Skip to content

AWS PrivateLink for Databricks

Private preview

This feature is only available to select accounts.

AWS PrivateLink in Databricks provides a secure way for data communication between the Immuta SaaS platform and Databricks instances. AWS PrivateLink provides private connectivity between AWS VPCs as well as AWS services without exposing the traffic to the public network.

This front-end PrivateLink connection allows users to connect to the Databricks web application, REST API, and Databricks Connect API over a VPC interface endpoint. For details about AWS PrivateLink in Databricks and the network flow in a typical implementation, explore the Databricks documentation.

Data Flow

Configuration requirements


Ensure that your accounts meet the following requirements:

Databricks workspace

Ensure that your workspace meets the following requirements:


Contact your Databricks representative to enable AWS PrivateLink on your account.

  1. Contact your Immuta representative, who will provide the PrivateLink endpoint IDs to register with your accounts. You will need to provide the following information:

  2. Register the PrivateLink endpoint IDs.

    • If the private_access_level on your private_access_settings object is set to ACCOUNT, you should not need to do anything else beyond the registration.
    • If the private_access_level on your private_access_settings object is set to ENDPOINT, you will need to add it to the allowed_vpc_endpoint_ids list inside your private_access_settings object in Databricks. For example,

      "private_access_settings_name": "immuta-access",
      "region": "us-east-1",
      "public_access_enabled": false,
      "private_access_level": "ENDPOINT",
      "allowed_vpc_endpoint_ids": [