Docs Packages
  1. Packages
  2. Databricks
  3. API Docs
  4. getAwsUnityCatalogAssumeRolePolicy
Databricks v1.47.1 published on Thursday, Jul 25, 2024 by Pulumi
pulumi/pulumi-databricks

databricks.getAwsUnityCatalogAssumeRolePolicy

Explore with Pulumi AI

databricks logo
Databricks v1.47.1 published on Thursday, Jul 25, 2024 by Pulumi
pulumi/pulumi-databricks

    Note This resource has an evolving API, which may change in future versions of the provider. Please always consult latest documentation in case of any questions.

    This data source constructs the necessary AWS Unity Catalog assume role policy for you.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as databricks from "@pulumi/databricks";

const this = databricks.getAwsUnityCatalogPolicy({
    awsAccountId: awsAccountId,
    bucketName: "databricks-bucket",
    roleName: `${prefix}-uc-access`,
    kmsName: "databricks-kms",
});
const thisGetAwsUnityCatalogAssumeRolePolicy = databricks.getAwsUnityCatalogAssumeRolePolicy({
    awsAccountId: awsAccountId,
    roleName: `${prefix}-uc-access`,
    externalId: "12345",
});
const unityMetastore = new aws.iam.Policy("unity_metastore", {
    name: `${prefix}-unity-catalog-metastore-access-iam-policy`,
    policy: _this.then(_this => _this.json),
});
const metastoreDataAccess = new aws.iam.Role("metastore_data_access", {
    name: `${prefix}-uc-access`,
    assumeRolePolicy: thisAwsIamPolicyDocument.json,
    managedPolicyArns: [unityMetastore.arn],
});

    import pulumi
import pulumi_aws as aws
import pulumi_databricks as databricks

this = databricks.get_aws_unity_catalog_policy(aws_account_id=aws_account_id,
    bucket_name="databricks-bucket",
    role_name=f"{prefix}-uc-access",
    kms_name="databricks-kms")
this_get_aws_unity_catalog_assume_role_policy = databricks.get_aws_unity_catalog_assume_role_policy(aws_account_id=aws_account_id,
    role_name=f"{prefix}-uc-access",
    external_id="12345")
unity_metastore = aws.iam.Policy("unity_metastore",
    name=f"{prefix}-unity-catalog-metastore-access-iam-policy",
    policy=this.json)
metastore_data_access = aws.iam.Role("metastore_data_access",
    name=f"{prefix}-uc-access",
    assume_role_policy=this_aws_iam_policy_document["json"],
    managed_policy_arns=[unity_metastore.arn])

    package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		this, err := databricks.GetAwsUnityCatalogPolicy(ctx, &databricks.GetAwsUnityCatalogPolicyArgs{
			AwsAccountId: awsAccountId,
			BucketName:   "databricks-bucket",
			RoleName:     fmt.Sprintf("%v-uc-access", prefix),
			KmsName:      pulumi.StringRef("databricks-kms"),
		}, nil)
		if err != nil {
			return err
		}
		_, err = databricks.GetAwsUnityCatalogAssumeRolePolicy(ctx, &databricks.GetAwsUnityCatalogAssumeRolePolicyArgs{
			AwsAccountId: awsAccountId,
			RoleName:     fmt.Sprintf("%v-uc-access", prefix),
			ExternalId:   "12345",
		}, nil)
		if err != nil {
			return err
		}
		unityMetastore, err := iam.NewPolicy(ctx, "unity_metastore", &iam.PolicyArgs{
			Name:   pulumi.String(fmt.Sprintf("%v-unity-catalog-metastore-access-iam-policy", prefix)),
			Policy: pulumi.String(this.Json),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewRole(ctx, "metastore_data_access", &iam.RoleArgs{
			Name:             pulumi.String(fmt.Sprintf("%v-uc-access", prefix)),
			AssumeRolePolicy: pulumi.Any(thisAwsIamPolicyDocument.Json),
			ManagedPolicyArns: pulumi.StringArray{
				unityMetastore.Arn,
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Databricks = Pulumi.Databricks;

return await Deployment.RunAsync(() => 
{
    var @this = Databricks.GetAwsUnityCatalogPolicy.Invoke(new()
    {
        AwsAccountId = awsAccountId,
        BucketName = "databricks-bucket",
        RoleName = $"{prefix}-uc-access",
        KmsName = "databricks-kms",
    });

    var thisGetAwsUnityCatalogAssumeRolePolicy = Databricks.GetAwsUnityCatalogAssumeRolePolicy.Invoke(new()
    {
        AwsAccountId = awsAccountId,
        RoleName = $"{prefix}-uc-access",
        ExternalId = "12345",
    });

    var unityMetastore = new Aws.Iam.Policy("unity_metastore", new()
    {
        Name = $"{prefix}-unity-catalog-metastore-access-iam-policy",
        PolicyDocument = @this.Apply(@this => @this.Apply(getAwsUnityCatalogPolicyResult => getAwsUnityCatalogPolicyResult.Json)),
    });

    var metastoreDataAccess = new Aws.Iam.Role("metastore_data_access", new()
    {
        Name = $"{prefix}-uc-access",
        AssumeRolePolicy = thisAwsIamPolicyDocument.Json,
        ManagedPolicyArns = new[]
        {
            unityMetastore.Arn,
        },
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.DatabricksFunctions;
import com.pulumi.databricks.inputs.GetAwsUnityCatalogPolicyArgs;
import com.pulumi.databricks.inputs.GetAwsUnityCatalogAssumeRolePolicyArgs;
import com.pulumi.aws.iam.Policy;
import com.pulumi.aws.iam.PolicyArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var this = DatabricksFunctions.getAwsUnityCatalogPolicy(GetAwsUnityCatalogPolicyArgs.builder()
            .awsAccountId(awsAccountId)
            .bucketName("databricks-bucket")
            .roleName(String.format("%s-uc-access", prefix))
            .kmsName("databricks-kms")
            .build());

        final var thisGetAwsUnityCatalogAssumeRolePolicy = DatabricksFunctions.getAwsUnityCatalogAssumeRolePolicy(GetAwsUnityCatalogAssumeRolePolicyArgs.builder()
            .awsAccountId(awsAccountId)
            .roleName(String.format("%s-uc-access", prefix))
            .externalId("12345")
            .build());

        var unityMetastore = new Policy("unityMetastore", PolicyArgs.builder()
            .name(String.format("%s-unity-catalog-metastore-access-iam-policy", prefix))
            .policy(this_.json())
            .build());

        var metastoreDataAccess = new Role("metastoreDataAccess", RoleArgs.builder()
            .name(String.format("%s-uc-access", prefix))
            .assumeRolePolicy(thisAwsIamPolicyDocument.json())
            .managedPolicyArns(unityMetastore.arn())
            .build());

    }
}

    resources:
  unityMetastore:
    type: aws:iam:Policy
    name: unity_metastore
    properties:
      name: ${prefix}-unity-catalog-metastore-access-iam-policy
      policy: ${this.json}
  metastoreDataAccess:
    type: aws:iam:Role
    name: metastore_data_access
    properties:
      name: ${prefix}-uc-access
      assumeRolePolicy: ${thisAwsIamPolicyDocument.json}
      managedPolicyArns:
        - ${unityMetastore.arn}
variables:
  this:
    fn::invoke:
      Function: databricks:getAwsUnityCatalogPolicy
      Arguments:
        awsAccountId: ${awsAccountId}
        bucketName: databricks-bucket
        roleName: ${prefix}-uc-access
        kmsName: databricks-kms
  thisGetAwsUnityCatalogAssumeRolePolicy:
    fn::invoke:
      Function: databricks:getAwsUnityCatalogAssumeRolePolicy
      Arguments:
        awsAccountId: ${awsAccountId}
        roleName: ${prefix}-uc-access
        externalId: '12345'

    Using getAwsUnityCatalogAssumeRolePolicy

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getAwsUnityCatalogAssumeRolePolicy(args: GetAwsUnityCatalogAssumeRolePolicyArgs, opts?: InvokeOptions): Promise<GetAwsUnityCatalogAssumeRolePolicyResult>
function getAwsUnityCatalogAssumeRolePolicyOutput(args: GetAwsUnityCatalogAssumeRolePolicyOutputArgs, opts?: InvokeOptions): Output<GetAwsUnityCatalogAssumeRolePolicyResult>
    def get_aws_unity_catalog_assume_role_policy(aws_account_id: Optional[str] = None,
                                             external_id: Optional[str] = None,
                                             role_name: Optional[str] = None,
                                             unity_catalog_iam_arn: Optional[str] = None,
                                             opts: Optional[InvokeOptions] = None) -> GetAwsUnityCatalogAssumeRolePolicyResult
def get_aws_unity_catalog_assume_role_policy_output(aws_account_id: Optional[pulumi.Input[str]] = None,
                                             external_id: Optional[pulumi.Input[str]] = None,
                                             role_name: Optional[pulumi.Input[str]] = None,
                                             unity_catalog_iam_arn: Optional[pulumi.Input[str]] = None,
                                             opts: Optional[InvokeOptions] = None) -> Output[GetAwsUnityCatalogAssumeRolePolicyResult]
    func GetAwsUnityCatalogAssumeRolePolicy(ctx *Context, args *GetAwsUnityCatalogAssumeRolePolicyArgs, opts ...InvokeOption) (*GetAwsUnityCatalogAssumeRolePolicyResult, error)
func GetAwsUnityCatalogAssumeRolePolicyOutput(ctx *Context, args *GetAwsUnityCatalogAssumeRolePolicyOutputArgs, opts ...InvokeOption) GetAwsUnityCatalogAssumeRolePolicyResultOutput

