1. Packages
  2. Databricks Provider
  3. API Docs
  4. MwsNccPrivateEndpointRule
Databricks v1.74.0 published on Thursday, Aug 14, 2025 by Pulumi

databricks.MwsNccPrivateEndpointRule

Explore with Pulumi AI

databricks logo
Databricks v1.74.0 published on Thursday, Aug 14, 2025 by Pulumi

    Allows you to create a private endpoint in a Network Connectivity Config that can be used to configure private connectivity from serverless compute.

    This resource can only be used with an account-level provider!

    This feature is available on Azure, and in Public Preview on AWS.

    Example Usage

    Create private endpoints to an Azure storage account and an Azure standard load balancer.

    import * as pulumi from "@pulumi/pulumi";
    import * as databricks from "@pulumi/databricks";
    
    const config = new pulumi.Config();
    const region = config.requireObject<any>("region");
    const prefix = config.requireObject<any>("prefix");
    const ncc = new databricks.MwsNetworkConnectivityConfig("ncc", {
        name: `ncc-for-${prefix}`,
        region: region,
    });
    const storage = new databricks.MwsNccPrivateEndpointRule("storage", {
        networkConnectivityConfigId: ncc.networkConnectivityConfigId,
        resourceId: "/subscriptions/653bb673-1234-abcd-a90b-d064d5d53ca4/resourcegroups/example-resource-group/providers/Microsoft.Storage/storageAccounts/examplesa",
        groupId: "blob",
    });
    const slb = new databricks.MwsNccPrivateEndpointRule("slb", {
        networkConnectivityConfigId: ncc.networkConnectivityConfigId,
        resourceId: "/subscriptions/653bb673-1234-abcd-a90b-d064d5d53ca4/resourcegroups/example-resource-group/providers/Microsoft.Network/privatelinkServices/example-private-link-service",
        domainNames: ["my-example.exampledomain.com"],
    });
    
    import pulumi
    import pulumi_databricks as databricks
    
    config = pulumi.Config()
    region = config.require_object("region")
    prefix = config.require_object("prefix")
    ncc = databricks.MwsNetworkConnectivityConfig("ncc",
        name=f"ncc-for-{prefix}",
        region=region)
    storage = databricks.MwsNccPrivateEndpointRule("storage",
        network_connectivity_config_id=ncc.network_connectivity_config_id,
        resource_id="/subscriptions/653bb673-1234-abcd-a90b-d064d5d53ca4/resourcegroups/example-resource-group/providers/Microsoft.Storage/storageAccounts/examplesa",
        group_id="blob")
    slb = databricks.MwsNccPrivateEndpointRule("slb",
        network_connectivity_config_id=ncc.network_connectivity_config_id,
        resource_id="/subscriptions/653bb673-1234-abcd-a90b-d064d5d53ca4/resourcegroups/example-resource-group/providers/Microsoft.Network/privatelinkServices/example-private-link-service",
        domain_names=["my-example.exampledomain.com"])
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		cfg := config.New(ctx, "")
    		region := cfg.RequireObject("region")
    		prefix := cfg.RequireObject("prefix")
    		ncc, err := databricks.NewMwsNetworkConnectivityConfig(ctx, "ncc", &databricks.MwsNetworkConnectivityConfigArgs{
    			Name:   pulumi.Sprintf("ncc-for-%v", prefix),
    			Region: pulumi.Any(region),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = databricks.NewMwsNccPrivateEndpointRule(ctx, "storage", &databricks.MwsNccPrivateEndpointRuleArgs{
    			NetworkConnectivityConfigId: ncc.NetworkConnectivityConfigId,
    			ResourceId:                  pulumi.String("/subscriptions/653bb673-1234-abcd-a90b-d064d5d53ca4/resourcegroups/example-resource-group/providers/Microsoft.Storage/storageAccounts/examplesa"),
    			GroupId:                     pulumi.String("blob"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = databricks.NewMwsNccPrivateEndpointRule(ctx, "slb", &databricks.MwsNccPrivateEndpointRuleArgs{
    			NetworkConnectivityConfigId: ncc.NetworkConnectivityConfigId,
    			ResourceId:                  pulumi.String("/subscriptions/653bb673-1234-abcd-a90b-d064d5d53ca4/resourcegroups/example-resource-group/providers/Microsoft.Network/privatelinkServices/example-private-link-service"),
    			DomainNames: pulumi.StringArray{
    				pulumi.String("my-example.exampledomain.com"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Databricks = Pulumi.Databricks;
    
    return await Deployment.RunAsync(() => 
    {
        var config = new Config();
        var region = config.RequireObject<dynamic>("region");
        var prefix = config.RequireObject<dynamic>("prefix");
        var ncc = new Databricks.MwsNetworkConnectivityConfig("ncc", new()
        {
            Name = $"ncc-for-{prefix}",
            Region = region,
        });
    
        var storage = new Databricks.MwsNccPrivateEndpointRule("storage", new()
        {
            NetworkConnectivityConfigId = ncc.NetworkConnectivityConfigId,
            ResourceId = "/subscriptions/653bb673-1234-abcd-a90b-d064d5d53ca4/resourcegroups/example-resource-group/providers/Microsoft.Storage/storageAccounts/examplesa",
            GroupId = "blob",
        });
    
        var slb = new Databricks.MwsNccPrivateEndpointRule("slb", new()
        {
            NetworkConnectivityConfigId = ncc.NetworkConnectivityConfigId,
            ResourceId = "/subscriptions/653bb673-1234-abcd-a90b-d064d5d53ca4/resourcegroups/example-resource-group/providers/Microsoft.Network/privatelinkServices/example-private-link-service",
            DomainNames = new[]
            {
                "my-example.exampledomain.com",
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.databricks.MwsNetworkConnectivityConfig;
    import com.pulumi.databricks.MwsNetworkConnectivityConfigArgs;
    import com.pulumi.databricks.MwsNccPrivateEndpointRule;
    import com.pulumi.databricks.MwsNccPrivateEndpointRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var config = ctx.config();
            final var region = config.get("region");
            final var prefix = config.get("prefix");
            var ncc = new MwsNetworkConnectivityConfig("ncc", MwsNetworkConnectivityConfigArgs.builder()
                .name(String.format("ncc-for-%s", prefix))
                .region(region)
                .build());
    
            var storage = new MwsNccPrivateEndpointRule("storage", MwsNccPrivateEndpointRuleArgs.builder()
                .networkConnectivityConfigId(ncc.networkConnectivityConfigId())
                .resourceId("/subscriptions/653bb673-1234-abcd-a90b-d064d5d53ca4/resourcegroups/example-resource-group/providers/Microsoft.Storage/storageAccounts/examplesa")
                .groupId("blob")
                .build());
    
            var slb = new MwsNccPrivateEndpointRule("slb", MwsNccPrivateEndpointRuleArgs.builder()
                .networkConnectivityConfigId(ncc.networkConnectivityConfigId())
                .resourceId("/subscriptions/653bb673-1234-abcd-a90b-d064d5d53ca4/resourcegroups/example-resource-group/providers/Microsoft.Network/privatelinkServices/example-private-link-service")
                .domainNames("my-example.exampledomain.com")
                .build());
    
        }
    }
    
    configuration:
      region:
        type: dynamic
      prefix:
        type: dynamic
    resources:
      ncc:
        type: databricks:MwsNetworkConnectivityConfig
        properties:
          name: ncc-for-${prefix}
          region: ${region}
      storage:
        type: databricks:MwsNccPrivateEndpointRule
        properties:
          networkConnectivityConfigId: ${ncc.networkConnectivityConfigId}
          resourceId: /subscriptions/653bb673-1234-abcd-a90b-d064d5d53ca4/resourcegroups/example-resource-group/providers/Microsoft.Storage/storageAccounts/examplesa
          groupId: blob
      slb:
        type: databricks:MwsNccPrivateEndpointRule
        properties:
          networkConnectivityConfigId: ${ncc.networkConnectivityConfigId}
          resourceId: /subscriptions/653bb673-1234-abcd-a90b-d064d5d53ca4/resourcegroups/example-resource-group/providers/Microsoft.Network/privatelinkServices/example-private-link-service
          domainNames:
            - my-example.exampledomain.com
    

    Create a private endpoint rule to an AWS VPC endpoint and to an S3 bucket.

    import * as pulumi from "@pulumi/pulumi";
    import * as databricks from "@pulumi/databricks";
    
    const config = new pulumi.Config();
    const region = config.requireObject<any>("region");
    const prefix = config.requireObject<any>("prefix");
    const ncc = new databricks.MwsNetworkConnectivityConfig("ncc", {
        name: `ncc-for-${prefix}`,
        region: region,
    });
    const storage = new databricks.MwsNccPrivateEndpointRule("storage", {
        networkConnectivityConfigId: ncc.networkConnectivityConfigId,
        endpointService: "com.amazonaws.us-east-1.s3",
        resourceNames: ["bucket"],
    });
    const vpce = new databricks.MwsNccPrivateEndpointRule("vpce", {
        networkConnectivityConfigId: ncc.networkConnectivityConfigId,
        endpointService: "com.amazonaws.vpce.us-west-2.vpce-svc-xyz",
        domainNames: ["subdomain.internal.net"],
    });
    
    import pulumi
    import pulumi_databricks as databricks
    
    config = pulumi.Config()
    region = config.require_object("region")
    prefix = config.require_object("prefix")
    ncc = databricks.MwsNetworkConnectivityConfig("ncc",
        name=f"ncc-for-{prefix}",
        region=region)
    storage = databricks.MwsNccPrivateEndpointRule("storage",
        network_connectivity_config_id=ncc.network_connectivity_config_id,
        endpoint_service="com.amazonaws.us-east-1.s3",
        resource_names=["bucket"])
    vpce = databricks.MwsNccPrivateEndpointRule("vpce",
        network_connectivity_config_id=ncc.network_connectivity_config_id,
        endpoint_service="com.amazonaws.vpce.us-west-2.vpce-svc-xyz",
        domain_names=["subdomain.internal.net"])
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		cfg := config.New(ctx, "")
    		region := cfg.RequireObject("region")
    		prefix := cfg.RequireObject("prefix")
    		ncc, err := databricks.NewMwsNetworkConnectivityConfig(ctx, "ncc", &databricks.MwsNetworkConnectivityConfigArgs{
    			Name:   pulumi.Sprintf("ncc-for-%v", prefix),
    			Region: pulumi.Any(region),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = databricks.NewMwsNccPrivateEndpointRule(ctx, "storage", &databricks.MwsNccPrivateEndpointRuleArgs{
    			NetworkConnectivityConfigId: ncc.NetworkConnectivityConfigId,
    			EndpointService:             pulumi.String("com.amazonaws.us-east-1.s3"),
    			ResourceNames: pulumi.StringArray{
    				pulumi.String("bucket"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = databricks.NewMwsNccPrivateEndpointRule(ctx, "vpce", &databricks.MwsNccPrivateEndpointRuleArgs{
    			NetworkConnectivityConfigId: ncc.NetworkConnectivityConfigId,
    			EndpointService:             pulumi.String("com.amazonaws.vpce.us-west-2.vpce-svc-xyz"),
    			DomainNames: pulumi.StringArray{
    				pulumi.String("subdomain.internal.net"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Databricks = Pulumi.Databricks;
    
    return await Deployment.RunAsync(() => 
    {
        var config = new Config();
        var region = config.RequireObject<dynamic>("region");
        var prefix = config.RequireObject<dynamic>("prefix");
        var ncc = new Databricks.MwsNetworkConnectivityConfig("ncc", new()
        {
            Name = $"ncc-for-{prefix}",
            Region = region,
        });
    
        var storage = new Databricks.MwsNccPrivateEndpointRule("storage", new()
        {
            NetworkConnectivityConfigId = ncc.NetworkConnectivityConfigId,
            EndpointService = "com.amazonaws.us-east-1.s3",
            ResourceNames = new[]
            {
                "bucket",
            },
        });
    
        var vpce = new Databricks.MwsNccPrivateEndpointRule("vpce", new()
        {
            NetworkConnectivityConfigId = ncc.NetworkConnectivityConfigId,
            EndpointService = "com.amazonaws.vpce.us-west-2.vpce-svc-xyz",
            DomainNames = new[]
            {
                "subdomain.internal.net",
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.databricks.MwsNetworkConnectivityConfig;
    import com.pulumi.databricks.MwsNetworkConnectivityConfigArgs;
    import com.pulumi.databricks.MwsNccPrivateEndpointRule;
    import com.pulumi.databricks.MwsNccPrivateEndpointRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var config = ctx.config();
            final var region = config.get("region");
            final var prefix = config.get("prefix");
            var ncc = new MwsNetworkConnectivityConfig("ncc", MwsNetworkConnectivityConfigArgs.builder()
                .name(String.format("ncc-for-%s", prefix))
                .region(region)
                .build());
    
            var storage = new MwsNccPrivateEndpointRule("storage", MwsNccPrivateEndpointRuleArgs.builder()
                .networkConnectivityConfigId(ncc.networkConnectivityConfigId())
                .endpointService("com.amazonaws.us-east-1.s3")
                .resourceNames("bucket")
                .build());
    
            var vpce = new MwsNccPrivateEndpointRule("vpce", MwsNccPrivateEndpointRuleArgs.builder()
                .networkConnectivityConfigId(ncc.networkConnectivityConfigId())
                .endpointService("com.amazonaws.vpce.us-west-2.vpce-svc-xyz")
                .domainNames("subdomain.internal.net")
                .build());
    
        }
    }
    
    configuration:
      region:
        type: dynamic
      prefix:
        type: dynamic
    resources:
      ncc:
        type: databricks:MwsNetworkConnectivityConfig
        properties:
          name: ncc-for-${prefix}
          region: ${region}
      storage:
        type: databricks:MwsNccPrivateEndpointRule
        properties:
          networkConnectivityConfigId: ${ncc.networkConnectivityConfigId}
          endpointService: com.amazonaws.us-east-1.s3
          resourceNames:
            - bucket
      vpce:
        type: databricks:MwsNccPrivateEndpointRule
        properties:
          networkConnectivityConfigId: ${ncc.networkConnectivityConfigId}
          endpointService: com.amazonaws.vpce.us-west-2.vpce-svc-xyz
          domainNames:
            - subdomain.internal.net
    

    The following resources are used in the context:

    • databricks.MwsNetworkConnectivityConfig to create Network Connectivity Config objects.
    • databricks.MwsNccBinding to attach an NCC to a workspace.

