UNPKG

@pulumi/databricks

Version:

A Pulumi package for creating and managing databricks cloud resources.

pulumi/pulumi-databricks

128 lines • 6.2 kB

JavaScript

"use strict"; // *** WARNING: this file was generated by pulumi-language-nodejs. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** Object.defineProperty(exports, "__esModule", { value: true }); exports.getAwsAssumeRolePolicyOutput = exports.getAwsAssumeRolePolicy = void 0; const pulumi = require("@pulumi/pulumi"); const utilities = require("./utilities"); /** * This data source constructs necessary AWS STS assume role policy for you. * * > This data source can be used with an account or workspace-level provider. * * ## Example Usage * * End-to-end example of provisioning Cross-account IAM role with databricks.MwsCredentials and aws_iam_role: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * import * as databricks from "@pulumi/databricks"; * * const config = new pulumi.Config(); * // Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/ * const databricksAccountId = config.requireObject<any>("databricksAccountId"); * const _this = databricks.getAwsCrossAccountPolicy({}); * const crossAccountPolicy = new aws.iam.Policy("cross_account_policy", { * name: `${prefix}-crossaccount-iam-policy`, * policy: _this.then(_this => _this.json), * }); * const thisGetAwsAssumeRolePolicy = databricks.getAwsAssumeRolePolicy({ * externalId: databricksAccountId, * }); * const crossAccount = new aws.iam.Role("cross_account", { * name: `${prefix}-crossaccount-iam-role`, * assumeRolePolicy: thisGetAwsAssumeRolePolicy.then(thisGetAwsAssumeRolePolicy => thisGetAwsAssumeRolePolicy.json), * description: "Grants Databricks full access to VPC resources", * }); * const crossAccountRolePolicyAttachment = new aws.iam.RolePolicyAttachment("cross_account", { * policyArn: crossAccountPolicy.arn, * role: crossAccount.name, * }); * // required only in case of multi-workspace setup * const thisMwsCredentials = new databricks.MwsCredentials("this", { * accountId: databricksAccountId, * credentialsName: `${prefix}-creds`, * roleArn: crossAccount.arn, * }); * ``` * * ## Related Resources * * The following resources are used in the same context: * * * Provisioning AWS Databricks workspaces with a Hub & Spoke firewall for data exfiltration protection guide * * databricks.getAwsBucketPolicy data to configure a simple access policy for AWS S3 buckets, so that Databricks can access data in it. * * databricks.getAwsCrossAccountPolicy data to construct the necessary AWS cross-account policy for you, which is based on [official documentation](https://docs.databricks.com/administration-guide/account-api/iam-role.html#language-Your%C2%A0VPC,%C2%A0default). */ function getAwsAssumeRolePolicy(args, opts) { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invoke("databricks:index/getAwsAssumeRolePolicy:getAwsAssumeRolePolicy", { "awsPartition": args.awsPartition, "databricksAccountId": args.databricksAccountId, "externalId": args.externalId, "forLogDelivery": args.forLogDelivery, }, opts); } exports.getAwsAssumeRolePolicy = getAwsAssumeRolePolicy; /** * This data source constructs necessary AWS STS assume role policy for you. * * > This data source can be used with an account or workspace-level provider. * * ## Example Usage * * End-to-end example of provisioning Cross-account IAM role with databricks.MwsCredentials and aws_iam_role: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * import * as databricks from "@pulumi/databricks"; * * const config = new pulumi.Config(); * // Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/ * const databricksAccountId = config.requireObject<any>("databricksAccountId"); * const _this = databricks.getAwsCrossAccountPolicy({}); * const crossAccountPolicy = new aws.iam.Policy("cross_account_policy", { * name: `${prefix}-crossaccount-iam-policy`, * policy: _this.then(_this => _this.json), * }); * const thisGetAwsAssumeRolePolicy = databricks.getAwsAssumeRolePolicy({ * externalId: databricksAccountId, * }); * const crossAccount = new aws.iam.Role("cross_account", { * name: `${prefix}-crossaccount-iam-role`, * assumeRolePolicy: thisGetAwsAssumeRolePolicy.then(thisGetAwsAssumeRolePolicy => thisGetAwsAssumeRolePolicy.json), * description: "Grants Databricks full access to VPC resources", * }); * const crossAccountRolePolicyAttachment = new aws.iam.RolePolicyAttachment("cross_account", { * policyArn: crossAccountPolicy.arn, * role: crossAccount.name, * }); * // required only in case of multi-workspace setup * const thisMwsCredentials = new databricks.MwsCredentials("this", { * accountId: databricksAccountId, * credentialsName: `${prefix}-creds`, * roleArn: crossAccount.arn, * }); * ``` * * ## Related Resources * * The following resources are used in the same context: * * * Provisioning AWS Databricks workspaces with a Hub & Spoke firewall for data exfiltration protection guide * * databricks.getAwsBucketPolicy data to configure a simple access policy for AWS S3 buckets, so that Databricks can access data in it. * * databricks.getAwsCrossAccountPolicy data to construct the necessary AWS cross-account policy for you, which is based on [official documentation](https://docs.databricks.com/administration-guide/account-api/iam-role.html#language-Your%C2%A0VPC,%C2%A0default). */ function getAwsAssumeRolePolicyOutput(args, opts) { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("databricks:index/getAwsAssumeRolePolicy:getAwsAssumeRolePolicy", { "awsPartition": args.awsPartition, "databricksAccountId": args.databricksAccountId, "externalId": args.externalId, "forLogDelivery": args.forLogDelivery, }, opts); } exports.getAwsAssumeRolePolicyOutput = getAwsAssumeRolePolicyOutput; //# sourceMappingURL=getAwsAssumeRolePolicy.js.map