This data source constructs necessary AWS cross-account policy for you, which is based on official documentation.
For more detailed usage please see databricks_aws_assume_role_policy or databricks_aws_s3_mount pages.
data "databricks_aws_crossaccount_policy" "this" {}
policy_type
(Optional) The type of cross account policy to generated: managed
for Databricks-managed VPC and customer
for customer-managed VPC, restricted
for customer-managed VPC with policy restrictionspass_roles
(Optional) (List) List of Data IAM role ARNs that are explicitly granted iam:PassRole
action.
The below arguments are only valid for restricted
policy typeaws_account_id
— Your AWS account ID, which is a number.vpc_id
— ID of the AWS VPC where you want to launch workspaces.region
— AWS Region name for your VPC deployment, for example us-west-2
.security_group_id
— ID of your AWS security group. When you add a security group restriction, you cannot reuse the cross-account IAM role or reference a credentials ID (credentials_id
) for any other workspaces. For those other workspaces, you must create separate roles, policies, and credentials objects.In addition to all arguments above, the following attributes are exported:
json
- AWS IAM Policy JSON documentThe following resources are used in the same context: