1. Packages
  2. Databricks
  3. API Docs
  4. getAwsCrossAccountPolicy
Databricks v1.56.0 published on Tuesday, Nov 12, 2024 by Pulumi

databricks.getAwsCrossAccountPolicy

Explore with Pulumi AI

databricks logo
Databricks v1.56.0 published on Tuesday, Nov 12, 2024 by Pulumi

    Note This data source can only be used with an account-level provider!

    This data source constructs necessary AWS cross-account policy for you, which is based on official documentation.

    Example Usage

    For more detailed usage please see databricks.getAwsAssumeRolePolicy or databricks_aws_s3_mount pages.

    import * as pulumi from "@pulumi/pulumi";
    import * as databricks from "@pulumi/databricks";
    
    const this = databricks.getAwsCrossAccountPolicy({});
    
    import pulumi
    import pulumi_databricks as databricks
    
    this = databricks.get_aws_cross_account_policy()
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := databricks.GetAwsCrossAccountPolicy(ctx, &databricks.GetAwsCrossAccountPolicyArgs{}, nil)
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Databricks = Pulumi.Databricks;
    
    return await Deployment.RunAsync(() => 
    {
        var @this = Databricks.GetAwsCrossAccountPolicy.Invoke();
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.databricks.DatabricksFunctions;
    import com.pulumi.databricks.inputs.GetAwsCrossAccountPolicyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var this = DatabricksFunctions.getAwsCrossAccountPolicy();
    
        }
    }
    
    variables:
      this:
        fn::invoke:
          Function: databricks:getAwsCrossAccountPolicy
          Arguments: {}
    

    The following resources are used in the same context:

    • Provisioning AWS Databricks workspaces with a Hub & Spoke firewall for data exfiltration protection guide
    • databricks.getAwsAssumeRolePolicy data to construct the necessary AWS STS assume role policy.
    • databricks.getAwsBucketPolicy data to configure a simple access policy for AWS S3 buckets, so that Databricks can access data in it.
    • databricks.InstanceProfile to manage AWS EC2 instance profiles that users can launch databricks.Cluster and access data, like databricks_mount.

    Using getAwsCrossAccountPolicy

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getAwsCrossAccountPolicy(args: GetAwsCrossAccountPolicyArgs, opts?: InvokeOptions): Promise<GetAwsCrossAccountPolicyResult>
    function getAwsCrossAccountPolicyOutput(args: GetAwsCrossAccountPolicyOutputArgs, opts?: InvokeOptions): Output<GetAwsCrossAccountPolicyResult>
    def get_aws_cross_account_policy(aws_account_id: Optional[str] = None,
                                     pass_roles: Optional[Sequence[str]] = None,
                                     policy_type: Optional[str] = None,
                                     region: Optional[str] = None,
                                     security_group_id: Optional[str] = None,
                                     vpc_id: Optional[str] = None,
                                     opts: Optional[InvokeOptions] = None) -> GetAwsCrossAccountPolicyResult
    def get_aws_cross_account_policy_output(aws_account_id: Optional[pulumi.Input[str]] = None,
                                     pass_roles: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                                     policy_type: Optional[pulumi.Input[str]] = None,
                                     region: Optional[pulumi.Input[str]] = None,
                                     security_group_id: Optional[pulumi.Input[str]] = None,
                                     vpc_id: Optional[pulumi.Input[str]] = None,
                                     opts: Optional[InvokeOptions] = None) -> Output[GetAwsCrossAccountPolicyResult]
    func GetAwsCrossAccountPolicy(ctx *Context, args *GetAwsCrossAccountPolicyArgs, opts ...InvokeOption) (*GetAwsCrossAccountPolicyResult, error)
    func GetAwsCrossAccountPolicyOutput(ctx *Context, args *GetAwsCrossAccountPolicyOutputArgs, opts ...InvokeOption) GetAwsCrossAccountPolicyResultOutput

    > Note: This function is named GetAwsCrossAccountPolicy in the Go SDK.

    public static class GetAwsCrossAccountPolicy 
    {
        public static Task<GetAwsCrossAccountPolicyResult> InvokeAsync(GetAwsCrossAccountPolicyArgs args, InvokeOptions? opts = null)
        public static Output<GetAwsCrossAccountPolicyResult> Invoke(GetAwsCrossAccountPolicyInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetAwsCrossAccountPolicyResult> getAwsCrossAccountPolicy(GetAwsCrossAccountPolicyArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: databricks:index/getAwsCrossAccountPolicy:getAwsCrossAccountPolicy
      arguments:
        # arguments dictionary

    The following arguments are supported:

    AwsAccountId string
    — Your AWS account ID, which is a number.
    PassRoles List<string>
    List of Data IAM role ARNs that are explicitly granted iam:PassRole action. The below arguments are only valid for restricted policy type
    PolicyType string
    The type of cross account policy to generated: managed for Databricks-managed VPC and customer for customer-managed VPC, restricted for customer-managed VPC with policy restrictions
    Region string
    — AWS Region name for your VPC deployment, for example us-west-2.
    SecurityGroupId string
    — ID of your AWS security group. When you add a security group restriction, you cannot reuse the cross-account IAM role or reference a credentials ID (credentials_id) for any other workspaces. For those other workspaces, you must create separate roles, policies, and credentials objects.
    VpcId string
    — ID of the AWS VPC where you want to launch workspaces.
    AwsAccountId string
    — Your AWS account ID, which is a number.
    PassRoles []string
    List of Data IAM role ARNs that are explicitly granted iam:PassRole action. The below arguments are only valid for restricted policy type
    PolicyType string
    The type of cross account policy to generated: managed for Databricks-managed VPC and customer for customer-managed VPC, restricted for customer-managed VPC with policy restrictions
    Region string
    — AWS Region name for your VPC deployment, for example us-west-2.
    SecurityGroupId string
    — ID of your AWS security group. When you add a security group restriction, you cannot reuse the cross-account IAM role or reference a credentials ID (credentials_id) for any other workspaces. For those other workspaces, you must create separate roles, policies, and credentials objects.
    VpcId string
    — ID of the AWS VPC where you want to launch workspaces.
    awsAccountId String
    — Your AWS account ID, which is a number.
    passRoles List<String>
    List of Data IAM role ARNs that are explicitly granted iam:PassRole action. The below arguments are only valid for restricted policy type
    policyType String
    The type of cross account policy to generated: managed for Databricks-managed VPC and customer for customer-managed VPC, restricted for customer-managed VPC with policy restrictions
    region String
    — AWS Region name for your VPC deployment, for example us-west-2.
    securityGroupId String
    — ID of your AWS security group. When you add a security group restriction, you cannot reuse the cross-account IAM role or reference a credentials ID (credentials_id) for any other workspaces. For those other workspaces, you must create separate roles, policies, and credentials objects.
    vpcId String
    — ID of the AWS VPC where you want to launch workspaces.
    awsAccountId string
    — Your AWS account ID, which is a number.
    passRoles string[]
    List of Data IAM role ARNs that are explicitly granted iam:PassRole action. The below arguments are only valid for restricted policy type
    policyType string
    The type of cross account policy to generated: managed for Databricks-managed VPC and customer for customer-managed VPC, restricted for customer-managed VPC with policy restrictions
    region string
    — AWS Region name for your VPC deployment, for example us-west-2.
    securityGroupId string
    — ID of your AWS security group. When you add a security group restriction, you cannot reuse the cross-account IAM role or reference a credentials ID (credentials_id) for any other workspaces. For those other workspaces, you must create separate roles, policies, and credentials objects.
    vpcId string
    — ID of the AWS VPC where you want to launch workspaces.
    aws_account_id str
    — Your AWS account ID, which is a number.
    pass_roles Sequence[str]
    List of Data IAM role ARNs that are explicitly granted iam:PassRole action. The below arguments are only valid for restricted policy type
    policy_type str
    The type of cross account policy to generated: managed for Databricks-managed VPC and customer for customer-managed VPC, restricted for customer-managed VPC with policy restrictions
    region str
    — AWS Region name for your VPC deployment, for example us-west-2.
    security_group_id str
    — ID of your AWS security group. When you add a security group restriction, you cannot reuse the cross-account IAM role or reference a credentials ID (credentials_id) for any other workspaces. For those other workspaces, you must create separate roles, policies, and credentials objects.
    vpc_id str
    — ID of the AWS VPC where you want to launch workspaces.
    awsAccountId String
    — Your AWS account ID, which is a number.
    passRoles List<String>
    List of Data IAM role ARNs that are explicitly granted iam:PassRole action. The below arguments are only valid for restricted policy type
    policyType String
    The type of cross account policy to generated: managed for Databricks-managed VPC and customer for customer-managed VPC, restricted for customer-managed VPC with policy restrictions
    region String
    — AWS Region name for your VPC deployment, for example us-west-2.
    securityGroupId String
    — ID of your AWS security group. When you add a security group restriction, you cannot reuse the cross-account IAM role or reference a credentials ID (credentials_id) for any other workspaces. For those other workspaces, you must create separate roles, policies, and credentials objects.
    vpcId String
    — ID of the AWS VPC where you want to launch workspaces.

    getAwsCrossAccountPolicy Result

    The following output properties are available:

    Id string
    The provider-assigned unique ID for this managed resource.
    Json string
    AWS IAM Policy JSON document
    AwsAccountId string
    PassRoles List<string>
    PolicyType string
    Region string
    SecurityGroupId string
    VpcId string
    Id string
    The provider-assigned unique ID for this managed resource.
    Json string
    AWS IAM Policy JSON document
    AwsAccountId string
    PassRoles []string
    PolicyType string
    Region string
    SecurityGroupId string
    VpcId string
    id String
    The provider-assigned unique ID for this managed resource.
    json String
    AWS IAM Policy JSON document
    awsAccountId String
    passRoles List<String>
    policyType String
    region String
    securityGroupId String
    vpcId String
    id string
    The provider-assigned unique ID for this managed resource.
    json string
    AWS IAM Policy JSON document
    awsAccountId string
    passRoles string[]
    policyType string
    region string
    securityGroupId string
    vpcId string
    id str
    The provider-assigned unique ID for this managed resource.
    json str
    AWS IAM Policy JSON document
    aws_account_id str
    pass_roles Sequence[str]
    policy_type str
    region str
    security_group_id str
    vpc_id str
    id String
    The provider-assigned unique ID for this managed resource.
    json String
    AWS IAM Policy JSON document
    awsAccountId String
    passRoles List<String>
    policyType String
    region String
    securityGroupId String
    vpcId String

    Package Details

    Repository
    databricks pulumi/pulumi-databricks
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the databricks Terraform Provider.
    databricks logo
    Databricks v1.56.0 published on Tuesday, Nov 12, 2024 by Pulumi