import * as pulumi from "@pulumi/pulumi"; /** * Allows you to create a Private Access Setting resource that can be used as part of a databricks.MwsWorkspaces resource to create a [Databricks Workspace that leverages AWS PrivateLink](https://docs.databricks.com/administration-guide/cloud-configurations/aws/privatelink.html) or [GCP Private Service Connect](https://docs.gcp.databricks.com/administration-guide/cloud-configurations/gcp/private-service-connect.html) * * It is strongly recommended that customers read the [Enable AWS Private Link](https://docs.databricks.com/administration-guide/cloud-configurations/aws/privatelink.html) [Enable GCP Private Service Connect](https://docs.gcp.databricks.com/administration-guide/cloud-configurations/gcp/private-service-connect.html) documentation before trying to leverage this resource. * * ## Databricks on AWS usage * * > Initialize provider with `alias = "mws"`, `host = "https://accounts.cloud.databricks.com"` and use `provider = databricks.mws` * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as databricks from "@pulumi/databricks"; * * const pas = new databricks.MwsPrivateAccessSettings("pas", { * accountId: databricksAccountId, * privateAccessSettingsName: `Private Access Settings for ${prefix}`, * region: region, * publicAccessEnabled: true, * }); * ``` * * The `databricks_mws_private_access_settings.pas.private_access_settings_id` can then be used as part of a databricks.MwsWorkspaces resource: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as databricks from "@pulumi/databricks"; * * const _this = new databricks.MwsWorkspaces("this", { * awsRegion: region, * workspaceName: prefix, * credentialsId: thisDatabricksMwsCredentials.credentialsId, * storageConfigurationId: thisDatabricksMwsStorageConfigurations.storageConfigurationId, * networkId: thisDatabricksMwsNetworks.networkId, * privateAccessSettingsId: pas.privateAccessSettingsId, * pricingTier: "ENTERPRISE", * }, { * dependsOn: [thisDatabricksMwsNetworks], * }); * ``` * * ## Databricks on GCP usage * * > Initialize provider with `alias = "mws"`, `host = "https://accounts.gcp.databricks.com"` and use `provider = databricks.mws` * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as databricks from "@pulumi/databricks"; * * const _this = new databricks.MwsWorkspaces("this", { * workspaceName: "gcp-workspace", * location: subnetRegion, * cloudResourceContainer: { * gcp: { * projectId: googleProject, * }, * }, * gkeConfig: { * connectivityType: "PRIVATE_NODE_PUBLIC_MASTER", * masterIpRange: "10.3.0.0/28", * }, * networkId: thisDatabricksMwsNetworks.networkId, * privateAccessSettingsId: pas.privateAccessSettingsId, * pricingTier: "PREMIUM", * }, { * dependsOn: [thisDatabricksMwsNetworks], * }); * ``` * * ## Related Resources * * The following resources are used in the same context: * * * Provisioning Databricks on AWS guide. * * Provisioning Databricks on AWS with Private Link guide. * * Provisioning AWS Databricks workspaces with a Hub & Spoke firewall for data exfiltration protection guide. * * Provisioning Databricks workspaces on GCP with Private Service Connect guide. * * databricks.MwsVpcEndpoint to register awsVpcEndpoint resources with Databricks such that they can be used as part of a databricks.MwsNetworks configuration. * * databricks.MwsNetworks to [configure VPC](https://docs.databricks.com/administration-guide/cloud-configurations/aws/customer-managed-vpc.html) & subnets for new workspaces within AWS. * * databricks.MwsWorkspaces to set up [AWS and GCP workspaces](https://docs.databricks.com/getting-started/overview.html#e2-architecture-1). * * ## Import * * This resource can be imported by Databricks account ID and private access settings ID. * * ```sh * $ pulumi import databricks:index/mwsPrivateAccessSettings:MwsPrivateAccessSettings this '/' * ``` */ export declare class MwsPrivateAccessSettings extends pulumi.CustomResource { /** * Get an existing MwsPrivateAccessSettings resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: MwsPrivateAccessSettingsState, opts?: pulumi.CustomResourceOptions): MwsPrivateAccessSettings; /** * Returns true if the given object is an instance of MwsPrivateAccessSettings. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is MwsPrivateAccessSettings; /** * @deprecated Configuring `accountId` at the resource-level is deprecated; please specify it in the `provider {}` configuration block instead */ readonly accountId: pulumi.Output; /** * An array of databricks.MwsVpcEndpoint `vpcEndpointId` (not `id`). Only used when `privateAccessLevel` is set to `ENDPOINT`. This is an allow list of databricks.MwsVpcEndpoint that in your account that can connect to your databricks.MwsWorkspaces over AWS PrivateLink. If hybrid access to your workspace is enabled by setting `publicAccessEnabled` to true, then this control only works for PrivateLink connections. To control how your workspace is accessed via public internet, see the article for databricks_ip_access_list. */ readonly allowedVpcEndpointIds: pulumi.Output; /** * The private access level controls which VPC endpoints can connect to the UI or API of any workspace that attaches this private access settings object. `ACCOUNT` level access _(default)_ lets only databricks.MwsVpcEndpoint that are registered in your Databricks account connect to your databricks_mws_workspaces. `ENDPOINT` level access lets only specified databricks.MwsVpcEndpoint connect to your workspace. Please see the `allowedVpcEndpointIds` documentation for more details. */ readonly privateAccessLevel: pulumi.Output; /** * Canonical unique identifier of Private Access Settings in Databricks Account */ readonly privateAccessSettingsId: pulumi.Output; /** * Name of Private Access Settings in Databricks Account */ readonly privateAccessSettingsName: pulumi.Output; /** * If `true`, the databricks.MwsWorkspaces can be accessed over the databricks.MwsVpcEndpoint as well as over the public network. In such a case, you could also configure an databricks.IpAccessList for the workspace, to restrict the source networks that could be used to access it over the public network. If `false`, the workspace can be accessed only over VPC endpoints, and not over the public network. Once explicitly set, this field becomes mandatory. */ readonly publicAccessEnabled: pulumi.Output; /** * Region of AWS VPC or the Google Cloud VPC network */ readonly region: pulumi.Output; /** * Create a MwsPrivateAccessSettings resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: MwsPrivateAccessSettingsArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering MwsPrivateAccessSettings resources. */ export interface MwsPrivateAccessSettingsState { /** * @deprecated Configuring `accountId` at the resource-level is deprecated; please specify it in the `provider {}` configuration block instead */ accountId?: pulumi.Input; /** * An array of databricks.MwsVpcEndpoint `vpcEndpointId` (not `id`). Only used when `privateAccessLevel` is set to `ENDPOINT`. This is an allow list of databricks.MwsVpcEndpoint that in your account that can connect to your databricks.MwsWorkspaces over AWS PrivateLink. If hybrid access to your workspace is enabled by setting `publicAccessEnabled` to true, then this control only works for PrivateLink connections. To control how your workspace is accessed via public internet, see the article for databricks_ip_access_list. */ allowedVpcEndpointIds?: pulumi.Input[]>; /** * The private access level controls which VPC endpoints can connect to the UI or API of any workspace that attaches this private access settings object. `ACCOUNT` level access _(default)_ lets only databricks.MwsVpcEndpoint that are registered in your Databricks account connect to your databricks_mws_workspaces. `ENDPOINT` level access lets only specified databricks.MwsVpcEndpoint connect to your workspace. Please see the `allowedVpcEndpointIds` documentation for more details. */ privateAccessLevel?: pulumi.Input; /** * Canonical unique identifier of Private Access Settings in Databricks Account */ privateAccessSettingsId?: pulumi.Input; /** * Name of Private Access Settings in Databricks Account */ privateAccessSettingsName?: pulumi.Input; /** * If `true`, the databricks.MwsWorkspaces can be accessed over the databricks.MwsVpcEndpoint as well as over the public network. In such a case, you could also configure an databricks.IpAccessList for the workspace, to restrict the source networks that could be used to access it over the public network. If `false`, the workspace can be accessed only over VPC endpoints, and not over the public network. Once explicitly set, this field becomes mandatory. */ publicAccessEnabled?: pulumi.Input; /** * Region of AWS VPC or the Google Cloud VPC network */ region?: pulumi.Input; } /** * The set of arguments for constructing a MwsPrivateAccessSettings resource. */ export interface MwsPrivateAccessSettingsArgs { /** * @deprecated Configuring `accountId` at the resource-level is deprecated; please specify it in the `provider {}` configuration block instead */ accountId?: pulumi.Input; /** * An array of databricks.MwsVpcEndpoint `vpcEndpointId` (not `id`). Only used when `privateAccessLevel` is set to `ENDPOINT`. This is an allow list of databricks.MwsVpcEndpoint that in your account that can connect to your databricks.MwsWorkspaces over AWS PrivateLink. If hybrid access to your workspace is enabled by setting `publicAccessEnabled` to true, then this control only works for PrivateLink connections. To control how your workspace is accessed via public internet, see the article for databricks_ip_access_list. */ allowedVpcEndpointIds?: pulumi.Input[]>; /** * The private access level controls which VPC endpoints can connect to the UI or API of any workspace that attaches this private access settings object. `ACCOUNT` level access _(default)_ lets only databricks.MwsVpcEndpoint that are registered in your Databricks account connect to your databricks_mws_workspaces. `ENDPOINT` level access lets only specified databricks.MwsVpcEndpoint connect to your workspace. Please see the `allowedVpcEndpointIds` documentation for more details. */ privateAccessLevel?: pulumi.Input; /** * Canonical unique identifier of Private Access Settings in Databricks Account */ privateAccessSettingsId?: pulumi.Input; /** * Name of Private Access Settings in Databricks Account */ privateAccessSettingsName: pulumi.Input; /** * If `true`, the databricks.MwsWorkspaces can be accessed over the databricks.MwsVpcEndpoint as well as over the public network. In such a case, you could also configure an databricks.IpAccessList for the workspace, to restrict the source networks that could be used to access it over the public network. If `false`, the workspace can be accessed only over VPC endpoints, and not over the public network. Once explicitly set, this field becomes mandatory. */ publicAccessEnabled?: pulumi.Input; /** * Region of AWS VPC or the Google Cloud VPC network */ region: pulumi.Input; }