MALFORMED_REQUEST error when saving a network configuration

Disable the AWS SCP policy.

Written by josue.gordon

Last published at: July 1st, 2025

Problem

After configuring your IAM role and access policy according to the Create an IAM role for workspace deployment documentation, you then manually create a new Databricks workspace.

 

On the Network configuration page, you select a VPC and click Save. You then receive the following error message. 

“MALFORMED_REQUEST: Failed credentials validation checks: Create VPC”

 

Cause

Your AWS account has a service control policy (SCP) that blocks the createVPC action during manual workspace creation.

 

This policy prevents the creation of new VPCs, which is necessary for creating a customer-managed VPC.

 

Solution

To resolve this issue, follow these steps: 

  1. Log in to your AWS Management Console.
  2. Navigate to the IAM (Identity and Access Management) service.
  3. Locate the SCP blocking the createVPC action.
  4. Edit the policy to remove the restriction on the createVPC action or disable the policy.
  5. Save the changes to the policy.
  6. Return to your Databricks environment and attempt to create the workspace again.

 

For more information, refer to the AWS Service control policies (SCPs) documentation and the Databricks Create a workspace with custom AWS configurations documentation.

 

Preventative measures

  • Regularly review your SCPs to ensure they are not blocking necessary actions.
  • When creating a new workspace, use a Databricks-managed VPC whenever possible to simplify the setup process.