diff --git a/README.md b/README.md
index 11b4ee2..758a6df 100644
--- a/README.md
+++ b/README.md
@@ -116,7 +116,7 @@ module "databricks_workspace" {
# - 'profile_for_iam' - for IAM creation (if none is provided 'default' is used)
# - 'existing_role_name'
profile_for_iam = "iam-admin"
- aws_region = "us-east-2"
+
databricks_account_username = "example@example.com"
databricks_account_password = "sample123!"
databricks_account_id = "1234567-1234-1234-1234-1234567"
@@ -136,7 +136,7 @@ module "databricks_workspace" {
# - 'profile_for_iam' - for IAM creation (if none is provided 'default' is used)
# - 'existing_role_name'
existing_role_arn = "arn:aws:iam::123456789012:role/demo-role"
- aws_region = "us-east-2"
+
databricks_account_username = "example@example.com"
databricks_account_password = "sample123!"
databricks_account_id = "1234567-1234-1234-1234-1234567"
@@ -176,8 +176,8 @@ Error: MALFORMED_REQUEST: Failed credentials validation checks: Spot Cancellatio
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0.1 |
-| [aws](#requirement\_aws) | ~> 3.47 |
-| [databricks](#requirement\_databricks) | 0.4.7 |
+| [aws](#requirement\_aws) | ~> 3.63 |
+| [databricks](#requirement\_databricks) | 0.5.1 |
| [random](#requirement\_random) | ~> 3.1 |
| [time](#requirement\_time) | ~> 0.7 |
@@ -185,11 +185,12 @@ Error: MALFORMED_REQUEST: Failed credentials validation checks: Spot Cancellatio
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | ~> 3.47 |
-| [databricks](#provider\_databricks) | 0.4.7 |
-| [databricks.mws](#provider\_databricks.mws) | 0.4.7 |
-| [random](#provider\_random) | ~> 3.1 |
-| [time](#provider\_time) | ~> 0.7 |
+| [aws](#provider\_aws) | 3.74.3 |
+| [databricks](#provider\_databricks) | 0.5.1 |
+| [databricks.created\_workspace](#provider\_databricks.created\_workspace) | 0.5.1 |
+| [databricks.mws](#provider\_databricks.mws) | 0.5.1 |
+| [random](#provider\_random) | 3.1.0 |
+| [time](#provider\_time) | 0.7.2 |
## Modules
@@ -197,29 +198,30 @@ Error: MALFORMED_REQUEST: Failed credentials validation checks: Spot Cancellatio
|------|--------|---------|
| [iam\_policies](#module\_iam\_policies) | git::git@github.com:tomarv2/terraform-aws-iam-policies.git | v0.0.4 |
| [iam\_role](#module\_iam\_role) | git::git@github.com:tomarv2/terraform-aws-iam-role.git//modules/iam_role_external | v0.0.7 |
-| [s3](#module\_s3) | git::git@github.com:tomarv2/terraform-aws-s3.git | v0.0.7 |
-| [vpc](#module\_vpc) | git::git@github.com:tomarv2/terraform-aws-vpc.git | v0.0.4 |
+| [s3](#module\_s3) | git::git@github.com:tomarv2/terraform-aws-s3.git | v0.0.8 |
+| [vpc](#module\_vpc) | git::git@github.com:tomarv2/terraform-aws-vpc.git | v0.0.6 |
## Resources
| Name | Type |
|------|------|
| [aws_s3_bucket_policy.root_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
-| [databricks_mws_credentials.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.4.7/docs/resources/mws_credentials) | resource |
-| [databricks_mws_networks.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.4.7/docs/resources/mws_networks) | resource |
-| [databricks_mws_storage_configurations.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.4.7/docs/resources/mws_storage_configurations) | resource |
-| [databricks_mws_workspaces.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.4.7/docs/resources/mws_workspaces) | resource |
+| [databricks_mws_credentials.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_credentials) | resource |
+| [databricks_mws_networks.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_networks) | resource |
+| [databricks_mws_storage_configurations.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_storage_configurations) | resource |
+| [databricks_mws_workspaces.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_workspaces) | resource |
+| [databricks_token.pat](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/token) | resource |
| [random_string.naming](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
| [time_sleep.wait](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
-| [databricks_aws_assume_role_policy.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.4.7/docs/data-sources/aws_assume_role_policy) | data source |
-| [databricks_aws_bucket_policy.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.4.7/docs/data-sources/aws_bucket_policy) | data source |
-| [databricks_aws_crossaccount_policy.cross_account_iam_policy](https://registry.terraform.io/providers/databrickslabs/databricks/0.4.7/docs/data-sources/aws_crossaccount_policy) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [databricks_aws_assume_role_policy.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_assume_role_policy) | data source |
+| [databricks_aws_bucket_policy.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_bucket_policy) | data source |
+| [databricks_aws_crossaccount_policy.cross_account_iam_policy](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_crossaccount_policy) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [aws\_region](#input\_aws\_region) | default aws region | `string` | `"us-west-2"` | no |
| [cidr\_block](#input\_cidr\_block) | The CIDR block for the VPC | `string` | `"10.4.0.0/16"` | no |
| [custom\_tags](#input\_custom\_tags) | Extra custom tags | `any` | `null` | no |
| [databricks\_account\_id](#input\_databricks\_account\_id) | External ID provided by third party. | `string` | n/a | yes |
@@ -228,8 +230,9 @@ Error: MALFORMED_REQUEST: Failed credentials validation checks: Spot Cancellatio
| [databricks\_hostname](#input\_databricks\_hostname) | databricks hostname | `string` | `"https://accounts.cloud.databricks.com"` | no |
| [existing\_role\_name](#input\_existing\_role\_name) | If you want to use existing role name, else a new role will be created | `string` | `null` | no |
| [prjid](#input\_prjid) | Name of the project/stack e.g: mystack, nifieks, demoaci. Should not be changed after running 'tf apply' | `string` | n/a | yes |
+| [profile](#input\_profile) | profile to use for resource creation | `string` | `"default"` | no |
| [profile\_for\_iam](#input\_profile\_for\_iam) | profile to use for IAM | `string` | `null` | no |
-| [profile\_to\_use](#input\_profile\_to\_use) | Getting values from ~/.aws/credentials | `string` | `"default"` | no |
+| [region](#input\_region) | AWS region to deploy resources | `string` | `"us-east-1"` | no |
| [teamid](#input\_teamid) | Name of the team/group e.g. devops, dataengineering. Should not be changed after running 'tf apply' | `string` | n/a | yes |
## Outputs
@@ -243,8 +246,11 @@ Error: MALFORMED_REQUEST: Failed credentials validation checks: Spot Cancellatio
| [databricks\_mws\_network\_id](#output\_databricks\_mws\_network\_id) | databricks mws network id |
| [databricks\_mws\_storage\_bucket\_name](#output\_databricks\_mws\_storage\_bucket\_name) | databricks mws storage bucket name |
| [databricks\_mws\_storage\_id](#output\_databricks\_mws\_storage\_id) | databricks mws storage id |
+| [databricks\_token](#output\_databricks\_token) | Value of the newly created token |
+| [databricks\_token\_lifetime\_hours](#output\_databricks\_token\_lifetime\_hours) | Token validity |
| [iam\_role\_arn](#output\_iam\_role\_arn) | iam role arn |
| [inline\_policy\_id](#output\_inline\_policy\_id) | inline policy id |
+| [nonsensitive\_databricks\_token](#output\_nonsensitive\_databricks\_token) | Value of the newly created token (nonsensitive) |
| [s3\_bucket\_arn](#output\_s3\_bucket\_arn) | s3 bucket arn |
| [s3\_bucket\_id](#output\_s3\_bucket\_id) | s3 bucket id |
| [s3\_bucket\_name](#output\_s3\_bucket\_name) | s3 bucket name |
diff --git a/examples/sample/main.tf b/examples/sample/main.tf
index c1277a7..26d04ad 100644
--- a/examples/sample/main.tf
+++ b/examples/sample/main.tf
@@ -1,16 +1,3 @@
-terraform {
- required_version = ">= 1.0.1"
- required_providers {
- aws = {
- version = "~> 3.63"
- }
- }
-}
-
-provider "aws" {
- region = var.aws_region
-}
-
module "databricks_workspace" {
source = "../../"
@@ -19,11 +6,11 @@ module "databricks_workspace" {
# - 'existing_role_name'
profile_for_iam = "iam-admin"
#existing_role_name = "arn:aws:iam::123456789012:role/demo-role"
- aws_region = var.aws_region
+
databricks_account_username = "example@example.com"
databricks_account_password = "sample123!"