    Create MwsNccPrivateEndpointRule Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new MwsNccPrivateEndpointRule(name: string, args: MwsNccPrivateEndpointRuleArgs, opts?: CustomResourceOptions);
    @overload
    def MwsNccPrivateEndpointRule(resource_name: str,
                                  args: MwsNccPrivateEndpointRuleArgs,
                                  opts: Optional[ResourceOptions] = None)
    
    @overload
    def MwsNccPrivateEndpointRule(resource_name: str,
                                  opts: Optional[ResourceOptions] = None,
                                  network_connectivity_config_id: Optional[str] = None,
                                  endpoint_service: Optional[str] = None,
                                  resource_id: Optional[str] = None,
                                  deactivated: Optional[bool] = None,
                                  deactivated_at: Optional[int] = None,
                                  domain_names: Optional[Sequence[str]] = None,
                                  enabled: Optional[bool] = None,
                                  creation_time: Optional[int] = None,
                                  group_id: Optional[str] = None,
                                  endpoint_name: Optional[str] = None,
                                  connection_state: Optional[str] = None,
                                  account_id: Optional[str] = None,
                                  resource_names: Optional[Sequence[str]] = None,
                                  rule_id: Optional[str] = None,
                                  updated_time: Optional[int] = None,
                                  vpc_endpoint_id: Optional[str] = None)
    func NewMwsNccPrivateEndpointRule(ctx *Context, name string, args MwsNccPrivateEndpointRuleArgs, opts ...ResourceOption) (*MwsNccPrivateEndpointRule, error)
    public MwsNccPrivateEndpointRule(string name, MwsNccPrivateEndpointRuleArgs args, CustomResourceOptions? opts = null)
    public MwsNccPrivateEndpointRule(String name, MwsNccPrivateEndpointRuleArgs args)
    public MwsNccPrivateEndpointRule(String name, MwsNccPrivateEndpointRuleArgs args, CustomResourceOptions options)
    
    type: databricks:MwsNccPrivateEndpointRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args MwsNccPrivateEndpointRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args MwsNccPrivateEndpointRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args MwsNccPrivateEndpointRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args MwsNccPrivateEndpointRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args MwsNccPrivateEndpointRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var mwsNccPrivateEndpointRuleResource = new Databricks.MwsNccPrivateEndpointRule("mwsNccPrivateEndpointRuleResource", new()
    {
        NetworkConnectivityConfigId = "string",
        EndpointService = "string",
        ResourceId = "string",
        Deactivated = false,
        DeactivatedAt = 0,
        DomainNames = new[]
        {
            "string",
        },
        Enabled = false,
        CreationTime = 0,
        GroupId = "string",
        EndpointName = "string",
        ConnectionState = "string",
        AccountId = "string",
        ResourceNames = new[]
        {
            "string",
        },
        RuleId = "string",
        UpdatedTime = 0,
        VpcEndpointId = "string",
    });
    
    example, err := databricks.NewMwsNccPrivateEndpointRule(ctx, "mwsNccPrivateEndpointRuleResource", &databricks.MwsNccPrivateEndpointRuleArgs{
    	NetworkConnectivityConfigId: pulumi.String("string"),
    	EndpointService:             pulumi.String("string"),
    	ResourceId:                  pulumi.String("string"),
    	Deactivated:                 pulumi.Bool(false),
    	DeactivatedAt:               pulumi.Int(0),
    	DomainNames: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Enabled:         pulumi.Bool(false),
    	CreationTime:    pulumi.Int(0),
    	GroupId:         pulumi.String("string"),
    	EndpointName:    pulumi.String("string"),
    	ConnectionState: pulumi.String("string"),
    	AccountId:       pulumi.String("string"),
    	ResourceNames: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	RuleId:        pulumi.String("string"),
    	UpdatedTime:   pulumi.Int(0),
    	VpcEndpointId: pulumi.String("string"),
    })
    
    var mwsNccPrivateEndpointRuleResource = new MwsNccPrivateEndpointRule("mwsNccPrivateEndpointRuleResource", MwsNccPrivateEndpointRuleArgs.builder()
        .networkConnectivityConfigId("string")
        .endpointService("string")
        .resourceId("string")
        .deactivated(false)
        .deactivatedAt(0)
        .domainNames("string")
        .enabled(false)
        .creationTime(0)
        .groupId("string")
        .endpointName("string")
        .connectionState("string")
        .accountId("string")
        .resourceNames("string")
        .ruleId("string")
        .updatedTime(0)
        .vpcEndpointId("string")
        .build());
    
    mws_ncc_private_endpoint_rule_resource = databricks.MwsNccPrivateEndpointRule("mwsNccPrivateEndpointRuleResource",
        network_connectivity_config_id="string",
        endpoint_service="string",
        resource_id="string",
        deactivated=False,
        deactivated_at=0,
        domain_names=["string"],
        enabled=False,
        creation_time=0,
        group_id="string",
        endpoint_name="string",
        connection_state="string",
        account_id="string",
        resource_names=["string"],
        rule_id="string",
        updated_time=0,
        vpc_endpoint_id="string")
    
    const mwsNccPrivateEndpointRuleResource = new databricks.MwsNccPrivateEndpointRule("mwsNccPrivateEndpointRuleResource", {
        networkConnectivityConfigId: "string",
        endpointService: "string",
        resourceId: "string",
        deactivated: false,
        deactivatedAt: 0,
        domainNames: ["string"],
        enabled: false,
        creationTime: 0,
        groupId: "string",
        endpointName: "string",
        connectionState: "string",
        accountId: "string",
        resourceNames: ["string"],
        ruleId: "string",
        updatedTime: 0,
        vpcEndpointId: "string",
    });
    
    type: databricks:MwsNccPrivateEndpointRule
    properties:
        accountId: string
        connectionState: string
        creationTime: 0
        deactivated: false
        deactivatedAt: 0
        domainNames:
            - string
        enabled: false
        endpointName: string
        endpointService: string
        groupId: string
        networkConnectivityConfigId: string
        resourceId: string
        resourceNames:
            - string
        ruleId: string
        updatedTime: 0
        vpcEndpointId: string
    

    MwsNccPrivateEndpointRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The MwsNccPrivateEndpointRule resource accepts the following input properties:

    NetworkConnectivityConfigId string
    Canonical unique identifier of Network Connectivity Config in Databricks Account. Change forces creation of a new resource.
    AccountId string
    ConnectionState string
    The current status of this private endpoint. The private endpoint rules are effective only if the connection state is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Azure portal before they take effect. The possible values are:

    • PENDING: The endpoint has been created and pending approval.
    • ESTABLISHED: The endpoint has been approved and is ready to be used in your serverless compute resources.
    • REJECTED: Connection was rejected by the private link resource owner.
    • DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up.
    • EXPIRED: If the endpoint was created but not approved in 14 days, it will be EXPIRED.
    CreationTime int
    Time in epoch milliseconds when this object was created.
    Deactivated bool
    Whether this private endpoint is deactivated.
    DeactivatedAt int
    Time in epoch milliseconds when this object was deactivated.
    DomainNames List<string>
    • On Azure: List of domain names of target private link service. Only used by private endpoints to customer-managed private endpoint services. Conflicts with group_id.
    • On AWS: List of target resource FQDNs accessible via the VPC endpoint service. Only used by private endpoints towards a VPC endpoint service behind a customer-managed VPC endpoint service. Conflicts with resource_names.
    Enabled bool
    Activation status. Only used by private endpoints towards an AWS S3 service. Update this field to activate/deactivate this private endpoint to allow egress access from serverless compute resources. Can only be updated after a private endpoint rule towards an AWS S3 service is successfully created.
    EndpointName string
    The name of the Azure private endpoint resource, e.g. "databricks-088781b3-77fa-4132-b429-1af0d91bc593-pe-3cb31234"
    EndpointService string
    Example com.amazonaws.vpce.us-east-1.vpce-svc-123abcc1298abc123. The full target AWS endpoint service name that connects to the destination resources of the private endpoint.
    GroupId string
    Not used by customer-managed private endpoint services. The sub-resource type (group ID) of the target resource. Must be one of supported resource types (i.e., blob, dfs, sqlServer , etc. Consult the Azure documentation for full list of supported resources). Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for blob and one for dfs. Change forces creation of a new resource. Conflicts with domain_names.
    ResourceId string
    The Azure resource ID of the target resource. Change forces creation of a new resource.
    ResourceNames List<string>
    Only used by private endpoints towards AWS S3 service. List of globally unique S3 bucket names that will be accessed via the VPC endpoint. The bucket names must be in the same region as the NCC/endpoint service. Conflict with domain_names.
    RuleId string
    the ID of a private endpoint rule.
    UpdatedTime int
    Time in epoch milliseconds when this object was updated.
    VpcEndpointId string
    The AWS VPC endpoint ID. You can use this ID to identify the VPC endpoint created by Databricks.
    NetworkConnectivityConfigId string
    Canonical unique identifier of Network Connectivity Config in Databricks Account. Change forces creation of a new resource.
    AccountId string
    ConnectionState string
    The current status of this private endpoint. The private endpoint rules are effective only if the connection state is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Azure portal before they take effect. The possible values are:

    • PENDING: The endpoint has been created and pending approval.
    • ESTABLISHED: The endpoint has been approved and is ready to be used in your serverless compute resources.
    • REJECTED: Connection was rejected by the private link resource owner.
    • DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up.
    • EXPIRED: If the endpoint was created but not approved in 14 days, it will be EXPIRED.
    CreationTime int
    Time in epoch milliseconds when this object was created.
    Deactivated bool
    Whether this private endpoint is deactivated.
    DeactivatedAt int
    Time in epoch milliseconds when this object was deactivated.
    DomainNames []string
    • On Azure: List of domain names of target private link service. Only used by private endpoints to customer-managed private endpoint services. Conflicts with group_id.
    • On AWS: List of target resource FQDNs accessible via the VPC endpoint service. Only used by private endpoints towards a VPC endpoint service behind a customer-managed VPC endpoint service. Conflicts with resource_names.
    Enabled bool
    Activation status. Only used by private endpoints towards an AWS S3 service. Update this field to activate/deactivate this private endpoint to allow egress access from serverless compute resources. Can only be updated after a private endpoint rule towards an AWS S3 service is successfully created.
    EndpointName string
    The name of the Azure private endpoint resource, e.g. "databricks-088781b3-77fa-4132-b429-1af0d91bc593-pe-3cb31234"
    EndpointService string
    Example com.amazonaws.vpce.us-east-1.vpce-svc-123abcc1298abc123. The full target AWS endpoint service name that connects to the destination resources of the private endpoint.
    GroupId string
    Not used by customer-managed private endpoint services. The sub-resource type (group ID) of the target resource. Must be one of supported resource types (i.e., blob, dfs, sqlServer , etc. Consult the Azure documentation for full list of supported resources). Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for blob and one for dfs. Change forces creation of a new resource. Conflicts with domain_names.
    ResourceId string
    The Azure resource ID of the target resource. Change forces creation of a new resource.
    ResourceNames []string
    Only used by private endpoints towards AWS S3 service. List of globally unique S3 bucket names that will be accessed via the VPC endpoint. The bucket names must be in the same region as the NCC/endpoint service. Conflict with domain_names.
    RuleId string
    the ID of a private endpoint rule.
    UpdatedTime int
    Time in epoch milliseconds when this object was updated.
    VpcEndpointId string
    The AWS VPC endpoint ID. You can use this ID to identify the VPC endpoint created by Databricks.
    networkConnectivityConfigId String
    Canonical unique identifier of Network Connectivity Config in Databricks Account. Change forces creation of a new resource.
    accountId String
    connectionState String
    The current status of this private endpoint. The private endpoint rules are effective only if the connection state is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Azure portal before they take effect. The possible values are:

    • PENDING: The endpoint has been created and pending approval.
    • ESTABLISHED: The endpoint has been approved and is ready to be used in your serverless compute resources.
    • REJECTED: Connection was rejected by the private link resource owner.
    • DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up.
    • EXPIRED: If the endpoint was created but not approved in 14 days, it will be EXPIRED.
    creationTime Integer
    Time in epoch milliseconds when this object was created.
    deactivated Boolean
    Whether this private endpoint is deactivated.
    deactivatedAt Integer
    Time in epoch milliseconds when this object was deactivated.
    domainNames List<String>
    • On Azure: List of domain names of target private link service. Only used by private endpoints to customer-managed private endpoint services. Conflicts with group_id.
    • On AWS: List of target resource FQDNs accessible via the VPC endpoint service. Only used by private endpoints towards a VPC endpoint service behind a customer-managed VPC endpoint service. Conflicts with resource_names.
    enabled Boolean
    Activation status. Only used by private endpoints towards an AWS S3 service. Update this field to activate/deactivate this private endpoint to allow egress access from serverless compute resources. Can only be updated after a private endpoint rule towards an AWS S3 service is successfully created.
    endpointName String
    The name of the Azure private endpoint resource, e.g. "databricks-088781b3-77fa-4132-b429-1af0d91bc593-pe-3cb31234"
    endpointService String
    Example com.amazonaws.vpce.us-east-1.vpce-svc-123abcc1298abc123. The full target AWS endpoint service name that connects to the destination resources of the private endpoint.
    groupId String
    Not used by customer-managed private endpoint services. The sub-resource type (group ID) of the target resource. Must be one of supported resource types (i.e., blob, dfs, sqlServer , etc. Consult the Azure documentation for full list of supported resources). Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for blob and one for dfs. Change forces creation of a new resource. Conflicts with domain_names.
    resourceId String
    The Azure resource ID of the target resource. Change forces creation of a new resource.
    resourceNames List<String>
    Only used by private endpoints towards AWS S3 service. List of globally unique S3 bucket names that will be accessed via the VPC endpoint. The bucket names must be in the same region as the NCC/endpoint service. Conflict with domain_names.
    ruleId String
    the ID of a private endpoint rule.
    updatedTime Integer
    Time in epoch milliseconds when this object was updated.
    vpcEndpointId String
    The AWS VPC endpoint ID. You can use this ID to identify the VPC endpoint created by Databricks.
    networkConnectivityConfigId string
    Canonical unique identifier of Network Connectivity Config in Databricks Account. Change forces creation of a new resource.
    accountId string
    connectionState string
    The current status of this private endpoint. The private endpoint rules are effective only if the connection state is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Azure portal before they take effect. The possible values are:

    • PENDING: The endpoint has been created and pending approval.
    • ESTABLISHED: The endpoint has been approved and is ready to be used in your serverless compute resources.
    • REJECTED: Connection was rejected by the private link resource owner.
    • DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up.
    • EXPIRED: If the endpoint was created but not approved in 14 days, it will be EXPIRED.
    creationTime number
    Time in epoch milliseconds when this object was created.
    deactivated boolean
    Whether this private endpoint is deactivated.
    deactivatedAt number
    Time in epoch milliseconds when this object was deactivated.
    domainNames string[]
    • On Azure: List of domain names of target private link service. Only used by private endpoints to customer-managed private endpoint services. Conflicts with group_id.
    • On AWS: List of target resource FQDNs accessible via the VPC endpoint service. Only used by private endpoints towards a VPC endpoint service behind a customer-managed VPC endpoint service. Conflicts with resource_names.
    enabled boolean
    Activation status. Only used by private endpoints towards an AWS S3 service. Update this field to activate/deactivate this private endpoint to allow egress access from serverless compute resources. Can only be updated after a private endpoint rule towards an AWS S3 service is successfully created.
    endpointName string
    The name of the Azure private endpoint resource, e.g. "databricks-088781b3-77fa-4132-b429-1af0d91bc593-pe-3cb31234"
    endpointService string
    Example com.amazonaws.vpce.us-east-1.vpce-svc-123abcc1298abc123. The full target AWS endpoint service name that connects to the destination resources of the private endpoint.
    groupId string
    Not used by customer-managed private endpoint services. The sub-resource type (group ID) of the target resource. Must be one of supported resource types (i.e., blob, dfs, sqlServer , etc. Consult the Azure documentation for full list of supported resources). Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for blob and one for dfs. Change forces creation of a new resource. Conflicts with domain_names.
    resourceId string
    The Azure resource ID of the target resource. Change forces creation of a new resource.
    resourceNames string[]
    Only used by private endpoints towards AWS S3 service. List of globally unique S3 bucket names that will be accessed via the VPC endpoint. The bucket names must be in the same region as the NCC/endpoint service. Conflict with domain_names.
    ruleId string
    the ID of a private endpoint rule.
    updatedTime number
    Time in epoch milliseconds when this object was updated.
    vpcEndpointId string
    The AWS VPC endpoint ID. You can use this ID to identify the VPC endpoint created by Databricks.
    network_connectivity_config_id str
    Canonical unique identifier of Network Connectivity Config in Databricks Account. Change forces creation of a new resource.
    account_id str
    connection_state str
    The current status of this private endpoint. The private endpoint rules are effective only if the connection state is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Azure portal before they take effect. The possible values are:

    • PENDING: The endpoint has been created and pending approval.
    • ESTABLISHED: The endpoint has been approved and is ready to be used in your serverless compute resources.
    • REJECTED: Connection was rejected by the private link resource owner.
    • DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up.
    • EXPIRED: If the endpoint was created but not approved in 14 days, it will be EXPIRED.
    creation_time int
    Time in epoch milliseconds when this object was created.
    deactivated bool
    Whether this private endpoint is deactivated.
    deactivated_at int
    Time in epoch milliseconds when this object was deactivated.
    domain_names Sequence[str]
    • On Azure: List of domain names of target private link service. Only used by private endpoints to customer-managed private endpoint services. Conflicts with group_id.
    • On AWS: List of target resource FQDNs accessible via the VPC endpoint service. Only used by private endpoints towards a VPC endpoint service behind a customer-managed VPC endpoint service. Conflicts with resource_names.
    enabled bool
    Activation status. Only used by private endpoints towards an AWS S3 service. Update this field to activate/deactivate this private endpoint to allow egress access from serverless compute resources. Can only be updated after a private endpoint rule towards an AWS S3 service is successfully created.
    endpoint_name str
    The name of the Azure private endpoint resource, e.g. "databricks-088781b3-77fa-4132-b429-1af0d91bc593-pe-3cb31234"
    endpoint_service str
    Example com.amazonaws.vpce.us-east-1.vpce-svc-123abcc1298abc123. The full target AWS endpoint service name that connects to the destination resources of the private endpoint.
    group_id str
    Not used by customer-managed private endpoint services. The sub-resource type (group ID) of the target resource. Must be one of supported resource types (i.e., blob, dfs, sqlServer , etc. Consult the Azure documentation for full list of supported resources). Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for blob and one for dfs. Change forces creation of a new resource. Conflicts with domain_names.
    resource_id str
    The Azure resource ID of the target resource. Change forces creation of a new resource.
    resource_names Sequence[str]
    Only used by private endpoints towards AWS S3 service. List of globally unique S3 bucket names that will be accessed via the VPC endpoint. The bucket names must be in the same region as the NCC/endpoint service. Conflict with domain_names.
    rule_id str
    the ID of a private endpoint rule.
    updated_time int
    Time in epoch milliseconds when this object was updated.
    vpc_endpoint_id str
    The AWS VPC endpoint ID. You can use this ID to identify the VPC endpoint created by Databricks.
    networkConnectivityConfigId String
    Canonical unique identifier of Network Connectivity Config in Databricks Account. Change forces creation of a new resource.
    accountId String
    connectionState String
    The current status of this private endpoint. The private endpoint rules are effective only if the connection state is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Azure portal before they take effect. The possible values are:

