Closed JDBraun closed 6 months ago
This is a priority issue and is currently being worked on. Due to a limitation in the AWS network firewall, HTTP/HTTPS traffic is inspected and limited, but other traffic such as on port 3306 is not being limited to the FQDN's in the allow list. To mitigate in the short term, a user can drop the required traffic in the "firewall_protocol_deny_list" variable, then use derby configs with Unity Catalog.
https://kb.databricks.com/metastore/set-up-embedded-metastore
Currently addressed in this PR: https://github.com/databricks/terraform-databricks-sra/pull/35 will continue to asses other traffic as need be
Firewall is currently allowing non-HTTPS or HTTP traffic due to no corresponding drop rule