1. Packages
  2. Databricks
  3. API Docs
  4. getAwsUnityCatalogAssumeRolePolicy
Databricks v1.56.0 published on Tuesday, Nov 12, 2024 by Pulumi

databricks.getAwsUnityCatalogAssumeRolePolicy

Explore with Pulumi AI

databricks logo
Databricks v1.56.0 published on Tuesday, Nov 12, 2024 by Pulumi

    Note This resource has an evolving API, which may change in future versions of the provider. Please always consult latest documentation in case of any questions.

    This data source constructs the necessary AWS Unity Catalog assume role policy for you.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    import * as databricks from "@pulumi/databricks";
    
    const this = databricks.getAwsUnityCatalogPolicy({
        awsAccountId: awsAccountId,
        bucketName: "databricks-bucket",
        roleName: `${prefix}-uc-access`,
        kmsName: "arn:aws:kms:us-west-2:111122223333:key/databricks-kms",
    });
    const thisGetAwsUnityCatalogAssumeRolePolicy = databricks.getAwsUnityCatalogAssumeRolePolicy({
        awsAccountId: awsAccountId,
        roleName: `${prefix}-uc-access`,
        externalId: "12345",
    });
    const unityMetastore = new aws.iam.Policy("unity_metastore", {
        name: `${prefix}-unity-catalog-metastore-access-iam-policy`,
        policy: _this.then(_this => _this.json),
    });
    const metastoreDataAccess = new aws.iam.Role("metastore_data_access", {
        name: `${prefix}-uc-access`,
        assumeRolePolicy: thisGetAwsUnityCatalogAssumeRolePolicy.then(thisGetAwsUnityCatalogAssumeRolePolicy => thisGetAwsUnityCatalogAssumeRolePolicy.json),
        managedPolicyArns: [unityMetastore.arn],
    });
    
    import pulumi
    import pulumi_aws as aws
    import pulumi_databricks as databricks
    
    this = databricks.get_aws_unity_catalog_policy(aws_account_id=aws_account_id,
        bucket_name="databricks-bucket",
        role_name=f"{prefix}-uc-access",
        kms_name="arn:aws:kms:us-west-2:111122223333:key/databricks-kms")
    this_get_aws_unity_catalog_assume_role_policy = databricks.get_aws_unity_catalog_assume_role_policy(aws_account_id=aws_account_id,
        role_name=f"{prefix}-uc-access",
        external_id="12345")
    unity_metastore = aws.iam.Policy("unity_metastore",
        name=f"{prefix}-unity-catalog-metastore-access-iam-policy",
        policy=this.json)
    metastore_data_access = aws.iam.Role("metastore_data_access",
        name=f"{prefix}-uc-access",
        assume_role_policy=this_get_aws_unity_catalog_assume_role_policy.json,
        managed_policy_arns=[unity_metastore.arn])
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
    	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		this, err := databricks.GetAwsUnityCatalogPolicy(ctx, &databricks.GetAwsUnityCatalogPolicyArgs{
    			AwsAccountId: awsAccountId,
    			BucketName:   "databricks-bucket",
    			RoleName:     fmt.Sprintf("%v-uc-access", prefix),
    			KmsName:      pulumi.StringRef("arn:aws:kms:us-west-2:111122223333:key/databricks-kms"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		thisGetAwsUnityCatalogAssumeRolePolicy, err := databricks.GetAwsUnityCatalogAssumeRolePolicy(ctx, &databricks.GetAwsUnityCatalogAssumeRolePolicyArgs{
    			AwsAccountId: awsAccountId,
    			RoleName:     fmt.Sprintf("%v-uc-access", prefix),
    			ExternalId:   "12345",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		unityMetastore, err := iam.NewPolicy(ctx, "unity_metastore", &iam.PolicyArgs{
    			Name:   pulumi.Sprintf("%v-unity-catalog-metastore-access-iam-policy", prefix),
    			Policy: pulumi.String(this.Json),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = iam.NewRole(ctx, "metastore_data_access", &iam.RoleArgs{
    			Name:             pulumi.Sprintf("%v-uc-access", prefix),
    			AssumeRolePolicy: pulumi.String(thisGetAwsUnityCatalogAssumeRolePolicy.Json),
    			ManagedPolicyArns: pulumi.StringArray{
    				unityMetastore.Arn,
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    using Databricks = Pulumi.Databricks;
    
    return await Deployment.RunAsync(() => 
    {
        var @this = Databricks.GetAwsUnityCatalogPolicy.Invoke(new()
        {
            AwsAccountId = awsAccountId,
            BucketName = "databricks-bucket",
            RoleName = $"{prefix}-uc-access",
            KmsName = "arn:aws:kms:us-west-2:111122223333:key/databricks-kms",
        });
    
        var thisGetAwsUnityCatalogAssumeRolePolicy = Databricks.GetAwsUnityCatalogAssumeRolePolicy.Invoke(new()
        {
            AwsAccountId = awsAccountId,
            RoleName = $"{prefix}-uc-access",
            ExternalId = "12345",
        });
    
        var unityMetastore = new Aws.Iam.Policy("unity_metastore", new()
        {
            Name = $"{prefix}-unity-catalog-metastore-access-iam-policy",
            PolicyDocument = @this.Apply(@this => @this.Apply(getAwsUnityCatalogPolicyResult => getAwsUnityCatalogPolicyResult.Json)),
        });
    
        var metastoreDataAccess = new Aws.Iam.Role("metastore_data_access", new()
        {
            Name = $"{prefix}-uc-access",
            AssumeRolePolicy = thisGetAwsUnityCatalogAssumeRolePolicy.Apply(getAwsUnityCatalogAssumeRolePolicyResult => getAwsUnityCatalogAssumeRolePolicyResult.Json),
            ManagedPolicyArns = new[]
            {
                unityMetastore.Arn,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.databricks.DatabricksFunctions;
    import com.pulumi.databricks.inputs.GetAwsUnityCatalogPolicyArgs;
    import com.pulumi.databricks.inputs.GetAwsUnityCatalogAssumeRolePolicyArgs;
    import com.pulumi.aws.iam.Policy;
    import com.pulumi.aws.iam.PolicyArgs;
    import com.pulumi.aws.iam.Role;
    import com.pulumi.aws.iam.RoleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var this = DatabricksFunctions.getAwsUnityCatalogPolicy(GetAwsUnityCatalogPolicyArgs.builder()
                .awsAccountId(awsAccountId)
                .bucketName("databricks-bucket")
                .roleName(String.format("%s-uc-access", prefix))
                .kmsName("arn:aws:kms:us-west-2:111122223333:key/databricks-kms")
                .build());
    
            final var thisGetAwsUnityCatalogAssumeRolePolicy = DatabricksFunctions.getAwsUnityCatalogAssumeRolePolicy(GetAwsUnityCatalogAssumeRolePolicyArgs.builder()
                .awsAccountId(awsAccountId)
                .roleName(String.format("%s-uc-access", prefix))
                .externalId("12345")
                .build());
    
            var unityMetastore = new Policy("unityMetastore", PolicyArgs.builder()
                .name(String.format("%s-unity-catalog-metastore-access-iam-policy", prefix))
                .policy(this_.json())
                .build());
    
            var metastoreDataAccess = new Role("metastoreDataAccess", RoleArgs.builder()
                .name(String.format("%s-uc-access", prefix))
                .assumeRolePolicy(thisGetAwsUnityCatalogAssumeRolePolicy.applyValue(getAwsUnityCatalogAssumeRolePolicyResult -> getAwsUnityCatalogAssumeRolePolicyResult.json()))
                .managedPolicyArns(unityMetastore.arn())
                .build());
    
        }
    }
    
    resources:
      unityMetastore:
        type: aws:iam:Policy
        name: unity_metastore
        properties:
          name: ${prefix}-unity-catalog-metastore-access-iam-policy
          policy: ${this.json}
      metastoreDataAccess:
        type: aws:iam:Role
        name: metastore_data_access
        properties:
          name: ${prefix}-uc-access
          assumeRolePolicy: ${thisGetAwsUnityCatalogAssumeRolePolicy.json}
          managedPolicyArns:
            - ${unityMetastore.arn}
    variables:
      this:
        fn::invoke:
          Function: databricks:getAwsUnityCatalogPolicy
          Arguments:
            awsAccountId: ${awsAccountId}
            bucketName: databricks-bucket
            roleName: ${prefix}-uc-access
            kmsName: arn:aws:kms:us-west-2:111122223333:key/databricks-kms
      thisGetAwsUnityCatalogAssumeRolePolicy:
        fn::invoke:
          Function: databricks:getAwsUnityCatalogAssumeRolePolicy
          Arguments:
            awsAccountId: ${awsAccountId}
            roleName: ${prefix}-uc-access
            externalId: '12345'
    

    Using getAwsUnityCatalogAssumeRolePolicy

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getAwsUnityCatalogAssumeRolePolicy(args: GetAwsUnityCatalogAssumeRolePolicyArgs, opts?: InvokeOptions): Promise<GetAwsUnityCatalogAssumeRolePolicyResult>
    function getAwsUnityCatalogAssumeRolePolicyOutput(args: GetAwsUnityCatalogAssumeRolePolicyOutputArgs, opts?: InvokeOptions): Output<GetAwsUnityCatalogAssumeRolePolicyResult>
    def get_aws_unity_catalog_assume_role_policy(aws_account_id: Optional[str] = None,
                                                 external_id: Optional[str] = None,
                                                 role_name: Optional[str] = None,
                                                 unity_catalog_iam_arn: Optional[str] = None,
                                                 opts: Optional[InvokeOptions] = None) -> GetAwsUnityCatalogAssumeRolePolicyResult
    def get_aws_unity_catalog_assume_role_policy_output(aws_account_id: Optional[pulumi.Input[str]] = None,
                                                 external_id: Optional[pulumi.Input[str]] = None,
                                                 role_name: Optional[pulumi.Input[str]] = None,
                                                 unity_catalog_iam_arn: Optional[pulumi.Input[str]] = None,
                                                 opts: Optional[InvokeOptions] = None) -> Output[GetAwsUnityCatalogAssumeRolePolicyResult]
    func GetAwsUnityCatalogAssumeRolePolicy(ctx *Context, args *GetAwsUnityCatalogAssumeRolePolicyArgs, opts ...InvokeOption) (*GetAwsUnityCatalogAssumeRolePolicyResult, error)
    func GetAwsUnityCatalogAssumeRolePolicyOutput(ctx *Context, args *GetAwsUnityCatalogAssumeRolePolicyOutputArgs, opts ...InvokeOption) GetAwsUnityCatalogAssumeRolePolicyResultOutput