    • PENDING: The endpoint has been created and pending approval.
    • ESTABLISHED: The endpoint has been approved and is ready to be used in your serverless compute resources.
    • REJECTED: Connection was rejected by the private link resource owner.
    • DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up.
    • EXPIRED: If the endpoint was created but not approved in 14 days, it will be EXPIRED.
    creationTime Number
    Time in epoch milliseconds when this object was created.
    deactivated Boolean
    Whether this private endpoint is deactivated.
    deactivatedAt Number
    Time in epoch milliseconds when this object was deactivated.
    domainNames List<String>
    • On Azure: List of domain names of target private link service. Only used by private endpoints to customer-managed private endpoint services. Conflicts with group_id.
    • On AWS: List of target resource FQDNs accessible via the VPC endpoint service. Only used by private endpoints towards a VPC endpoint service behind a customer-managed VPC endpoint service. Conflicts with resource_names.
    enabled Boolean
    Activation status. Only used by private endpoints towards an AWS S3 service. Update this field to activate/deactivate this private endpoint to allow egress access from serverless compute resources. Can only be updated after a private endpoint rule towards an AWS S3 service is successfully created.
    endpointName String
    The name of the Azure private endpoint resource, e.g. "databricks-088781b3-77fa-4132-b429-1af0d91bc593-pe-3cb31234"
    endpointService String
    Example com.amazonaws.vpce.us-east-1.vpce-svc-123abcc1298abc123. The full target AWS endpoint service name that connects to the destination resources of the private endpoint.
    groupId String
    Not used by customer-managed private endpoint services. The sub-resource type (group ID) of the target resource. Must be one of supported resource types (i.e., blob, dfs, sqlServer , etc. Consult the Azure documentation for full list of supported resources). Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for blob and one for dfs. Change forces creation of a new resource. Conflicts with domain_names.
    resourceId String
    The Azure resource ID of the target resource. Change forces creation of a new resource.
    resourceNames List<String>
    Only used by private endpoints towards AWS S3 service. List of globally unique S3 bucket names that will be accessed via the VPC endpoint. The bucket names must be in the same region as the NCC/endpoint service. Conflict with domain_names.
    ruleId String
    the ID of a private endpoint rule.
    updatedTime Number
    Time in epoch milliseconds when this object was updated.
    vpcEndpointId String
    The AWS VPC endpoint ID. You can use this ID to identify the VPC endpoint created by Databricks.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the MwsNccPrivateEndpointRule resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing MwsNccPrivateEndpointRule Resource

    Get an existing MwsNccPrivateEndpointRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: MwsNccPrivateEndpointRuleState, opts?: CustomResourceOptions): MwsNccPrivateEndpointRule
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            account_id: Optional[str] = None,
            connection_state: Optional[str] = None,
            creation_time: Optional[int] = None,
            deactivated: Optional[bool] = None,
            deactivated_at: Optional[int] = None,
            domain_names: Optional[Sequence[str]] = None,
            enabled: Optional[bool] = None,
            endpoint_name: Optional[str] = None,
            endpoint_service: Optional[str] = None,
            group_id: Optional[str] = None,
            network_connectivity_config_id: Optional[str] = None,
            resource_id: Optional[str] = None,
            resource_names: Optional[Sequence[str]] = None,
            rule_id: Optional[str] = None,
            updated_time: Optional[int] = None,
            vpc_endpoint_id: Optional[str] = None) -> MwsNccPrivateEndpointRule
    func GetMwsNccPrivateEndpointRule(ctx *Context, name string, id IDInput, state *MwsNccPrivateEndpointRuleState, opts ...ResourceOption) (*MwsNccPrivateEndpointRule, error)
    public static MwsNccPrivateEndpointRule Get(string name, Input<string> id, MwsNccPrivateEndpointRuleState? state, CustomResourceOptions? opts = null)
    public static MwsNccPrivateEndpointRule get(String name, Output<String> id, MwsNccPrivateEndpointRuleState state, CustomResourceOptions options)
    resources:  _:    type: databricks:MwsNccPrivateEndpointRule    get:      id: ${id}
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccountId string
    ConnectionState string
    The current status of this private endpoint. The private endpoint rules are effective only if the connection state is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Azure portal before they take effect. The possible values are:

    • PENDING: The endpoint has been created and pending approval.
    • ESTABLISHED: The endpoint has been approved and is ready to be used in your serverless compute resources.
    • REJECTED: Connection was rejected by the private link resource owner.
    • DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up.
    • EXPIRED: If the endpoint was created but not approved in 14 days, it will be EXPIRED.
    CreationTime int
    Time in epoch milliseconds when this object was created.
    Deactivated bool
    Whether this private endpoint is deactivated.
    DeactivatedAt int
    Time in epoch milliseconds when this object was deactivated.
    DomainNames List<string>
    • On Azure: List of domain names of target private link service. Only used by private endpoints to customer-managed private endpoint services. Conflicts with group_id.
    • On AWS: List of target resource FQDNs accessible via the VPC endpoint service. Only used by private endpoints towards a VPC endpoint service behind a customer-managed VPC endpoint service. Conflicts with resource_names.
    Enabled bool
    Activation status. Only used by private endpoints towards an AWS S3 service. Update this field to activate/deactivate this private endpoint to allow egress access from serverless compute resources. Can only be updated after a private endpoint rule towards an AWS S3 service is successfully created.
    EndpointName string
    The name of the Azure private endpoint resource, e.g. "databricks-088781b3-77fa-4132-b429-1af0d91bc593-pe-3cb31234"
    EndpointService string
    Example com.amazonaws.vpce.us-east-1.vpce-svc-123abcc1298abc123. The full target AWS endpoint service name that connects to the destination resources of the private endpoint.
    GroupId string
    Not used by customer-managed private endpoint services. The sub-resource type (group ID) of the target resource. Must be one of supported resource types (i.e., blob, dfs, sqlServer , etc. Consult the Azure documentation for full list of supported resources). Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for blob and one for dfs. Change forces creation of a new resource. Conflicts with domain_names.
    NetworkConnectivityConfigId string
    Canonical unique identifier of Network Connectivity Config in Databricks Account. Change forces creation of a new resource.
    ResourceId string
    The Azure resource ID of the target resource. Change forces creation of a new resource.
    ResourceNames List<string>
    Only used by private endpoints towards AWS S3 service. List of globally unique S3 bucket names that will be accessed via the VPC endpoint. The bucket names must be in the same region as the NCC/endpoint service. Conflict with domain_names.
    RuleId string
    the ID of a private endpoint rule.
    UpdatedTime int
    Time in epoch milliseconds when this object was updated.
    VpcEndpointId string
    The AWS VPC endpoint ID. You can use this ID to identify the VPC endpoint created by Databricks.
    AccountId string
    ConnectionState string
    The current status of this private endpoint. The private endpoint rules are effective only if the connection state is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Azure portal before they take effect. The possible values are:

