databricks
diff --git a/‎README.md
+8-1 b/‎README.md
+8-1
diff --git a/‎examples/adb-exfiltration-protection/README.md
+2-2 b/‎examples/adb-exfiltration-protection/README.md
+2-2
diff --git a/‎examples/adb-exfiltration-protection/images/adb-exfiltration-classic.png
-287 KB b/‎examples/adb-exfiltration-protection/images/adb-exfiltration-classic.png
-287 KB
diff --git a/‎examples/adb-lakehouse/README.md
+1-1 b/‎examples/adb-lakehouse/README.md
+1-1
diff --git a/‎examples/adb-lakehouse/data.tf
+2 b/‎examples/adb-lakehouse/data.tf
+2
diff --git a/‎examples/adb-lakehouse/providers.tf
-4 b/‎examples/adb-lakehouse/providers.tf
-4
diff --git a/‎examples/adb-with-private-link-standard/README.md
+1-1 b/‎examples/adb-with-private-link-standard/README.md
+1-1
diff --git a/‎examples/adb-with-private-link-standard/providers.tf
-4 b/‎examples/adb-with-private-link-standard/providers.tf
-4
diff --git a/‎examples/adb-with-private-links-exfiltration-protection/README.md
+2-2 b/‎examples/adb-with-private-links-exfiltration-protection/README.md
+2-2
diff --git a/‎examples/adb-with-private-links-exfiltration-protection/images/adb-private-links-general.png
-504 KB b/‎examples/adb-with-private-links-exfiltration-protection/images/adb-private-links-general.png
-504 KB
diff --git a/‎examples/aws-exfiltration-protection/README.md
+26 b/‎examples/aws-exfiltration-protection/README.md
+26
diff --git a/‎examples/aws-exfiltration-protection/main.tf
+6 b/‎examples/aws-exfiltration-protection/main.tf
+6
diff --git a/‎examples/aws-exfiltration-protection/terraform.tfvars b/‎examples/aws-exfiltration-protection/terraform.tfvars
diff --git a/‎examples/aws-exfiltration-protection/variables.tf
+46 b/‎examples/aws-exfiltration-protection/variables.tf
+46
diff --git a/‎examples/aws-exfiltration-protection/versions.tf
+14 b/‎examples/aws-exfiltration-protection/versions.tf
+14
diff --git a/‎examples/aws-workspace-basic/README.md
+23 b/‎examples/aws-workspace-basic/README.md
+23
diff --git a/‎examples/aws-workspace-basic/main.tf
+6 b/‎examples/aws-workspace-basic/main.tf
+6
diff --git a/‎examples/aws-workspace-basic/terraform.tfvars b/‎examples/aws-workspace-basic/terraform.tfvars
diff --git a/‎examples/aws-workspace-basic/variables.tf
+15 b/‎examples/aws-workspace-basic/variables.tf
+15
diff --git a/‎examples/aws-workspace-basic/versions.tf
+14 b/‎examples/aws-workspace-basic/versions.tf
+14
diff --git a/‎examples/aws-workspace-with-firewall/README.md
+23 b/‎examples/aws-workspace-with-firewall/README.md
+23
diff --git a/‎examples/aws-workspace-with-firewall/main.tf
+6 b/‎examples/aws-workspace-with-firewall/main.tf
+6
diff --git a/‎examples/aws-workspace-with-firewall/terraform.tfvars b/‎examples/aws-workspace-with-firewall/terraform.tfvars
diff --git a/‎examples/aws-workspace-with-firewall/variables.tf
+45 b/‎examples/aws-workspace-with-firewall/variables.tf
+45
diff --git a/‎examples/aws-workspace-with-firewall/versions.tf
+14 b/‎examples/aws-workspace-with-firewall/versions.tf
+14
diff --git a/‎modules/adb-exfiltration-protection/README.md
+5-5 b/‎modules/adb-exfiltration-protection/README.md
+5-5
diff --git a/‎modules/adb-lakehouse/README.md
+5-5 b/‎modules/adb-lakehouse/README.md
+5-5
diff --git a/‎modules/adb-lakehouse/main.tf
+2 b/‎modules/adb-lakehouse/main.tf
+2
@@ -42,6 +42,10 @@ The folder `examples` contains the following Terraform implementation examples :
 | Azure | [adb-squid-proxy](examples/adb-squid-proxy/)                                       | ADB clusters with HTTP proxy                                                                                                                                  |
 | Azure | [adb-teradata](examples/adb-teradata/)                                             | ADB with single VM Teradata integration                                                                                                                       |
 | Azure | [adb-uc](examples/adb-uc/)                                                         | ADB Unity Catalog Process                                                                                                                                     |
+| AWS   | [aws-workspace-basic](examples/aws-workspace-basic/)                               | Provisioning AWS Databricks E2                                                                                                                                 |
+| AWS   | [aws-workspace-with-firewall](examples/aws-workspace-with-firewall/)                               | Provisioning AWS Databricks E2 with an AWS Firewall                                                                                                                                 |
+| AWS   | [aws-exfiltration-protection](examples/aws-exfiltration-protection/)                               | An implementation of [Data Exfiltration Protection on AWS](https://www.databricks.com/blog/2021/02/02/data-exfiltration-protection-with-databricks-on-aws.html)                                                                                                                                 |
+| AWS   | aws-workspace-with-private-link                               | Coming soon                                                                                                       |
 | AWS   | [aws-databricks-flat](examples/aws-databricks-flat/)                               | AWS Databricks simple example                                                                                                                                 |
 | AWS   | [aws-databricks-modular-privatelink](examples/aws-databricks-modular-privatelink/) | Deploy multiple AWS Databricks workspaces                                                                                                                     |
 | AWS   | [aws-databricks-uc](examples/aws-databricks-uc/)                                   | AWS UC                                                                                                                                                        |
@@ -61,7 +65,10 @@ The folder `modules` contains the following Terraform modules :
 | Azure | [adb-with-private-link-standard](modules/adb-with-private-link-standard/)                     | Provisioning Databricks on Azure with Private Link - Standard deployment            |
 | Azure | [adb-exfiltration-protection](modules/adb-exfiltration-protection/)                     | A sample implementation of [Data Exfiltration Protection](https://www.databricks.com/blog/2020/03/27/data-exfiltration-protection-with-azure-databricks.html)             |
 | Azure | [adb-with-private-links-exfiltration-protection](modules/adb-with-private-links-exfiltration-protection/)                     | Provisioning Databricks on Azure with Private Link and [Data Exfiltration Protection](https://www.databricks.com/blog/2020/03/27/data-exfiltration-protection-with-azure-databricks.html)            |
-| AWS   | Coming soon                                         |             |
+| AWS | [aws-workspace-basic](modules/aws-workspace-basic/)                     | Provisioning AWS Databricks E2             |
+| AWS | [aws-workspace-with-firewall](modules/aws-workspace-with-firewall/)                     | Provisioning AWS Databricks E2 with an AWS Firewall             |
+| AWS | [aws-exfiltration-protection](modules/aws-exfiltration-protection/)                     | An implementation of [Data Exfiltration Protection on AWS](https://www.databricks.com/blog/2021/02/02/data-exfiltration-protection-with-databricks-on-aws.html)             |
+| AWS | aws-workspace-with-private-link                     | Coming soon             |
 | GCP   | Coming soon                                         |             |
 
