Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
Azure
Loading resources...

Resource Type: Azure > Databricks > Workspace

The Databricks Workspace resource type is an integrated environment that allows for the creation and management of notebooks, jobs, and data, enabling collaborative data analytics and machine learning tasks.

Resource Context

Workspace is a part of the Databricks service.

Each Workspace lives under a Resource Group.

Controls

The primary controls for Azure > Databricks > Workspace are:

  • Active
  • Allowed
  • Approved
  • CMDB
  • Discovery
  • ServiceNow
  • Tags

It is also targeted by these controls:

  • Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks > 03.01.01 - Ensure that Azure Databricks is deployed in a customer-managed virtual network (VNet)
  • Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks > 03.01.02 - Ensure that network security groups are configured for Databricks subnets
  • Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks > 03.01.03 - Ensure that traffic is encrypted between cluster worker nodes
  • Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks > 03.01.04 - Ensure that users and groups are synced from Microsoft Entra ID to Azure Databricks
  • Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks > 03.01.05 - Ensure that Unity Catalog is configured for Azure Databricks
  • Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks > 03.01.06 - Ensure that usage is restricted and expiry is enforced for Databricks personal access tokens
  • Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks > 03.01.07 - Ensure that diagnostic log delivery is configured for Azure Databricks
  • Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks > 03.01.08 - Ensure that data at rest and in transit is encrypted in Azure Databricks using customer managed keys (CMK)
  • Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.01 - Ensure that Azure Databricks is deployed in a customer-managed virtual network (VNet)
  • Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.02 - Ensure that network security groups are configured for Databricks subnets
  • Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.03 - Ensure that traffic is encrypted between cluster worker nodes
  • Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.04 - Ensure that users and groups are synced from Microsoft Entra ID to Azure Databricks
  • Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.05 - Ensure that Unity Catalog is configured for Azure Databricks
  • Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.06 - Ensure that usage is restricted and expiry is enforced for Databricks personal access tokens
  • Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.07 - Ensure that diagnostic log delivery is configured for Azure Databricks
  • Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.08 - Ensure critical data in Azure Databricks is encrypted with customer-managed keys (CMK)
  • Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.09 - Ensure 'No Public IP' is set to 'Enabled'
  • Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.10 - Ensure 'Allow Public Network Access' is set to 'Disabled'
  • Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.11 - Ensure private endpoints are used to access Azure Databricks workspaces

Quick Actions

  • Delete
  • Router
  • Set Tags

Category

  • Analytics

In Your Workspace

  • Controls by Resource Type report
  • Policy Settings by Resource Type report
  • Resources by Resource Type report

Developers

    Resource Type URI
    • tmod:@turbot/azure-databricks#/resource/types/databricksWorkspace
    • Category URI
    • tmod:@turbot/turbot#/resource/categories/analytics
    • GraphQL
    • query resource(id: "tmod:@turbot/azure-databricks#/resource/types/databricksWorkspace") { … }
    • query resourceActivities(filter: "resourceId:'tmod:@turbot/azure-databricks#/resource/types/databricksWorkspace'") { … }
    • mutation createResource(input: { … })
    • mutation updateResource(input: { … })
    • CLI
    • Get Resource
    • turbot graphql resource --id "tmod:@turbot/azure-databricks#/resource/types/databricksWorkspace"
    • Steampipe Query
    • Get Resource
    • select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/azure-databricks#/resource/types/databricksWorkspace';
      • Get Policy Settings (By Resource ID)
    • select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/azure-databricks#/resource/types/databricksWorkspace"';
      • Get Resource Notification
    • select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/azure-databricks#/resource/types/databricksWorkspace' and notification_type in ('resource_updated', 'resource_created');
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
50
Mods
204
Resource Types
3,575
Policies
1,941
Controls
103
Quick Actions
111
IAM