Databricks v1.51.0 published on Tuesday, Oct 8, 2024 by Pulumi
databricks.getAwsUnityCatalogAssumeRolePolicy
Explore with Pulumi AI
Note This resource has an evolving API, which may change in future versions of the provider. Please always consult latest documentation in case of any questions.
This data source constructs the necessary AWS Unity Catalog assume role policy for you.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as databricks from "@pulumi/databricks";
const this = databricks.getAwsUnityCatalogPolicy({
awsAccountId: awsAccountId,
bucketName: "databricks-bucket",
roleName: `${prefix}-uc-access`,
kmsName: "arn:aws:kms:us-west-2:111122223333:key/databricks-kms",
});
const thisGetAwsUnityCatalogAssumeRolePolicy = databricks.getAwsUnityCatalogAssumeRolePolicy({
awsAccountId: awsAccountId,
roleName: `${prefix}-uc-access`,
externalId: "12345",
});
const unityMetastore = new aws.iam.Policy("unity_metastore", {
name: `${prefix}-unity-catalog-metastore-access-iam-policy`,
policy: _this.then(_this => _this.json),
});
const metastoreDataAccess = new aws.iam.Role("metastore_data_access", {
name: `${prefix}-uc-access`,
assumeRolePolicy: thisGetAwsUnityCatalogAssumeRolePolicy.then(thisGetAwsUnityCatalogAssumeRolePolicy => thisGetAwsUnityCatalogAssumeRolePolicy.json),
managedPolicyArns: [unityMetastore.arn],
});
import pulumi
import pulumi_aws as aws
import pulumi_databricks as databricks
this = databricks.get_aws_unity_catalog_policy(aws_account_id=aws_account_id,
bucket_name="databricks-bucket",
role_name=f"{prefix}-uc-access",
kms_name="arn:aws:kms:us-west-2:111122223333:key/databricks-kms")
this_get_aws_unity_catalog_assume_role_policy = databricks.get_aws_unity_catalog_assume_role_policy(aws_account_id=aws_account_id,
role_name=f"{prefix}-uc-access",
external_id="12345")
unity_metastore = aws.iam.Policy("unity_metastore",
name=f"{prefix}-unity-catalog-metastore-access-iam-policy",
policy=this.json)
metastore_data_access = aws.iam.Role("metastore_data_access",
name=f"{prefix}-uc-access",
assume_role_policy=this_get_aws_unity_catalog_assume_role_policy.json,
managed_policy_arns=[unity_metastore.arn])
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
this, err := databricks.GetAwsUnityCatalogPolicy(ctx, &databricks.GetAwsUnityCatalogPolicyArgs{
AwsAccountId: awsAccountId,
BucketName: "databricks-bucket",
RoleName: fmt.Sprintf("%v-uc-access", prefix),
KmsName: pulumi.StringRef("arn:aws:kms:us-west-2:111122223333:key/databricks-kms"),
}, nil)
if err != nil {
return err
}
thisGetAwsUnityCatalogAssumeRolePolicy, err := databricks.GetAwsUnityCatalogAssumeRolePolicy(ctx, &databricks.GetAwsUnityCatalogAssumeRolePolicyArgs{
AwsAccountId: awsAccountId,
RoleName: fmt.Sprintf("%v-uc-access", prefix),
ExternalId: "12345",
}, nil)
if err != nil {
return err
}
unityMetastore, err := iam.NewPolicy(ctx, "unity_metastore", &iam.PolicyArgs{
Name: pulumi.Sprintf("%v-unity-catalog-metastore-access-iam-policy", prefix),
Policy: pulumi.String(this.Json),
})
if err != nil {
return err
}
_, err = iam.NewRole(ctx, "metastore_data_access", &iam.RoleArgs{
Name: pulumi.Sprintf("%v-uc-access", prefix),
AssumeRolePolicy: pulumi.String(thisGetAwsUnityCatalogAssumeRolePolicy.Json),
ManagedPolicyArns: pulumi.StringArray{
unityMetastore.Arn,
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var @this = Databricks.GetAwsUnityCatalogPolicy.Invoke(new()
{
AwsAccountId = awsAccountId,
BucketName = "databricks-bucket",
RoleName = $"{prefix}-uc-access",
KmsName = "arn:aws:kms:us-west-2:111122223333:key/databricks-kms",
});
var thisGetAwsUnityCatalogAssumeRolePolicy = Databricks.GetAwsUnityCatalogAssumeRolePolicy.Invoke(new()
{
AwsAccountId = awsAccountId,
RoleName = $"{prefix}-uc-access",
ExternalId = "12345",
});
var unityMetastore = new Aws.Iam.Policy("unity_metastore", new()
{
Name = $"{prefix}-unity-catalog-metastore-access-iam-policy",
PolicyDocument = @this.Apply(@this => @this.Apply(getAwsUnityCatalogPolicyResult => getAwsUnityCatalogPolicyResult.Json)),
