Databricks v1.54.0 published on Wednesday, Oct 30, 2024 by Pulumi
databricks.getAwsBucketPolicy
Explore with Pulumi AI
This datasource configures a simple access policy for AWS S3 buckets, so that Databricks can access data in it.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as databricks from "@pulumi/databricks";
const thisBucketV2 = new aws.s3.BucketV2("this", {
bucket: "<unique_bucket_name>",
forceDestroy: true,
});
const this = databricks.getAwsBucketPolicyOutput({
bucket: thisBucketV2.bucket,
});
const thisBucketPolicy = new aws.s3.BucketPolicy("this", {
bucket: thisBucketV2.id,
policy: _this.apply(_this => _this.json),
});
import pulumi
import pulumi_aws as aws
import pulumi_databricks as databricks
this_bucket_v2 = aws.s3.BucketV2("this",
bucket="<unique_bucket_name>",
force_destroy=True)
this = databricks.get_aws_bucket_policy_output(bucket=this_bucket_v2.bucket)
this_bucket_policy = aws.s3.BucketPolicy("this",
bucket=this_bucket_v2.id,
policy=this.json)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
thisBucketV2, err := s3.NewBucketV2(ctx, "this", &s3.BucketV2Args{
Bucket: pulumi.String("<unique_bucket_name>"),
ForceDestroy: pulumi.Bool(true),
})
if err != nil {
return err
}
this := databricks.GetAwsBucketPolicyOutput(ctx, databricks.GetAwsBucketPolicyOutputArgs{
Bucket: thisBucketV2.Bucket,
}, nil)
_, err = s3.NewBucketPolicy(ctx, "this", &s3.BucketPolicyArgs{
Bucket: thisBucketV2.ID(),
Policy: pulumi.String(this.ApplyT(func(this databricks.GetAwsBucketPolicyResult) (*string, error) {
return &this.Json, nil
}).(pulumi.StringPtrOutput)),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var thisBucketV2 = new Aws.S3.BucketV2("this", new()
{
Bucket = "<unique_bucket_name>",
ForceDestroy = true,
});
var @this = Databricks.GetAwsBucketPolicy.Invoke(new()
{
Bucket = thisBucketV2.Bucket,
});
var thisBucketPolicy = new Aws.S3.BucketPolicy("this", new()
{
Bucket = thisBucketV2.Id,
Policy = @this.Apply(@this => @this.Apply(getAwsBucketPolicyResult => getAwsBucketPolicyResult.Json)),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketV2Args;
import com.pulumi.databricks.DatabricksFunctions;
import com.pulumi.databricks.inputs.GetAwsBucketPolicyArgs;
import com.pulumi.aws.s3.BucketPolicy;
import com.pulumi.aws.s3.BucketPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var thisBucketV2 = new BucketV2("thisBucketV2", BucketV2Args.builder()
.bucket("<unique_bucket_name>")
.forceDestroy(true)
.build());
final var this = DatabricksFunctions.getAwsBucketPolicy(GetAwsBucketPolicyArgs.builder()
.bucket(thisBucketV2.bucket())
.build());
var thisBucketPolicy = new BucketPolicy("thisBucketPolicy", BucketPolicyArgs.builder()
.bucket(thisBucketV2.id())
.policy(this_.applyValue(this_ -> this_.json()))
.build());
}
}
resources:
thisBucketV2:
type: aws:s3:BucketV2
name: this
properties:
bucket: <unique_bucket_name>
forceDestroy: true
thisBucketPolicy:
type: aws:s3:BucketPolicy
name: this
properties:
bucket: ${thisBucketV2.id}
policy: ${this.json}
variables:
this:
fn::invoke:
Function: databricks:getAwsBucketPolicy
Arguments:
bucket: ${thisBucketV2.bucket}
Bucket policy with full access:
Using getAwsBucketPolicy
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getAwsBucketPolicy(args: GetAwsBucketPolicyArgs, opts?: InvokeOptions): Promise<GetAwsBucketPolicyResult>
function getAwsBucketPolicyOutput(args: GetAwsBucketPolicyOutputArgs, opts?: InvokeOptions): Output<GetAwsBucketPolicyResult>
def get_aws_bucket_policy(bucket: Optional[str] = None,
databricks_account_id: Optional[str] = None,
databricks_e2_account_id: Optional[str] = None,
full_access_role: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetAwsBucketPolicyResult
def get_aws_bucket_policy_output(bucket: Optional[pulumi.Input[str]] = None,
databricks_account_id: Optional[pulumi.Input[str]] = None,
databricks_e2_account_id: Optional[pulumi.Input[str]] = None,
full_access_role: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetAwsBucketPolicyResult]
func GetAwsBucketPolicy(ctx *Context, args *GetAwsBucketPolicyArgs, opts ...InvokeOption) (*GetAwsBucketPolicyResult, error)
func GetAwsBucketPolicyOutput(ctx *Context, args *GetAwsBucketPolicyOutputArgs, opts ...InvokeOption) GetAwsBucketPolicyResultOutput
> Note: This function is named GetAwsBucketPolicy
in the Go SDK.
public static class GetAwsBucketPolicy
{
public static Task<GetAwsBucketPolicyResult> InvokeAsync(GetAwsBucketPolicyArgs args, InvokeOptions? opts = null)
public static Output<GetAwsBucketPolicyResult> Invoke(GetAwsBucketPolicyInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetAwsBucketPolicyResult> getAwsBucketPolicy(GetAwsBucketPolicyArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: databricks:index/getAwsBucketPolicy:getAwsBucketPolicy
arguments:
# arguments dictionary
The following arguments are supported:
- Bucket string
- AWS S3 Bucket name for which to generate the policy document.
- Databricks
Account stringId - Databricks
E2Account stringId - Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
- Full
Access stringRole - Data access role that can have full access for this bucket
- Bucket string
- AWS S3 Bucket name for which to generate the policy document.
- Databricks
Account stringId - Databricks
E2Account stringId - Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
- Full
Access stringRole - Data access role that can have full access for this bucket
- bucket String
- AWS S3 Bucket name for which to generate the policy document.
- databricks
Account StringId - databricks
E2Account StringId - Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
- full
Access StringRole - Data access role that can have full access for this bucket
- bucket string
- AWS S3 Bucket name for which to generate the policy document.
- databricks
Account stringId - databricks
E2Account stringId - Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
- full
Access stringRole - Data access role that can have full access for this bucket
- bucket str
- AWS S3 Bucket name for which to generate the policy document.
- databricks_
account_ strid - databricks_
e2_ straccount_ id - Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
- full_
access_ strrole - Data access role that can have full access for this bucket
- bucket String
- AWS S3 Bucket name for which to generate the policy document.
- databricks
Account StringId - databricks
E2Account StringId - Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
- full
Access StringRole - Data access role that can have full access for this bucket
getAwsBucketPolicy Result
The following output properties are available:
- Bucket string
- Id string
- The provider-assigned unique ID for this managed resource.
- Json string
- (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
- Databricks
Account stringId - Databricks
E2Account stringId - Full
Access stringRole
- Bucket string
- Id string
- The provider-assigned unique ID for this managed resource.
- Json string
- (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
- Databricks
Account stringId - Databricks
E2Account stringId - Full
Access stringRole
- bucket String
- id String
- The provider-assigned unique ID for this managed resource.
- json String
- (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
- databricks
Account StringId - databricks
E2Account StringId - full
Access StringRole
- bucket string
- id string
- The provider-assigned unique ID for this managed resource.
- json string
- (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
- databricks
Account stringId - databricks
E2Account stringId - full
Access stringRole
- bucket str
- id str
- The provider-assigned unique ID for this managed resource.
- json str
- (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
- databricks_
account_ strid - databricks_
e2_ straccount_ id - full_
access_ strrole
- bucket String
- id String
- The provider-assigned unique ID for this managed resource.
- json String
- (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
- databricks
Account StringId - databricks
E2Account StringId - full
Access StringRole
Package Details
- Repository
- databricks pulumi/pulumi-databricks
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
databricks
Terraform Provider.