Skip to content

Latest commit

 

History

History

adb-exfiltration-protection

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
images
images
 
 
README.md
README.md
 
 
firewall.tf
firewall.tf
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
providers.tf
providers.tf
 
 
storage.tf
storage.tf
 
 
variables.tf
variables.tf
 
 
vnet.tf
vnet.tf
 
 
workspace.tf
workspace.tf
 
 

README.md

Provisioning Azure Databricks workspace with a Hub & Spoke firewall for data exfiltration protection

This module will create Azure Databricks workspace with a Hub & Spoke firewall for data exfiltration protection.

Module content

This module can be used to deploy the following:

alt text

  • Resource group with random prefix
  • Tags, including Owner, which is taken from az account show --query user
  • Hub-Spoke topology, with hub firewall in hub vnet's subnet.
  • Associated firewall rules, both FQDN and network rule using IP.

How to use

Note You can customize this module by adding, deleting or updating the Azure resources to adapt the module to your requirements. A deployment example using this module can be found in examples/adb-exfiltration-protection

  1. Reference this module using one of the different module source types
  2. Add a variables.tf with the same content in variables.tf
  3. Add a terraform.tfvars file and provide values to each defined variable
  4. Add a output.tf file.
  5. (Optional) Configure your remote backend
  6. Run terraform init to initialize terraform and get provider ready.
  7. Run terraform apply to create the resources.

Requirements

Name Version
azurerm =2.83.0
databricks 0.3.10

Providers

Name Version
azurerm 2.83.0
external 2.2.0
random 3.1.0
dns 3.3.0

Modules

No modules.

Resources

Name Type
azurerm_databricks_workspace.this resource
azurerm_firewall.hubfw resource
azurerm_firewall_application_rule_collection.adbfqdn resource
azurerm_firewall_network_rule_collection.adbfnetwork resource
azurerm_network_security_group.this resource
azurerm_public_ip.fwpublicip resource
azurerm_resource_group.this resource
azurerm_route_table.adbroute resource
azurerm_storage_account.allowedstorage resource
azurerm_storage_account.deniedstorage resource
azurerm_subnet.hubfw resource
azurerm_subnet.private resource
azurerm_subnet.public resource
azurerm_subnet_network_security_group_association.private resource
azurerm_subnet_network_security_group_association.public resource
azurerm_subnet_route_table_association.privateudr resource
azurerm_subnet_route_table_association.publicudr resource
azurerm_virtual_network.hubvnet resource
azurerm_virtual_network.this resource
azurerm_virtual_network_peering.hubvnet resource
azurerm_virtual_network_peering.spokevnet resource
random_string.naming resource
azurerm_client_config.current data source
external_external.me data source

Inputs

Name Description Type Default Required
bypass_scc_relay n/a bool true no
dbfs_prefix n/a string "dbfs" no
eventhubs n/a list(string) n/a yes
firewallfqdn n/a list(string) n/a yes
hubcidr n/a string "10.178.0.0/20" no
metastore n/a list(string) n/a yes
no_public_ip n/a bool true no
private_subnet_endpoints n/a list [] no
rglocation n/a string "southeastasia" no
scc_relay n/a list(string) n/a yes
spokecidr n/a string "10.179.0.0/20" no
tags n/a map {} no
webappip n/a list(string) n/a yes
workspace_prefix n/a string "adb" no

Outputs

Name Description
arm_client_id Deprecated
arm_subscription_id Deprecated
arm_tenant_id Deprecated
azure_region Deprecated
databricks_azure_workspace_resource_id Deprecated
resource_group Deprecated
workspace_url n/a
resource_group_id n/a
resource_workspace_id n/a