The Security Reference Architecture (SRA) implements typical security features as Terraform Templates that are deployed by most high-security organizations, and enforces controls for the largest risks that customers ask about most often.
45 - I've updated the README to include an FAQ. This will grow with time, but first it addresses how to add new Databricks resources into the repository. In addition, I've added updated SRA.tf as a required step in the list of actions. I've also added to be sure a user selects their desired operation mode first.
44 - I've updated SRA.TF to include null values for required variables. If the variables remain null, then they will throw on the terraform plan. Preventing a downstream issue.
43 - This is now updated to include the workspace catalog instead of the previous metastore S3 path. This is now dependent on the workspace creation, since the workspace ID is used in the catalog.
Solutions Accelerator:
SRA: SRA has been freshly cloned into the repository. It no longer requires a user name or password and the service principal that is doing the deployment will be used for this as well. To scale to more workspaces the SP can be added as an admin to those pre-existing workspaces.
Audit Log Alerts: Based on this blog post the Terraform code has been added which adds 40+ SQL alerts based on system tables for a Zero Trust Architecture.
Public Preview:
System Table Schemas: I've included an optional resource for System Table Schemas to be enabled. This adds the schemas for: access, billing, compute, marketplace, and storage. NOTE: This feature is in public preview.
Variable Updates:
The following variables have been updated to better reflect their actual usage.
In this PR I address:
45 - I've updated the README to include an FAQ. This will grow with time, but first it addresses how to add new Databricks resources into the repository. In addition, I've added updated SRA.tf as a required step in the list of actions. I've also added to be sure a user selects their desired operation mode first.
44 - I've updated SRA.TF to include null values for required variables. If the variables remain null, then they will throw on the terraform plan. Preventing a downstream issue.
43 - This is now updated to include the workspace catalog instead of the previous metastore S3 path. This is now dependent on the workspace creation, since the workspace ID is used in the catalog.
Solutions Accelerator:
Public Preview:
Variable Updates: The following variables have been updated to better reflect their actual usage.