This article describes private connectivity between users and their Databricks workspaces. For information on how to configure private connectivity from the control plane to the compute data plane, see Compute plane networking.
AWS PrivateLink provides private connectivity from AWS VPCs and on-premises networks to AWS services without exposing the traffic to the public network. Databricks supports using PrivateLink to allow users and applications to connect to Databricks over a VPC interface endpoint. This connection is supported when connecting to the web application, REST API, and the Databricks Connect API.
You can optionally mandate private connectivity for the workspace, which means Databricks rejects any connections over the public network. You must configure private connectivity from users to Databricks and from the control plane to the compute plane in order to mandate private connectivity for a worksapce.
You can enable PrivateLink while creating a workspace or on an existing workspace. To enable private connectivity to Databricks, see Enable AWS PrivateLink.