databricks_account_id = "1234567-1234-1234-1234-1234567"
-
+ region = var.region
custom_tags = tomap(
{
"Dept" = "data",
diff --git a/examples/sample/variables.tf b/examples/sample/variables.tf
index 3d86b32..b0f02a4 100755
--- a/examples/sample/variables.tf
+++ b/examples/sample/variables.tf
@@ -8,7 +8,7 @@ variable "prjid" {
type = string
}
-variable "aws_region" {
+variable "region" {
description = "AWS region to deploy resources"
type = string
default = "us-west-2"
diff --git a/iam.tf b/iam.tf
index 55a9703..abc45b6 100755
--- a/iam.tf
+++ b/iam.tf
@@ -3,3 +3,38 @@ data "databricks_aws_assume_role_policy" "this" {
}
data "databricks_aws_crossaccount_policy" "cross_account_iam_policy" {}
+
+
+module "iam_role" {
+ source = "git::git@github.com:tomarv2/terraform-aws-iam-role.git//modules/iam_role_external?ref=v0.0.7"
+
+ count = var.existing_role_name == null ? 1 : 0
+
+ assume_role_policy = data.databricks_aws_assume_role_policy.this.json
+ # -----------------------------------------
+ # Do not change the teamid, prjid once set.
+ teamid = var.teamid
+ prjid = "${var.prjid}-${local.suffix}"
+
+ providers = {
+ aws = aws.iam-management
+ }
+}
+
+module "iam_policies" {
+ source = "git::git@github.com:tomarv2/terraform-aws-iam-policies.git?ref=v0.0.4"
+
+ count = var.existing_role_name == null ? 1 : 0
+
+ role_name = join("", module.iam_role.*.iam_role_name)
+ policy = data.databricks_aws_crossaccount_policy.cross_account_iam_policy.json
+ inline_policy = true
+ # -----------------------------------------
+ # Do not change the teamid, prjid once set.
+ teamid = var.teamid
+ prjid = "${var.prjid}-${local.suffix}"
+
+ providers = {
+ aws = aws.iam-management
+ }
+}
diff --git a/locals.tf b/locals.tf
index 6089236..7d69abe 100644
--- a/locals.tf
+++ b/locals.tf
@@ -1,3 +1,6 @@
locals {
+ region = data.aws_region.current.name
profile = var.profile_for_iam != null ? var.profile_for_iam : var.profile
}
+
+data "aws_region" "current" {}
diff --git a/main.tf b/main.tf
old mode 100755
new mode 100644
index 228dd18..68b66d4
--- a/main.tf
+++ b/main.tf
@@ -1,60 +1,17 @@
-module "vpc" {
- source = "git::git@github.com:tomarv2/terraform-aws-vpc.git?ref=v0.0.4"
+resource "databricks_mws_workspaces" "this" {
+ provider = databricks.mws
- aws_region = var.aws_region
- enable_dns_hostnames = true
- enable_nat_gateway = true
- single_nat_gateway = true
- one_nat_gateway_per_az = false
- create_igw = true
- default_security_group_egress = [{
- cidr_blocks = "0.0.0.0/0"
- }]
+ account_id = var.databricks_account_id
+ aws_region = local.region
+ workspace_name = "${var.teamid}-${var.prjid}"
+ deployment_name = "${var.teamid}-${var.prjid}"
- default_security_group_ingress = [{
- description = "Allow all internal TCP and UDP"
- self = true
- }]
-
- public_subnets = [cidrsubnet(var.cidr_block, 3, 0)]
- private_subnets = [cidrsubnet(var.cidr_block, 3, 1),
- cidrsubnet(var.cidr_block, 3, 2)]
- #------------------------------------------
- # Do not change the teamid, prjid once set.
- teamid = var.teamid
- prjid = var.prjid
+ credentials_id = databricks_mws_credentials.this.credentials_id
+ storage_configuration_id = databricks_mws_storage_configurations.this.storage_configuration_id
+ network_id = databricks_mws_networks.this.network_id
}
-module "iam_role" {
- source = "git::git@github.com:tomarv2/terraform-aws-iam-role.git//modules/iam_role_external?ref=v0.0.7"
-
- count = var.existing_role_name == null ? 1 : 0
-
- assume_role_policy = data.databricks_aws_assume_role_policy.this.json
- # -----------------------------------------
- # Do not change the teamid, prjid once set.
- teamid = var.teamid
- prjid = "${var.prjid}-${local.suffix}"
-
- providers = {
- aws = aws.iam-management
- }
-}
-
-module "iam_policies" {
- source = "git::git@github.com:tomarv2/terraform-aws-iam-policies.git?ref=v0.0.4"
-
- count = var.existing_role_name == null ? 1 : 0
-
- role_name = join("", module.iam_role.*.iam_role_name)
- policy = data.databricks_aws_crossaccount_policy.cross_account_iam_policy.json
- inline_policy = true
- # -----------------------------------------
- # Do not change the teamid, prjid once set.