    • PENDING: The endpoint has been created and pending approval.
    • ESTABLISHED: The endpoint has been approved and is ready to be used in your serverless compute resources.
    • REJECTED: Connection was rejected by the private link resource owner.
    • DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up.
    • EXPIRED: If the endpoint was created but not approved in 14 days, it will be EXPIRED.
    CreationTime int
    Time in epoch milliseconds when this object was created.
    Deactivated bool
    Whether this private endpoint is deactivated.
    DeactivatedAt int
    Time in epoch milliseconds when this object was deactivated.
    DomainNames []string
    • On Azure: List of domain names of target private link service. Only used by private endpoints to customer-managed private endpoint services. Conflicts with group_id.
    • On AWS: List of target resource FQDNs accessible via the VPC endpoint service. Only used by private endpoints towards a VPC endpoint service behind a customer-managed VPC endpoint service. Conflicts with resource_names.
    Enabled bool
    Activation status. Only used by private endpoints towards an AWS S3 service. Update this field to activate/deactivate this private endpoint to allow egress access from serverless compute resources. Can only be updated after a private endpoint rule towards an AWS S3 service is successfully created.
    EndpointName string
    The name of the Azure private endpoint resource, e.g. "databricks-088781b3-77fa-4132-b429-1af0d91bc593-pe-3cb31234"
    EndpointService string
    Example com.amazonaws.vpce.us-east-1.vpce-svc-123abcc1298abc123. The full target AWS endpoint service name that connects to the destination resources of the private endpoint.
    GroupId string
    Not used by customer-managed private endpoint services. The sub-resource type (group ID) of the target resource. Must be one of supported resource types (i.e., blob, dfs, sqlServer , etc. Consult the Azure documentation for full list of supported resources). Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for blob and one for dfs. Change forces creation of a new resource. Conflicts with domain_names.
    NetworkConnectivityConfigId string
    Canonical unique identifier of Network Connectivity Config in Databricks Account. Change forces creation of a new resource.
    ResourceId string
    The Azure resource ID of the target resource. Change forces creation of a new resource.
    ResourceNames []string
    Only used by private endpoints towards AWS S3 service. List of globally unique S3 bucket names that will be accessed via the VPC endpoint. The bucket names must be in the same region as the NCC/endpoint service. Conflict with domain_names.
    RuleId string
    the ID of a private endpoint rule.
    UpdatedTime int
    Time in epoch milliseconds when this object was updated.
    VpcEndpointId string
    The AWS VPC endpoint ID. You can use this ID to identify the VPC endpoint created by Databricks.
    accountId String
    connectionState String
    The current status of this private endpoint. The private endpoint rules are effective only if the connection state is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Azure portal before they take effect. The possible values are:

    • PENDING: The endpoint has been created and pending approval.
    • ESTABLISHED: The endpoint has been approved and is ready to be used in your serverless compute resources.
    • REJECTED: Connection was rejected by the private link resource owner.
    • DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up.
    • EXPIRED: If the endpoint was created but not approved in 14 days, it will be EXPIRED.
    creationTime Integer
    Time in epoch milliseconds when this object was created.
    deactivated Boolean
    Whether this private endpoint is deactivated.
    deactivatedAt Integer
    Time in epoch milliseconds when this object was deactivated.
    domainNames List<String>
    • On Azure: List of domain names of target private link service. Only used by private endpoints to customer-managed private endpoint services. Conflicts with group_id.
    • On AWS: List of target resource FQDNs accessible via the VPC endpoint service. Only used by private endpoints towards a VPC endpoint service behind a customer-managed VPC endpoint service. Conflicts with resource_names.
    enabled Boolean
    Activation status. Only used by private endpoints towards an AWS S3 service. Update this field to activate/deactivate this private endpoint to allow egress access from serverless compute resources. Can only be updated after a private endpoint rule towards an AWS S3 service is successfully created.
    endpointName String
    The name of the Azure private endpoint resource, e.g. "databricks-088781b3-77fa-4132-b429-1af0d91bc593-pe-3cb31234"
    endpointService String
    Example com.amazonaws.vpce.us-east-1.vpce-svc-123abcc1298abc123. The full target AWS endpoint service name that connects to the destination resources of the private endpoint.
    groupId String
    Not used by customer-managed private endpoint services. The sub-resource type (group ID) of the target resource. Must be one of supported resource types (i.e., blob, dfs, sqlServer , etc. Consult the Azure documentation for full list of supported resources). Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for blob and one for dfs. Change forces creation of a new resource. Conflicts with domain_names.
    networkConnectivityConfigId String
    Canonical unique identifier of Network Connectivity Config in Databricks Account. Change forces creation of a new resource.
    resourceId String
    The Azure resource ID of the target resource. Change forces creation of a new resource.
    resourceNames List<String>
    Only used by private endpoints towards AWS S3 service. List of globally unique S3 bucket names that will be accessed via the VPC endpoint. The bucket names must be in the same region as the NCC/endpoint service. Conflict with domain_names.
    ruleId String
    the ID of a private endpoint rule.
    updatedTime Integer
    Time in epoch milliseconds when this object was updated.
    vpcEndpointId String
    The AWS VPC endpoint ID. You can use this ID to identify the VPC endpoint created by Databricks.
    accountId string
    connectionState string
    The current status of this private endpoint. The private endpoint rules are effective only if the connection state is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Azure portal before they take effect. The possible values are:

    • PENDING: The endpoint has been created and pending approval.
    • ESTABLISHED: The endpoint has been approved and is ready to be used in your serverless compute resources.
    • REJECTED: Connection was rejected by the private link resource owner.
    • DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up.
    • EXPIRED: If the endpoint was created but not approved in 14 days, it will be EXPIRED.
    creationTime number
    Time in epoch milliseconds when this object was created.
    deactivated boolean
    Whether this private endpoint is deactivated.
    deactivatedAt number
    Time in epoch milliseconds when this object was deactivated.
    domainNames string[]
    • On Azure: List of domain names of target private link service. Only used by private endpoints to customer-managed private endpoint services. Conflicts with group_id.
    • On AWS: List of target resource FQDNs accessible via the VPC endpoint service. Only used by private endpoints towards a VPC endpoint service behind a customer-managed VPC endpoint service. Conflicts with resource_names.
    enabled boolean
    Activation status. Only used by private endpoints towards an AWS S3 service. Update this field to activate/deactivate this private endpoint to allow egress access from serverless compute resources. Can only be updated after a private endpoint rule towards an AWS S3 service is successfully created.
    endpointName string
    The name of the Azure private endpoint resource, e.g. "databricks-088781b3-77fa-4132-b429-1af0d91bc593-pe-3cb31234"
    endpointService string
    Example com.amazonaws.vpce.us-east-1.vpce-svc-123abcc1298abc123. The full target AWS endpoint service name that connects to the destination resources of the private endpoint.
    groupId string
    Not used by customer-managed private endpoint services. The sub-resource type (group ID) of the target resource. Must be one of supported resource types (i.e., blob, dfs, sqlServer , etc. Consult the Azure documentation for full list of supported resources). Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for blob and one for dfs. Change forces creation of a new resource. Conflicts with domain_names.
    networkConnectivityConfigId string
    Canonical unique identifier of Network Connectivity Config in Databricks Account. Change forces creation of a new resource.
    resourceId string
    The Azure resource ID of the target resource. Change forces creation of a new resource.
    resourceNames string[]
    Only used by private endpoints towards AWS S3 service. List of globally unique S3 bucket names that will be accessed via the VPC endpoint. The bucket names must be in the same region as the NCC/endpoint service. Conflict with domain_names.
    ruleId string
    the ID of a private endpoint rule.
    updatedTime number
    Time in epoch milliseconds when this object was updated.
    vpcEndpointId string
    The AWS VPC endpoint ID. You can use this ID to identify the VPC endpoint created by Databricks.
    account_id str
    connection_state str
    The current status of this private endpoint. The private endpoint rules are effective only if the connection state is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Azure portal before they take effect. The possible values are:

