databricks.IpAccessList
Explore with Pulumi AI
Security-conscious enterprises that use cloud SaaS applications need to restrict access to their own employees. Authentication helps to prove user identity, but that does not enforce network location of the users. Accessing a cloud service from an unsecured network can pose security risks to an enterprise, especially when the user may have authorized access to sensitive or personal data. Enterprise network perimeters apply security policies and limit access to external services (for example, firewalls, proxies, DLP, and logging), so access beyond these controls are assumed to be untrusted. Please see IP Access List for full feature documentation.
The total number of IP addresses and CIDR scopes provided across all ACL Lists in a workspace can not exceed 1000. Refer to the docs above for specifics.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
const _this = new databricks.WorkspaceConf("this", {customConfig: {
enableIpAccessLists: "true",
}});
const allowed_list = new databricks.IpAccessList("allowed-list", {
label: "allow_in",
listType: "ALLOW",
ipAddresses: [
"1.1.1.1",
"1.2.3.0/24",
"1.2.5.0/24",
],
}, {
dependsOn: [_this],
});
import pulumi
import pulumi_databricks as databricks
this = databricks.WorkspaceConf("this", custom_config={
"enableIpAccessLists": "true",
})
allowed_list = databricks.IpAccessList("allowed-list",
label="allow_in",
list_type="ALLOW",
ip_addresses=[
"1.1.1.1",
"1.2.3.0/24",
"1.2.5.0/24",
],
opts = pulumi.ResourceOptions(depends_on=[this]))
package main
import (
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
this, err := databricks.NewWorkspaceConf(ctx, "this", &databricks.WorkspaceConfArgs{
CustomConfig: pulumi.StringMap{
"enableIpAccessLists": pulumi.String("true"),
},
})
if err != nil {
return err
}
_, err = databricks.NewIpAccessList(ctx, "allowed-list", &databricks.IpAccessListArgs{
Label: pulumi.String("allow_in"),
ListType: pulumi.String("ALLOW"),
IpAddresses: pulumi.StringArray{
pulumi.String("1.1.1.1"),
pulumi.String("1.2.3.0/24"),
pulumi.String("1.2.5.0/24"),
},
}, pulumi.DependsOn([]pulumi.Resource{
this,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var @this = new Databricks.WorkspaceConf("this", new()
{
CustomConfig =
{
{ "enableIpAccessLists", "true" },
},
});
var allowed_list = new Databricks.IpAccessList("allowed-list", new()
{
Label = "allow_in",
ListType = "ALLOW",
IpAddresses = new[]
{
"1.1.1.1",
"1.2.3.0/24",
"1.2.5.0/24",
},
}, new CustomResourceOptions
{
DependsOn =
{
@this,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.WorkspaceConf;
import com.pulumi.databricks.WorkspaceConfArgs;
import com.pulumi.databricks.IpAccessList;
import com.pulumi.databricks.IpAccessListArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var this_ = new WorkspaceConf("this", WorkspaceConfArgs.builder()
.customConfig(Map.of("enableIpAccessLists", true))
.build());
var allowed_list = new IpAccessList("allowed-list", IpAccessListArgs.builder()
.label("allow_in")
.listType("ALLOW")
.ipAddresses(
"1.1.1.1",
"1.2.3.0/24",
"1.2.5.0/24")
.build(), CustomResourceOptions.builder()
.dependsOn(this_)
.build());
}
}
resources:
this:
type: databricks:WorkspaceConf
properties:
customConfig:
enableIpAccessLists: true
allowed-list:
type: databricks:IpAccessList
properties:
label: allow_in
listType: ALLOW
ipAddresses:
- 1.1.1.1
- 1.2.3.0/24
- 1.2.5.0/24
options:
dependson:
- ${this}
Related Resources
The following resources are often used in the same context:
- End to end workspace management guide.
- Provisioning AWS Databricks workspaces with a Hub & Spoke firewall for data exfiltration protection guide.
- databricks.MwsNetworks to configure VPC & subnets for new workspaces within AWS.
- databricks.MwsPrivateAccessSettings to create a Private Access Setting that can be used as part of a databricks.MwsWorkspaces resource to create a Databricks Workspace that leverages AWS PrivateLink.
- databricks.Permissions to manage access control in Databricks workspace.
- databricks.SqlPermissions to manage data object access control lists in Databricks workspaces for things like tables, views, databases, and more.
Create IpAccessList Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new IpAccessList(name: string, args: IpAccessListArgs, opts?: CustomResourceOptions);
@overload
def IpAccessList(resource_name: str,
args: IpAccessListArgs,
opts: Optional[ResourceOptions] = None)
@overload
def IpAccessList(resource_name: str,
opts: Optional[ResourceOptions] = None,
ip_addresses: Optional[Sequence[str]] = None,
label: Optional[str] = None,
list_type: Optional[str] = None,
enabled: Optional[bool] = None)
func NewIpAccessList(ctx *Context, name string, args IpAccessListArgs, opts ...ResourceOption) (*IpAccessList, error)
public IpAccessList(string name, IpAccessListArgs args, CustomResourceOptions? opts = null)
public IpAccessList(String name, IpAccessListArgs args)
public IpAccessList(String name, IpAccessListArgs args, CustomResourceOptions options)
type: databricks:IpAccessList
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args IpAccessListArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args IpAccessListArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args IpAccessListArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args IpAccessListArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args IpAccessListArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var ipAccessListResource = new Databricks.IpAccessList("ipAccessListResource", new()
{
IpAddresses = new[]
{
"string",
},
Label = "string",
ListType = "string",
Enabled = false,
});
example, err := databricks.NewIpAccessList(ctx, "ipAccessListResource", &databricks.IpAccessListArgs{
IpAddresses: pulumi.StringArray{
pulumi.String("string"),
},
Label: pulumi.String("string"),
ListType: pulumi.String("string"),
Enabled: pulumi.Bool(false),
})
var ipAccessListResource = new IpAccessList("ipAccessListResource", IpAccessListArgs.builder()
.ipAddresses("string")
.label("string")
.listType("string")
.enabled(false)
.build());
ip_access_list_resource = databricks.IpAccessList("ipAccessListResource",
ip_addresses=["string"],
label="string",
list_type="string",
enabled=False)
const ipAccessListResource = new databricks.IpAccessList("ipAccessListResource", {
ipAddresses: ["string"],
label: "string",
listType: "string",
enabled: false,
});
type: databricks:IpAccessList
properties:
enabled: false
ipAddresses:
- string
label: string
listType: string
IpAccessList Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The IpAccessList resource accepts the following input properties:
- Ip
Addresses List<string> - A string list of IP addresses and CIDR ranges.
- Label string
- This is the display name for the given IP ACL List.
- List
Type string - Can only be "ALLOW" or "BLOCK".
- Enabled bool
- Boolean
true
orfalse
indicating whether this list should be active. Defaults totrue
- Ip
Addresses []string - A string list of IP addresses and CIDR ranges.
- Label string
- This is the display name for the given IP ACL List.
- List
Type string - Can only be "ALLOW" or "BLOCK".
- Enabled bool
- Boolean
true
orfalse
indicating whether this list should be active. Defaults totrue
- ip
Addresses List<String> - A string list of IP addresses and CIDR ranges.
- label String
- This is the display name for the given IP ACL List.
- list
Type String - Can only be "ALLOW" or "BLOCK".
- enabled Boolean
- Boolean
true
orfalse
indicating whether this list should be active. Defaults totrue
- ip
Addresses string[] - A string list of IP addresses and CIDR ranges.
- label string
- This is the display name for the given IP ACL List.
- list
Type string - Can only be "ALLOW" or "BLOCK".
- enabled boolean
- Boolean
true
orfalse
indicating whether this list should be active. Defaults totrue
- ip_
addresses Sequence[str] - A string list of IP addresses and CIDR ranges.
- label str
- This is the display name for the given IP ACL List.
- list_
type str - Can only be "ALLOW" or "BLOCK".
- enabled bool
- Boolean
true
orfalse
indicating whether this list should be active. Defaults totrue
- ip
Addresses List<String> - A string list of IP addresses and CIDR ranges.
- label String
- This is the display name for the given IP ACL List.
- list
Type String - Can only be "ALLOW" or "BLOCK".
- enabled Boolean
- Boolean
true
orfalse
indicating whether this list should be active. Defaults totrue
Outputs
All input properties are implicitly available as output properties. Additionally, the IpAccessList resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing IpAccessList Resource
Get an existing IpAccessList resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: IpAccessListState, opts?: CustomResourceOptions): IpAccessList
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
enabled: Optional[bool] = None,
ip_addresses: Optional[Sequence[str]] = None,
label: Optional[str] = None,
list_type: Optional[str] = None) -> IpAccessList
func GetIpAccessList(ctx *Context, name string, id IDInput, state *IpAccessListState, opts ...ResourceOption) (*IpAccessList, error)
public static IpAccessList Get(string name, Input<string> id, IpAccessListState? state, CustomResourceOptions? opts = null)
public static IpAccessList get(String name, Output<String> id, IpAccessListState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Enabled bool
- Boolean
true
orfalse
indicating whether this list should be active. Defaults totrue
- Ip
Addresses List<string> - A string list of IP addresses and CIDR ranges.
- Label string
- This is the display name for the given IP ACL List.
- List
Type string - Can only be "ALLOW" or "BLOCK".
- Enabled bool
- Boolean
true
orfalse
indicating whether this list should be active. Defaults totrue
- Ip
Addresses []string - A string list of IP addresses and CIDR ranges.
- Label string
- This is the display name for the given IP ACL List.
- List
Type string - Can only be "ALLOW" or "BLOCK".
- enabled Boolean
- Boolean
true
orfalse
indicating whether this list should be active. Defaults totrue
- ip
Addresses List<String> - A string list of IP addresses and CIDR ranges.
- label String
- This is the display name for the given IP ACL List.
- list
Type String - Can only be "ALLOW" or "BLOCK".
- enabled boolean
- Boolean
true
orfalse
indicating whether this list should be active. Defaults totrue
- ip
Addresses string[] - A string list of IP addresses and CIDR ranges.
- label string
- This is the display name for the given IP ACL List.
- list
Type string - Can only be "ALLOW" or "BLOCK".
- enabled bool
- Boolean
true
orfalse
indicating whether this list should be active. Defaults totrue
- ip_
addresses Sequence[str] - A string list of IP addresses and CIDR ranges.
- label str
- This is the display name for the given IP ACL List.
- list_
type str - Can only be "ALLOW" or "BLOCK".
- enabled Boolean
- Boolean
true
orfalse
indicating whether this list should be active. Defaults totrue
- ip
Addresses List<String> - A string list of IP addresses and CIDR ranges.
- label String
- This is the display name for the given IP ACL List.
- list
Type String - Can only be "ALLOW" or "BLOCK".
Import
The databricks_ip_access_list can be imported using id:
bash
$ pulumi import databricks:index/ipAccessList:IpAccessList this <list-id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- databricks pulumi/pulumi-databricks
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
databricks
Terraform Provider.