- teamid = var.teamid
- prjid = "${var.prjid}-${local.suffix}"
-
- providers = {
- aws = aws.iam-management
- }
+resource "time_sleep" "wait" {
+ depends_on = [module.iam_role]
+ create_duration = "10s"
}
diff --git a/s3.tf b/s3.tf
index c62a765..0bbeea4 100755
--- a/s3.tf
+++ b/s3.tf
@@ -1,5 +1,5 @@
module "s3" {
- source = "git::git@github.com:tomarv2/terraform-aws-s3.git?ref=v0.0.7"
+ source = "git::git@github.com:tomarv2/terraform-aws-s3.git?ref=v0.0.8"
custom_tags = var.custom_tags
# -----------------------------------------
diff --git a/variables.tf b/variables.tf
index 9b3edea..d7ac223 100755
--- a/variables.tf
+++ b/variables.tf
@@ -8,18 +8,6 @@ variable "prjid" {
type = string
}
-variable "profile" {
- description = "Getting values from ~/.aws/credentials"
- type = string
- default = "default"
-}
-
-variable "aws_region" {
- description = "default aws region"
- type = string
- default = "us-west-2"
-}
-
variable "databricks_hostname" {
description = "databricks hostname"
type = string
@@ -51,12 +39,6 @@ locals {
suffix = random_string.naming.result
}
-variable "profile_for_iam" {
- description = "profile to use for IAM"
- default = null
- type = string
-}
-
variable "existing_role_name" {
description = "If you want to use existing role name, else a new role will be created"
default = null
@@ -74,3 +56,21 @@ variable "custom_tags" {
description = "Extra custom tags"
default = null
}
+
+variable "profile" {
+ description = "profile to use for resource creation"
+ default = "default"
+ type = string
+}
+
+variable "profile_for_iam" {
+ description = "profile to use for IAM"
+ default = null
+ type = string
+}
+
+variable "region" {
+ description = "AWS region to deploy resources"
+ type = string
+ default = "us-east-1"
+}
diff --git a/versions.tf b/versions.tf
index 62d6b6b..04ccbb0 100644
--- a/versions.tf
+++ b/versions.tf
@@ -18,17 +18,18 @@ terraform {
}
provider "aws" {
- region = var.aws_region
+ region = var.region
profile = var.profile
}
provider "aws" {
alias = "iam-management"
- region = var.aws_region
+ region = var.region
profile = local.profile
}
+
# initialize provider in "MWS" mode to provision new workspace
provider "databricks" {
alias = "mws"
diff --git a/vpc.tf b/vpc.tf
new file mode 100755
index 0000000..83d3e3f
--- /dev/null
+++ b/vpc.tf
@@ -0,0 +1,17 @@
+module "vpc" {
+ source = "git::git@github.com:tomarv2/terraform-aws-vpc.git?ref=v0.0.6"
+
+ enable_dns_hostnames = true
+ enable_nat_gateway = true
+ single_nat_gateway = true
+ one_nat_gateway_per_az = false
+ create_igw = true
+
+ public_subnets = [cidrsubnet(var.cidr_block, 3, 0)]
+ private_subnets = [cidrsubnet(var.cidr_block, 3, 1),
+ cidrsubnet(var.cidr_block, 3, 2)]
+ #------------------------------------------
+ # Do not change the teamid, prjid once set.
+ teamid = var.teamid
+ prjid = var.prjid
+}
diff --git a/workspaces.tf b/workspaces.tf
deleted file mode 100644
index a2f4250..0000000
--- a/workspaces.tf
+++ /dev/null
@@ -1,17 +0,0 @@
-resource "databricks_mws_workspaces" "this" {
- provider = databricks.mws
-
- account_id = var.databricks_account_id
- aws_region = var.aws_region
- workspace_name = "${var.teamid}-${var.prjid}"
- deployment_name = "${var.teamid}-${var.prjid}"
-
- credentials_id = databricks_mws_credentials.this.credentials_id
- storage_configuration_id = databricks_mws_storage_configurations.this.storage_configuration_id
- network_id = databricks_mws_networks.this.network_id
-}
-
-resource "time_sleep" "wait" {
- depends_on = [module.iam_role]
- create_duration = "10s"
-}