    • PENDING: The endpoint has been created and pending approval.
    • ESTABLISHED: The endpoint has been approved and is ready to be used in your serverless compute resources.
    • REJECTED: Connection was rejected by the private link resource owner.
    • DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up.
    • EXPIRED: If the endpoint was created but not approved in 14 days, it will be EXPIRED.
    creation_time int
    Time in epoch milliseconds when this object was created.
    deactivated bool
    Whether this private endpoint is deactivated.
    deactivated_at int
    Time in epoch milliseconds when this object was deactivated.
    domain_names Sequence[str]
    • On Azure: List of domain names of target private link service. Only used by private endpoints to customer-managed private endpoint services. Conflicts with group_id.
    • On AWS: List of target resource FQDNs accessible via the VPC endpoint service. Only used by private endpoints towards a VPC endpoint service behind a customer-managed VPC endpoint service. Conflicts with resource_names.
    enabled bool
    Activation status. Only used by private endpoints towards an AWS S3 service. Update this field to activate/deactivate this private endpoint to allow egress access from serverless compute resources. Can only be updated after a private endpoint rule towards an AWS S3 service is successfully created.
    endpoint_name str
    The name of the Azure private endpoint resource, e.g. "databricks-088781b3-77fa-4132-b429-1af0d91bc593-pe-3cb31234"
    endpoint_service str
    Example com.amazonaws.vpce.us-east-1.vpce-svc-123abcc1298abc123. The full target AWS endpoint service name that connects to the destination resources of the private endpoint.
    group_id str
    Not used by customer-managed private endpoint services. The sub-resource type (group ID) of the target resource. Must be one of supported resource types (i.e., blob, dfs, sqlServer , etc. Consult the Azure documentation for full list of supported resources). Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for blob and one for dfs. Change forces creation of a new resource. Conflicts with domain_names.
    network_connectivity_config_id str
    Canonical unique identifier of Network Connectivity Config in Databricks Account. Change forces creation of a new resource.
    resource_id str
    The Azure resource ID of the target resource. Change forces creation of a new resource.
    resource_names Sequence[str]
    Only used by private endpoints towards AWS S3 service. List of globally unique S3 bucket names that will be accessed via the VPC endpoint. The bucket names must be in the same region as the NCC/endpoint service. Conflict with domain_names.
    rule_id str
    the ID of a private endpoint rule.
    updated_time int
    Time in epoch milliseconds when this object was updated.
    vpc_endpoint_id str
    The AWS VPC endpoint ID. You can use this ID to identify the VPC endpoint created by Databricks.
    accountId String
    connectionState String
    The current status of this private endpoint. The private endpoint rules are effective only if the connection state is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Azure portal before they take effect. The possible values are:

    • PENDING: The endpoint has been created and pending approval.
    • ESTABLISHED: The endpoint has been approved and is ready to be used in your serverless compute resources.
    • REJECTED: Connection was rejected by the private link resource owner.
    • DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up.
    • EXPIRED: If the endpoint was created but not approved in 14 days, it will be EXPIRED.
    creationTime Number
    Time in epoch milliseconds when this object was created.
    deactivated Boolean
    Whether this private endpoint is deactivated.
    deactivatedAt Number
    Time in epoch milliseconds when this object was deactivated.
    domainNames List<String>
    • On Azure: List of domain names of target private link service. Only used by private endpoints to customer-managed private endpoint services. Conflicts with group_id.
    • On AWS: List of target resource FQDNs accessible via the VPC endpoint service. Only used by private endpoints towards a VPC endpoint service behind a customer-managed VPC endpoint service. Conflicts with resource_names.
    enabled Boolean
    Activation status. Only used by private endpoints towards an AWS S3 service. Update this field to activate/deactivate this private endpoint to allow egress access from serverless compute resources. Can only be updated after a private endpoint rule towards an AWS S3 service is successfully created.
    endpointName String
    The name of the Azure private endpoint resource, e.g. "databricks-088781b3-77fa-4132-b429-1af0d91bc593-pe-3cb31234"
    endpointService String
    Example com.amazonaws.vpce.us-east-1.vpce-svc-123abcc1298abc123. The full target AWS endpoint service name that connects to the destination resources of the private endpoint.
    groupId String
    Not used by customer-managed private endpoint services. The sub-resource type (group ID) of the target resource. Must be one of supported resource types (i.e., blob, dfs, sqlServer , etc. Consult the Azure documentation for full list of supported resources). Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for blob and one for dfs. Change forces creation of a new resource. Conflicts with domain_names.
    networkConnectivityConfigId String
    Canonical unique identifier of Network Connectivity Config in Databricks Account. Change forces creation of a new resource.
    resourceId String
    The Azure resource ID of the target resource. Change forces creation of a new resource.
    resourceNames List<String>
    Only used by private endpoints towards AWS S3 service. List of globally unique S3 bucket names that will be accessed via the VPC endpoint. The bucket names must be in the same region as the NCC/endpoint service. Conflict with domain_names.
    ruleId String
    the ID of a private endpoint rule.
    updatedTime Number
    Time in epoch milliseconds when this object was updated.
    vpcEndpointId String
    The AWS VPC endpoint ID. You can use this ID to identify the VPC endpoint created by Databricks.

    Import

    This resource can be imported by Databricks account ID and Network Connectivity Config ID.

    hcl

    import {

    to = databricks_mws_ncc_private_endpoint_rule.this

    id = “<network_connectivity_config_id>/<rule_id>”

    }

    Alternatively, when using terraform version 1.4 or earlier, import using the pulumi import command:

    $ pulumi import databricks:index/mwsNccPrivateEndpointRule:MwsNccPrivateEndpointRule this "<network_connectivity_config_id>/<rule_id>"
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    databricks pulumi/pulumi-databricks
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the databricks Terraform Provider.
    databricks logo
    Databricks v1.74.0 published on Thursday, Aug 14, 2025 by Pulumi