Skip to content

Latest commit

 

History

History

adb-exfiltration-protection

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
images
images
 
 
README.md
README.md
 
 
firewall.tf
firewall.tf
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
providers.tf
providers.tf
 
 
storage.tf
storage.tf
 
 
variables.tf
variables.tf
 
 
vnet.tf
vnet.tf
 
 
workspace.tf
workspace.tf
 
 

README.md

Provisioning Azure Databricks workspace with a Hub & Spoke firewall for data exfiltration protection

This module will create Azure Databricks workspace with a Hub & Spoke firewall for data exfiltration protection.

Module content

This module can be used to deploy the following:

alt text

  • Resource group with random prefix
  • Tags, including Owner, which is taken from az account show --query user
  • Hub-Spoke topology, with hub firewall in hub vnet's subnet.
  • Associated firewall rules, both FQDN and network rule using IP.

How to use

Note You can customize this module by adding, deleting or updating the Azure resources to adapt the module to your requirements. A deployment example using this module can be found in examples/adb-exfiltration-protection

  1. Reference this module using one of the different module source types
  2. Add a variables.tf with the same content in variables.tf
  3. Add a terraform.tfvars file and provide values to each defined variable
  4. Add a output.tf file.
  5. (Optional) Configure your remote backend
  6. Run terraform init to initialize terraform and get provider ready.
  7. Run terraform apply to create the resources.

Requirements

Name Version
azurerm =4.00.0
databricks 1.52.0

Providers

Name Version
azurerm 4.0.0
external 2.2.0
random 3.1.0
dns 3.3.0

Modules

No modules.

Resources

Name Type
azurerm_databricks_workspace.this resource
azurerm_firewall.hubfw resource
azurerm_firewall_application_rule_collection.adbfqdn resource
azurerm_firewall_network_rule_collection.adbfnetwork resource
azurerm_network_security_group.this resource
azurerm_public_ip.fwpublicip resource
azurerm_resource_group.this resource
azurerm_route_table.adbroute resource
azurerm_storage_account.allowedstorage resource
azurerm_storage_account.deniedstorage resource
azurerm_subnet.hubfw resource
azurerm_subnet.private resource
azurerm_subnet.public resource
azurerm_subnet_network_security_group_association.private resource
azurerm_subnet_network_security_group_association.public resource
azurerm_subnet_route_table_association.privateudr resource
azurerm_subnet_route_table_association.publicudr resource
azurerm_virtual_network.hubvnet resource
azurerm_virtual_network.this resource
azurerm_virtual_network_peering.hubvnet resource
azurerm_virtual_network_peering.spokevnet resource
random_string.naming resource
azurerm_client_config.current data source
dns_a_record_set.eventhubs data source
dns_a_record_set.metastore data source
dns_a_record_set.scc_relay data source
external_external.me data source

Inputs

Name Description Type Default Required
bypass_scc_relay n/a bool true no
dbfs_prefix n/a string "dbfs" no
eventhubs n/a list(string) n/a yes
firewallfqdn n/a list(string) n/a yes
hubcidr n/a string "10.178.0.0/20" no
metastore n/a list(string) n/a yes
private_subnet_endpoints n/a list [] no
rglocation n/a string "southeastasia" no
scc_relay n/a list(string) n/a yes
spokecidr n/a string "10.179.0.0/20" no
tags n/a map {} no
webapp_ips List of IP ranges for Azure Databricks Webapp list(string) n/a yes
workspace_prefix n/a string "adb" no

Outputs

Name Description
arm_client_id Deprecated
arm_subscription_id Deprecated
arm_tenant_id Deprecated
azure_region Deprecated
azure_resource_group_id ID of the created Azure resource group
databricks_azure_workspace_resource_id Deprecated The ID of the Databricks Workspace in the Azure management plane
resource_group Deprecated
workspace_id The Databricks workspace ID
workspace_url The Databricks workspace URL