Docs
PackagesDatabricks v1.37.0 published on Thursday, Apr 25, 2024 by Pulumi
databricks.InstanceProfile
Explore with Pulumi AI
This resource allows you to manage AWS EC2 instance profiles that users can launch databricks.Cluster and access data, like databricks_mount. The following example demonstrates how to create an instance profile and create a cluster with it. When creating a new databricks.InstanceProfile, Databricks validates that it has sufficient permissions to launch instances with the instance profile. This validation uses AWS dry-run mode for the AWS EC2 RunInstances API.
Note Please switch to databricks.StorageCredential with Unity Catalog to manage storage credentials, which provides a better and faster way for managing credential security.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as databricks from "@pulumi/databricks";
const config = new pulumi.Config();
// Role that you've specified on https://accounts.cloud.databricks.com/#aws
const crossaccountRoleName = config.require("crossaccountRoleName");
const assumeRoleForEc2 = aws.iam.getPolicyDocument({
statements: [{
effect: "Allow",
actions: ["sts:AssumeRole"],
principals: [{
identifiers: ["ec2.amazonaws.com"],
type: "Service",
}],
}],
});
const roleForS3Access = new aws.iam.Role("role_for_s3_access", {
name: "shared-ec2-role-for-s3",
description: "Role for shared access",
assumeRolePolicy: assumeRoleForEc2.then(assumeRoleForEc2 => assumeRoleForEc2.json),
});
const passRoleForS3Access = aws.iam.getPolicyDocumentOutput({
statements: [{
effect: "Allow",
actions: ["iam:PassRole"],
resources: [roleForS3Access.arn],
}],
});
const passRoleForS3AccessPolicy = new aws.iam.Policy("pass_role_for_s3_access", {
name: "shared-pass-role-for-s3-access",
path: "/",
policy: passRoleForS3Access.apply(passRoleForS3Access => passRoleForS3Access.json),
});
const crossAccount = new aws.iam.RolePolicyAttachment("cross_account", {
policyArn: passRoleForS3AccessPolicy.arn,
role: crossaccountRoleName,
});
const shared = new aws.iam.InstanceProfile("shared", {
name: "shared-instance-profile",
role: roleForS3Access.name,
});
const sharedInstanceProfile = new databricks.InstanceProfile("shared", {instanceProfileArn: shared.arn});
const latest = databricks.getSparkVersion({});
const smallest = databricks.getNodeType({
localDisk: true,
});
const _this = new databricks.Cluster("this", {
clusterName: "Shared Autoscaling",
sparkVersion: latest.then(latest => latest.id),
nodeTypeId: smallest.then(smallest => smallest.id),
autoterminationMinutes: 20,
autoscale: {
minWorkers: 1,
maxWorkers: 50,
},
awsAttributes: {
instanceProfileArn: sharedInstanceProfile.id,
availability: "SPOT",
zoneId: "us-east-1",
firstOnDemand: 1,
spotBidPricePercent: 100,
},
});
import pulumi
import pulumi_aws as aws
import pulumi_databricks as databricks
config = pulumi.Config()
# Role that you've specified on https://accounts.cloud.databricks.com/#aws
crossaccount_role_name = config.require("crossaccountRoleName")
assume_role_for_ec2 = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(
effect="Allow",
actions=["sts:AssumeRole"],
principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
identifiers=["ec2.amazonaws.com"],
type="Service",
)],
)])
role_for_s3_access = aws.iam.Role("role_for_s3_access",
name="shared-ec2-role-for-s3",
description="Role for shared access",
assume_role_policy=assume_role_for_ec2.json)
pass_role_for_s3_access = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(
effect="Allow",
actions=["iam:PassRole"],
resources=[role_for_s3_access.arn],
)])
pass_role_for_s3_access_policy = aws.iam.Policy("pass_role_for_s3_access",
name="shared-pass-role-for-s3-access",
path="/",
policy=pass_role_for_s3_access.json)
cross_account = aws.iam.RolePolicyAttachment("cross_account",
policy_arn=pass_role_for_s3_access_policy.arn,
role=crossaccount_role_name)
shared = aws.iam.InstanceProfile("shared",
name="shared-instance-profile",
role=role_for_s3_access.name)
shared_instance_profile = databricks.InstanceProfile("shared", instance_profile_arn=shared.arn)
latest = databricks.get_spark_version()
smallest = databricks.get_node_type(local_disk=True)
this = databricks.Cluster("this",
cluster_name="Shared Autoscaling",
spark_version=latest.id,
node_type_id=smallest.id,
autotermination_minutes=20,
autoscale=databricks.ClusterAutoscaleArgs(
min_workers=1,
max_workers=50,
),
aws_attributes=databricks.ClusterAwsAttributesArgs(
instance_profile_arn=shared_instance_profile.id,
availability="SPOT",
zone_id="us-east-1",
first_on_demand=1,
spot_bid_price_percent=100,
))
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
// Role that you've specified on https://accounts.cloud.databricks.com/#aws
crossaccountRoleName := cfg.Require("crossaccountRoleName")
assumeRoleForEc2, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: pulumi.StringRef("Allow"),
Actions: []string{
"sts:AssumeRole",
},
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Identifiers: []string{
"ec2.amazonaws.com",
},
Type: "Service",
},
},
},
},
}, nil)
if err != nil {
return err
}
roleForS3Access, err := iam.NewRole(ctx, "role_for_s3_access", &iam.RoleArgs{
Name: pulumi.String("shared-ec2-role-for-s3"),
Description: pulumi.String("Role for shared access"),
AssumeRolePolicy: pulumi.String(assumeRoleForEc2.Json),
})
if err != nil {
return err
}
passRoleForS3Access := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
Statements: iam.GetPolicyDocumentStatementArray{
&iam.GetPolicyDocumentStatementArgs{
Effect: pulumi.String("Allow"),
Actions: pulumi.StringArray{
pulumi.String("iam:PassRole"),
},
Resources: pulumi.StringArray{
roleForS3Access.Arn,
},
},
},
}, nil)
passRoleForS3AccessPolicy, err := iam.NewPolicy(ctx, "pass_role_for_s3_access", &iam.PolicyArgs{
Name: pulumi.String("shared-pass-role-for-s3-access"),
Path: pulumi.String("/"),
Policy: passRoleForS3Access.ApplyT(func(passRoleForS3Access iam.GetPolicyDocumentResult) (*string, error) {
return &passRoleForS3Access.Json, nil
}).(pulumi.StringPtrOutput),
})
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "cross_account", &iam.RolePolicyAttachmentArgs{
PolicyArn: passRoleForS3AccessPolicy.Arn,
Role: pulumi.String(crossaccountRoleName),
})
if err != nil {
return err
}
shared, err := iam.NewInstanceProfile(ctx, "shared", &iam.InstanceProfileArgs{
Name: pulumi.String("shared-instance-profile"),
Role: roleForS3Access.Name,
})
if err != nil {
return err
}
sharedInstanceProfile, err := databricks.NewInstanceProfile(ctx, "shared", &databricks.InstanceProfileArgs{
InstanceProfileArn: shared.Arn,
})
if err != nil {
return err
}
latest, err := databricks.GetSparkVersion(ctx, nil, nil)
if err != nil {
return err
}
smallest, err := databricks.GetNodeType(ctx, &databricks.GetNodeTypeArgs{
LocalDisk: pulumi.BoolRef(true),
}, nil)
if err != nil {
return err
}
_, err = databricks.NewCluster(ctx, "this", &databricks.ClusterArgs{
ClusterName: pulumi.String("Shared Autoscaling"),
SparkVersion: pulumi.String(latest.Id),
NodeTypeId: pulumi.String(smallest.Id),
AutoterminationMinutes: pulumi.Int(20),
Autoscale: &databricks.ClusterAutoscaleArgs{
MinWorkers: pulumi.Int(1),
MaxWorkers: pulumi.Int(50),
},
AwsAttributes: &databricks.ClusterAwsAttributesArgs{
InstanceProfileArn: sharedInstanceProfile.ID(),
Availability: pulumi.String("SPOT"),
ZoneId: pulumi.String("us-east-1"),
FirstOnDemand: pulumi.Int(1),
SpotBidPricePercent: pulumi.Int(100),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var config = new Config();
// Role that you've specified on https://accounts.cloud.databricks.com/#aws
var crossaccountRoleName = config.Require("crossaccountRoleName");
var assumeRoleForEc2 = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Actions = new[]
{
"sts:AssumeRole",
},
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Identifiers = new[]
{
"ec2.amazonaws.com",
},
Type = "Service",
},
},
},
},
});
var roleForS3Access = new Aws.Iam.Role("role_for_s3_access", new()
{
Name = "shared-ec2-role-for-s3",
Description = "Role for shared access",
AssumeRolePolicy = assumeRoleForEc2.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var passRoleForS3Access = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Actions = new[]
{
"iam:PassRole",
},
Resources = new[]
{
roleForS3Access.Arn,
},
},
},
});
var passRoleForS3AccessPolicy = new Aws.Iam.Policy("pass_role_for_s3_access", new()
{
Name = "shared-pass-role-for-s3-access",
Path = "/",
PolicyDocument = passRoleForS3Access.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var crossAccount = new Aws.Iam.RolePolicyAttachment("cross_account", new()
{
PolicyArn = passRoleForS3AccessPolicy.Arn,
Role = crossaccountRoleName,
});
var shared = new Aws.Iam.InstanceProfile("shared", new()
{
Name = "shared-instance-profile",
Role = roleForS3Access.Name,
});
var sharedInstanceProfile = new Databricks.InstanceProfile("shared", new()
{
InstanceProfileArn = shared.Arn,
});
var latest = Databricks.GetSparkVersion.Invoke();
var smallest = Databricks.GetNodeType.Invoke(new()
{
LocalDisk = true,
});
var @this = new Databricks.Cluster("this", new()
{
ClusterName = "Shared Autoscaling",
SparkVersion = latest.Apply(getSparkVersionResult => getSparkVersionResult.Id),
NodeTypeId = smallest.Apply(getNodeTypeResult => getNodeTypeResult.Id),
AutoterminationMinutes = 20,
Autoscale = new Databricks.Inputs.ClusterAutoscaleArgs
{
MinWorkers = 1,
MaxWorkers = 50,
},
AwsAttributes = new Databricks.Inputs.ClusterAwsAttributesArgs
{
InstanceProfileArn = sharedInstanceProfile.Id,
Availability = "SPOT",
ZoneId = "us-east-1",
FirstOnDemand = 1,
SpotBidPricePercent = 100,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.Policy;
import com.pulumi.aws.iam.PolicyArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.aws.iam.InstanceProfile;
import com.pulumi.aws.iam.InstanceProfileArgs;
import com.pulumi.databricks.InstanceProfile;
import com.pulumi.databricks.InstanceProfileArgs;
import com.pulumi.databricks.DatabricksFunctions;
import com.pulumi.databricks.inputs.GetSparkVersionArgs;
import com.pulumi.databricks.inputs.GetNodeTypeArgs;
import com.pulumi.databricks.Cluster;
import com.pulumi.databricks.ClusterArgs;
import com.pulumi.databricks.inputs.ClusterAutoscaleArgs;
import com.pulumi.databricks.inputs.ClusterAwsAttributesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var crossaccountRoleName = config.get("crossaccountRoleName");
final var assumeRoleForEc2 = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions("sts:AssumeRole")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.identifiers("ec2.amazonaws.com")
.type("Service")
.build())
.build())
.build());
var roleForS3Access = new Role("roleForS3Access", RoleArgs.builder()
.name("shared-ec2-role-for-s3")
.description("Role for shared access")
.assumeRolePolicy(assumeRoleForEc2.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.build());
final var passRoleForS3Access = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions("iam:PassRole")
.resources(roleForS3Access.arn())
.build())
.build());
var passRoleForS3AccessPolicy = new Policy("passRoleForS3AccessPolicy", PolicyArgs.builder()
.name("shared-pass-role-for-s3-access")
.path("/")
.policy(passRoleForS3Access.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(passRoleForS3Access -> passRoleForS3Access.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
.build());
var crossAccount = new RolePolicyAttachment("crossAccount", RolePolicyAttachmentArgs.builder()
.policyArn(passRoleForS3AccessPolicy.arn())
.role(crossaccountRoleName)
.build());
var shared = new InstanceProfile("shared", InstanceProfileArgs.builder()
.name("shared-instance-profile")
.role(roleForS3Access.name())
.build());
var sharedInstanceProfile = new InstanceProfile("sharedInstanceProfile", InstanceProfileArgs.builder()
.instanceProfileArn(shared.arn())
.build());
final var latest = DatabricksFunctions.getSparkVersion();
final var smallest = DatabricksFunctions.getNodeType(GetNodeTypeArgs.builder()
.localDisk(true)
.build());
var this_ = new Cluster("this", ClusterArgs.builder()
.clusterName("Shared Autoscaling")
.sparkVersion(latest.applyValue(getSparkVersionResult -> getSparkVersionResult.id()))
.nodeTypeId(smallest.applyValue(getNodeTypeResult -> getNodeTypeResult.id()))
.autoterminationMinutes(20)
.autoscale(ClusterAutoscaleArgs.builder()
.minWorkers(1)
.maxWorkers(50)
.build())
.awsAttributes(ClusterAwsAttributesArgs.builder()
.instanceProfileArn(sharedInstanceProfile.id())
.availability("SPOT")
.zoneId("us-east-1")
.firstOnDemand(1)
.spotBidPricePercent(100)
.build())
.build());
}
}
configuration:
crossaccountRoleName:
type: string
resources:
roleForS3Access:
type: aws:iam:Role
name: role_for_s3_access
properties:
name: shared-ec2-role-for-s3
description: Role for shared access
assumeRolePolicy: ${assumeRoleForEc2.json}
passRoleForS3AccessPolicy:
type: aws:iam:Policy
name: pass_role_for_s3_access
properties:
name: shared-pass-role-for-s3-access
path: /
policy: ${passRoleForS3Access.json}
crossAccount:
type: aws:iam:RolePolicyAttachment
name: cross_account
properties:
policyArn: ${passRoleForS3AccessPolicy.arn}
role: ${crossaccountRoleName}
shared:
type: aws:iam:InstanceProfile
properties:
name: shared-instance-profile
role: ${roleForS3Access.name}
sharedInstanceProfile:
type: databricks:InstanceProfile
name: shared
properties:
instanceProfileArn: ${shared.arn}
this:
type: databricks:Cluster
properties:
clusterName: Shared Autoscaling
sparkVersion: ${latest.id}
nodeTypeId: ${smallest.id}
autoterminationMinutes: 20
autoscale:
minWorkers: 1
maxWorkers: 50
awsAttributes:
instanceProfileArn: ${sharedInstanceProfile.id}
availability: SPOT
zoneId: us-east-1
firstOnDemand: 1
spotBidPricePercent: 100
variables:
assumeRoleForEc2:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- effect: Allow
actions:
- sts:AssumeRole
principals:
- identifiers:
- ec2.amazonaws.com
type: Service
passRoleForS3Access:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- effect: Allow
actions:
- iam:PassRole
resources:
- ${roleForS3Access.arn}
latest:
fn::invoke:
Function: databricks:getSparkVersion
Arguments: {}
smallest:
fn::invoke:
Function: databricks:getNodeType
Arguments:
localDisk: true
Usage with Cluster Policies
It is advised to keep all common configurations in Cluster Policies to maintain control of the environments launched, so databricks.Cluster above could be replaced with databricks.ClusterPolicy:
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
const _this = new databricks.ClusterPolicy("this", {
name: "Policy with predefined instance profile",
definition: JSON.stringify({
"aws_attributes.instance_profile_arn": {
type: "fixed",
value: shared.arn,
},
}),
});
import pulumi
import json
import pulumi_databricks as databricks
this = databricks.ClusterPolicy("this",
name="Policy with predefined instance profile",
definition=json.dumps({
"aws_attributes.instance_profile_arn": {
"type": "fixed",
"value": shared["arn"],
},
}))
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"aws_attributes.instance_profile_arn": map[string]interface{}{
"type": "fixed",
"value": shared.Arn,
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = databricks.NewClusterPolicy(ctx, "this", &databricks.ClusterPolicyArgs{
Name: pulumi.String("Policy with predefined instance profile"),
Definition: pulumi.String(json0),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var @this = new Databricks.ClusterPolicy("this", new()
{
Name = "Policy with predefined instance profile",
Definition = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["aws_attributes.instance_profile_arn"] = new Dictionary<string, object?>
{
["type"] = "fixed",
["value"] = shared.Arn,
},
}),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.ClusterPolicy;
import com.pulumi.databricks.ClusterPolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var this_ = new ClusterPolicy("this", ClusterPolicyArgs.builder()
.name("Policy with predefined instance profile")
.definition(serializeJson(
jsonObject(
jsonProperty("aws_attributes.instance_profile_arn", jsonObject(
jsonProperty("type", "fixed"),
jsonProperty("value", shared.arn())
))
)))
.build());
}
}
resources:
this:
type: databricks:ClusterPolicy
properties:
name: Policy with predefined instance profile
definition:
fn::toJSON:
aws_attributes.instance_profile_arn:
type: fixed
value: ${shared.arn}
Granting access to all users
You can make instance profile available to all users by associating it with the special group called users through databricks.Group data source.
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
const _this = new databricks.InstanceProfile("this", {instanceProfileArn: shared.arn});
const users = databricks.getGroup({
displayName: "users",
});
const all = new databricks.GroupInstanceProfile("all", {
groupId: users.then(users => users.id),
instanceProfileId: _this.id,
});
import pulumi
import pulumi_databricks as databricks
this = databricks.InstanceProfile("this", instance_profile_arn=shared["arn"])
users = databricks.get_group(display_name="users")
all = databricks.GroupInstanceProfile("all",
group_id=users.id,
instance_profile_id=this.id)
package main
import (
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
this, err := databricks.NewInstanceProfile(ctx, "this", &databricks.InstanceProfileArgs{
InstanceProfileArn: pulumi.Any(shared.Arn),
})
if err != nil {
return err
}
users, err := databricks.LookupGroup(ctx, &databricks.LookupGroupArgs{
DisplayName: "users",
}, nil)
if err != nil {
return err
}
_, err = databricks.NewGroupInstanceProfile(ctx, "all", &databricks.GroupInstanceProfileArgs{
GroupId: pulumi.String(users.Id),
InstanceProfileId: this.ID(),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var @this = new Databricks.InstanceProfile("this", new()
{
InstanceProfileArn = shared.Arn,
});
var users = Databricks.GetGroup.Invoke(new()
{
DisplayName = "users",
});
var all = new Databricks.GroupInstanceProfile("all", new()
{
GroupId = users.Apply(getGroupResult => getGroupResult.Id),
InstanceProfileId = @this.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.InstanceProfile;
import com.pulumi.databricks.InstanceProfileArgs;
import com.pulumi.databricks.DatabricksFunctions;
import com.pulumi.databricks.inputs.GetGroupArgs;
import com.pulumi.databricks.GroupInstanceProfile;
import com.pulumi.databricks.GroupInstanceProfileArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var this_ = new InstanceProfile("this", InstanceProfileArgs.builder()
.instanceProfileArn(shared.arn())
.build());
final var users = DatabricksFunctions.getGroup(GetGroupArgs.builder()
.displayName("users")
.build());
var all = new GroupInstanceProfile("all", GroupInstanceProfileArgs.builder()
.groupId(users.applyValue(getGroupResult -> getGroupResult.id()))
.instanceProfileId(this_.id())
.build());
}
}
resources:
this:
type: databricks:InstanceProfile
properties:
instanceProfileArn: ${shared.arn}
all:
type: databricks:GroupInstanceProfile
properties:
groupId: ${users.id}
instanceProfileId: ${this.id}
variables:
users:
fn::invoke:
Function: databricks:getGroup
Arguments:
displayName: users
Usage with Databricks SQL serverless
When the instance profile ARN and its associated IAM role ARN don’t match and the instance profile is intended for use with Databricks SQL serverless, the iam_role_arn parameter can be specified.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as databricks from "@pulumi/databricks";
const sqlServerlessAssumeRole = aws.iam.getPolicyDocument({
statements: [{
actions: ["sts:AssumeRole"],
principals: [{
type: "AWS",
identifiers: ["arn:aws:iam::790110701330:role/serverless-customer-resource-role"],
}],
conditions: [{
test: "StringEquals",
variable: "sts:ExternalID",
values: [
"databricks-serverless-<YOUR_WORKSPACE_ID1>",
"databricks-serverless-<YOUR_WORKSPACE_ID2>",
],
}],
}],
});
const _this = new aws.iam.Role("this", {
name: "my-databricks-sql-serverless-role",
assumeRolePolicy: sqlServerlessAssumeRole.then(sqlServerlessAssumeRole => sqlServerlessAssumeRole.json),
});
const thisInstanceProfile = new aws.iam.InstanceProfile("this", {
name: "my-databricks-sql-serverless-instance-profile",
role: _this.name,
});
const thisInstanceProfile2 = new databricks.InstanceProfile("this", {
instanceProfileArn: thisInstanceProfile.arn,
iamRoleArn: _this.arn,
});
import pulumi
import pulumi_aws as aws
import pulumi_databricks as databricks
sql_serverless_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(
actions=["sts:AssumeRole"],
principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
type="AWS",
identifiers=["arn:aws:iam::790110701330:role/serverless-customer-resource-role"],
)],
conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(
test="StringEquals",
variable="sts:ExternalID",
values=[
"databricks-serverless-<YOUR_WORKSPACE_ID1>",
"databricks-serverless-<YOUR_WORKSPACE_ID2>",
],
)],
)])
this = aws.iam.Role("this",
name="my-databricks-sql-serverless-role",
assume_role_policy=sql_serverless_assume_role.json)
this_instance_profile = aws.iam.InstanceProfile("this",
name="my-databricks-sql-serverless-instance-profile",
role=this.name)
this_instance_profile2 = databricks.InstanceProfile("this",
instance_profile_arn=this_instance_profile.arn,
iam_role_arn=this.arn)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
sqlServerlessAssumeRole, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Actions: []string{
"sts:AssumeRole",
},
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "AWS",
Identifiers: []string{
"arn:aws:iam::790110701330:role/serverless-customer-resource-role",
},
},
},
Conditions: []iam.GetPolicyDocumentStatementCondition{
{
Test: "StringEquals",
Variable: "sts:ExternalID",
Values: []string{
"databricks-serverless-<YOUR_WORKSPACE_ID1>",
"databricks-serverless-<YOUR_WORKSPACE_ID2>",
},
},
},
},
},
}, nil)
if err != nil {
return err
}
this, err := iam.NewRole(ctx, "this", &iam.RoleArgs{
Name: pulumi.String("my-databricks-sql-serverless-role"),
AssumeRolePolicy: pulumi.String(sqlServerlessAssumeRole.Json),
})
if err != nil {
return err
}
thisInstanceProfile, err := iam.NewInstanceProfile(ctx, "this", &iam.InstanceProfileArgs{
Name: pulumi.String("my-databricks-sql-serverless-instance-profile"),
Role: this.Name,
})
if err != nil {
return err
}
_, err = databricks.NewInstanceProfile(ctx, "this", &databricks.InstanceProfileArgs{
InstanceProfileArn: thisInstanceProfile.Arn,
IamRoleArn: this.Arn,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var sqlServerlessAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Actions = new[]
{
"sts:AssumeRole",
},
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "AWS",
Identifiers = new[]
{
"arn:aws:iam::790110701330:role/serverless-customer-resource-role",
},
},
},
Conditions = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs
{
Test = "StringEquals",
Variable = "sts:ExternalID",
Values = new[]
{
"databricks-serverless-<YOUR_WORKSPACE_ID1>",
"databricks-serverless-<YOUR_WORKSPACE_ID2>",
},
},
},
},
},
});
var @this = new Aws.Iam.Role("this", new()
{
Name = "my-databricks-sql-serverless-role",
AssumeRolePolicy = sqlServerlessAssumeRole.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var thisInstanceProfile = new Aws.Iam.InstanceProfile("this", new()
{
Name = "my-databricks-sql-serverless-instance-profile",
Role = @this.Name,
});
var thisInstanceProfile2 = new Databricks.InstanceProfile("this", new()
{
InstanceProfileArn = thisInstanceProfile.Arn,
IamRoleArn = @this.Arn,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.InstanceProfile;
import com.pulumi.aws.iam.InstanceProfileArgs;
import com.pulumi.databricks.InstanceProfile;
import com.pulumi.databricks.InstanceProfileArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var sqlServerlessAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.actions("sts:AssumeRole")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("AWS")
.identifiers("arn:aws:iam::790110701330:role/serverless-customer-resource-role")
.build())
.conditions(GetPolicyDocumentStatementConditionArgs.builder()
.test("StringEquals")
.variable("sts:ExternalID")
.values(
"databricks-serverless-<YOUR_WORKSPACE_ID1>",
"databricks-serverless-<YOUR_WORKSPACE_ID2>")
.build())
.build())
.build());
var this_ = new Role("this", RoleArgs.builder()
.name("my-databricks-sql-serverless-role")
.assumeRolePolicy(sqlServerlessAssumeRole.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.build());
var thisInstanceProfile = new InstanceProfile("thisInstanceProfile", InstanceProfileArgs.builder()
.name("my-databricks-sql-serverless-instance-profile")
.role(this_.name())
.build());
var thisInstanceProfile2 = new InstanceProfile("thisInstanceProfile2", InstanceProfileArgs.builder()
.instanceProfileArn(thisInstanceProfile.arn())
.iamRoleArn(this_.arn())
.build());
}
}
resources:
this:
type: aws:iam:Role
properties:
name: my-databricks-sql-serverless-role
assumeRolePolicy: ${sqlServerlessAssumeRole.json}
thisInstanceProfile:
type: aws:iam:InstanceProfile
name: this
properties:
name: my-databricks-sql-serverless-instance-profile
role: ${this.name}
thisInstanceProfile2:
type: databricks:InstanceProfile
name: this
properties:
instanceProfileArn: ${thisInstanceProfile.arn}
iamRoleArn: ${this.arn}
variables:
sqlServerlessAssumeRole:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- actions:
- sts:AssumeRole
principals:
- type: AWS
identifiers:
- arn:aws:iam::790110701330:role/serverless-customer-resource-role
conditions:
- test: StringEquals
variable: sts:ExternalID
values:
- databricks-serverless-<YOUR_WORKSPACE_ID1>
- databricks-serverless-<YOUR_WORKSPACE_ID2>
Create InstanceProfile Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new InstanceProfile(name: string, args: InstanceProfileArgs, opts?: CustomResourceOptions);@overload
def InstanceProfile(resource_name: str,
args: InstanceProfileArgs,
opts: Optional[ResourceOptions] = None)
@overload
def InstanceProfile(resource_name: str,
opts: Optional[ResourceOptions] = None,
instance_profile_arn: Optional[str] = None,
iam_role_arn: Optional[str] = None,
is_meta_instance_profile: Optional[bool] = None,
skip_validation: Optional[bool] = None)func NewInstanceProfile(ctx *Context, name string, args InstanceProfileArgs, opts ...ResourceOption) (*InstanceProfile, error)public InstanceProfile(string name, InstanceProfileArgs args, CustomResourceOptions? opts = null)
public InstanceProfile(String name, InstanceProfileArgs args)
public InstanceProfile(String name, InstanceProfileArgs args, CustomResourceOptions options)
type: databricks:InstanceProfile
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args InstanceProfileArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args InstanceProfileArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args InstanceProfileArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args InstanceProfileArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args InstanceProfileArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var instanceProfileResource = new Databricks.InstanceProfile("instanceProfileResource", new()
{
InstanceProfileArn = "string",
IamRoleArn = "string",
IsMetaInstanceProfile = false,
SkipValidation = false,
});
example, err := databricks.NewInstanceProfile(ctx, "instanceProfileResource", &databricks.InstanceProfileArgs{
InstanceProfileArn: pulumi.String("string"),
IamRoleArn: pulumi.String("string"),
IsMetaInstanceProfile: pulumi.Bool(false),
SkipValidation: pulumi.Bool(false),
})
var instanceProfileResource = new InstanceProfile("instanceProfileResource", InstanceProfileArgs.builder()
.instanceProfileArn("string")
.iamRoleArn("string")
.isMetaInstanceProfile(false)
.skipValidation(false)
.build());
instance_profile_resource = databricks.InstanceProfile("instanceProfileResource",
instance_profile_arn="string",
iam_role_arn="string",
is_meta_instance_profile=False,
skip_validation=False)
const instanceProfileResource = new databricks.InstanceProfile("instanceProfileResource", {
instanceProfileArn: "string",
iamRoleArn: "string",
isMetaInstanceProfile: false,
skipValidation: false,
});
type: databricks:InstanceProfile
properties:
iamRoleArn: string
instanceProfileArn: string
isMetaInstanceProfile: false
skipValidation: false
InstanceProfile Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The InstanceProfile resource accepts the following input properties:
- Instance
Profile stringArn ARNattribute ofaws_iam_instance_profileoutput, the EC2 instance profile association to AWS IAM role. This ARN would be validated upon resource creation.- Iam
Role stringArn - The AWS IAM role ARN of the role associated with the instance profile. It must have the form
arn:aws:iam::<account-id>:role/<name>. This field is required if your role name and instance profile name do not match and you want to use the instance profile with Databricks SQL Serverless. - Is
Meta boolInstance Profile - Whether the instance profile is a meta instance profile. Used only in IAM credential passthrough.
- Skip
Validation bool - For advanced usage only. If validation fails with an error message that does not indicate an IAM related permission issue, (e.g. "Your requested instance type is not supported in your requested availability zone"), you can pass this flag to skip the validation and forcibly add the instance profile.
- Instance
Profile stringArn ARNattribute ofaws_iam_instance_profileoutput, the EC2 instance profile association to AWS IAM role. This ARN would be validated upon resource creation.- Iam
Role stringArn - The AWS IAM role ARN of the role associated with the instance profile. It must have the form
arn:aws:iam::<account-id>:role/<name>. This field is required if your role name and instance profile name do not match and you want to use the instance profile with Databricks SQL Serverless. - Is
Meta boolInstance Profile - Whether the instance profile is a meta instance profile. Used only in IAM credential passthrough.
- Skip
Validation bool - For advanced usage only. If validation fails with an error message that does not indicate an IAM related permission issue, (e.g. "Your requested instance type is not supported in your requested availability zone"), you can pass this flag to skip the validation and forcibly add the instance profile.
- instance
Profile StringArn ARNattribute ofaws_iam_instance_profileoutput, the EC2 instance profile association to AWS IAM role. This ARN would be validated upon resource creation.- iam
Role StringArn - The AWS IAM role ARN of the role associated with the instance profile. It must have the form
arn:aws:iam::<account-id>:role/<name>. This field is required if your role name and instance profile name do not match and you want to use the instance profile with Databricks SQL Serverless. - is
Meta BooleanInstance Profile - Whether the instance profile is a meta instance profile. Used only in IAM credential passthrough.
- skip
Validation Boolean - For advanced usage only. If validation fails with an error message that does not indicate an IAM related permission issue, (e.g. "Your requested instance type is not supported in your requested availability zone"), you can pass this flag to skip the validation and forcibly add the instance profile.
- instance
Profile stringArn ARNattribute ofaws_iam_instance_profileoutput, the EC2 instance profile association to AWS IAM role. This ARN would be validated upon resource creation.- iam
Role stringArn - The AWS IAM role ARN of the role associated with the instance profile. It must have the form
arn:aws:iam::<account-id>:role/<name>. This field is required if your role name and instance profile name do not match and you want to use the instance profile with Databricks SQL Serverless. - is
Meta booleanInstance Profile - Whether the instance profile is a meta instance profile. Used only in IAM credential passthrough.
- skip
Validation boolean - For advanced usage only. If validation fails with an error message that does not indicate an IAM related permission issue, (e.g. "Your requested instance type is not supported in your requested availability zone"), you can pass this flag to skip the validation and forcibly add the instance profile.
- instance_
profile_ strarn ARNattribute ofaws_iam_instance_profileoutput, the EC2 instance profile association to AWS IAM role. This ARN would be validated upon resource creation.- iam_
role_ strarn - The AWS IAM role ARN of the role associated with the instance profile. It must have the form
arn:aws:iam::<account-id>:role/<name>. This field is required if your role name and instance profile name do not match and you want to use the instance profile with Databricks SQL Serverless. - is_
meta_ boolinstance_ profile - Whether the instance profile is a meta instance profile. Used only in IAM credential passthrough.
- skip_
validation bool - For advanced usage only. If validation fails with an error message that does not indicate an IAM related permission issue, (e.g. "Your requested instance type is not supported in your requested availability zone"), you can pass this flag to skip the validation and forcibly add the instance profile.
- instance
Profile StringArn ARNattribute ofaws_iam_instance_profileoutput, the EC2 instance profile association to AWS IAM role. This ARN would be validated upon resource creation.- iam
Role StringArn - The AWS IAM role ARN of the role associated with the instance profile. It must have the form
arn:aws:iam::<account-id>:role/<name>. This field is required if your role name and instance profile name do not match and you want to use the instance profile with Databricks SQL Serverless. - is
Meta BooleanInstance Profile - Whether the instance profile is a meta instance profile. Used only in IAM credential passthrough.
- skip
Validation Boolean - For advanced usage only. If validation fails with an error message that does not indicate an IAM related permission issue, (e.g. "Your requested instance type is not supported in your requested availability zone"), you can pass this flag to skip the validation and forcibly add the instance profile.
Outputs
All input properties are implicitly available as output properties. Additionally, the InstanceProfile resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing InstanceProfile Resource
Get an existing InstanceProfile resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: InstanceProfileState, opts?: CustomResourceOptions): InstanceProfile@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
iam_role_arn: Optional[str] = None,
instance_profile_arn: Optional[str] = None,
is_meta_instance_profile: Optional[bool] = None,
skip_validation: Optional[bool] = None) -> InstanceProfilefunc GetInstanceProfile(ctx *Context, name string, id IDInput, state *InstanceProfileState, opts ...ResourceOption) (*InstanceProfile, error)public static InstanceProfile Get(string name, Input<string> id, InstanceProfileState? state, CustomResourceOptions? opts = null)public static InstanceProfile get(String name, Output<String> id, InstanceProfileState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Iam
Role stringArn - The AWS IAM role ARN of the role associated with the instance profile. It must have the form
arn:aws:iam::<account-id>:role/<name>. This field is required if your role name and instance profile name do not match and you want to use the instance profile with Databricks SQL Serverless. - Instance
Profile stringArn ARNattribute ofaws_iam_instance_profileoutput, the EC2 instance profile association to AWS IAM role. This ARN would be validated upon resource creation.- Is
Meta boolInstance Profile - Whether the instance profile is a meta instance profile. Used only in IAM credential passthrough.
- Skip
Validation bool - For advanced usage only. If validation fails with an error message that does not indicate an IAM related permission issue, (e.g. "Your requested instance type is not supported in your requested availability zone"), you can pass this flag to skip the validation and forcibly add the instance profile.
- Iam
Role stringArn - The AWS IAM role ARN of the role associated with the instance profile. It must have the form
arn:aws:iam::<account-id>:role/<name>. This field is required if your role name and instance profile name do not match and you want to use the instance profile with Databricks SQL Serverless. - Instance
Profile stringArn ARNattribute ofaws_iam_instance_profileoutput, the EC2 instance profile association to AWS IAM role. This ARN would be validated upon resource creation.- Is
Meta boolInstance Profile - Whether the instance profile is a meta instance profile. Used only in IAM credential passthrough.
- Skip
Validation bool - For advanced usage only. If validation fails with an error message that does not indicate an IAM related permission issue, (e.g. "Your requested instance type is not supported in your requested availability zone"), you can pass this flag to skip the validation and forcibly add the instance profile.
- iam
Role StringArn - The AWS IAM role ARN of the role associated with the instance profile. It must have the form
arn:aws:iam::<account-id>:role/<name>. This field is required if your role name and instance profile name do not match and you want to use the instance profile with Databricks SQL Serverless. - instance
Profile StringArn ARNattribute ofaws_iam_instance_profileoutput, the EC2 instance profile association to AWS IAM role. This ARN would be validated upon resource creation.- is
Meta BooleanInstance Profile - Whether the instance profile is a meta instance profile. Used only in IAM credential passthrough.
- skip
Validation Boolean - For advanced usage only. If validation fails with an error message that does not indicate an IAM related permission issue, (e.g. "Your requested instance type is not supported in your requested availability zone"), you can pass this flag to skip the validation and forcibly add the instance profile.
- iam
Role stringArn - The AWS IAM role ARN of the role associated with the instance profile. It must have the form
arn:aws:iam::<account-id>:role/<name>. This field is required if your role name and instance profile name do not match and you want to use the instance profile with Databricks SQL Serverless. - instance
Profile stringArn ARNattribute ofaws_iam_instance_profileoutput, the EC2 instance profile association to AWS IAM role. This ARN would be validated upon resource creation.- is
Meta booleanInstance Profile - Whether the instance profile is a meta instance profile. Used only in IAM credential passthrough.
- skip
Validation boolean - For advanced usage only. If validation fails with an error message that does not indicate an IAM related permission issue, (e.g. "Your requested instance type is not supported in your requested availability zone"), you can pass this flag to skip the validation and forcibly add the instance profile.
- iam_
role_ strarn - The AWS IAM role ARN of the role associated with the instance profile. It must have the form
arn:aws:iam::<account-id>:role/<name>. This field is required if your role name and instance profile name do not match and you want to use the instance profile with Databricks SQL Serverless. - instance_
profile_ strarn ARNattribute ofaws_iam_instance_profileoutput, the EC2 instance profile association to AWS IAM role. This ARN would be validated upon resource creation.- is_
meta_ boolinstance_ profile - Whether the instance profile is a meta instance profile. Used only in IAM credential passthrough.
- skip_
validation bool - For advanced usage only. If validation fails with an error message that does not indicate an IAM related permission issue, (e.g. "Your requested instance type is not supported in your requested availability zone"), you can pass this flag to skip the validation and forcibly add the instance profile.
- iam
Role StringArn - The AWS IAM role ARN of the role associated with the instance profile. It must have the form
arn:aws:iam::<account-id>:role/<name>. This field is required if your role name and instance profile name do not match and you want to use the instance profile with Databricks SQL Serverless. - instance
Profile StringArn ARNattribute ofaws_iam_instance_profileoutput, the EC2 instance profile association to AWS IAM role. This ARN would be validated upon resource creation.- is
Meta BooleanInstance Profile - Whether the instance profile is a meta instance profile. Used only in IAM credential passthrough.
- skip
Validation Boolean - For advanced usage only. If validation fails with an error message that does not indicate an IAM related permission issue, (e.g. "Your requested instance type is not supported in your requested availability zone"), you can pass this flag to skip the validation and forcibly add the instance profile.
Import
The resource instance profile can be imported using the ARN of it
bash
$ pulumi import databricks:index/instanceProfile:InstanceProfile this <instance-profile-arn>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- databricks pulumi/pulumi-databricks
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
databricksTerraform Provider.