 ## CICD pipelines
 
@@ -11,7 +11,7 @@ To find IP and FQDN for your deployment, go to: https://docs.microsoft.com/en-us
 
 ## Overall Architecture
 
-![alt text](https://raw.githubusercontent.com/databricks/terraform-databricks-examples/main/examples/adb-exfiltration-protection/images/adb-exfiltration-classic.png?raw=true)
+![alt text](https://raw.githubusercontent.com/databricks/terraform-databricks-examples/main/modules/adb-exfiltration-protection/images/adb-exfiltration-classic.png?raw=true)
 
 Resources to be created:
 * Resource group with random prefix
@@ -24,7 +24,7 @@ Resources to be created:
 
 1. Update `terraform.tfvars` file and provide values to each defined variable
 2. (Optional) Configure your [remote backend](https://developer.hashicorp.com/terraform/language/settings/backends/azurerm)
-4. Run `terraform init` to initialize terraform and get provider ready.
+3. Run `terraform init` to initialize terraform and get provider ready.
 4. Run `terraform apply` to create the resources.
 
 ## How to fill in variable values
 
@@ -24,5 +24,5 @@ This example can be used to deploy the following:
 
 1. Update `terraform.tfvars` file and provide values to each defined variable
 2. (Optional) Configure your [remote backend](https://developer.hashicorp.com/terraform/language/settings/backends/azurerm)
-4. Run `terraform init` to initialize terraform and get provider ready.
+3. Run `terraform init` to initialize terraform and get provider ready.
 4. Run `terraform apply` to create the resources.
@@ -0,0 +1,2 @@
+data "azurerm_client_config" "current" {
+}
@@ -22,5 +22,5 @@ This example can be used to deploy the following:
 
 1. Update `terraform.tfvars` file and provide values to each defined variable
 2. (Optional) Configure your [remote backend](https://developer.hashicorp.com/terraform/language/settings/backends/azurerm)
-4. Run `terraform init` to initialize terraform and get provider ready.
+3. Run `terraform init` to initialize terraform and get provider ready.
 4. Run `terraform apply` to create the resources.
@@ -10,7 +10,7 @@ Include:
 5. Private Endpoint for web-auth traffic.
 
 Overall Architecture:
-![alt text](https://raw.githubusercontent.com/databricks/terraform-databricks-examples/main/examples/adb-with-private-links-exfiltration-protection/images/adb-private-links-general.png?raw=true)
+![alt text](https://raw.githubusercontent.com/databricks/terraform-databricks-examples/main/modules/adb-with-private-links-exfiltration-protection/images/adb-private-links-general.png?raw=true)
 
 With this deployment, traffic from user client to webapp (notebook UI), backend traffic from data plane to control plane will be through private endpoints. This terraform sample will create:
 * Resource group with random prefix
@@ -23,5 +23,5 @@ With this deployment, traffic from user client to webapp (notebook UI), backend
 
