Databricks v1.70.0 published on Friday, May 9, 2025 by Pulumi
databricks.getAwsBucketPolicy
Explore with Pulumi AI
This datasource configures a simple access policy for AWS S3 buckets, so that Databricks can access data in it.
This data source can be used with an account or workspace-level provider.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as databricks from "@pulumi/databricks";
const thisBucketV2 = new aws.s3.BucketV2("this", {
    bucket: "<unique_bucket_name>",
    forceDestroy: true,
});
const _this = databricks.getAwsBucketPolicyOutput({
    bucket: thisBucketV2.bucket,
});
const thisBucketPolicy = new aws.s3.BucketPolicy("this", {
    bucket: thisBucketV2.id,
    policy: _this.apply(_this => _this.json),
});
import pulumi
import pulumi_aws as aws
import pulumi_databricks as databricks
this_bucket_v2 = aws.s3.BucketV2("this",
    bucket="<unique_bucket_name>",
    force_destroy=True)
this = databricks.get_aws_bucket_policy_output(bucket=this_bucket_v2.bucket)
this_bucket_policy = aws.s3.BucketPolicy("this",
    bucket=this_bucket_v2.id,
    policy=this.json)
package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		thisBucketV2, err := s3.NewBucketV2(ctx, "this", &s3.BucketV2Args{
			Bucket:       pulumi.String("<unique_bucket_name>"),
			ForceDestroy: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		this := databricks.GetAwsBucketPolicyOutput(ctx, databricks.GetAwsBucketPolicyOutputArgs{
			Bucket: thisBucketV2.Bucket,
		}, nil)
		_, err = s3.NewBucketPolicy(ctx, "this", &s3.BucketPolicyArgs{
			Bucket: thisBucketV2.ID(),
			Policy: pulumi.String(this.ApplyT(func(this databricks.GetAwsBucketPolicyResult) (*string, error) {
				return &this.Json, nil
			}).(pulumi.StringPtrOutput)),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() => 
{
    var thisBucketV2 = new Aws.S3.BucketV2("this", new()
    {
        Bucket = "<unique_bucket_name>",
        ForceDestroy = true,
    });
    var @this = Databricks.GetAwsBucketPolicy.Invoke(new()
    {
        Bucket = thisBucketV2.Bucket,
    });
    var thisBucketPolicy = new Aws.S3.BucketPolicy("this", new()
    {
        Bucket = thisBucketV2.Id,
        Policy = @this.Apply(@this => @this.Apply(getAwsBucketPolicyResult => getAwsBucketPolicyResult.Json)),
    });
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketV2Args;
import com.pulumi.databricks.DatabricksFunctions;
import com.pulumi.databricks.inputs.GetAwsBucketPolicyArgs;
import com.pulumi.aws.s3.BucketPolicy;
import com.pulumi.aws.s3.BucketPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var thisBucketV2 = new BucketV2("thisBucketV2", BucketV2Args.builder()
            .bucket("<unique_bucket_name>")
            .forceDestroy(true)
            .build());
        final var this = DatabricksFunctions.getAwsBucketPolicy(GetAwsBucketPolicyArgs.builder()
            .bucket(thisBucketV2.bucket())
            .build());
        var thisBucketPolicy = new BucketPolicy("thisBucketPolicy", BucketPolicyArgs.builder()
            .bucket(thisBucketV2.id())
            .policy(this_.applyValue(_this_ -> _this_.json()))
            .build());
    }
}
resources:
  thisBucketV2:
    type: aws:s3:BucketV2
    name: this
    properties:
      bucket: <unique_bucket_name>
      forceDestroy: true
  thisBucketPolicy:
    type: aws:s3:BucketPolicy
    name: this
    properties:
      bucket: ${thisBucketV2.id}
      policy: ${this.json}
variables:
  this:
    fn::invoke:
      function: databricks:getAwsBucketPolicy
      arguments:
        bucket: ${thisBucketV2.bucket}
Bucket policy with full access:
Using getAwsBucketPolicy
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getAwsBucketPolicy(args: GetAwsBucketPolicyArgs, opts?: InvokeOptions): Promise<GetAwsBucketPolicyResult>
function getAwsBucketPolicyOutput(args: GetAwsBucketPolicyOutputArgs, opts?: InvokeOptions): Output<GetAwsBucketPolicyResult>def get_aws_bucket_policy(aws_partition: Optional[str] = None,
                          bucket: Optional[str] = None,
                          databricks_account_id: Optional[str] = None,
                          databricks_e2_account_id: Optional[str] = None,
                          full_access_role: Optional[str] = None,
                          opts: Optional[InvokeOptions] = None) -> GetAwsBucketPolicyResult
def get_aws_bucket_policy_output(aws_partition: Optional[pulumi.Input[str]] = None,
                          bucket: Optional[pulumi.Input[str]] = None,
                          databricks_account_id: Optional[pulumi.Input[str]] = None,
                          databricks_e2_account_id: Optional[pulumi.Input[str]] = None,
                          full_access_role: Optional[pulumi.Input[str]] = None,
                          opts: Optional[InvokeOptions] = None) -> Output[GetAwsBucketPolicyResult]func GetAwsBucketPolicy(ctx *Context, args *GetAwsBucketPolicyArgs, opts ...InvokeOption) (*GetAwsBucketPolicyResult, error)
func GetAwsBucketPolicyOutput(ctx *Context, args *GetAwsBucketPolicyOutputArgs, opts ...InvokeOption) GetAwsBucketPolicyResultOutput> Note: This function is named GetAwsBucketPolicy in the Go SDK.
