@pulumi/databricks/instanceProfile.js

A Pulumi package for creating and managing databricks cloud resources.

"use strict";
// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.InstanceProfile = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("./utilities");
/**
 * This resource allows you to manage AWS EC2 instance profiles that users can launch databricks.Cluster and access data, like databricks_mount. The following example demonstrates how to create an instance profile and create a cluster with it. When creating a new `databricks.InstanceProfile`, Databricks validates that it has sufficient permissions to launch instances with the instance profile. This validation uses AWS dry-run mode for the [AWS EC2 RunInstances API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html).
 *
 * > Please switch to databricks.StorageCredential with Unity Catalog to manage storage credentials, which provides a better and faster way for managing credential security.
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as aws from "@pulumi/aws";
 * import * as databricks from "@pulumi/databricks";
 *
 * const config = new pulumi.Config();
 * // Role that you've specified on https://accounts.cloud.databricks.com/#aws
 * const crossaccountRoleName = config.require("crossaccountRoleName");
 * const assumeRoleForEc2 = aws.iam.getPolicyDocument({
 *     statements: [{
 *         effect: "Allow",
 *         actions: ["sts:AssumeRole"],
 *         principals: [{
 *             identifiers: ["ec2.amazonaws.com"],
 *             type: "Service",
 *         }],
 *     }],
 * });
 * const roleForS3Access = new aws.iam.Role("role_for_s3_access", {
 *     name: "shared-ec2-role-for-s3",
 *     description: "Role for shared access",
 *     assumeRolePolicy: assumeRoleForEc2.then(assumeRoleForEc2 => assumeRoleForEc2.json),
 * });
 * const passRoleForS3Access = aws.iam.getPolicyDocumentOutput({
 *     statements: [{
 *         effect: "Allow",
 *         actions: ["iam:PassRole"],
 *         resources: [roleForS3Access.arn],
 *     }],
 * });
 * const passRoleForS3AccessPolicy = new aws.iam.Policy("pass_role_for_s3_access", {
 *     name: "shared-pass-role-for-s3-access",
 *     path: "/",
 *     policy: passRoleForS3Access.apply(passRoleForS3Access => passRoleForS3Access.json),
 * });
 * const crossAccount = new aws.iam.RolePolicyAttachment("cross_account", {
 *     policyArn: passRoleForS3AccessPolicy.arn,
 *     role: crossaccountRoleName,
 * });
 * const shared = new aws.iam.InstanceProfile("shared", {
 *     name: "shared-instance-profile",
 *     role: roleForS3Access.name,
 * });
 * const sharedInstanceProfile = new databricks.InstanceProfile("shared", {instanceProfileArn: shared.arn});
 * const latest = databricks.getSparkVersion({});
 * const smallest = databricks.getNodeType({
 *     localDisk: true,
 * });
 * const _this = new databricks.Cluster("this", {
 *     clusterName: "Shared Autoscaling",
 *     sparkVersion: latest.then(latest => latest.id),
 *     nodeTypeId: smallest.then(smallest => smallest.id),
 *     autoterminationMinutes: 20,
 *     autoscale: {
 *         minWorkers: 1,
 *         maxWorkers: 50,
 *     },
 *     awsAttributes: {
 *         instanceProfileArn: sharedInstanceProfile.id,
 *         availability: "SPOT",
 *         zoneId: "us-east-1",
 *         firstOnDemand: 1,
 *         spotBidPricePercent: 100,
 *     },
 * });
 * ```
 *
 * ## Usage with Cluster Policies
 *
 * It is advised to keep all common configurations in Cluster Policies to maintain control of the environments launched, so `databricks.Cluster` above could be replaced with `databricks.ClusterPolicy`:
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as databricks from "@pulumi/databricks";
 *
 * const _this = new databricks.ClusterPolicy("this", {
 *     name: "Policy with predefined instance profile",
 *     definition: JSON.stringify({
 *         "aws_attributes.instance_profile_arn": {
 *             type: "fixed",
 *             value: shared.id,
 *         },
 *     }),
 * });
 * ```
 *
 * ## Granting access to all users
 *
 * You can make instance profile available to all users by associating it with the special group called `users` through databricks.Group data source.
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as databricks from "@pulumi/databricks";
 *
 * const _this = new databricks.InstanceProfile("this", {instanceProfileArn: shared.id});
 * const users = databricks.getGroup({
 *     displayName: "users",
 * });
 * const all = new databricks.GroupInstanceProfile("all", {
 *     groupId: users.then(users => users.id),
 *     instanceProfileId: _this.id,
 * });
 * ```
 *
 * ## Usage with Databricks SQL serverless
 *
 * When the instance profile ARN and its associated IAM role ARN don't match and the instance profile is intended for use with Databricks SQL serverless, the `iamRoleArn` parameter can be specified.
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as aws from "@pulumi/aws";
 * import * as databricks from "@pulumi/databricks";
 *
 * const sqlServerlessAssumeRole = aws.iam.getPolicyDocument({
 *     statements: [{
 *         actions: ["sts:AssumeRole"],
 *         principals: [{
 *             type: "AWS",
 *             identifiers: ["arn:aws:iam::790110701330:role/serverless-customer-resource-role"],
 *         }],
 *         conditions: [{
 *             test: "StringEquals",
 *             variable: "sts:ExternalID",
 *             values: [
 *                 "databricks-serverless-<YOUR_WORKSPACE_ID1>",
 *                 "databricks-serverless-<YOUR_WORKSPACE_ID2>",
 *             ],
 *         }],
 *     }],
 * });
 * const _this = new aws.iam.Role("this", {
 *     name: "my-databricks-sql-serverless-role",
 *     assumeRolePolicy: sqlServerlessAssumeRole.then(sqlServerlessAssumeRole => sqlServerlessAssumeRole.json),
 * });
 * const thisInstanceProfile = new aws.iam.InstanceProfile("this", {
 *     name: "my-databricks-sql-serverless-instance-profile",
 *     role: _this.name,
 * });
 * const thisInstanceProfile2 = new databricks.InstanceProfile("this", {
 *     instanceProfileArn: thisInstanceProfile.arn,
 *     iamRoleArn: _this.arn,
 * });
 * ```
 *
 * ## Import
 *
 * The resource instance profile can be imported using the ARN of it
 *
 * bash
 *
 * ```sh
 * $ pulumi import databricks:index/instanceProfile:InstanceProfile this <instance-profile-arn>
 * ```
 */
class InstanceProfile extends pulumi.CustomResource {
    /**
     * Get an existing InstanceProfile resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name, id, state, opts) {
        return new InstanceProfile(name, state, Object.assign(Object.assign({}, opts), { id: id }));
    }
    /**
     * Returns true if the given object is an instance of InstanceProfile.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj) {
        if (obj === undefined || obj === null) {
            return false;
        }
        return obj['__pulumiType'] === InstanceProfile.__pulumiType;
    }
    constructor(name, argsOrState, opts) {
        let resourceInputs = {};
        opts = opts || {};
        if (opts.id) {
            const state = argsOrState;
            resourceInputs["iamRoleArn"] = state ? state.iamRoleArn : undefined;
            resourceInputs["instanceProfileArn"] = state ? state.instanceProfileArn : undefined;
            resourceInputs["isMetaInstanceProfile"] = state ? state.isMetaInstanceProfile : undefined;
            resourceInputs["skipValidation"] = state ? state.skipValidation : undefined;
        }
        else {
            const args = argsOrState;
            if ((!args || args.instanceProfileArn === undefined) && !opts.urn) {
                throw new Error("Missing required property 'instanceProfileArn'");
            }
            resourceInputs["iamRoleArn"] = args ? args.iamRoleArn : undefined;
            resourceInputs["instanceProfileArn"] = args ? args.instanceProfileArn : undefined;
            resourceInputs["isMetaInstanceProfile"] = args ? args.isMetaInstanceProfile : undefined;
            resourceInputs["skipValidation"] = args ? args.skipValidation : undefined;
        }
        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
        super(InstanceProfile.__pulumiType, name, resourceInputs, opts);
    }
}
exports.InstanceProfile = InstanceProfile;
/** @internal */
InstanceProfile.__pulumiType = 'databricks:index/instanceProfile:InstanceProfile';
//# sourceMappingURL=instanceProfile.js.map