("1.1.1.1"),
    				pulumi.String("1.2.3.0/24"),
    				pulumi.String("1.2.5.0/24"),
    			},
    		}, pulumi.DependsOn([]pulumi.Resource{
    			this,
    		}))
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.databricks.WorkspaceConf;
    import com.pulumi.databricks.WorkspaceConfArgs;
    import com.pulumi.databricks.IpAccessList;
    import com.pulumi.databricks.IpAccessListArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var this_ = new WorkspaceConf("this", WorkspaceConfArgs.builder()        
                .customConfig(Map.of("enableIpAccessLists", true))
                .build());
    
            var allowed_list = new IpAccessList("allowed-list", IpAccessListArgs.builder()        
                .label("allow_in")
                .listType("ALLOW")
                .ipAddresses(            
                    "1.1.1.1",
                    "1.2.3.0/24",
                    "1.2.5.0/24")
                .build(), CustomResourceOptions.builder()
                    .dependsOn(this_)
                    .build());
    
        }
    }
    
    import pulumi
    import pulumi_databricks as databricks
    
    this = databricks.WorkspaceConf("this", custom_config={
        "enableIpAccessLists": True,
    })
    allowed_list = databricks.IpAccessList("allowed-list",
        label="allow_in",
        list_type="ALLOW",
        ip_addresses=[
            "1.1.1.1",
            "1.2.3.0/24",
            "1.2.5.0/24",
        ],
        opts=pulumi.ResourceOptions(depends_on=[this]))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as databricks from "@pulumi/databricks";
    
    const _this = new databricks.WorkspaceConf("this", {customConfig: {
        enableIpAccessLists: true,
    }});
    const allowed_list = new databricks.IpAccessList("allowed-list", {
        label: "allow_in",
        listType: "ALLOW",
        ipAddresses: [
            "1.1.1.1",
            "1.2.3.0/24",
            "1.2.5.0/24",
        ],
    }, {
        dependsOn: [_this],
    });
    
    resources:
      this:
        type: databricks:WorkspaceConf
        properties:
          customConfig:
            enableIpAccessLists: true
      allowed-list:
        type: databricks:IpAccessList
        properties:
          label: allow_in
          listType: ALLOW
          ipAddresses:
            - 1.1.1.1
            - 1.2.3.0/24
            - 1.2.5.0/24
        options:
          dependson:
            - ${this}
    

    Create IpAccessList Resource

    new IpAccessList(name: string, args: IpAccessListArgs, opts?: CustomResourceOptions);
    @overload
    def IpAccessList(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     enabled: Optional[bool] = None,
                     ip_addresses: Optional[Sequence[str]] = None,
                     label: Optional[str] = None,
                     list_type: Optional[str] = None)
    @overload
    def IpAccessList(resource_name: str,
                     args: IpAccessListArgs,
                     opts: Optional[ResourceOptions] = None)
    func NewIpAccessList(ctx *Context, name string, args IpAccessListArgs, opts ...ResourceOption) (*IpAccessList, error)
    public IpAccessList(string name, IpAccessListArgs args, CustomResourceOptions? opts = null)
    public IpAccessList(String name, IpAccessListArgs args)
    public IpAccessList(String name, IpAccessListArgs args, CustomResourceOptions options)
    
    type: databricks:IpAccessList
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args IpAccessListArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args IpAccessListArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args IpAccessListArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args IpAccessListArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args IpAccessListArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    IpAccessList Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The IpAccessList resource accepts the following input properties:

    IpAddresses List<string>

    A string list of IP addresses and CIDR ranges.

    Label string

    This is the display name for the given IP ACL List.

    ListType string

    Can only be "ALLOW" or "BLOCK".

    Enabled bool

    Boolean true or false indicating whether this list should be active. Defaults to true

    IpAddresses []string

    A string list of IP addresses and CIDR ranges.

    Label string

    This is the display name for the given IP ACL List.

    ListType string

    Can only be "ALLOW" or "BLOCK".

