I design and implement secure, production-grade Data and AI platforms across Azure, AWS, and GCP. Specializing in Databricks architecture, zero-trust security, and infrastructure automation.
- ποΈ Build secure data lakehouses with Private Link, Unity Catalog, and data exfiltration protection
- βοΈ Multi-cloud Databricks architecture for regulated industries (finance, healthcare, government)
- βοΈ Infrastructure as Code with modular Terraform templates and automation frameworks
- π Share knowledge through technical articles and open source contributions
Latest Articles (13+ published on Databricks Blog):
- A Unified Approach to Data Exfiltration Protection on Databricks (Aug 2025)
- BigQuery adds first-party support for Delta Lake (Jun 2024)
- How Delta Sharing Enables Secure End-to-End Collaboration (May 2024)
- Data Exfiltration Protection with Azure Databricks (Mar 2024)
Security Infrastructure Multi-Cloud
βββββββββββββββββ ββββββββββββββββββββ βββββββββββββ
β’ DEP Frameworks β’ Terraform Modules β’ Azure (ADB)
β’ Unity Catalog β’ CI/CD Pipelines β’ AWS (DB)
β’ Private Link β’ Config Management β’ GCP (DB)
β’ CMK/Encryption β’ Custom Agents β’ VNet/VPC/VPC-SC
β’ Network Security β’ ADR Framework β’ Cross-Cloud
- π Blog: databricks.com/blog/author/bhavin-kukadia
- πΌ LinkedIn: linkedin.com/in/bhavink
- π Full Profile: ABOUT.md
"Building secure, scalable data platforms that enable innovation while protecting what matters most."
This repository contains production-ready infrastructure templates, ready-to-use code samples, how-to guides, and deployment architectures to help you learn and operate the Databricks Lakehouse on Azure, AWS, and GCP.
| Cloud | Description | Path |
|---|---|---|
| π· Azure | Production-ready security & modular Terraform deployment patterns | adb4u |
| βοΈ AWS | Private Link workspace templates with DEP controls | awsdb4u |
| π’ GCP | VPC-SC, Private Service Connect, CMEK implementations | gcpdb4u |
| π REST API | Postman collections for Databricks REST APIs | databricks-rest-api-collection |
| π Jump Start | Curated code samples and tutorials | databricks-jump-start |
| π οΈ Utils | Utilities and helper scripts | databricks-utils |
Production-Ready Modular Terraform Templates
- β Focus: Security, governance, and production-ready deployment patterns
- ποΈ Architecture: Non-PL, Full Private (air-gapped), Hub-Spoke with firewall
- π Security: Unity Catalog, Private Link, NPIP/SCC, CMK, Service Endpoints
- π Documentation: 2,300+ lines with UML diagrams, traffic flows, troubleshooting guides
- π Path:
adb4u/
Key Features:
- Modular Terraform structure (Networking, Workspace, Unity Catalog, Key Vault)
- BYOV (Bring Your Own VNet/Subnet/NSG) support
- Automated NSG rule management for SCC workspaces
- Customer-Managed Keys with auto-rotation
- Comprehensive deployment checklists and troubleshooting
Quick Start: See adb4u/docs/01-QUICKSTART.md
Private Link Workspace Templates with DEP Controls
- π― Focus: Deploying and operating Databricks on AWS with best practices
- π Security: VPC design, Private Link, PrivateLink endpoints, data exfiltration protection
- π Topics: S3 data access patterns, IAM roles and policies, cross-account setups
- π οΈ Automation: Infrastructure templates and configuration management
- π Path:
awsdb4u/
Key Features:
- Private Link workspace deployments
- Data Exfiltration Protection (DEP) controls
- VPC and subnet design patterns
- IAM role and policy automation
- Cross-account setup guidance
VPC-SC, Private Service Connect, CMEK Implementations
- π― Focus: GCP-specific guidance with emphasis on data plane security
- π Security: VPC-SC perimeters, Private Service Connect, KMS integration
- π Networking: VPC and subnet design, private connectivity patterns
- π Identity: IAM & service accounts, Workload Identity Federation
- π Path:
gcpdb4u/
Key Features:
- VPC Service Controls (VPC-SC) integration
- Private Service Connect (PSC) for workspace connectivity
- Google KMS integration for encryption
- GCS connectors and data access patterns
- Data exfiltration prevention patterns
Pick the folder that matches your target environment:
Each cloud folder contains multiple deployment patterns:
- Non-Private Link: Public control plane + private data plane (NPIP)
- Full Private: Private Link for both control and data planes
- Hub-Spoke: Centralized networking with egress control
- Read the README in your chosen folder
- Review architecture diagrams and documentation
- Follow step-by-step deployment instructions
- Use provided Terraform modules and templates
- REST API Collections:
databricks-rest-api-collection/ - Jump Start Tutorials:
databricks-jump-start/ - Utility Scripts:
databricks-utils/
- β Modular Terraform code with conditional logic
- β Support for BYOV (Bring Your Own VNet/VPC)
- β Automated network security group rules
- β Unity Catalog with regional metastore management
- π 2,300+ lines of detailed guides
- π UML architecture and sequence diagrams
- π Traffic flow analysis with cost breakdowns
β οΈ Troubleshooting guides and deployment checklists
- π Data Exfiltration Protection (DEP) frameworks
- π Customer-Managed Keys (CMK) with auto-rotation
- π Private Link, VPC-SC, and network isolation
- π‘οΈ Zero-trust architectures for regulated industries
Contributions are welcome! Please:
- Open issues for bugs, questions, or feature requests
- Submit pull requests for:
- Documentation improvements
- Additional cloud scenarios
- New deployment templates
- Bug fixes or enhancements
This repository follows the licensing described in the project. Please see the LICENSE file (if present) or reach out for clarification.
- Databricks Blog Articles: All 13+ Articles
- Professional Profile: ABOUT.md
- Custom Agent Framework: custom-agents/
- Architecture Decision Records: ADR Framework