 1. Update `terraform.tfvars` file and provide values to each defined variable
 2. (Optional) Configure your [remote backend](https://developer.hashicorp.com/terraform/language/settings/backends/azurerm)
-4. Run `terraform init` to initialize terraform and get provider ready.
+3. Run `terraform init` to initialize terraform and get provider ready.
 4. Run `terraform apply` to create the resources.
@@ -0,0 +1,26 @@
+# Provisioning Azure Databricks workspace with a Hub & Spoke firewall for data exfiltration protection
+
+This example is using the [aws-exfiltration-protection](../../modules/aws-exfiltration-protection) module.
+
+This template provides an example deployment of AWS Databricks E2 workspace with a Hub & Spoke firewall for data exfiltration protection. Details are described in [Data Exfiltration Protection With Databricks on AWS](https://www.databricks.com/blog/2021/02/02/data-exfiltration-protection-with-databricks-on-aws.html). 
+
+## Overall Architecture
+
+![alt text](https://raw.githubusercontent.com/databricks/terraform-databricks-examples/main/modules/aws-exfiltration-protection/images/aws-exfiltration-classic.png?raw=true)
+
+## How to use
+
+> **Note**  
+> If you are using AWS Firewall to block most traffic but allow the URLs that Databricks needs to connect to, please update the configuration based on your region. You can get the configuration details for your region from [Firewall Appliance](https://docs.databricks.com/administration-guide/cloud-configurations/aws/customer-managed-vpc.html#firewall-appliance-infrastructure) document.
+
+1. Reference this module using one of the different [module source types](https://developer.hashicorp.com/terraform/language/modules/sources)
+2. Add a `variables.tf` with the same content in [variables.tf](variables.tf)
+3. Add a `terraform.tfvars` file and provide values to each defined variable
+4. Configure the following environment variables:
+    * TF_VAR_databricks_account_username, set to the value of your Databricks account-level admin username.
+    * TF_VAR_databricks_account_password, set to the value of the password for your Databricks account-level admin user.
+    * TF_VAR_databricks_account_id, set to the value of the ID of your Databricks account. You can find this value in the corner of your Databricks account console.
+5. Add a `output.tf` file.
+6. (Optional) Configure your [remote backend](https://developer.hashicorp.com/terraform/language/settings/backends/s3)
+7. Run `terraform init` to initialize terraform and get provider ready.
+8. Run `terraform apply` to create the resources.
@@ -0,0 +1,6 @@
+module "aws-exfiltration-protection" {
+  source                      = "github.com/databricks/terraform-databricks-examples/modules/aws-exfiltration-protection"
+  databricks_account_id       = var.databricks_account_id
+  databricks_account_username = var.databricks_account_username
+  databricks_account_password = var.databricks_account_password
+}
@@ -0,0 +1,46 @@
+variable "databricks_account_username" {}
+variable "databricks_account_password" {}
+variable "databricks_account_id" {}
+
+variable "tags" {
+  default = {}
+}
+
+variable "spoke_cidr_block" {
+  default = "10.173.0.0/16"
+}
+variable "hub_cidr_block" {
+  default = "10.10.0.0/16"
+}
+variable "region" {
+  default = "eu-central-1"
+}
+
+resource "random_string" "naming" {
+  special = false
+  upper   = false
+  length  = 6
+}
+variable "whitelisted_urls" {
+  default = [".pypi.org", ".pythonhosted.org", ".cran.r-project.org"]
+}
+
+variable "db_web_app" {
+  default = "frankfurt.cloud.databricks.com"
+}
+
+variable "db_tunnel" {
+  default = "tunnel.eu-central-1.cloud.databricks.com"
+}
+
+variable "db_rds" {
+  default = "mdv2llxgl8lou0.ceptxxgorjrc.eu-central-1.rds.amazonaws.com"
+}
+
+variable "db_control_plane" {
+  default = "18.159.44.32/28"
+}
+
+variable "prefix" {
+  default = "demo"
+}
@@ -0,0 +1,14 @@
+# versions.tf
+terraform {
+  required_providers {
+    databricks = {
+      source  = "databricks/databricks"
+      version = ">=1.13.0"
+    }
+
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.58.0"
+    }
+  }
+}
@@ -0,0 +1,23 @@
+# Provisioning AWS Databricks E2
+
+This example is using the [aws-workspace-basic](../../modules/aws-workspace-basic) module.
+
+This template provides an example of a simple deployment of AWS Databricks E2 workspace.
+
+## Overall Architecture
+
+![alt text](https://raw.githubusercontent.com/databricks/terraform-databricks-examples/main/modules/aws-workspace-basic/images/aws-workspace-basic.png?raw=true)
+
+## How to use
+
+1. Reference this module using one of the different [module source types](https://developer.hashicorp.com/terraform/language/modules/sources)
+2. Add a `variables.tf` with the same content in [variables.tf](variables.tf)
