What is serverless egress control?

Preview

This article explains how serverless egress control allows you to manage outbound network connections from your serverless compute resources.

Serverless egress control strengthens your security posture by allowing you to manage outbound connections from your serverless workloads, reducing the risk of data exfiltration.

Using network policies, you can:

Enforce deny-by-default posture: Control outbound access with granular precision by enabling a deny-by-default policy for internet, cloud storage, and Databricks API connections.
Simplify management: Define a consistent egress control posture for all your serverless workloads across multiple serverless products.
Easily manage at scale: Centrally manage your posture across multiple workspaces and enforce a default policy for your Databricks account.
Safely rollout policies: Mitigate risk by evaluating the effects of any new policy in log-only mode before full enforcement.

This preview supports the following serverless products: notebooks, workflows, SQL warehouses, Delta Live Tables pipelines, Mosaic AI Model Serving, Lakehouse Monitoring, and Databricks Apps with limited support.

Note

Enabling egress restrictions on a workspace prevents Databricks Apps from accessing unauthorized resources. However, implementing egress restrictions could affect application functionality.

Network policy overview

A network policy is a configuration object applied at the Databricks account level. While a single network policy can be associated with multiple Databricks workspaces, each workspace can only be linked to one policy at a time.

Network policies define the network access mode for serverless workloads within the associated workspaces. There are two primary modes:

Full Access: Serverless workloads have unrestricted outbound access to the internet and other network resources.
Restricted Access: Outbound access is limited to:
- Unity Catalog destinations: Locations and connections configured within Unity Catalog that are accessible from the workspace.
- Explicitly defined destinations: FQDNs and S3 buckets are listed in the network policy.

Security posture

When a network policy is set to restricted access mode, outbound network connections from serverless workloads are tightly controlled.

Behavior	Details
Deny by default outbound connectivity	Serverless workloads only have access to the following: destinations configured through Unity Catalog locations or connections which are allowed by default, FQDNs or storage locations defined in the policy, and workspace APIs of the same workspace as the workload. Cross-workspace access is denied.
No direct storage access	Direct access from user code in UDFs and notebooks is prohibited. Instead, use Databricks abstractions like Unity Catalog or DBFS mounts. DBFS mounts allow secure access to data in S3 buckets listed in the network policy.
Implicitly allowed destinations	You can always access the S3 bucket associated with your workspace, essential system tables, and sample datasets (read-only).
Policy enforcement for private endpoints	Outbound access through private endpoints is also subject to the rules defined in the network policy. The destination must be listed either in Unity Catalog or within the policy. This ensures consistent security enforcement across all network access methods.