databricks_storage_credential Resource

To work with external tables, Unity Catalog introduces two new objects to access and work with external cloud storage:

Example Usage

For AWS

resource "databricks_storage_credential" "external" {
  name = aws_iam_role.external_data_access.name
  aws_iam_role {
    role_arn = aws_iam_role.external_data_access.arn
  }
  comment = "Managed by TF"
}

resource "databricks_grants" "external_creds" {
  storage_credential = databricks_storage_credential.external.id
  grant {
    principal  = "Data Engineers"
    privileges = ["CREATE_EXTERNAL_TABLE"]
  }
}

For Azure

resource "databricks_storage_credential" "external_mi" {
  name = "mi_credential"
  azure_managed_identity {
    access_connector_id = azurerm_databricks_access_connector.example.id
  }
  comment = "Managed identity credential managed by TF"
}

resource "databricks_grants" "external_creds" {
  storage_credential = databricks_storage_credential.external.id
  grant {
    principal  = "Data Engineers"
    privileges = ["CREATE_EXTERNAL_TABLE"]
  }
}

For GCP

resource "databricks_storage_credential" "external" {
  name = "the-creds"
  databricks_gcp_service_account {}
}

resource "databricks_grants" "external_creds" {
  storage_credential = databricks_storage_credential.external.id
  grant {
    principal  = "Data Engineers"
    privileges = ["CREATE_EXTERNAL_TABLE"]
  }
}

Argument Reference

The following arguments are required:

aws_iam_role optional configuration block for credential details for AWS:

azure_managed_identity optional configuration block for using managed identity as credential details for Azure (recommended over service principal):

databricks_gcp_service_account optional configuration block for creating a Databricks-managed GCP Service Account:

azure_service_principal optional configuration block to use service principal as credential details for Azure (Legacy):

Attribute Reference

In addition to all arguments above, the following attributes are exported:

Import

This resource can be imported by name:

terraform import databricks_storage_credential.this <name>