Docs Packages
  1. Pulumi Registry
  2. Databricks
  3. API Docs
  4. MwsCredentials
databricks logo
Databricks v1.14.0, May 23 23

databricks.MwsCredentials

Explore with Pulumi AI

The following resources are used in the same context:

  • Provisioning Databricks on AWS guide.
  • databricks.MwsCustomerManagedKeys to configure KMS keys for new workspaces within AWS.
  • databricks.MwsLogDelivery to configure delivery of billable usage logs and audit logs.
  • databricks.MwsNetworks to configure VPC & subnets for new workspaces within AWS.
  • databricks.MwsStorageConfigurations to configure root bucket new workspaces within AWS.
  • databricks.MwsWorkspaces to set up workspaces in E2 architecture on AWS.

Example Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Databricks = Pulumi.Databricks;

return await Deployment.RunAsync(() => 
{
    var config = new Config();
    var databricksAccountId = config.RequireObject<dynamic>("databricksAccountId");
    var thisAwsAssumeRolePolicy = Databricks.GetAwsAssumeRolePolicy.Invoke(new()
    {
        ExternalId = databricksAccountId,
    });

    var crossAccountRole = new Aws.Iam.Role("crossAccountRole", new()
    {
        AssumeRolePolicy = thisAwsAssumeRolePolicy.Apply(getAwsAssumeRolePolicyResult => getAwsAssumeRolePolicyResult.Json),
        Tags = @var.Tags,
    });

    var thisAwsCrossAccountPolicy = Databricks.GetAwsCrossAccountPolicy.Invoke();

    var thisRolePolicy = new Aws.Iam.RolePolicy("thisRolePolicy", new()
    {
        Role = crossAccountRole.Id,
        Policy = thisAwsCrossAccountPolicy.Apply(getAwsCrossAccountPolicyResult => getAwsCrossAccountPolicyResult.Json),
    });

    var thisMwsCredentials = new Databricks.MwsCredentials("thisMwsCredentials", new()
    {
        AccountId = databricksAccountId,
        CredentialsName = $"{local.Prefix}-creds",
        RoleArn = crossAccountRole.Arn,
    }, new CustomResourceOptions
    {
        Provider = databricks.Mws,
    });

});

package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam"
	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		cfg := config.New(ctx, "")
		databricksAccountId := cfg.RequireObject("databricksAccountId")
		thisAwsAssumeRolePolicy, err := databricks.GetAwsAssumeRolePolicy(ctx, &databricks.GetAwsAssumeRolePolicyArgs{
			ExternalId: databricksAccountId,
		}, nil)
		if err != nil {
			return err
		}
		crossAccountRole, err := iam.NewRole(ctx, "crossAccountRole", &iam.RoleArgs{
			AssumeRolePolicy: *pulumi.String(thisAwsAssumeRolePolicy.Json),
			Tags:             pulumi.Any(_var.Tags),
		})
		if err != nil {
			return err
		}
		thisAwsCrossAccountPolicy, err := databricks.GetAwsCrossAccountPolicy(ctx, nil, nil)
		if err != nil {
			return err
		}
		_, err = iam.NewRolePolicy(ctx, "thisRolePolicy", &iam.RolePolicyArgs{
			Role:   crossAccountRole.ID(),
			Policy: *pulumi.String(thisAwsCrossAccountPolicy.Json),
		})
		if err != nil {
			return err
		}
		_, err = databricks.NewMwsCredentials(ctx, "thisMwsCredentials", &databricks.MwsCredentialsArgs{
			AccountId:       pulumi.Any(databricksAccountId),
			CredentialsName: pulumi.String(fmt.Sprintf("%v-creds", local.Prefix)),
			RoleArn:         crossAccountRole.Arn,
		}, pulumi.Provider(databricks.Mws))
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.DatabricksFunctions;
import com.pulumi.databricks.inputs.GetAwsAssumeRolePolicyArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.databricks.inputs.GetAwsCrossAccountPolicyArgs;
import com.pulumi.aws.iam.RolePolicy;
import com.pulumi.aws.iam.RolePolicyArgs;
import com.pulumi.databricks.MwsCredentials;
import com.pulumi.databricks.MwsCredentialsArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var config = ctx.config();
        final var databricksAccountId = config.get("databricksAccountId");
        final var thisAwsAssumeRolePolicy = DatabricksFunctions.getAwsAssumeRolePolicy(GetAwsAssumeRolePolicyArgs.builder()
            .externalId(databricksAccountId)
            .build());

        var crossAccountRole = new Role("crossAccountRole", RoleArgs.builder()        
            .assumeRolePolicy(thisAwsAssumeRolePolicy.applyValue(getAwsAssumeRolePolicyResult -> getAwsAssumeRolePolicyResult.json()))
            .tags(var_.tags())
            .build());

        final var thisAwsCrossAccountPolicy = DatabricksFunctions.getAwsCrossAccountPolicy();

        var thisRolePolicy = new RolePolicy("thisRolePolicy", RolePolicyArgs.builder()        
            .role(crossAccountRole.id())
            .policy(thisAwsCrossAccountPolicy.applyValue(getAwsCrossAccountPolicyResult -> getAwsCrossAccountPolicyResult.json()))
            .build());

        var thisMwsCredentials = new MwsCredentials("thisMwsCredentials", MwsCredentialsArgs.builder()        
            .accountId(databricksAccountId)
            .credentialsName(String.format("%s-creds", local.prefix()))
            .roleArn(crossAccountRole.arn())
            .build(), CustomResourceOptions.builder()
                .provider(databricks.mws())
                .build());

    }
}

import pulumi
import pulumi_aws as aws
import pulumi_databricks as databricks

config = pulumi.Config()
databricks_account_id = config.require_object("databricksAccountId")
this_aws_assume_role_policy = databricks.get_aws_assume_role_policy(external_id=databricks_account_id)
cross_account_role = aws.iam.Role("crossAccountRole",
    assume_role_policy=this_aws_assume_role_policy.json,
    tags=var["tags"])
this_aws_cross_account_policy = databricks.get_aws_cross_account_policy()
this_role_policy = aws.iam.RolePolicy("thisRolePolicy",
    role=cross_account_role.id,
    policy=this_aws_cross_account_policy.json)
this_mws_credentials = databricks.MwsCredentials("thisMwsCredentials",
    account_id=databricks_account_id,
    credentials_name=f"{local['prefix']}-creds",
    role_arn=cross_account_role.arn,
    opts=pulumi.ResourceOptions(provider=databricks["mws"]))

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as databricks from "@pulumi/databricks";

const config = new pulumi.Config();
const databricksAccountId = config.requireObject("databricksAccountId");
const thisAwsAssumeRolePolicy = databricks.getAwsAssumeRolePolicy({
    externalId: databricksAccountId,
});
const crossAccountRole = new aws.iam.Role("crossAccountRole", {
    assumeRolePolicy: thisAwsAssumeRolePolicy.then(thisAwsAssumeRolePolicy => thisAwsAssumeRolePolicy.json),
    tags: _var.tags,
});
const thisAwsCrossAccountPolicy = databricks.getAwsCrossAccountPolicy({});
const thisRolePolicy = new aws.iam.RolePolicy("thisRolePolicy", {
    role: crossAccountRole.id,
    policy: thisAwsCrossAccountPolicy.then(thisAwsCrossAccountPolicy => thisAwsCrossAccountPolicy.json),
});
const thisMwsCredentials = new databricks.MwsCredentials("thisMwsCredentials", {
    accountId: databricksAccountId,
    credentialsName: `${local.prefix}-creds`,
    roleArn: crossAccountRole.arn,
}, {
    provider: databricks.mws,
});

configuration:
  databricksAccountId:
    type: dynamic
resources:
  crossAccountRole:
    type: aws:iam:Role
    properties:
      assumeRolePolicy: ${thisAwsAssumeRolePolicy.json}
      tags: ${var.tags}
  thisRolePolicy:
    type: aws:iam:RolePolicy
    properties:
      role: ${crossAccountRole.id}
      policy: ${thisAwsCrossAccountPolicy.json}
  thisMwsCredentials:
    type: databricks:MwsCredentials
    properties:
      accountId: ${databricksAccountId}
      credentialsName: ${local.prefix}-creds
      roleArn: ${crossAccountRole.arn}
    options:
      provider: ${databricks.mws}
variables:
  thisAwsAssumeRolePolicy:
    fn::invoke:
      Function: databricks:getAwsAssumeRolePolicy
      Arguments:
        externalId: ${databricksAccountId}
  thisAwsCrossAccountPolicy:
    fn::invoke:
      Function: databricks:getAwsCrossAccountPolicy
      Arguments: {}

Create MwsCredentials Resource

new MwsCredentials(name: string, args: MwsCredentialsArgs, opts?: CustomResourceOptions);
@overload
def MwsCredentials(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   account_id: Optional[str] = None,
                   credentials_name: Optional[str] = None,
                   role_arn: Optional[str] = None)
@overload
def MwsCredentials(resource_name: str,
                   args: MwsCredentialsArgs,
                   opts: Optional[ResourceOptions] = None)
func NewMwsCredentials(ctx *Context, name string, args MwsCredentialsArgs, opts ...ResourceOption) (*MwsCredentials, error)
public MwsCredentials(string name, MwsCredentialsArgs args, CustomResourceOptions? opts = null)
public MwsCredentials(String name, MwsCredentialsArgs args)
public MwsCredentials(String name, MwsCredentialsArgs args, CustomResourceOptions options)

type: databricks:MwsCredentials
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
name string
The unique name of the resource.
args MwsCredentialsArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args MwsCredentialsArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args MwsCredentialsArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args MwsCredentialsArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args MwsCredentialsArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

MwsCredentials Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The MwsCredentials resource accepts the following input properties:

AccountId string

Account Id that could be found in the bottom left corner of Accounts Console

CredentialsName string

name of credentials to register

RoleArn string

ARN of cross-account role

AccountId string

Account Id that could be found in the bottom left corner of Accounts Console

CredentialsName string

name of credentials to register

RoleArn string

ARN of cross-account role

accountId String

Account Id that could be found in the bottom left corner of Accounts Console

credentialsName String

name of credentials to register

roleArn String

ARN of cross-account role

accountId string

Account Id that could be found in the bottom left corner of Accounts Console

credentialsName string

name of credentials to register

roleArn string

ARN of cross-account role

account_id str

Account Id that could be found in the bottom left corner of Accounts Console

credentials_name str

name of credentials to register

role_arn str

ARN of cross-account role

accountId String

Account Id that could be found in the bottom left corner of Accounts Console

credentialsName String

name of credentials to register

roleArn String

ARN of cross-account role

Outputs

All input properties are implicitly available as output properties. Additionally, the MwsCredentials resource produces the following output properties:

CreationTime int

(Integer) time of credentials registration

CredentialsId string

(String) identifier of credentials

ExternalId string
Id string

The provider-assigned unique ID for this managed resource.

CreationTime int

(Integer) time of credentials registration

CredentialsId string

(String) identifier of credentials

ExternalId string
Id string

The provider-assigned unique ID for this managed resource.

creationTime Integer

(Integer) time of credentials registration

credentialsId String

(String) identifier of credentials

externalId String
id String

The provider-assigned unique ID for this managed resource.

creationTime number

(Integer) time of credentials registration

credentialsId string

(String) identifier of credentials

externalId string
id string

The provider-assigned unique ID for this managed resource.

creation_time int

(Integer) time of credentials registration

credentials_id str

(String) identifier of credentials

external_id str
id str

The provider-assigned unique ID for this managed resource.

creationTime Number

(Integer) time of credentials registration

credentialsId String

(String) identifier of credentials

externalId String
id String

The provider-assigned unique ID for this managed resource.

Look up Existing MwsCredentials Resource

Get an existing MwsCredentials resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: MwsCredentialsState, opts?: CustomResourceOptions): MwsCredentials
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        account_id: Optional[str] = None,
        creation_time: Optional[int] = None,
        credentials_id: Optional[str] = None,
        credentials_name: Optional[str] = None,
        external_id: Optional[str] = None,
        role_arn: Optional[str] = None) -> MwsCredentials
func GetMwsCredentials(ctx *Context, name string, id IDInput, state *MwsCredentialsState, opts ...ResourceOption) (*MwsCredentials, error)
public static MwsCredentials Get(string name, Input<string> id, MwsCredentialsState? state, CustomResourceOptions? opts = null)
public static MwsCredentials get(String name, Output<String> id, MwsCredentialsState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AccountId string

Account Id that could be found in the bottom left corner of Accounts Console

CreationTime int

(Integer) time of credentials registration

CredentialsId string

(String) identifier of credentials

CredentialsName string

name of credentials to register

ExternalId string
RoleArn string

ARN of cross-account role

AccountId string

Account Id that could be found in the bottom left corner of Accounts Console

CreationTime int

(Integer) time of credentials registration

CredentialsId string

(String) identifier of credentials

CredentialsName string

name of credentials to register

ExternalId string
RoleArn string

ARN of cross-account role

accountId String

Account Id that could be found in the bottom left corner of Accounts Console

creationTime Integer

(Integer) time of credentials registration

credentialsId String

(String) identifier of credentials

credentialsName String

name of credentials to register

externalId String
roleArn String

ARN of cross-account role

accountId string

Account Id that could be found in the bottom left corner of Accounts Console

creationTime number

(Integer) time of credentials registration

credentialsId string

(String) identifier of credentials

credentialsName string

name of credentials to register

externalId string
roleArn string

ARN of cross-account role

account_id str

Account Id that could be found in the bottom left corner of Accounts Console

creation_time int

(Integer) time of credentials registration

credentials_id str

(String) identifier of credentials

credentials_name str

name of credentials to register

external_id str
role_arn str

ARN of cross-account role

accountId String

Account Id that could be found in the bottom left corner of Accounts Console

creationTime Number

(Integer) time of credentials registration

credentialsId String

(String) identifier of credentials

credentialsName String

name of credentials to register

externalId String
roleArn String

ARN of cross-account role

Import

-> Note Importing this resource is not currently supported.

Package Details

Repository
databricks pulumi/pulumi-databricks
License
Apache-2.0
Notes

This Pulumi package is based on the databricks Terraform Provider.