Docs Home
Databricks v1.56.0 published on Tuesday, Nov 12, 2024 by Pulumi
databricks.MwsCredentials
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as databricks from "@pulumi/databricks";
const config = new pulumi.Config();
// Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/
const databricksAccountId = config.requireObject("databricksAccountId");
// Names of created resources will be prefixed with this value
const prefix = config.requireObject("prefix");
const this = databricks.getAwsAssumeRolePolicy({
externalId: databricksAccountId,
});
const crossAccountRole = new aws.iam.Role("cross_account_role", {
name: `${prefix}-crossaccount`,
assumeRolePolicy: _this.then(_this => _this.json),
tags: tags,
});
const thisGetAwsCrossAccountPolicy = databricks.getAwsCrossAccountPolicy({});
const thisRolePolicy = new aws.iam.RolePolicy("this", {
name: `${prefix}-policy`,
role: crossAccountRole.id,
policy: thisGetAwsCrossAccountPolicy.then(thisGetAwsCrossAccountPolicy => thisGetAwsCrossAccountPolicy.json),
});
const thisMwsCredentials = new databricks.MwsCredentials("this", {
credentialsName: `${prefix}-creds`,
roleArn: crossAccountRole.arn,
});
import pulumi
import pulumi_aws as aws
import pulumi_databricks as databricks
config = pulumi.Config()
# Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/
databricks_account_id = config.require_object("databricksAccountId")
# Names of created resources will be prefixed with this value
prefix = config.require_object("prefix")
this = databricks.get_aws_assume_role_policy(external_id=databricks_account_id)
cross_account_role = aws.iam.Role("cross_account_role",
name=f"{prefix}-crossaccount",
assume_role_policy=this.json,
tags=tags)
this_get_aws_cross_account_policy = databricks.get_aws_cross_account_policy()
this_role_policy = aws.iam.RolePolicy("this",
name=f"{prefix}-policy",
role=cross_account_role.id,
policy=this_get_aws_cross_account_policy.json)
this_mws_credentials = databricks.MwsCredentials("this",
credentials_name=f"{prefix}-creds",
role_arn=cross_account_role.arn)
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
// Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/
databricksAccountId := cfg.RequireObject("databricksAccountId")
// Names of created resources will be prefixed with this value
prefix := cfg.RequireObject("prefix")
this, err := databricks.GetAwsAssumeRolePolicy(ctx, &databricks.GetAwsAssumeRolePolicyArgs{
ExternalId: databricksAccountId,
}, nil)
if err != nil {
return err
}
crossAccountRole, err := iam.NewRole(ctx, "cross_account_role", &iam.RoleArgs{
Name: pulumi.Sprintf("%v-crossaccount", prefix),
AssumeRolePolicy: pulumi.String(this.Json),
Tags: pulumi.Any(tags),
})
if err != nil {
return err
}
thisGetAwsCrossAccountPolicy, err := databricks.GetAwsCrossAccountPolicy(ctx, &databricks.GetAwsCrossAccountPolicyArgs{}, nil)
if err != nil {
return err
}
_, err = iam.NewRolePolicy(ctx, "this", &iam.RolePolicyArgs{
Name: pulumi.Sprintf("%v-policy", prefix),
Role: crossAccountRole.ID(),
Policy: pulumi.String(thisGetAwsCrossAccountPolicy.Json),
})
if err != nil {
return err
}
_, err = databricks.NewMwsCredentials(ctx, "this", &databricks.MwsCredentialsArgs{
CredentialsName: pulumi.Sprintf("%v-creds", prefix),
RoleArn: crossAccountRole.Arn,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var config = new Config();
// Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/
var databricksAccountId = config.RequireObject<dynamic>("databricksAccountId");
// Names of created resources will be prefixed with this value
var prefix = config.RequireObject<dynamic>("prefix");
var @this = Databricks.GetAwsAssumeRolePolicy.Invoke(new()
{
ExternalId = databricksAccountId,
});
var crossAccountRole = new Aws.Iam.Role("cross_account_role", new()
{
Name = $"{prefix}-crossaccount",
AssumeRolePolicy = @this.Apply(@this => @this.Apply(getAwsAssumeRolePolicyResult => getAwsAssumeRolePolicyResult.Json)),
Tags = tags,
});
var thisGetAwsCrossAccountPolicy = Databricks.GetAwsCrossAccountPolicy.Invoke();
var thisRolePolicy = new Aws.Iam.RolePolicy("this", new()
{
Name = $"{prefix}-policy",
Role = crossAccountRole.Id,
Policy = thisGetAwsCrossAccountPolicy.Apply(getAwsCrossAccountPolicyResult => getAwsCrossAccountPolicyResult.Json),
});
var thisMwsCredentials = new Databricks.MwsCredentials("this", new()
{
CredentialsName = $"{prefix}-creds",
RoleArn = crossAccountRole.Arn,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.DatabricksFunctions;
import com.pulumi.databricks.inputs.GetAwsAssumeRolePolicyArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.databricks.inputs.GetAwsCrossAccountPolicyArgs;
import com.pulumi.aws.iam.RolePolicy;
import com.pulumi.aws.iam.RolePolicyArgs;
import com.pulumi.databricks.MwsCredentials;
import com.pulumi.databricks.MwsCredentialsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var databricksAccountId = config.get("databricksAccountId");
final var prefix = config.get("prefix");
final var this = DatabricksFunctions.getAwsAssumeRolePolicy(GetAwsAssumeRolePolicyArgs.builder()
.externalId(databricksAccountId)
.build());
var crossAccountRole = new Role("crossAccountRole", RoleArgs.builder()
.name(String.format("%s-crossaccount", prefix))
.assumeRolePolicy(this_.json())
.tags(tags)
.build());
final var thisGetAwsCrossAccountPolicy = DatabricksFunctions.getAwsCrossAccountPolicy();
var thisRolePolicy = new RolePolicy("thisRolePolicy", RolePolicyArgs.builder()
.name(String.format("%s-policy", prefix))
.role(crossAccountRole.id())
.policy(thisGetAwsCrossAccountPolicy.applyValue(getAwsCrossAccountPolicyResult -> getAwsCrossAccountPolicyResult.json()))
.build());
var thisMwsCredentials = new MwsCredentials("thisMwsCredentials", MwsCredentialsArgs.builder()
.credentialsName(String.format("%s-creds", prefix))
.roleArn(crossAccountRole.arn())
.build());
}
}
configuration:
databricksAccountId:
type: dynamic
prefix:
type: dynamic
resources:
crossAccountRole:
type: aws:iam:Role
name: cross_account_role
properties:
name: ${prefix}-crossaccount
assumeRolePolicy: ${this.json}
tags: ${tags}
thisRolePolicy:
type: aws:iam:RolePolicy
name: this
properties:
name: ${prefix}-policy
role: ${crossAccountRole.id}
policy: ${thisGetAwsCrossAccountPolicy.json}
thisMwsCredentials:
type: databricks:MwsCredentials
name: this
properties:
credentialsName: ${prefix}-creds
roleArn: ${crossAccountRole.arn}
variables:
this:
fn::invoke:
Function: databricks:getAwsAssumeRolePolicy
Arguments:
externalId: ${databricksAccountId}
thisGetAwsCrossAccountPolicy:
fn::invoke:
Function: databricks:getAwsCrossAccountPolicy
Arguments: {}
Related Resources
The following resources are used in the same context:
- Provisioning Databricks on AWS guide.
- databricks.MwsCustomerManagedKeys to configure KMS keys for new workspaces within AWS.
- databricks.MwsLogDelivery to configure delivery of billable usage logs and audit logs.
- databricks.MwsNetworks to configure VPC & subnets for new workspaces within AWS.
- databricks.MwsStorageConfigurations to configure root bucket new workspaces within AWS.
- databricks.MwsWorkspaces to set up AWS and GCP workspaces.
