hallowed-fireman-90476
04/10/2024, 1:38 AMdef public_read_policy_for_bucket(role_arn=None):
if role_arn is None:
return json.dumps(
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL"
]
},
"Action": "sts:AssumeRole",
"Condition": {"StringEquals": {"sts:ExternalId": test}},
}
],
}
)
else:
return Output.json_dumps(
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL",
Output.format(role_arn),
]
},
"Action": "sts:AssumeRole",
"Condition": {"StringEquals": {"sts:ExternalId": test}},
}
],
}
)
role = aws.iam.Role(
resource_name="Creating role for the Databricks metastore credentials",
name="venkat-test-role",
assume_role_policy=public_read_policy_for_bucket(),
description="Grants Databricks metastore access to the root bucket",
)
aws.iam.Role(
resource_name="Updating the Databricks metastore credentials 1",
name="venkat-test-role",
assume_role_policy=public_read_policy_for_bucket(role.arn),
opts=pulumi.ResourceOptions( replace_on_changes=["*"], delete_before_replace=False),
)
Also tried this option as well https://pulumi-community.slack.com/archives/CRH5ENVDX/p1677456080396849?thread_ts=1677393469.008329&cid=CRH5ENVDXhallowed-fireman-90476
04/10/2024, 10:32 AMhallowed-fireman-90476
04/10/2024, 3:46 PMdef public_read_policy_for_bucket2():
return json.dumps(
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL",
]
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": {Databricks}
}
}
},
{
"Effect": "Allow",
"Principal": {
"AWS": [
f"arn:aws:iam::{aws_id}:root",
]
},
"Action": "sts:AssumeRole",
"Condition": {
"ArnLike": {
"aws:PrincipalArn": f"arn:aws:iam::{aws_id}:role/venkat-test-role"
}
}
}
]
}
)
# print(public_read_policy_for_bucket2)
role = aws.iam.Role(
resource_name="Creating role for the Databricks metastore credentials",
name="test-role",
assume_role_policy=public_read_policy_for_bucket2(),
description="Grants Databricks metastore access to the root bucket",
)