Skip to main content
Last updated on

Create a classic workspace

This article describes how to create a classic workspace using automated configuration in the account console. Databricks recommends using automated configuration for most workspace deployments, as it prevents common configuration errors and has built-in approval workflows for users who need AWS admin authorization.

With automated configuration, you or an AWS admin grant Databricks temporary access to provision the required IAM roles, S3 bucket, and access policies in your AWS account. This automation also creates a customer-managed VPC to deploy the workspace in with default subnets, security groups, and routing tables.

If you instead want to manually provision and configure these resources, see Create a workspace with manual AWS configurations.

Requirements

To create a classic workspace with automated configuration:

  • You must be an account admin in your Databricks account.
  • Your AWS account must have available resources in the workspace region, including an available VPC and NAT gateway. You can view your available quotas and request increases using the AWS Service Quotas console.
  • Your AWS account must have the STS endpoint activated for us-west-2. For details, see the AWS documentation.
  • An AWS admin must grant Databricks temporary access to provision the required resources in your AWS account.

Create a workspace with automated configuration

Automated configuration uses AWS IAM temporary delegation to automatically provision all required resources for your workspace. This is the recommended method for most deployments because it prevents common configuration errors and provides built-in approval workflows for users who need AWS admin authorization. All automated actions are logged in AWS CloudTrail.

To create a workspace with automated configuration:

  1. Go to the account console and click the Workspaces icon.
  2. Click Create Workspace.
  3. Under Basics, confirm the workspace name and region.
  4. Under Compute, select or create a compute credential configuration and a network configuration. Both fields are required. The classic compute toggle is enabled by default and cannot be disabled. To create a new credential configuration, see Create a credential configuration.
  5. Under Storage, select or create a storage configuration. To create a new storage configuration, see Create a storage configuration.
  6. (Optional) Under Network, select or create a private link configuration. See Manage private access settings.
  7. (Optional) Under Encryption, configure customer-managed keys for managed services or workspace storage, and enable the compliance security profile or enhanced security monitoring. See Configure customer-managed keys for encryption and Configure enhanced security and compliance settings.
  8. Click Create workspace. You are automatically redirected to the workspace details page.

Provisioned resources

When you use automated configuration, Databricks provisions cloud resources in your AWS account and configuration objects in your Databricks account to represent them.

In your AWS account, the following resources are provisioned:

  • Cross-account IAM role with an access policy
  • Customer-managed VPC with default subnets, security groups, and routing tables
  • S3 bucket to store workspace assets and the workspace's default catalog
  • IAM role with an access policy to access the S3 bucket

In your Databricks account, the following configuration objects are created:

  • Credential configuration: Represents the cross-account IAM role used to deploy compute resources
  • Storage configuration: Represents the S3 bucket and the IAM role that is used to access the bucket
  • Classic network configuration: Represents the customer-managed VPC used to deploy the workspace

You can view and manage these configuration objects in your Databricks account console's Cloud resources page.

View workspace status

After you create a workspace, you can view its status on the Workspaces page.

  • Provisioning: Your Databricks workspace is being created. If the Databricks request for temporary access to your AWS account is pending approval, you'll see: "Our request to grant Databricks temporary access to your AWS account is pending approval from your AWS admin. Once approved, Databricks will resume workspace creation."
  • Running: Databricks workspace deployment was successful and is ready to use.
  • Failed: Databricks workspace deployment encountered an issue. Common scenarios include:
    • The request for temporary access to your AWS account expired because no action was taken within 7 days. You can retry workspace creation with a new delegation request.
    • Your AWS administrator declined the delegation request. Review permission requirements with your administrator and retry workspace creation.
    • For other failures, click the workspace to view a detailed error message. You can make updates to the configuration and try to deploy the workspace again. See Troubleshooting creating workspaces.
  • Banned: Contact your Databricks representative.
  • Cancelling: In the process of cancellation.

Add security and compliance features

After your workspace is created, you can update it to add security and compliance features, such as customer-managed keys and compliance standards. For more information, see Update a running or failed workspace

Log in to the workspace

  1. Go to the account console and click the Workspaces icon.
  2. On the row with your workspace, click Open.

Next steps

Now that you have deployed a workspace, you can start building out your data strategy. Databricks recommends the following articles:

On this page