Create MwsCredentials Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new MwsCredentials(name: string, args: MwsCredentialsArgs, opts?: CustomResourceOptions);@overload
def MwsCredentials(resource_name: str,
args: MwsCredentialsArgs,
opts: Optional[ResourceOptions] = None)
@overload
def MwsCredentials(resource_name: str,
opts: Optional[ResourceOptions] = None,
credentials_name: Optional[str] = None,
role_arn: Optional[str] = None,
account_id: Optional[str] = None,
creation_time: Optional[int] = None,
credentials_id: Optional[str] = None,
external_id: Optional[str] = None)func NewMwsCredentials(ctx *Context, name string, args MwsCredentialsArgs, opts ...ResourceOption) (*MwsCredentials, error)public MwsCredentials(string name, MwsCredentialsArgs args, CustomResourceOptions? opts = null)
public MwsCredentials(String name, MwsCredentialsArgs args)
public MwsCredentials(String name, MwsCredentialsArgs args, CustomResourceOptions options)
type: databricks:MwsCredentials
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args MwsCredentialsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args MwsCredentialsArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args MwsCredentialsArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args MwsCredentialsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args MwsCredentialsArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var mwsCredentialsResource = new Databricks.MwsCredentials("mwsCredentialsResource", new()
{
CredentialsName = "string",
RoleArn = "string",
CreationTime = 0,
CredentialsId = "string",
ExternalId = "string",
});
example, err := databricks.NewMwsCredentials(ctx, "mwsCredentialsResource", &databricks.MwsCredentialsArgs{
CredentialsName: pulumi.String("string"),
RoleArn: pulumi.String("string"),
CreationTime: pulumi.Int(0),
CredentialsId: pulumi.String("string"),
ExternalId: pulumi.String("string"),
})
var mwsCredentialsResource = new MwsCredentials("mwsCredentialsResource", MwsCredentialsArgs.builder()
.credentialsName("string")
.roleArn("string")
.creationTime(0)
.credentialsId("string")
.externalId("string")
.build());
mws_credentials_resource = databricks.MwsCredentials("mwsCredentialsResource",
credentials_name="string",
role_arn="string",
creation_time=0,
credentials_id="string",
external_id="string")
const mwsCredentialsResource = new databricks.MwsCredentials("mwsCredentialsResource", {
credentialsName: "string",
roleArn: "string",
creationTime: 0,
credentialsId: "string",
externalId: "string",
});
type: databricks:MwsCredentials
properties:
creationTime: 0
credentialsId: string
credentialsName: string
externalId: string
roleArn: string
MwsCredentials Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The MwsCredentials resource accepts the following input properties:
- Credentials
Name string - name of credentials to register
- Role
Arn string - ARN of cross-account role
- Account
Id string - (Deprecated) Maintained for backwards compatibility and will be removed in a later version. It should now be specified under a provider instance where
host = "https://accounts.cloud.databricks.com" - Creation
Time int - (Integer) time of credentials registration
- Credentials
Id string - (String) identifier of credentials
- External
Id string
- Credentials
Name string - name of credentials to register
- Role
Arn string - ARN of cross-account role
- Account
Id string - (Deprecated) Maintained for backwards compatibility and will be removed in a later version. It should now be specified under a provider instance where
host = "https://accounts.cloud.databricks.com" - Creation
Time int - (Integer) time of credentials registration
- Credentials
Id string - (String) identifier of credentials
- External
Id string
- credentials
Name String - name of credentials to register
- role
Arn String - ARN of cross-account role
- account
Id String - (Deprecated) Maintained for backwards compatibility and will be removed in a later version. It should now be specified under a provider instance where
host = "https://accounts.cloud.databricks.com" - creation
Time Integer - (Integer) time of credentials registration
- credentials
Id String - (String) identifier of credentials
- external
Id String
- credentials
Name string - name of credentials to register
- role
Arn string - ARN of cross-account role
- account
Id string - (Deprecated) Maintained for backwards compatibility and will be removed in a later version. It should now be specified under a provider instance where
host = "https://accounts.cloud.databricks.com" - creation
Time number - (Integer) time of credentials registration
- credentials
Id string - (String) identifier of credentials
- external
Id string
- credentials_
name str - name of credentials to register
- role_
arn str - ARN of cross-account role
- account_
id str - (Deprecated) Maintained for backwards compatibility and will be removed in a later version. It should now be specified under a provider instance where