    Enabled bool

    Boolean true or false indicating whether this list should be active. Defaults to true

    ipAddresses List<String>

    A string list of IP addresses and CIDR ranges.

    label String

    This is the display name for the given IP ACL List.

    listType String

    Can only be "ALLOW" or "BLOCK".

    enabled Boolean

    Boolean true or false indicating whether this list should be active. Defaults to true

    ipAddresses string[]

    A string list of IP addresses and CIDR ranges.

    label string

    This is the display name for the given IP ACL List.

    listType string

    Can only be "ALLOW" or "BLOCK".

    enabled boolean

    Boolean true or false indicating whether this list should be active. Defaults to true

    ip_addresses Sequence[str]

    A string list of IP addresses and CIDR ranges.

    label str

    This is the display name for the given IP ACL List.

    list_type str

    Can only be "ALLOW" or "BLOCK".

    enabled bool

    Boolean true or false indicating whether this list should be active. Defaults to true

    ipAddresses List<String>

    A string list of IP addresses and CIDR ranges.

    label String

    This is the display name for the given IP ACL List.

    listType String

    Can only be "ALLOW" or "BLOCK".

    enabled Boolean

    Boolean true or false indicating whether this list should be active. Defaults to true

    Outputs

    All input properties are implicitly available as output properties. Additionally, the IpAccessList resource produces the following output properties:

    Id string

    The provider-assigned unique ID for this managed resource.

    Id string

    The provider-assigned unique ID for this managed resource.

    id String

    The provider-assigned unique ID for this managed resource.

    id string

    The provider-assigned unique ID for this managed resource.

    id str

    The provider-assigned unique ID for this managed resource.

    id String

    The provider-assigned unique ID for this managed resource.

    Look up Existing IpAccessList Resource

    Get an existing IpAccessList resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: IpAccessListState, opts?: CustomResourceOptions): IpAccessList
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            enabled: Optional[bool] = None,
            ip_addresses: Optional[Sequence[str]] = None,
            label: Optional[str] = None,
            list_type: Optional[str] = None) -> IpAccessList
    func GetIpAccessList(ctx *Context, name string, id IDInput, state *IpAccessListState, opts ...ResourceOption) (*IpAccessList, error)
    public static IpAccessList Get(string name, Input<string> id, IpAccessListState? state, CustomResourceOptions? opts = null)
    public static IpAccessList get(String name, Output<String> id, IpAccessListState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Enabled bool

    Boolean true or false indicating whether this list should be active. Defaults to true

    IpAddresses List<string>

    A string list of IP addresses and CIDR ranges.

    Label string

    This is the display name for the given IP ACL List.

    ListType string

    Can only be "ALLOW" or "BLOCK".

    Enabled bool

    Boolean true or false indicating whether this list should be active. Defaults to true

    IpAddresses []string

    A string list of IP addresses and CIDR ranges.

    Label string

    This is the display name for the given IP ACL List.

    ListType string

    Can only be "ALLOW" or "BLOCK".

    enabled Boolean

    Boolean true or false indicating whether this list should be active. Defaults to true

    ipAddresses List<String>

    A string list of IP addresses and CIDR ranges.

    label String

    This is the display name for the given IP ACL List.

    listType String

    Can only be "ALLOW" or "BLOCK".

    enabled boolean

    Boolean true or false indicating whether this list should be active. Defaults to true

    ipAddresses string[]

    A string list of IP addresses and CIDR ranges.

    label string

    This is the display name for the given IP ACL List.

    listType string

    Can only be "ALLOW" or "BLOCK".

    enabled bool

    Boolean true or false indicating whether this list should be active. Defaults to true

    ip_addresses Sequence[str]

    A string list of IP addresses and CIDR ranges.

    label str

    This is the display name for the given IP ACL List.

    list_type str

    Can only be "ALLOW" or "BLOCK".

    enabled Boolean

    Boolean true or false indicating whether this list should be active. Defaults to true

    ipAddresses List<String>

    A string list of IP addresses and CIDR ranges.

    label String

    This is the display name for the given IP ACL List.

    listType String

    Can only be "ALLOW" or "BLOCK".

    Import

    The databricks_ip_access_list can be imported using idbash

     $ pulumi import databricks:index/ipAccessList:IpAccessList this <list-id>
    

    Package Details

    Repository
    databricks pulumi/pulumi-databricks
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the databricks Terraform Provider.

    databricks logo
    Databricks v1.27.0 published on Tuesday, Dec 5, 2023 by Pulumi