});
var metastoreDataAccess = new Aws.Iam.Role("metastore_data_access", new()
{
Name = $"{prefix}-uc-access",
AssumeRolePolicy = thisGetAwsUnityCatalogAssumeRolePolicy.Apply(getAwsUnityCatalogAssumeRolePolicyResult => getAwsUnityCatalogAssumeRolePolicyResult.Json),
ManagedPolicyArns = new[]
{
unityMetastore.Arn,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.DatabricksFunctions;
import com.pulumi.databricks.inputs.GetAwsUnityCatalogPolicyArgs;
import com.pulumi.databricks.inputs.GetAwsUnityCatalogAssumeRolePolicyArgs;
import com.pulumi.aws.iam.Policy;
import com.pulumi.aws.iam.PolicyArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var this = DatabricksFunctions.getAwsUnityCatalogPolicy(GetAwsUnityCatalogPolicyArgs.builder()
.awsAccountId(awsAccountId)
.bucketName("databricks-bucket")
.roleName(String.format("%s-uc-access", prefix))
.kmsName("arn:aws:kms:us-west-2:111122223333:key/databricks-kms")
.build());
final var thisGetAwsUnityCatalogAssumeRolePolicy = DatabricksFunctions.getAwsUnityCatalogAssumeRolePolicy(GetAwsUnityCatalogAssumeRolePolicyArgs.builder()
.awsAccountId(awsAccountId)
.roleName(String.format("%s-uc-access", prefix))
.externalId("12345")
.build());
var unityMetastore = new Policy("unityMetastore", PolicyArgs.builder()
.name(String.format("%s-unity-catalog-metastore-access-iam-policy", prefix))
.policy(this_.json())
.build());
var metastoreDataAccess = new Role("metastoreDataAccess", RoleArgs.builder()
.name(String.format("%s-uc-access", prefix))
.assumeRolePolicy(thisGetAwsUnityCatalogAssumeRolePolicy.applyValue(getAwsUnityCatalogAssumeRolePolicyResult -> getAwsUnityCatalogAssumeRolePolicyResult.json()))
.managedPolicyArns(unityMetastore.arn())
.build());
}
}
resources:
unityMetastore:
type: aws:iam:Policy
name: unity_metastore
properties:
name: ${prefix}-unity-catalog-metastore-access-iam-policy
policy: ${this.json}
metastoreDataAccess:
type: aws:iam:Role
name: metastore_data_access
properties:
name: ${prefix}-uc-access
assumeRolePolicy: ${thisGetAwsUnityCatalogAssumeRolePolicy.json}
managedPolicyArns:
- ${unityMetastore.arn}
variables:
this:
fn::invoke:
Function: databricks:getAwsUnityCatalogPolicy
Arguments:
awsAccountId: ${awsAccountId}
bucketName: databricks-bucket
roleName: ${prefix}-uc-access
kmsName: arn:aws:kms:us-west-2:111122223333:key/databricks-kms
thisGetAwsUnityCatalogAssumeRolePolicy:
fn::invoke:
Function: databricks:getAwsUnityCatalogAssumeRolePolicy
Arguments:
awsAccountId: ${awsAccountId}
roleName: ${prefix}-uc-access
externalId: '12345'
Using getAwsUnityCatalogAssumeRolePolicy
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getAwsUnityCatalogAssumeRolePolicy(args: GetAwsUnityCatalogAssumeRolePolicyArgs, opts?: InvokeOptions): Promise<GetAwsUnityCatalogAssumeRolePolicyResult>
function getAwsUnityCatalogAssumeRolePolicyOutput(args: GetAwsUnityCatalogAssumeRolePolicyOutputArgs, opts?: InvokeOptions): Output<GetAwsUnityCatalogAssumeRolePolicyResult>
def get_aws_unity_catalog_assume_role_policy(aws_account_id: Optional[str] = None,
external_id: Optional[str] = None,
role_name: Optional[str] = None,
unity_catalog_iam_arn: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetAwsUnityCatalogAssumeRolePolicyResult
def get_aws_unity_catalog_assume_role_policy_output(aws_account_id: Optional[pulumi.Input[str]] = None,
external_id: Optional[pulumi.Input[str]] = None,
role_name: Optional[pulumi.Input[str]] = None,
unity_catalog_iam_arn: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetAwsUnityCatalogAssumeRolePolicyResult]
func GetAwsUnityCatalogAssumeRolePolicy(ctx *Context, args *GetAwsUnityCatalogAssumeRolePolicyArgs, opts ...InvokeOption) (*GetAwsUnityCatalogAssumeRolePolicyResult, error)
func GetAwsUnityCatalogAssumeRolePolicyOutput(ctx *Context, args *GetAwsUnityCatalogAssumeRolePolicyOutputArgs, opts ...InvokeOption) GetAwsUnityCatalogAssumeRolePolicyResultOutput
> Note: This function is named GetAwsUnityCatalogAssumeRolePolicy
in the Go SDK.
public static class GetAwsUnityCatalogAssumeRolePolicy
{
public static Task<GetAwsUnityCatalogAssumeRolePolicyResult> InvokeAsync(GetAwsUnityCatalogAssumeRolePolicyArgs args, InvokeOptions? opts = null)
public static Output<GetAwsUnityCatalogAssumeRolePolicyResult> Invoke(GetAwsUnityCatalogAssumeRolePolicyInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetAwsUnityCatalogAssumeRolePolicyResult> getAwsUnityCatalogAssumeRolePolicy(GetAwsUnityCatalogAssumeRolePolicyArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: databricks:index/getAwsUnityCatalogAssumeRolePolicy:getAwsUnityCatalogAssumeRolePolicy
arguments:
# arguments dictionary
The following arguments are supported:
- Aws
Account stringId - The Account ID of the current AWS account (not your Databricks account).
- External
Id string - The storage credential external id.
- Role
Name string - The name of the AWS IAM role to be created for Unity Catalog.
- Unity
Catalog stringIam Arn - The Databricks Unity Catalog IAM Role ARN. Defaults to
arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL
- Aws
Account stringId - The Account ID of the current AWS account (not your Databricks account).
- External
Id string - The storage credential external id.
- Role
Name string - The name of the AWS IAM role to be created for Unity Catalog.
- Unity
Catalog stringIam Arn - The Databricks Unity Catalog IAM Role ARN. Defaults to
arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL
- aws
Account StringId - The Account ID of the current AWS account (not your Databricks account).
- external
Id String - The storage credential external id.
- role
Name String - The name of the AWS IAM role to be created for Unity Catalog.
- unity
Catalog StringIam Arn - The Databricks Unity Catalog IAM Role ARN. Defaults to
arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL
- aws
Account stringId - The Account ID of the current AWS account (not your Databricks account).
- external
Id string - The storage credential external id.
- role
Name string - The name of the AWS IAM role to be created for Unity Catalog.
- unity
Catalog stringIam Arn - The Databricks Unity Catalog IAM Role ARN. Defaults to
arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL
- aws_
account_ strid - The Account ID of the current AWS account (not your Databricks account).
- external_
id str - The storage credential external id.
- role_
name str - The name of the AWS IAM role to be created for Unity Catalog.
- unity_
catalog_ striam_ arn - The Databricks Unity Catalog IAM Role ARN. Defaults to
arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL
- aws
Account StringId - The Account ID of the current AWS account (not your Databricks account).
- external
Id String - The storage credential external id.
- role
Name String - The name of the AWS IAM role to be created for Unity Catalog.
- unity
Catalog StringIam Arn - The Databricks Unity Catalog IAM Role ARN. Defaults to
arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL
getAwsUnityCatalogAssumeRolePolicy Result
The following output properties are available:
- Aws
Account stringId - External
Id string - Id string
- Json string
- AWS IAM Policy JSON document for assume role
- Role
Name string - Unity
Catalog stringIam Arn
- Aws
Account stringId - External
Id string - Id string
- Json string
- AWS IAM Policy JSON document for assume role
- Role
Name string - Unity
Catalog stringIam Arn
- aws
Account StringId - external
Id String - id String
- json String
- AWS IAM Policy JSON document for assume role
- role
Name String - unity
Catalog StringIam Arn
- aws
Account stringId - external
Id string - id string
- json string
- AWS IAM Policy JSON document for assume role
- role
Name string - unity
Catalog stringIam Arn
- aws_
account_ strid - external_
id str - id str
- json str
- AWS IAM Policy JSON document for assume role
- role_
name str - unity_
catalog_ striam_ arn
- aws
Account StringId - external
Id String - id String
- json String
- AWS IAM Policy JSON document for assume role
- role
Name String - unity
Catalog StringIam Arn
Package Details
- Repository
- databricks pulumi/pulumi-databricks
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
databricks
Terraform Provider.