Skip to content

Latest commit

 

History

History
67 lines (48 loc) · 2.74 KB

aws_assume_role_policy.md

File metadata and controls

67 lines (48 loc) · 2.74 KB
subcategory
Deployment

databricks_aws_assume_role_policy Data Source

This data source constructs necessary AWS STS assume role policy for you.

Example Usage

End-to-end example of provisioning Cross-account IAM role with databricks_mws_credentials and aws_iam_role:

variable "databricks_account_id" {
  description = "Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/"
}

data "databricks_aws_crossaccount_policy" "this" {}

resource "aws_iam_policy" "cross_account_policy" {
  name   = "${var.prefix}-crossaccount-iam-policy"
  policy = data.databricks_aws_crossaccount_policy.this.json
}

data "databricks_aws_assume_role_policy" "this" {
  external_id = var.databricks_account_id
}

resource "aws_iam_role" "cross_account" {
  name               = "${var.prefix}-crossaccount-iam-role"
  assume_role_policy = data.databricks_aws_assume_role_policy.this.json
  description        = "Grants Databricks full access to VPC resources"
}

resource "aws_iam_role_policy_attachment" "cross_account" {
  policy_arn = aws_iam_policy.cross_account_policy.arn
  role       = aws_iam_role.cross_account.name
}

// required only in case of multi-workspace setup
resource "databricks_mws_credentials" "this" {
  provider         = databricks.mws
  account_id       = var.databricks_account_id
  credentials_name = "${var.prefix}-creds"
  role_arn         = aws_iam_role.cross_account.arn
}

Argument Reference

  • external_id (Required) Account Id that could be found in the top right corner of Accounts Console.
  • aws_partition - (Optional) AWS partition. The options are aws or aws-us-gov. Defaults to aws
  • for_log_delivery (Optional) Either or not this assume role policy should be created for usage log delivery. Defaults to false.

Attribute Reference

In addition to all arguments above, the following attributes are exported:

  • json - AWS IAM Policy JSON document

Related Resources

The following resources are used in the same context: