@pulumi/databricks

import * as pulumi from "@pulumi/pulumi"; /** * > **Note** This resource has an evolving API, which may change in future versions of the provider. Please always consult [latest documentation](https://docs.databricks.com/data-governance/unity-catalog/get-started.html#configure-a-storage-bucket-and-iam-role-in-aws) in case of any questions. * * This data source constructs the necessary AWS Unity Catalog assume role policy for you. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * import * as databricks from "@pulumi/databricks"; * * const _this = databricks.getAwsUnityCatalogPolicy({ * awsAccountId: awsAccountId, * bucketName: "databricks-bucket", * roleName: `${prefix}-uc-access`, * kmsName: "arn:aws:kms:us-west-2:111122223333:key/databricks-kms", * }); * const thisGetAwsUnityCatalogAssumeRolePolicy = databricks.getAwsUnityCatalogAssumeRolePolicy({ * awsAccountId: awsAccountId, * roleName: `${prefix}-uc-access`, * externalId: "12345", * }); * const unityMetastore = new aws.iam.Policy("unity_metastore", { * name: `${prefix}-unity-catalog-metastore-access-iam-policy`, * policy: _this.then(_this => _this.json), * }); * const metastoreDataAccess = new aws.iam.Role("metastore_data_access", { * name: `${prefix}-uc-access`, * assumeRolePolicy: thisGetAwsUnityCatalogAssumeRolePolicy.then(thisGetAwsUnityCatalogAssumeRolePolicy => thisGetAwsUnityCatalogAssumeRolePolicy.json), * managedPolicyArns: [unityMetastore.arn], * }); * ``` */ export declare function getAwsUnityCatalogAssumeRolePolicy(args: GetAwsUnityCatalogAssumeRolePolicyArgs, opts?: pulumi.InvokeOptions): Promise<GetAwsUnityCatalogAssumeRolePolicyResult>; /** * A collection of arguments for invoking getAwsUnityCatalogAssumeRolePolicy. */ export interface GetAwsUnityCatalogAssumeRolePolicyArgs { /** * The Account ID of the current AWS account (not your Databricks account). */ awsAccountId: string; /** * AWS partition. The options are `aws`,`aws-us-gov` or `aws-us-gov-dod`. Defaults to `aws` */ awsPartition?: string; /** * The storage credential external id. */ externalId: string; /** * The name of the AWS IAM role to be created for Unity Catalog. */ roleName: string; /** * The Databricks Unity Catalog IAM Role ARN. Defaults to `arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL` on standard AWS partition selection, `arn:aws-us-gov:iam::044793339203:role/unity-catalog-prod-UCMasterRole-1QRFA8SGY15OJ` on GovCloud partition selection, and `arn:aws-us-gov:iam::170661010020:role/unity-catalog-prod-UCMasterRole-1DI6DL6ZP26AS` on GovCloud DoD partition selection */ unityCatalogIamArn?: string; } /** * A collection of values returned by getAwsUnityCatalogAssumeRolePolicy. */ export interface GetAwsUnityCatalogAssumeRolePolicyResult { readonly awsAccountId: string; readonly awsPartition?: string; readonly externalId: string; readonly id: string; /** * AWS IAM Policy JSON document for assume role */ readonly json: string; readonly roleName: string; readonly unityCatalogIamArn: string; } /** * > **Note** This resource has an evolving API, which may change in future versions of the provider. Please always consult [latest documentation](https://docs.databricks.com/data-governance/unity-catalog/get-started.html#configure-a-storage-bucket-and-iam-role-in-aws) in case of any questions. * * This data source constructs the necessary AWS Unity Catalog assume role policy for you. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * import * as databricks from "@pulumi/databricks"; * * const _this = databricks.getAwsUnityCatalogPolicy({ * awsAccountId: awsAccountId, * bucketName: "databricks-bucket", * roleName: `${prefix}-uc-access`, * kmsName: "arn:aws:kms:us-west-2:111122223333:key/databricks-kms", * }); * const thisGetAwsUnityCatalogAssumeRolePolicy = databricks.getAwsUnityCatalogAssumeRolePolicy({ * awsAccountId: awsAccountId, * roleName: `${prefix}-uc-access`, * externalId: "12345", * }); * const unityMetastore = new aws.iam.Policy("unity_metastore", { * name: `${prefix}-unity-catalog-metastore-access-iam-policy`, * policy: _this.then(_this => _this.json), * }); * const metastoreDataAccess = new aws.iam.Role("metastore_data_access", { * name: `${prefix}-uc-access`, * assumeRolePolicy: thisGetAwsUnityCatalogAssumeRolePolicy.then(thisGetAwsUnityCatalogAssumeRolePolicy => thisGetAwsUnityCatalogAssumeRolePolicy.json), * managedPolicyArns: [unityMetastore.arn], * }); * ``` */ export declare function getAwsUnityCatalogAssumeRolePolicyOutput(args: GetAwsUnityCatalogAssumeRolePolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output<GetAwsUnityCatalogAssumeRolePolicyResult>; /** * A collection of arguments for invoking getAwsUnityCatalogAssumeRolePolicy. */ export interface GetAwsUnityCatalogAssumeRolePolicyOutputArgs { /** * The Account ID of the current AWS account (not your Databricks account). */ awsAccountId: pulumi.Input<string>; /** * AWS partition. The options are `aws`,`aws-us-gov` or `aws-us-gov-dod`. Defaults to `aws` */ awsPartition?: pulumi.Input<string>; /** * The storage credential external id. */ externalId: pulumi.Input<string>; /** * The name of the AWS IAM role to be created for Unity Catalog. */ roleName: pulumi.Input<string>; /** * The Databricks Unity Catalog IAM Role ARN. Defaults to `arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL` on standard AWS partition selection, `arn:aws-us-gov:iam::044793339203:role/unity-catalog-prod-UCMasterRole-1QRFA8SGY15OJ` on GovCloud partition selection, and `arn:aws-us-gov:iam::170661010020:role/unity-catalog-prod-UCMasterRole-1DI6DL6ZP26AS` on GovCloud DoD partition selection */ unityCatalogIamArn?: pulumi.Input<string>; }