public static class GetAwsBucketPolicy 
{
    public static Task<GetAwsBucketPolicyResult> InvokeAsync(GetAwsBucketPolicyArgs args, InvokeOptions? opts = null)
    public static Output<GetAwsBucketPolicyResult> Invoke(GetAwsBucketPolicyInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetAwsBucketPolicyResult> getAwsBucketPolicy(GetAwsBucketPolicyArgs args, InvokeOptions options)
public static Output<GetAwsBucketPolicyResult> getAwsBucketPolicy(GetAwsBucketPolicyArgs args, InvokeOptions options)
fn::invoke:
  function: databricks:index/getAwsBucketPolicy:getAwsBucketPolicy
  arguments:
    # arguments dictionaryThe following arguments are supported:
- Bucket string
- AWS S3 Bucket name for which to generate the policy document.
- AwsPartition string
- AWS partition. The options are aws,aws-us-gov, oraws-us-gov-dod. Defaults toaws
- DatabricksAccount stringId 
- DatabricksE2Account stringId 
- Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
- FullAccess stringRole 
- Data access role that can have full access for this bucket
- Bucket string
- AWS S3 Bucket name for which to generate the policy document.
- AwsPartition string
- AWS partition. The options are aws,aws-us-gov, oraws-us-gov-dod. Defaults toaws
- DatabricksAccount stringId 
- DatabricksE2Account stringId 
- Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
- FullAccess stringRole 
- Data access role that can have full access for this bucket
- bucket String
- AWS S3 Bucket name for which to generate the policy document.
- awsPartition String
- AWS partition. The options are aws,aws-us-gov, oraws-us-gov-dod. Defaults toaws
- databricksAccount StringId 
- databricksE2Account StringId 
- Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
- fullAccess StringRole 
- Data access role that can have full access for this bucket
- bucket string
- AWS S3 Bucket name for which to generate the policy document.
- awsPartition string
- AWS partition. The options are aws,aws-us-gov, oraws-us-gov-dod. Defaults toaws
- databricksAccount stringId 
- databricksE2Account stringId 
- Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
- fullAccess stringRole 
- Data access role that can have full access for this bucket
- bucket str
- AWS S3 Bucket name for which to generate the policy document.
- aws_partition str
- AWS partition. The options are aws,aws-us-gov, oraws-us-gov-dod. Defaults toaws
- databricks_account_ strid 
- databricks_e2_ straccount_ id 
- Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
- full_access_ strrole 
- Data access role that can have full access for this bucket
- bucket String
- AWS S3 Bucket name for which to generate the policy document.
- awsPartition String
- AWS partition. The options are aws,aws-us-gov, oraws-us-gov-dod. Defaults toaws
- databricksAccount StringId 
- databricksE2Account StringId 
- Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
- fullAccess StringRole 
- Data access role that can have full access for this bucket
getAwsBucketPolicy Result
The following output properties are available:
- Bucket string
- Id string
- The provider-assigned unique ID for this managed resource.
- Json string
- (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
- AwsPartition string
- DatabricksAccount stringId 
- DatabricksE2Account stringId 
- FullAccess stringRole 
- Bucket string
- Id string
- The provider-assigned unique ID for this managed resource.
- Json string
- (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
- AwsPartition string
- DatabricksAccount stringId 
- DatabricksE2Account stringId 
- FullAccess stringRole 
- bucket String
- id String
- The provider-assigned unique ID for this managed resource.
- json String
- (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
- awsPartition String
- databricksAccount StringId 
- databricksE2Account StringId 
- fullAccess StringRole 
- bucket string
- id string
- The provider-assigned unique ID for this managed resource.
- json string
- (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
- awsPartition string
- databricksAccount stringId 
- databricksE2Account stringId 
- fullAccess stringRole 
- bucket str
- id str
- The provider-assigned unique ID for this managed resource.
- json str
- (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
- aws_partition str
- databricks_account_ strid 
- databricks_e2_ straccount_ id 
- full_access_ strrole 
- bucket String
- id String
- The provider-assigned unique ID for this managed resource.
- json String
- (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
- awsPartition String
- databricksAccount StringId 
- databricksE2Account StringId 
- fullAccess StringRole 
Package Details
- Repository
- databricks pulumi/pulumi-databricks
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the databricksTerraform Provider.