Docs
Packagesdatabricks.IpAccessList
Explore with Pulumi AI
Security-conscious enterprises that use cloud SaaS applications need to restrict access to their own employees. Authentication helps to prove user identity, but that does not enforce network location of the users. Accessing a cloud service from an unsecured network can pose security risks to an enterprise, especially when the user may have authorized access to sensitive or personal data. Enterprise network perimeters apply security policies and limit access to external services (for example, firewalls, proxies, DLP, and logging), so access beyond these controls are assumed to be untrusted. Please see IP Access List for full feature documentation.
Note The total number of IP addresses and CIDR scopes provided across all ACL Lists in a workspace can not exceed 1000. Refer to the docs above for specifics.
Related Resources
The following resources are often used in the same context:
- End to end workspace management guide.
- Provisioning AWS Databricks E2 with a Hub & Spoke firewall for data exfiltration protection guide.
- databricks.MwsNetworks to configure VPC & subnets for new workspaces within AWS.
- databricks.MwsPrivateAccessSettings to create a Private Access Setting that can be used as part of a databricks.MwsWorkspaces resource to create a Databricks Workspace that leverages AWS PrivateLink.
- databricks.Permissions to manage access control in Databricks workspace.
- databricks.SqlPermissions to manage data object access control lists in Databricks workspaces for things like tables, views, databases, and more.
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var @this = new Databricks.WorkspaceConf("this", new()
{
CustomConfig =
{
{ "enableIpAccessLists", true },
},
});
var allowed_list = new Databricks.IpAccessList("allowed-list", new()
{
Label = "allow_in",
ListType = "ALLOW",
IpAddresses = new[]
{
"1.1.1.1",
"1.2.3.0/24",
"1.2.5.0/24",
},
}, new CustomResourceOptions
{
DependsOn = new[]
{
@this,
},
});
});
package main
import (
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
this, err := databricks.NewWorkspaceConf(ctx, "this", &databricks.WorkspaceConfArgs{
CustomConfig: pulumi.Map{
"enableIpAccessLists": pulumi.Any(true),
},
})
if err != nil {
return err
}
_, err = databricks.NewIpAccessList(ctx, "allowed-list", &databricks.IpAccessListArgs{
Label: pulumi.String("allow_in"),
ListType: pulumi.String("ALLOW"),
IpAddresses: pulumi.StringArray{
pulumi.String("1.1.1.1"),
pulumi.String("1.2.3.0/24"),
pulumi.String("1.2.5.0/24"),
},
}, pulumi.DependsOn([]pulumi.Resource{
this,
}))
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.WorkspaceConf;
import com.pulumi.databricks.WorkspaceConfArgs;
import com.pulumi.databricks.IpAccessList;
import com.pulumi.databricks.IpAccessListArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var this_ = new WorkspaceConf("this", WorkspaceConfArgs.builder()
.customConfig(Map.of("enableIpAccessLists", true))
.build());
var allowed_list = new IpAccessList("allowed-list", IpAccessListArgs.builder()
.label("allow_in")
.listType("ALLOW")
.ipAddresses(
"1.1.1.1",
"1.2.3.0/24",
"1.2.5.0/24")
.build(), CustomResourceOptions.builder()
.dependsOn(this_)
.build());
}
}
import pulumi
import pulumi_databricks as databricks
this = databricks.WorkspaceConf("this", custom_config={
"enableIpAccessLists": True,
})
allowed_list = databricks.IpAccessList("allowed-list",
label="allow_in",
list_type="ALLOW",
ip_addresses=[
"1.1.1.1",
"1.2.3.0/24",
"1.2.5.0/24",
],
opts=pulumi.ResourceOptions(depends_on=[this]))
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
const _this = new databricks.WorkspaceConf("this", {customConfig: {
enableIpAccessLists: true,
}});
const allowed_list = new databricks.IpAccessList("allowed-list", {
label: "allow_in",
listType: "ALLOW",
ipAddresses: [
"1.1.1.1",
"1.2.3.0/24",
"1.2.5.0/24",
],
}, {
dependsOn: [_this],
});
resources:
this:
type: databricks:WorkspaceConf
properties:
customConfig:
enableIpAccessLists: true
allowed-list:
type: databricks:IpAccessList
properties:
label: allow_in
listType: ALLOW
ipAddresses:
- 1.1.1.1
- 1.2.3.0/24
- 1.2.5.0/24
options:
dependson:
- ${this}
Create IpAccessList Resource
new IpAccessList(name: string, args: IpAccessListArgs, opts?: CustomResourceOptions);@overload
def IpAccessList(resource_name: str,
opts: Optional[ResourceOptions] = None,
enabled: Optional[bool] = None,
ip_addresses: Optional[Sequence[str]] = None,
label: Optional[str] = None,
list_type: Optional[str] = None)
@overload
def IpAccessList(resource_name: str,
args: IpAccessListArgs,
opts: Optional[ResourceOptions] = None)func NewIpAccessList(ctx *Context, name string, args IpAccessListArgs, opts ...ResourceOption) (*IpAccessList, error)public IpAccessList(string name, IpAccessListArgs args, CustomResourceOptions? opts = null)
public IpAccessList(String name, IpAccessListArgs args)
public IpAccessList(String name, IpAccessListArgs args, CustomResourceOptions options)
type: databricks:IpAccessList
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args IpAccessListArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args IpAccessListArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args IpAccessListArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args IpAccessListArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args IpAccessListArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
IpAccessList Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The IpAccessList resource accepts the following input properties:
- Ip
Addresses List<string> A string list of IP addresses and CIDR ranges.
- Label string
This is the display name for the given IP ACL List.
- List
Type string Can only be "ALLOW" or "BLOCK".
- Enabled bool
Boolean
trueorfalseindicating whether this list should be active. Defaults totrue
- Ip
Addresses []string A string list of IP addresses and CIDR ranges.
- Label string
This is the display name for the given IP ACL List.
- List
Type string Can only be "ALLOW" or "BLOCK".
- Enabled bool
Boolean
trueorfalseindicating whether this list should be active. Defaults totrue
- ip
Addresses List<String> A string list of IP addresses and CIDR ranges.
- label String
This is the display name for the given IP ACL List.
- list
Type String Can only be "ALLOW" or "BLOCK".
- enabled Boolean
Boolean
trueorfalseindicating whether this list should be active. Defaults totrue
- ip
Addresses string[] A string list of IP addresses and CIDR ranges.
- label string
This is the display name for the given IP ACL List.
- list
Type string Can only be "ALLOW" or "BLOCK".
- enabled boolean
Boolean
trueorfalseindicating whether this list should be active. Defaults totrue
- ip_
addresses Sequence[str] A string list of IP addresses and CIDR ranges.
- label str
This is the display name for the given IP ACL List.
- list_
type str Can only be "ALLOW" or "BLOCK".
- enabled bool
Boolean
trueorfalseindicating whether this list should be active. Defaults totrue
- ip
Addresses List<String> A string list of IP addresses and CIDR ranges.
- label String
This is the display name for the given IP ACL List.
- list
Type String Can only be "ALLOW" or "BLOCK".
- enabled Boolean
Boolean
trueorfalseindicating whether this list should be active. Defaults totrue
Outputs
All input properties are implicitly available as output properties. Additionally, the IpAccessList resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing IpAccessList Resource
Get an existing IpAccessList resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: IpAccessListState, opts?: CustomResourceOptions): IpAccessList@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
enabled: Optional[bool] = None,
ip_addresses: Optional[Sequence[str]] = None,
label: Optional[str] = None,
list_type: Optional[str] = None) -> IpAccessListfunc GetIpAccessList(ctx *Context, name string, id IDInput, state *IpAccessListState, opts ...ResourceOption) (*IpAccessList, error)public static IpAccessList Get(string name, Input<string> id, IpAccessListState? state, CustomResourceOptions? opts = null)public static IpAccessList get(String name, Output<String> id, IpAccessListState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Enabled bool
Boolean
trueorfalseindicating whether this list should be active. Defaults totrue- Ip
Addresses List<string> A string list of IP addresses and CIDR ranges.
- Label string
This is the display name for the given IP ACL List.
- List
Type string Can only be "ALLOW" or "BLOCK".
- Enabled bool
Boolean
trueorfalseindicating whether this list should be active. Defaults totrue- Ip
Addresses []string A string list of IP addresses and CIDR ranges.
- Label string
This is the display name for the given IP ACL List.
- List
Type string Can only be "ALLOW" or "BLOCK".
- enabled Boolean
Boolean
trueorfalseindicating whether this list should be active. Defaults totrue- ip
Addresses List<String> A string list of IP addresses and CIDR ranges.
- label String
This is the display name for the given IP ACL List.
- list
Type String Can only be "ALLOW" or "BLOCK".
- enabled boolean
Boolean
trueorfalseindicating whether this list should be active. Defaults totrue- ip
Addresses string[] A string list of IP addresses and CIDR ranges.
- label string
This is the display name for the given IP ACL List.
- list
Type string Can only be "ALLOW" or "BLOCK".
- enabled bool
Boolean
trueorfalseindicating whether this list should be active. Defaults totrue- ip_
addresses Sequence[str] A string list of IP addresses and CIDR ranges.
- label str
This is the display name for the given IP ACL List.
- list_
type str Can only be "ALLOW" or "BLOCK".
- enabled Boolean
Boolean
trueorfalseindicating whether this list should be active. Defaults totrue- ip
Addresses List<String> A string list of IP addresses and CIDR ranges.
- label String
This is the display name for the given IP ACL List.
- list
Type String Can only be "ALLOW" or "BLOCK".
Import
The databricks_ip_access_list can be imported using idbash
$ pulumi import databricks:index/ipAccessList:IpAccessList this <list-id>
Package Details
- Repository
- databricks pulumi/pulumi-databricks
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
databricksTerraform Provider.