@pulumi/databricks

import * as pulumi from "@pulumi/pulumi"; /** * > **Note** This resource has an evolving API, which may change in future versions of the provider. Please always consult [latest documentation](https://docs.databricks.com/data-governance/unity-catalog/get-started.html#configure-a-storage-bucket-and-iam-role-in-aws) in case of any questions. * * This data source constructs the necessary AWS Unity Catalog policy for you. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * import * as databricks from "@pulumi/databricks"; * * const _this = databricks.getAwsUnityCatalogPolicy({ * awsAccountId: awsAccountId, * bucketName: "databricks-bucket", * roleName: `${prefix}-uc-access`, * kmsName: "arn:aws:kms:us-west-2:111122223333:key/databricks-kms", * }); * const thisGetAwsUnityCatalogAssumeRolePolicy = databricks.getAwsUnityCatalogAssumeRolePolicy({ * awsAccountId: awsAccountId, * roleName: `${prefix}-uc-access`, * externalId: "12345", * }); * const unityMetastore = new aws.iam.Policy("unity_metastore", { * name: `${prefix}-unity-catalog-metastore-access-iam-policy`, * policy: _this.then(_this => _this.json), * }); * const metastoreDataAccess = new aws.iam.Role("metastore_data_access", { * name: `${prefix}-uc-access`, * assumeRolePolicy: thisGetAwsUnityCatalogAssumeRolePolicy.then(thisGetAwsUnityCatalogAssumeRolePolicy => thisGetAwsUnityCatalogAssumeRolePolicy.json), * managedPolicyArns: [unityMetastore.arn], * }); * ``` */ export declare function getAwsUnityCatalogPolicy(args: GetAwsUnityCatalogPolicyArgs, opts?: pulumi.InvokeOptions): Promise<GetAwsUnityCatalogPolicyResult>; /** * A collection of arguments for invoking getAwsUnityCatalogPolicy. */ export interface GetAwsUnityCatalogPolicyArgs { /** * The Account ID of the current AWS account (not your Databricks account). */ awsAccountId: string; /** * AWS partition. The options are `aws`, `aws-us-gov`, or `aws-us-gov-dod`. Defaults to `aws` */ awsPartition?: string; /** * The name of the S3 bucket used as root storage location for [managed tables](https://docs.databricks.com/data-governance/unity-catalog/index.html#managed-table) in Unity Catalog. */ bucketName: string; /** * If encryption is enabled, provide the ARN of the KMS key that encrypts the S3 bucket contents. If encryption is disabled, do not provide this argument. */ kmsName?: string; /** * The name of the AWS IAM role that you created in the previous step in the [official documentation](https://docs.databricks.com/data-governance/unity-catalog/get-started.html#configure-a-storage-bucket-and-iam-role-in-aws). */ roleName: string; } /** * A collection of values returned by getAwsUnityCatalogPolicy. */ export interface GetAwsUnityCatalogPolicyResult { readonly awsAccountId: string; readonly awsPartition?: string; readonly bucketName: string; /** * The provider-assigned unique ID for this managed resource. */ readonly id: string; /** * AWS IAM Policy JSON document */ readonly json: string; readonly kmsName?: string; readonly roleName: string; } /** * > **Note** This resource has an evolving API, which may change in future versions of the provider. Please always consult [latest documentation](https://docs.databricks.com/data-governance/unity-catalog/get-started.html#configure-a-storage-bucket-and-iam-role-in-aws) in case of any questions. * * This data source constructs the necessary AWS Unity Catalog policy for you. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * import * as databricks from "@pulumi/databricks"; * * const _this = databricks.getAwsUnityCatalogPolicy({ * awsAccountId: awsAccountId, * bucketName: "databricks-bucket", * roleName: `${prefix}-uc-access`, * kmsName: "arn:aws:kms:us-west-2:111122223333:key/databricks-kms", * }); * const thisGetAwsUnityCatalogAssumeRolePolicy = databricks.getAwsUnityCatalogAssumeRolePolicy({ * awsAccountId: awsAccountId, * roleName: `${prefix}-uc-access`, * externalId: "12345", * }); * const unityMetastore = new aws.iam.Policy("unity_metastore", { * name: `${prefix}-unity-catalog-metastore-access-iam-policy`, * policy: _this.then(_this => _this.json), * }); * const metastoreDataAccess = new aws.iam.Role("metastore_data_access", { * name: `${prefix}-uc-access`, * assumeRolePolicy: thisGetAwsUnityCatalogAssumeRolePolicy.then(thisGetAwsUnityCatalogAssumeRolePolicy => thisGetAwsUnityCatalogAssumeRolePolicy.json), * managedPolicyArns: [unityMetastore.arn], * }); * ``` */ export declare function getAwsUnityCatalogPolicyOutput(args: GetAwsUnityCatalogPolicyOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output<GetAwsUnityCatalogPolicyResult>; /** * A collection of arguments for invoking getAwsUnityCatalogPolicy. */ export interface GetAwsUnityCatalogPolicyOutputArgs { /** * The Account ID of the current AWS account (not your Databricks account). */ awsAccountId: pulumi.Input<string>; /** * AWS partition. The options are `aws`, `aws-us-gov`, or `aws-us-gov-dod`. Defaults to `aws` */ awsPartition?: pulumi.Input<string>; /** * The name of the S3 bucket used as root storage location for [managed tables](https://docs.databricks.com/data-governance/unity-catalog/index.html#managed-table) in Unity Catalog. */ bucketName: pulumi.Input<string>; /** * If encryption is enabled, provide the ARN of the KMS key that encrypts the S3 bucket contents. If encryption is disabled, do not provide this argument. */ kmsName?: pulumi.Input<string>; /** * The name of the AWS IAM role that you created in the previous step in the [official documentation](https://docs.databricks.com/data-governance/unity-catalog/get-started.html#configure-a-storage-bucket-and-iam-role-in-aws). */ roleName: pulumi.Input<string>; }