+3. Add a `terraform.tfvars` file and provide values to each defined variable
+4. Configure the following environment variables:
+    * TF_VAR_databricks_account_username, set to the value of your Databricks account-level admin username.
+    * TF_VAR_databricks_account_password, set to the value of the password for your Databricks account-level admin user.
+    * TF_VAR_databricks_account_id, set to the value of the ID of your Databricks account. You can find this value in the corner of your Databricks account console.
+5. Add a `output.tf` file.
+6. (Optional) Configure your [remote backend](https://developer.hashicorp.com/terraform/language/settings/backends/s3)
+7. Run `terraform init` to initialize terraform and get provider ready.
+8. Run `terraform apply` to create the resources.
@@ -0,0 +1,6 @@
+module "aws-workspace-basic" {
+  source                      = "github.com/databricks/terraform-databricks-examples/modules/aws-workspace-basic"
+  databricks_account_id       = var.databricks_account_id
+  databricks_account_username = var.databricks_account_username
+  databricks_account_password = var.databricks_account_password
+}
@@ -0,0 +1,15 @@
+variable "databricks_account_username" {}
+variable "databricks_account_password" {}
+variable "databricks_account_id" {}
+
+variable "tags" {
+  default = {}
+}
+
+variable "cidr_block" {
+  default = "10.4.0.0/16"
+}
+
+variable "region" {
+  default = "eu-west-1"
+}
@@ -0,0 +1,14 @@
+# versions.tf
+terraform {
+  required_providers {
+    databricks = {
+      source  = "databricks/databricks"
+      version = ">=1.13.0"
+    }
+
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.58.0"
+    }
+  }
+}
@@ -0,0 +1,23 @@
+# Provisioning AWS Databricks E2 with an AWS Firewall
+
+This example is using the [aws-workspace-with-firewall](../../modules/aws-workspace-with-firewall) module.
+
+This template provides an example of a simple deployment of AWS Databricks E2 workspace with an AWS Firewall.
+
+## Overall Architecture
+
+![alt text](https://raw.githubusercontent.com/databricks/terraform-databricks-examples/main/modules/aws-workspace-with-firewall/images/aws-workspace-with-firewall.png?raw=true)
+
+## How to use
+
+1. Reference this module using one of the different [module source types](https://developer.hashicorp.com/terraform/language/modules/sources)
+2. Add a `variables.tf` with the same content in [variables.tf](variables.tf)
+3. Add a `terraform.tfvars` file and provide values to each defined variable
+4. Configure the following environment variables:
+    * TF_VAR_databricks_account_username, set to the value of your Databricks account-level admin username.
+    * TF_VAR_databricks_account_password, set to the value of the password for your Databricks account-level admin user.
+    * TF_VAR_databricks_account_id, set to the value of the ID of your Databricks account. You can find this value in the corner of your Databricks account console.
+5. Add a `output.tf` file.
+6. (Optional) Configure your [remote backend](https://developer.hashicorp.com/terraform/language/settings/backends/s3)
+7. Run `terraform init` to initialize terraform and get provider ready.
+8. Run `terraform apply` to create the resources.
@@ -0,0 +1,6 @@
+module "aws-workspace-with-firewall" {
+  source                      = "github.com/databricks/terraform-databricks-examples/modules/aws-workspace-with-firewall"
+  databricks_account_id       = var.databricks_account_id
+  databricks_account_username = var.databricks_account_username
+  databricks_account_password = var.databricks_account_password
+}
@@ -0,0 +1,45 @@
+variable "databricks_account_username" {}
+variable "databricks_account_password" {}
+variable "databricks_account_id" {}
+
+variable "tags" {
+  default = {}
+}
+
+variable "cidr_block" {
+  default = "10.4.0.0/16"
+}
+
+variable "region" {
+  default = "eu-west-2"
+}
+
+resource "random_string" "naming" {
+  special = false
+  upper   = false
+  length  = 6
+}
+
+variable "whitelisted_urls" {
+  default = [".pypi.org", ".pythonhosted.org", ".cran.r-project.org"]
+}
+
+variable "db_web_app" {
+  default = "london.cloud.databricks.com"
+}
+
+variable "db_tunnel" {
+  default = "tunnel.eu-west-2.cloud.databricks.com"
+}
+
+variable "db_rds" {
+  default = "mdio2468d9025m.c6fvhwk6cqca.eu-west-2.rds.amazonaws.com"
+}
+
+variable "db_control_plane" {
+  default = "18.134.65.240/28"
+}
+
+variable "prefix" {
+  default = "demo"
+}
@@ -0,0 +1,14 @@
+# versions.tf
+terraform {
+  required_providers {
+    databricks = {
+      source  = "databricks/databricks"
+      version = ">=1.13.0"
+    }
+
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.58.0"
+    }
+  }
+}
@@ -26,11 +26,11 @@ Resources to be created:
 
 1. Reference this module using one of the different [module source types](https://developer.hashicorp.com/terraform/language/modules/sources)
 2. Add a `variables.tf` with the same content in [variables.tf](variables.tf)
-2. Add a `terraform.tfvars` file and provide values to each defined variable
-3. Add a `output.tf` file.
-4. (Optional) Configure your [remote backend](https://developer.hashicorp.com/terraform/language/settings/backends/azurerm)
-4. Run `terraform init` to initialize terraform and get provider ready.
-4. Run `terraform apply` to create the resources.
+3. Add a `terraform.tfvars` file and provide values to each defined variable
+4. Add a `output.tf` file.
+5. (Optional) Configure your [remote backend](https://developer.hashicorp.com/terraform/language/settings/backends/azurerm)
+6. Run `terraform init` to initialize terraform and get provider ready.
+7. Run `terraform apply` to create the resources.
 
 
 ## How to fill in variable values
 
@@ -28,8 +28,8 @@ This module can be used to deploy the following:
 
 1. Reference this module using one of the different [module source types](https://developer.hashicorp.com/terraform/language/modules/sources)
 2. Add a `variables.tf` with the same content in [variables.tf](variables.tf)
-2. Add a `terraform.tfvars` file and provide values to each defined variable
-3. Add a `output.tf` file.
-4. (Optional) Configure your [remote backend](https://developer.hashicorp.com/terraform/language/settings/backends/azurerm)
-4. Run `terraform init` to initialize terraform and get provider ready.
-4. Run `terraform apply` to create the resources.
+3. Add a `terraform.tfvars` file and provide values to each defined variable
+4. Add a `output.tf` file.
+5. (Optional) Configure your [remote backend](https://developer.hashicorp.com/terraform/language/settings/backends/azurerm)
+6. Run `terraform init` to initialize terraform and get provider ready.
+7. Run `terraform apply` to create the resources.
@@ -4,3 +4,5 @@ resource "azurerm_resource_group" "this" {
   tags     = var.tags
 }
 
+data "azurerm_client_config" "current" {
+}
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+data "azurerm_client_config" "current" {`
	`2`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -4,3 +4,5 @@ resource "azurerm_resource_group" "this" {`
`4`	`4`	`tags = var.tags`
`5`	`5`	`}`
`6`	`6`
	`7`	`+data "azurerm_client_config" "current" {`
	`8`	`+}`