    > Note: This function is named GetAwsUnityCatalogAssumeRolePolicy in the Go SDK.

    public static class GetAwsUnityCatalogAssumeRolePolicy 
    {
        public static Task<GetAwsUnityCatalogAssumeRolePolicyResult> InvokeAsync(GetAwsUnityCatalogAssumeRolePolicyArgs args, InvokeOptions? opts = null)
        public static Output<GetAwsUnityCatalogAssumeRolePolicyResult> Invoke(GetAwsUnityCatalogAssumeRolePolicyInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetAwsUnityCatalogAssumeRolePolicyResult> getAwsUnityCatalogAssumeRolePolicy(GetAwsUnityCatalogAssumeRolePolicyArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: databricks:index/getAwsUnityCatalogAssumeRolePolicy:getAwsUnityCatalogAssumeRolePolicy
      arguments:
        # arguments dictionary

    The following arguments are supported:

    AwsAccountId string
    The Account ID of the current AWS account (not your Databricks account).
    ExternalId string
    The storage credential external id.
    RoleName string
    The name of the AWS IAM role to be created for Unity Catalog.
    UnityCatalogIamArn string
    The Databricks Unity Catalog IAM Role ARN. Defaults to arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL
    AwsAccountId string
    The Account ID of the current AWS account (not your Databricks account).
    ExternalId string
    The storage credential external id.
    RoleName string
    The name of the AWS IAM role to be created for Unity Catalog.
    UnityCatalogIamArn string
    The Databricks Unity Catalog IAM Role ARN. Defaults to arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL
    awsAccountId String
    The Account ID of the current AWS account (not your Databricks account).
    externalId String
    The storage credential external id.
    roleName String
    The name of the AWS IAM role to be created for Unity Catalog.
    unityCatalogIamArn String
    The Databricks Unity Catalog IAM Role ARN. Defaults to arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL
    awsAccountId string
    The Account ID of the current AWS account (not your Databricks account).
    externalId string
    The storage credential external id.
    roleName string
    The name of the AWS IAM role to be created for Unity Catalog.
    unityCatalogIamArn string
    The Databricks Unity Catalog IAM Role ARN. Defaults to arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL
    aws_account_id str
    The Account ID of the current AWS account (not your Databricks account).
    external_id str
    The storage credential external id.
    role_name str
    The name of the AWS IAM role to be created for Unity Catalog.
    unity_catalog_iam_arn str
    The Databricks Unity Catalog IAM Role ARN. Defaults to arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL
    awsAccountId String
    The Account ID of the current AWS account (not your Databricks account).
    externalId String
    The storage credential external id.
    roleName String
    The name of the AWS IAM role to be created for Unity Catalog.
    unityCatalogIamArn String
    The Databricks Unity Catalog IAM Role ARN. Defaults to arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL

    getAwsUnityCatalogAssumeRolePolicy Result

    The following output properties are available:

    AwsAccountId string
    ExternalId string
    Id string
    Json string
    AWS IAM Policy JSON document for assume role
    RoleName string
    UnityCatalogIamArn string
    AwsAccountId string
    ExternalId string
    Id string
    Json string
    AWS IAM Policy JSON document for assume role
    RoleName string
    UnityCatalogIamArn string
    awsAccountId String
    externalId String
    id String
    json String
    AWS IAM Policy JSON document for assume role
    roleName String
    unityCatalogIamArn String
    awsAccountId string
    externalId string
    id string
    json string
    AWS IAM Policy JSON document for assume role
    roleName string
    unityCatalogIamArn string
    aws_account_id str
    external_id str
    id str
    json str
    AWS IAM Policy JSON document for assume role
    role_name str
    unity_catalog_iam_arn str
    awsAccountId String
    externalId String
    id String
    json String
    AWS IAM Policy JSON document for assume role
    roleName String
    unityCatalogIamArn String

    Package Details

    Repository
    databricks pulumi/pulumi-databricks
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the databricks Terraform Provider.
    databricks logo
    Databricks v1.56.0 published on Tuesday, Nov 12, 2024 by Pulumi