Resource Type: Azure > Databricks > Workspace

Resource Context

Workspace is a part of the Databricks service.

Each Workspace lives under a Resource Group.

Controls

The primary controls for Azure > Databricks > Workspace are:

• Active
• Approved
• CMDB
• Discovery
• ServiceNow
• Tags

It is also targeted by these controls:

• Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks > 03.01.01 - Ensure that Azure Databricks is deployed in a customer-managed virtual network (VNet)
• Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks > 03.01.02 - Ensure that network security groups are configured for Databricks subnets
• Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks > 03.01.03 - Ensure that traffic is encrypted between cluster worker nodes
• Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks > 03.01.04 - Ensure that users and groups are synced from Microsoft Entra ID to Azure Databricks
• Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks > 03.01.05 - Ensure that Unity Catalog is configured for Azure Databricks
• Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks > 03.01.06 - Ensure that usage is restricted and expiry is enforced for Databricks personal access tokens
• Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks > 03.01.07 - Ensure that diagnostic log delivery is configured for Azure Databricks
• Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks > 03.01.08 - Ensure that data at rest and in transit is encrypted in Azure Databricks using customer managed keys (CMK)
• Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.01 - Ensure that Azure Databricks is deployed in a customer-managed virtual network (VNet)
• Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.02 - Ensure that network security groups are configured for Databricks subnets
• Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.03 - Ensure that traffic is encrypted between cluster worker nodes
• Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.04 - Ensure that users and groups are synced from Microsoft Entra ID to Azure Databricks
• Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.05 - Ensure that Unity Catalog is configured for Azure Databricks
• Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.06 - Ensure that usage is restricted and expiry is enforced for Databricks personal access tokens
• Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.07 - Ensure that diagnostic log delivery is configured for Azure Databricks
• Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.08 - Ensure critical data in Azure Databricks is encrypted with customer-managed keys (CMK)
• Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.09 - Ensure 'No Public IP' is set to 'Enabled'
• Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.10 - Ensure 'Allow Public Network Access' is set to 'Disabled'
• Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.11 - Ensure private endpoints are used to access Azure Databricks workspaces

Quick Actions

• Delete
• Router
• Set Tags

Category

• Analytics

In Your Workspace

• Controls by Resource Type report
• Policy Settings by Resource Type report
• Resources by Resource Type report

Developers

Resource Type URI

tmod:@turbot/azure-databricks#/resource/types/databricksWorkspace

Category URI

tmod:@turbot/turbot#/resource/categories/analytics

GraphQL

query resource(id: "tmod:@turbot/azure-databricks#/resource/types/databricksWorkspace") { … }

query resourceActivities(filter: "resourceId:'tmod:@turbot/azure-databricks#/resource/types/databricksWorkspace'") { … }

mutation createResource(input: { … })

mutation updateResource(input: { … })

CLI

Get Resource

turbot graphql resource --id "tmod:@turbot/azure-databricks#/resource/types/databricksWorkspace"

Steampipe Query

Get Resource

select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/azure-databricks#/resource/types/databricksWorkspace';

Get Policy Settings (By Resource ID)

select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/azure-databricks#/resource/types/databricksWorkspace"';

Get Resource Notification

select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/azure-databricks#/resource/types/databricksWorkspace' and notification_type in ('resource_updated', 'resource_created');