-
Notifications
You must be signed in to change notification settings - Fork 132
/
iam.tf
44 lines (38 loc) · 1.22 KB
/
iam.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
data "databricks_aws_assume_role_policy" "this" {
external_id = var.databricks_account_id
}
resource "aws_iam_role" "cross_account_role" {
name = "${local.prefix}-crossaccount"
assume_role_policy = data.databricks_aws_assume_role_policy.this.json
tags = var.tags
}
data "databricks_aws_crossaccount_policy" "this" {
}
resource "aws_iam_role_policy" "this" {
name = "${local.prefix}-policy"
role = aws_iam_role.cross_account_role.id
policy = data.databricks_aws_crossaccount_policy.this.json
}
# a walkaround using sleep to wait for role to be created
resource "time_sleep" "wait" {
depends_on = [
aws_iam_role.cross_account_role
]
create_duration = "20s"
}
# Generate credentials to create and thereafter enter the Databricks workspace
resource "databricks_mws_credentials" "this" {
provider = databricks.mws
account_id = var.databricks_account_id
role_arn = aws_iam_role.cross_account_role.arn
credentials_name = "${local.prefix}-creds"
depends_on = [time_sleep.wait]
}
output "policy" {
value = data.databricks_aws_crossaccount_policy.this.json
}
/*
output "assume_role_policy" {
value = data.databricks_aws_assume_role_policy.this.json
}
*/