    > Note: This function is named GetAwsUnityCatalogAssumeRolePolicy in the Go SDK.

    public static class GetAwsUnityCatalogAssumeRolePolicy 
{
    public static Task<GetAwsUnityCatalogAssumeRolePolicyResult> InvokeAsync(GetAwsUnityCatalogAssumeRolePolicyArgs args, InvokeOptions? opts = null)
    public static Output<GetAwsUnityCatalogAssumeRolePolicyResult> Invoke(GetAwsUnityCatalogAssumeRolePolicyInvokeArgs args, InvokeOptions? opts = null)
}
    public static CompletableFuture<GetAwsUnityCatalogAssumeRolePolicyResult> getAwsUnityCatalogAssumeRolePolicy(GetAwsUnityCatalogAssumeRolePolicyArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

    fn::invoke:
  function: databricks:index/getAwsUnityCatalogAssumeRolePolicy:getAwsUnityCatalogAssumeRolePolicy
  arguments:
    # arguments dictionary

    The following arguments are supported:

    AwsAccountId string
    The Account ID of the current AWS account (not your Databricks account).
    ExternalId string
    The storage credential external id.
    RoleName string
    The name of the AWS IAM role to be created for Unity Catalog.
    UnityCatalogIamArn string
    The Databricks Unity Catalog IAM Role ARN. Defaults to arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL
    AwsAccountId string
    The Account ID of the current AWS account (not your Databricks account).
    ExternalId string
    The storage credential external id.
    RoleName string
    The name of the AWS IAM role to be created for Unity Catalog.
    UnityCatalogIamArn string
    The Databricks Unity Catalog IAM Role ARN. Defaults to arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL
    awsAccountId String
    The Account ID of the current AWS account (not your Databricks account).
    externalId String
    The storage credential external id.
    roleName String
    The name of the AWS IAM role to be created for Unity Catalog.
    unityCatalogIamArn String
    The Databricks Unity Catalog IAM Role ARN. Defaults to arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL
    awsAccountId string
    The Account ID of the current AWS account (not your Databricks account).
    externalId string
    The storage credential external id.
    roleName string
    The name of the AWS IAM role to be created for Unity Catalog.
    unityCatalogIamArn string
    The Databricks Unity Catalog IAM Role ARN. Defaults to arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL
    aws_account_id str
    The Account ID of the current AWS account (not your Databricks account).
    external_id str
    The storage credential external id.
    role_name str
    The name of the AWS IAM role to be created for Unity Catalog.
    unity_catalog_iam_arn str
    The Databricks Unity Catalog IAM Role ARN. Defaults to arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL
    awsAccountId String
    The Account ID of the current AWS account (not your Databricks account).
    externalId String
    The storage credential external id.
    roleName String
    The name of the AWS IAM role to be created for Unity Catalog.
    unityCatalogIamArn String
    The Databricks Unity Catalog IAM Role ARN. Defaults to arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL

    getAwsUnityCatalogAssumeRolePolicy Result

    The following output properties are available:

    AwsAccountId string
    ExternalId string
    Id string
    Json string
    AWS IAM Policy JSON document for assume role
    RoleName string
    UnityCatalogIamArn string
    AwsAccountId string
    ExternalId string
    Id string
    Json string
    AWS IAM Policy JSON document for assume role
    RoleName string
    UnityCatalogIamArn string
    awsAccountId String
    externalId String
    id String
    json String
    AWS IAM Policy JSON document for assume role
    roleName String
    unityCatalogIamArn String
    awsAccountId string
    externalId string
    id string
    json string
    AWS IAM Policy JSON document for assume role
    roleName string
    unityCatalogIamArn string
    aws_account_id str
    external_id str
    id str
    json str
    AWS IAM Policy JSON document for assume role
    role_name str
    unity_catalog_iam_arn str
    awsAccountId String
    externalId String
    id String
    json String
    AWS IAM Policy JSON document for assume role
    roleName String
    unityCatalogIamArn String

    Package Details

    Repository
    databricks pulumi/pulumi-databricks
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the databricks Terraform Provider.
    databricks logo
    Databricks v1.47.1 published on Thursday, Jul 25, 2024 by Pulumi
    pulumi/pulumi-databricks