host = "https://accounts.cloud.databricks.com" - creation_
time int - (Integer) time of credentials registration
- credentials_
id str - (String) identifier of credentials
- external_
id str
- credentials
Name String - name of credentials to register
- role
Arn String - ARN of cross-account role
- account
Id String - (Deprecated) Maintained for backwards compatibility and will be removed in a later version. It should now be specified under a provider instance where
host = "https://accounts.cloud.databricks.com" - creation
Time Number - (Integer) time of credentials registration
- credentials
Id String - (String) identifier of credentials
- external
Id String
Outputs
All input properties are implicitly available as output properties. Additionally, the MwsCredentials resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing MwsCredentials Resource
Get an existing MwsCredentials resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: MwsCredentialsState, opts?: CustomResourceOptions): MwsCredentials@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
creation_time: Optional[int] = None,
credentials_id: Optional[str] = None,
credentials_name: Optional[str] = None,
external_id: Optional[str] = None,
role_arn: Optional[str] = None) -> MwsCredentialsfunc GetMwsCredentials(ctx *Context, name string, id IDInput, state *MwsCredentialsState, opts ...ResourceOption) (*MwsCredentials, error)public static MwsCredentials Get(string name, Input<string> id, MwsCredentialsState? state, CustomResourceOptions? opts = null)public static MwsCredentials get(String name, Output<String> id, MwsCredentialsState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Id string - (Deprecated) Maintained for backwards compatibility and will be removed in a later version. It should now be specified under a provider instance where
host = "https://accounts.cloud.databricks.com" - Creation
Time int - (Integer) time of credentials registration
- Credentials
Id string - (String) identifier of credentials
- Credentials
Name string - name of credentials to register
- External
Id string - Role
Arn string - ARN of cross-account role
- Account
Id string - (Deprecated) Maintained for backwards compatibility and will be removed in a later version. It should now be specified under a provider instance where
host = "https://accounts.cloud.databricks.com" - Creation
Time int - (Integer) time of credentials registration
- Credentials
Id string - (String) identifier of credentials
- Credentials
Name string - name of credentials to register
- External
Id string - Role
Arn string - ARN of cross-account role
- account
Id String - (Deprecated) Maintained for backwards compatibility and will be removed in a later version. It should now be specified under a provider instance where
host = "https://accounts.cloud.databricks.com" - creation
Time Integer - (Integer) time of credentials registration
- credentials
Id String - (String) identifier of credentials
- credentials
Name String - name of credentials to register
- external
Id String - role
Arn String - ARN of cross-account role
- account
Id string - (Deprecated) Maintained for backwards compatibility and will be removed in a later version. It should now be specified under a provider instance where
host = "https://accounts.cloud.databricks.com" - creation
Time number - (Integer) time of credentials registration
- credentials
Id string - (String) identifier of credentials
- credentials
Name string - name of credentials to register
- external
Id string - role
Arn string - ARN of cross-account role
- account_
id str - (Deprecated) Maintained for backwards compatibility and will be removed in a later version. It should now be specified under a provider instance where
host = "https://accounts.cloud.databricks.com" - creation_
time int - (Integer) time of credentials registration
- credentials_
id str - (String) identifier of credentials
- credentials_
name str - name of credentials to register
- external_
id str - role_
arn str - ARN of cross-account role
- account
Id String - (Deprecated) Maintained for backwards compatibility and will be removed in a later version. It should now be specified under a provider instance where
host = "https://accounts.cloud.databricks.com" - creation
Time Number - (Integer) time of credentials registration
- credentials
Id String - (String) identifier of credentials
- credentials
Name String - name of credentials to register
- external
Id String - role
Arn String - ARN of cross-account role
Import
This resource can be imported by the combination of its identifier and the account id:
bash
$ pulumi import databricks:index/mwsCredentials:MwsCredentials this <account_id>/<credentials_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- databricks pulumi/pulumi-databricks
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
databricksTerraform Provider.