Skip to main content
Last updated on

Create a classic workspace

This article describes how to create a classic workspace using automated configuration in the account console. Databricks recommends using automated configuration for most workspace deployments, as it prevents common configuration errors and has built-in approval workflows for users who need AWS admin authorization.

With automated configuration, you or an AWS admin grant Databricks temporary access to provision the required IAM roles, S3 bucket, and access policies in your AWS account. This automation also creates a customer-managed VPC to deploy the workspace in with default subnets, security groups, and routing tables.

If you instead want to manually provision and configure these resources, see Create a workspace with manual AWS configurations.

Requirements

To create a classic workspace with automated configuration:

  • You must be an account admin in your Databricks account.
  • Your AWS account must have available resources in the workspace region, including an available VPC and NAT gateway. You can view your available quotas and request increases using the AWS Service Quotas console.
  • Your AWS account must have the STS endpoint activated for us-west-2. For details, see the AWS documentation.
  • An AWS admin must grant Databricks temporary access to provision the required resources in your AWS account.

Create a workspace with automated configuration

Automated configuration uses AWS IAM temporary delegation to automatically provision all required resources for your workspace. This is the recommended method for most deployments because it prevents common configuration errors and provides built-in approval workflows for users who need AWS admin authorization. All automated actions are logged in AWS CloudTrail.

To create a workspace with automated configuration:

  1. Go to the account console and click the Workspaces icon.
  2. Click Create Workspace.
  3. In the Workspace name field, enter a human-readable name for this workspace. It can contain spaces.
  4. In the Region field, select an AWS region for your workspace's network and compute.
  5. Select Use your existing cloud account.
  6. In the Cloud credentials dropdown, select Add cloud credentials, then click OK.
  7. In the Cloud storage dropdown, select Add cloud storage, then click OK.
  8. Click Log in to AWS and create workspace.
  9. Review the resources that will be created, then click Initiate workspace creation.
  10. A popup will appear that allows you to log in to your AWS account and grant Databricks temporary access to provision resources on your behalf. If you don't have sufficient permissions, the request can be approved by an AWS admin in your organization.

After Databricks is granted temporary access, the workspace will begin to provision. All delegated permissions are time-bounded and automatically expire after deployment. You can view the status of the workspace creation in the account console's Workspaces page.

Provisioned resources

When you use automated configuration, Databricks provisions cloud resources in your AWS account and configuration objects in your Databricks account to represent them.

In your AWS account, the following resources are provisioned:

  • Cross-account IAM role with an access policy
  • Customer-managed VPC with default subnets, security groups, and routing tables
  • S3 bucket to store workspace assets and the workspace's default catalog
  • IAM role with an access policy to access the S3 bucket

In your Databricks account, the following configuration objects are created:

  • Credential configuration: Represents the cross-account IAM role used to deploy compute resources
  • Storage configuration: Represents the S3 bucket and the IAM role that is used to access the bucket
  • Classic network configuration: Represents the customer-managed VPC used to deploy the workspace

You can view and manage these configuration objects in your Databricks account console's Cloud resources page.

View workspace status

After you create a workspace, you can view its status on the Workspaces page.

  • Provisioning: Your Databricks workspace is being created. If the Databricks request for temporary access to your AWS account is pending approval, you'll see: "Our request to grant Databricks temporary access to your AWS account is pending approval from your AWS admin. Once approved, Databricks will resume workspace creation."
  • Running: Databricks workspace deployment was successful and is ready to use.
  • Failed: Databricks workspace deployment encountered an issue. Common scenarios include:
    • The request for temporary access to your AWS account expired because no action was taken within 7 days. You can retry workspace creation with a new delegation request.
    • Your AWS administrator declined the delegation request. Review permission requirements with your administrator and retry workspace creation.
    • For other failures, click the workspace to view a detailed error message. You can make updates to the configuration and try to deploy the workspace again. See Troubleshooting creating workspaces.
  • Banned: Contact your Databricks representative.
  • Cancelling: In the process of cancellation.

Add security and compliance features

After your workspace is created, you can update it to add security and compliance features, such as customer-managed keys and compliance standards. For more information, see Update a running or failed workspace

Log in to the workspace

  1. Go to the account console and click the Workspaces icon.
  2. On the row with your workspace, click Open.

Next steps

Now that you have deployed a workspace, you can start building out your data strategy. Databricks recommends the following articles: