1. Packages
  2. Databricks
  3. API Docs
  4. getAwsBucketPolicy
Databricks v1.54.0 published on Wednesday, Oct 30, 2024 by Pulumi

databricks.getAwsBucketPolicy

Explore with Pulumi AI

databricks logo
Databricks v1.54.0 published on Wednesday, Oct 30, 2024 by Pulumi

    This datasource configures a simple access policy for AWS S3 buckets, so that Databricks can access data in it.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    import * as databricks from "@pulumi/databricks";
    
    const thisBucketV2 = new aws.s3.BucketV2("this", {
        bucket: "<unique_bucket_name>",
        forceDestroy: true,
    });
    const this = databricks.getAwsBucketPolicyOutput({
        bucket: thisBucketV2.bucket,
    });
    const thisBucketPolicy = new aws.s3.BucketPolicy("this", {
        bucket: thisBucketV2.id,
        policy: _this.apply(_this => _this.json),
    });
    
    import pulumi
    import pulumi_aws as aws
    import pulumi_databricks as databricks
    
    this_bucket_v2 = aws.s3.BucketV2("this",
        bucket="<unique_bucket_name>",
        force_destroy=True)
    this = databricks.get_aws_bucket_policy_output(bucket=this_bucket_v2.bucket)
    this_bucket_policy = aws.s3.BucketPolicy("this",
        bucket=this_bucket_v2.id,
        policy=this.json)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
    	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		thisBucketV2, err := s3.NewBucketV2(ctx, "this", &s3.BucketV2Args{
    			Bucket:       pulumi.String("<unique_bucket_name>"),
    			ForceDestroy: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		this := databricks.GetAwsBucketPolicyOutput(ctx, databricks.GetAwsBucketPolicyOutputArgs{
    			Bucket: thisBucketV2.Bucket,
    		}, nil)
    		_, err = s3.NewBucketPolicy(ctx, "this", &s3.BucketPolicyArgs{
    			Bucket: thisBucketV2.ID(),
    			Policy: pulumi.String(this.ApplyT(func(this databricks.GetAwsBucketPolicyResult) (*string, error) {
    				return &this.Json, nil
    			}).(pulumi.StringPtrOutput)),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    using Databricks = Pulumi.Databricks;
    
    return await Deployment.RunAsync(() => 
    {
        var thisBucketV2 = new Aws.S3.BucketV2("this", new()
        {
            Bucket = "<unique_bucket_name>",
            ForceDestroy = true,
        });
    
        var @this = Databricks.GetAwsBucketPolicy.Invoke(new()
        {
            Bucket = thisBucketV2.Bucket,
        });
    
        var thisBucketPolicy = new Aws.S3.BucketPolicy("this", new()
        {
            Bucket = thisBucketV2.Id,
            Policy = @this.Apply(@this => @this.Apply(getAwsBucketPolicyResult => getAwsBucketPolicyResult.Json)),
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.s3.BucketV2;
    import com.pulumi.aws.s3.BucketV2Args;
    import com.pulumi.databricks.DatabricksFunctions;
    import com.pulumi.databricks.inputs.GetAwsBucketPolicyArgs;
    import com.pulumi.aws.s3.BucketPolicy;
    import com.pulumi.aws.s3.BucketPolicyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var thisBucketV2 = new BucketV2("thisBucketV2", BucketV2Args.builder()
                .bucket("<unique_bucket_name>")
                .forceDestroy(true)
                .build());
    
            final var this = DatabricksFunctions.getAwsBucketPolicy(GetAwsBucketPolicyArgs.builder()
                .bucket(thisBucketV2.bucket())
                .build());
    
            var thisBucketPolicy = new BucketPolicy("thisBucketPolicy", BucketPolicyArgs.builder()
                .bucket(thisBucketV2.id())
                .policy(this_.applyValue(this_ -> this_.json()))
                .build());
    
        }
    }
    
    resources:
      thisBucketV2:
        type: aws:s3:BucketV2
        name: this
        properties:
          bucket: <unique_bucket_name>
          forceDestroy: true
      thisBucketPolicy:
        type: aws:s3:BucketPolicy
        name: this
        properties:
          bucket: ${thisBucketV2.id}
          policy: ${this.json}
    variables:
      this:
        fn::invoke:
          Function: databricks:getAwsBucketPolicy
          Arguments:
            bucket: ${thisBucketV2.bucket}
    

    Bucket policy with full access:

    Using getAwsBucketPolicy

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getAwsBucketPolicy(args: GetAwsBucketPolicyArgs, opts?: InvokeOptions): Promise<GetAwsBucketPolicyResult>
    function getAwsBucketPolicyOutput(args: GetAwsBucketPolicyOutputArgs, opts?: InvokeOptions): Output<GetAwsBucketPolicyResult>
    def get_aws_bucket_policy(bucket: Optional[str] = None,
                              databricks_account_id: Optional[str] = None,
                              databricks_e2_account_id: Optional[str] = None,
                              full_access_role: Optional[str] = None,
                              opts: Optional[InvokeOptions] = None) -> GetAwsBucketPolicyResult
    def get_aws_bucket_policy_output(bucket: Optional[pulumi.Input[str]] = None,
                              databricks_account_id: Optional[pulumi.Input[str]] = None,
                              databricks_e2_account_id: Optional[pulumi.Input[str]] = None,
                              full_access_role: Optional[pulumi.Input[str]] = None,
                              opts: Optional[InvokeOptions] = None) -> Output[GetAwsBucketPolicyResult]
    func GetAwsBucketPolicy(ctx *Context, args *GetAwsBucketPolicyArgs, opts ...InvokeOption) (*GetAwsBucketPolicyResult, error)
    func GetAwsBucketPolicyOutput(ctx *Context, args *GetAwsBucketPolicyOutputArgs, opts ...InvokeOption) GetAwsBucketPolicyResultOutput

    > Note: This function is named GetAwsBucketPolicy in the Go SDK.

    public static class GetAwsBucketPolicy 
    {
        public static Task<GetAwsBucketPolicyResult> InvokeAsync(GetAwsBucketPolicyArgs args, InvokeOptions? opts = null)
        public static Output<GetAwsBucketPolicyResult> Invoke(GetAwsBucketPolicyInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetAwsBucketPolicyResult> getAwsBucketPolicy(GetAwsBucketPolicyArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: databricks:index/getAwsBucketPolicy:getAwsBucketPolicy
      arguments:
        # arguments dictionary

    The following arguments are supported:

    Bucket string
    AWS S3 Bucket name for which to generate the policy document.
    DatabricksAccountId string
    DatabricksE2AccountId string
    Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
    FullAccessRole string
    Data access role that can have full access for this bucket
    Bucket string
    AWS S3 Bucket name for which to generate the policy document.
    DatabricksAccountId string
    DatabricksE2AccountId string
    Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
    FullAccessRole string
    Data access role that can have full access for this bucket
    bucket String
    AWS S3 Bucket name for which to generate the policy document.
    databricksAccountId String
    databricksE2AccountId String
    Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
    fullAccessRole String
    Data access role that can have full access for this bucket
    bucket string
    AWS S3 Bucket name for which to generate the policy document.
    databricksAccountId string
    databricksE2AccountId string
    Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
    fullAccessRole string
    Data access role that can have full access for this bucket
    bucket str
    AWS S3 Bucket name for which to generate the policy document.
    databricks_account_id str
    databricks_e2_account_id str
    Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
    full_access_role str
    Data access role that can have full access for this bucket
    bucket String
    AWS S3 Bucket name for which to generate the policy document.
    databricksAccountId String
    databricksE2AccountId String
    Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
    fullAccessRole String
    Data access role that can have full access for this bucket

    getAwsBucketPolicy Result

    The following output properties are available:

    Bucket string
    Id string
    The provider-assigned unique ID for this managed resource.
    Json string
    (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
    DatabricksAccountId string
    DatabricksE2AccountId string
    FullAccessRole string
    Bucket string
    Id string
    The provider-assigned unique ID for this managed resource.
    Json string
    (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
    DatabricksAccountId string
    DatabricksE2AccountId string
    FullAccessRole string
    bucket String
    id String
    The provider-assigned unique ID for this managed resource.
    json String
    (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
    databricksAccountId String
    databricksE2AccountId String
    fullAccessRole String
    bucket string
    id string
    The provider-assigned unique ID for this managed resource.
    json string
    (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
    databricksAccountId string
    databricksE2AccountId string
    fullAccessRole string
    bucket str
    id str
    The provider-assigned unique ID for this managed resource.
    json str
    (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
    databricks_account_id str
    databricks_e2_account_id str
    full_access_role str
    bucket String
    id String
    The provider-assigned unique ID for this managed resource.
    json String
    (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
    databricksAccountId String
    databricksE2AccountId String
    fullAccessRole String

    Package Details

    Repository
    databricks pulumi/pulumi-databricks
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the databricks Terraform Provider.
    databricks logo
    Databricks v1.54.0 published on Wednesday, Oct 30, 2024 by Pulumi