Ensure Azure Databricks workspace is not public

Error: Azure Databricks workspace is public

Bridgecrew Policy ID: BC_AZR_NETWORKING_49
Checkov Check ID: CKV_AZURE_158
Severity: LOW

Azure Databricks workspace is public

Description

Disabling the public network access property improves security by ensuring your Azure Databricks workspace can only be accessed from a private endpoint. This configuration strictly disables access from any public address space outside of Azure IP range and denies all logins that match IP or virtual network-based firewall rules.

Fix - Runtime

TBD

Fix - Buildtime

Terraform

  • Resource: azurerm_databricks_workspace
  • Argument: public_network_access_enabled
resource "azurerm_databricks_workspace" "pass" {
  name                          = "databricks-test"
  resource_group_name           = azurerm_resource_group.example.name
  location                      = azurerm_resource_group.example.location
  sku                           = "standard"
  public_network_access_enabled = false

  tags = {
    Environment = "Production"
  }
}