Viewing docs for Databricks v1.90.0
published on Thursday, Mar 19, 2026 by Pulumi
published on Thursday, Mar 19, 2026 by Pulumi
Viewing docs for Databricks v1.90.0
published on Thursday, Mar 19, 2026 by Pulumi
published on Thursday, Mar 19, 2026 by Pulumi
This datasource configures a simple access policy for AWS S3 buckets, so that Databricks can access data in it.
This data source can be used with an account or workspace-level provider.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as databricks from "@pulumi/databricks";
const thisS3Bucket = new aws.index.S3Bucket("this", {
bucket: "<unique_bucket_name>",
forceDestroy: true,
});
const _this = databricks.getAwsBucketPolicy({
bucket: thisS3Bucket.bucket,
});
const thisS3BucketPolicy = new aws.index.S3BucketPolicy("this", {
bucket: thisS3Bucket.id,
policy: _this.json,
});
import pulumi
import pulumi_aws as aws
import pulumi_databricks as databricks
this_s3_bucket = aws.index.S3Bucket("this",
bucket=<unique_bucket_name>,
force_destroy=True)
this = databricks.get_aws_bucket_policy(bucket=this_s3_bucket["bucket"])
this_s3_bucket_policy = aws.index.S3BucketPolicy("this",
bucket=this_s3_bucket.id,
policy=this.json)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws"
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
thisS3Bucket, err := aws.NewS3Bucket(ctx, "this", &aws.S3BucketArgs{
Bucket: "<unique_bucket_name>",
ForceDestroy: true,
})
if err != nil {
return err
}
this, err := databricks.GetAwsBucketPolicy(ctx, &databricks.GetAwsBucketPolicyArgs{
Bucket: thisS3Bucket.Bucket,
}, nil)
if err != nil {
return err
}
_, err = aws.NewS3BucketPolicy(ctx, "this", &aws.S3BucketPolicyArgs{
Bucket: thisS3Bucket.Id,
Policy: this.Json,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var thisS3Bucket = new Aws.Index.S3Bucket("this", new()
{
Bucket = "<unique_bucket_name>",
ForceDestroy = true,
});
var @this = Databricks.GetAwsBucketPolicy.Invoke(new()
{
Bucket = thisS3Bucket.Bucket,
});
var thisS3BucketPolicy = new Aws.Index.S3BucketPolicy("this", new()
{
Bucket = thisS3Bucket.Id,
Policy = @this.Apply(getAwsBucketPolicyResult => getAwsBucketPolicyResult.Json),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.S3Bucket;
import com.pulumi.aws.S3BucketArgs;
import com.pulumi.databricks.DatabricksFunctions;
import com.pulumi.databricks.inputs.GetAwsBucketPolicyArgs;
import com.pulumi.aws.S3BucketPolicy;
import com.pulumi.aws.S3BucketPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var thisS3Bucket = new S3Bucket("thisS3Bucket", S3BucketArgs.builder()
.bucket("<unique_bucket_name>")
.forceDestroy(true)
.build());
final var this = DatabricksFunctions.getAwsBucketPolicy(GetAwsBucketPolicyArgs.builder()
.bucket(thisS3Bucket.bucket())
.build());
var thisS3BucketPolicy = new S3BucketPolicy("thisS3BucketPolicy", S3BucketPolicyArgs.builder()
.bucket(thisS3Bucket.id())
.policy(this_.json())
.build());
}
}
resources:
thisS3Bucket:
type: aws:S3Bucket
name: this
properties:
bucket: <unique_bucket_name>
forceDestroy: true
thisS3BucketPolicy:
type: aws:S3BucketPolicy
name: this
properties:
bucket: ${thisS3Bucket.id}
policy: ${this.json}
variables:
this:
fn::invoke:
function: databricks:getAwsBucketPolicy
arguments:
bucket: ${thisS3Bucket.bucket}
Bucket policy with full access:
Using getAwsBucketPolicy
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getAwsBucketPolicy(args: GetAwsBucketPolicyArgs, opts?: InvokeOptions): Promise<GetAwsBucketPolicyResult>
function getAwsBucketPolicyOutput(args: GetAwsBucketPolicyOutputArgs, opts?: InvokeOptions): Output<GetAwsBucketPolicyResult>def get_aws_bucket_policy(aws_partition: Optional[str] = None,
bucket: Optional[str] = None,
databricks_account_id: Optional[str] = None,
databricks_e2_account_id: Optional[str] = None,
full_access_role: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetAwsBucketPolicyResult
def get_aws_bucket_policy_output(aws_partition: Optional[pulumi.Input[str]] = None,
bucket: Optional[pulumi.Input[str]] = None,
databricks_account_id: Optional[pulumi.Input[str]] = None,
databricks_e2_account_id: Optional[pulumi.Input[str]] = None,
full_access_role: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetAwsBucketPolicyResult]func GetAwsBucketPolicy(ctx *Context, args *GetAwsBucketPolicyArgs, opts ...InvokeOption) (*GetAwsBucketPolicyResult, error)
func GetAwsBucketPolicyOutput(ctx *Context, args *GetAwsBucketPolicyOutputArgs, opts ...InvokeOption) GetAwsBucketPolicyResultOutput> Note: This function is named GetAwsBucketPolicy in the Go SDK.
public static class GetAwsBucketPolicy
{
public static Task<GetAwsBucketPolicyResult> InvokeAsync(GetAwsBucketPolicyArgs args, InvokeOptions? opts = null)
public static Output<GetAwsBucketPolicyResult> Invoke(GetAwsBucketPolicyInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetAwsBucketPolicyResult> getAwsBucketPolicy(GetAwsBucketPolicyArgs args, InvokeOptions options)
public static Output<GetAwsBucketPolicyResult> getAwsBucketPolicy(GetAwsBucketPolicyArgs args, InvokeOptions options)
fn::invoke:
function: databricks:index/getAwsBucketPolicy:getAwsBucketPolicy
arguments:
# arguments dictionaryThe following arguments are supported:
- Bucket string
- AWS S3 Bucket name for which to generate the policy document. The name must follow the S3 bucket naming rules.
- Aws
Partition string - AWS partition. The options are
aws,aws-us-gov, oraws-us-gov-dod. Defaults toaws - Databricks
Account stringId - Databricks
E2Account stringId - Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
- Full
Access stringRole - Data access role that can have full access for this bucket
- Bucket string
- AWS S3 Bucket name for which to generate the policy document. The name must follow the S3 bucket naming rules.
- Aws
Partition string - AWS partition. The options are
aws,aws-us-gov, oraws-us-gov-dod. Defaults toaws - Databricks
Account stringId - Databricks
E2Account stringId - Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
- Full
Access stringRole - Data access role that can have full access for this bucket
- bucket String
- AWS S3 Bucket name for which to generate the policy document. The name must follow the S3 bucket naming rules.
- aws
Partition String - AWS partition. The options are
aws,aws-us-gov, oraws-us-gov-dod. Defaults toaws - databricks
Account StringId - databricks
E2Account StringId - Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
- full
Access StringRole - Data access role that can have full access for this bucket
- bucket string
- AWS S3 Bucket name for which to generate the policy document. The name must follow the S3 bucket naming rules.
- aws
Partition string - AWS partition. The options are
aws,aws-us-gov, oraws-us-gov-dod. Defaults toaws - databricks
Account stringId - databricks
E2Account stringId - Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
- full
Access stringRole - Data access role that can have full access for this bucket
- bucket str
- AWS S3 Bucket name for which to generate the policy document. The name must follow the S3 bucket naming rules.
- aws_
partition str - AWS partition. The options are
aws,aws-us-gov, oraws-us-gov-dod. Defaults toaws - databricks_
account_ strid - databricks_
e2_ straccount_ id - Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
- full_
access_ strrole - Data access role that can have full access for this bucket
- bucket String
- AWS S3 Bucket name for which to generate the policy document. The name must follow the S3 bucket naming rules.
- aws
Partition String - AWS partition. The options are
aws,aws-us-gov, oraws-us-gov-dod. Defaults toaws - databricks
Account StringId - databricks
E2Account StringId - Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
- full
Access StringRole - Data access role that can have full access for this bucket
getAwsBucketPolicy Result
The following output properties are available:
- Bucket string
- Id string
- The provider-assigned unique ID for this managed resource.
- Json string
- (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
- Aws
Partition string - Databricks
Account stringId - Databricks
E2Account stringId - Full
Access stringRole
- Bucket string
- Id string
- The provider-assigned unique ID for this managed resource.
- Json string
- (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
- Aws
Partition string - Databricks
Account stringId - Databricks
E2Account stringId - Full
Access stringRole
- bucket String
- id String
- The provider-assigned unique ID for this managed resource.
- json String
- (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
- aws
Partition String - databricks
Account StringId - databricks
E2Account StringId - full
Access StringRole
- bucket string
- id string
- The provider-assigned unique ID for this managed resource.
- json string
- (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
- aws
Partition string - databricks
Account stringId - databricks
E2Account stringId - full
Access stringRole
- bucket str
- id str
- The provider-assigned unique ID for this managed resource.
- json str
- (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
- aws_
partition str - databricks_
account_ strid - databricks_
e2_ straccount_ id - full_
access_ strrole
- bucket String
- id String
- The provider-assigned unique ID for this managed resource.
- json String
- (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
- aws
Partition String - databricks
Account StringId - databricks
E2Account StringId - full
Access StringRole
Package Details
- Repository
- databricks pulumi/pulumi-databricks
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
databricksTerraform Provider.
Viewing docs for Databricks v1.90.0
published on Thursday, Mar 19, 2026 by Pulumi
published on Thursday, Mar 19, 2026 by Pulumi
