cleanup

Author: tomarv2

README.md

@@ -116,7 +116,7 @@ module "databricks_workspace" {
   # - 'profile_for_iam' - for IAM creation (if none is provided 'default' is used)
   # - 'existing_role_name'
   profile_for_iam             = "iam-admin"
-  aws_region                  = "us-east-2"
+
   databricks_account_username = "[email protected]"
   databricks_account_password = "sample123!"
   databricks_account_id       = "1234567-1234-1234-1234-1234567"
@@ -136,7 +136,7 @@ module "databricks_workspace" {
   # - 'profile_for_iam' - for IAM creation (if none is provided 'default' is used)
   # - 'existing_role_name'
   existing_role_arn          = "arn:aws:iam::123456789012:role/demo-role"
-  aws_region                  = "us-east-2"
+
   databricks_account_username = "[email protected]"
   databricks_account_password = "sample123!"
   databricks_account_id       = "1234567-1234-1234-1234-1234567"
@@ -176,50 +176,52 @@ Error: MALFORMED_REQUEST: Failed credentials validation checks: Spot Cancellatio
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 3.47 |
-| <a name="requirement_databricks"></a> [databricks](#requirement\_databricks) | 0.4.7 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 3.63 |
+| <a name="requirement_databricks"></a> [databricks](#requirement\_databricks) | 0.5.1 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | ~> 3.1 |
 | <a name="requirement_time"></a> [time](#requirement\_time) | ~> 0.7 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 3.47 |
-| <a name="provider_databricks"></a> [databricks](#provider\_databricks) | 0.4.7 |
-| <a name="provider_databricks.mws"></a> [databricks.mws](#provider\_databricks.mws) | 0.4.7 |
-| <a name="provider_random"></a> [random](#provider\_random) | ~> 3.1 |
-| <a name="provider_time"></a> [time](#provider\_time) | ~> 0.7 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 3.74.3 |
+| <a name="provider_databricks"></a> [databricks](#provider\_databricks) | 0.5.1 |
+| <a name="provider_databricks.created_workspace"></a> [databricks.created\_workspace](#provider\_databricks.created\_workspace) | 0.5.1 |
+| <a name="provider_databricks.mws"></a> [databricks.mws](#provider\_databricks.mws) | 0.5.1 |
+| <a name="provider_random"></a> [random](#provider\_random) | 3.1.0 |
+| <a name="provider_time"></a> [time](#provider\_time) | 0.7.2 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_iam_policies"></a> [iam\_policies](#module\_iam\_policies) | git::[email protected]:tomarv2/terraform-aws-iam-policies.git | v0.0.4 |
 | <a name="module_iam_role"></a> [iam\_role](#module\_iam\_role) | git::[email protected]:tomarv2/terraform-aws-iam-role.git//modules/iam_role_external | v0.0.7 |
-| <a name="module_s3"></a> [s3](#module\_s3) | git::[email protected]:tomarv2/terraform-aws-s3.git | v0.0.7 |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | git::[email protected]:tomarv2/terraform-aws-vpc.git | v0.0.4 |
+| <a name="module_s3"></a> [s3](#module\_s3) | git::[email protected]:tomarv2/terraform-aws-s3.git | v0.0.8 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | git::[email protected]:tomarv2/terraform-aws-vpc.git | v0.0.6 |
 
 ## Resources
 
 | Name | Type |
 |------|------|
 | [aws_s3_bucket_policy.root_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
-| [databricks_mws_credentials.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.4.7/docs/resources/mws_credentials) | resource |
-| [databricks_mws_networks.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.4.7/docs/resources/mws_networks) | resource |
-| [databricks_mws_storage_configurations.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.4.7/docs/resources/mws_storage_configurations) | resource |
-| [databricks_mws_workspaces.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.4.7/docs/resources/mws_workspaces) | resource |
+| [databricks_mws_credentials.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_credentials) | resource |
+| [databricks_mws_networks.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_networks) | resource |
+| [databricks_mws_storage_configurations.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_storage_configurations) | resource |
+| [databricks_mws_workspaces.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_workspaces) | resource |
+| [databricks_token.pat](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/token) | resource |
 | [random_string.naming](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
 | [time_sleep.wait](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
-| [databricks_aws_assume_role_policy.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.4.7/docs/data-sources/aws_assume_role_policy) | data source |
-| [databricks_aws_bucket_policy.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.4.7/docs/data-sources/aws_bucket_policy) | data source |
-| [databricks_aws_crossaccount_policy.cross_account_iam_policy](https://registry.terraform.io/providers/databrickslabs/databricks/0.4.7/docs/data-sources/aws_crossaccount_policy) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [databricks_aws_assume_role_policy.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_assume_role_policy) | data source |
+| [databricks_aws_bucket_policy.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_bucket_policy) | data source |
+| [databricks_aws_crossaccount_policy.cross_account_iam_policy](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_crossaccount_policy) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | default aws region | `string` | `"us-west-2"` | no |
 | <a name="input_cidr_block"></a> [cidr\_block](#input\_cidr\_block) | The CIDR block for the VPC | `string` | `"10.4.0.0/16"` | no |
 | <a name="input_custom_tags"></a> [custom\_tags](#input\_custom\_tags) | Extra custom tags | `any` | `null` | no |
 | <a name="input_databricks_account_id"></a> [databricks\_account\_id](#input\_databricks\_account\_id) | External ID provided by third party. | `string` | n/a | yes |
@@ -228,8 +230,9 @@ Error: MALFORMED_REQUEST: Failed credentials validation checks: Spot Cancellatio
 | <a name="input_databricks_hostname"></a> [databricks\_hostname](#input\_databricks\_hostname) | databricks hostname | `string` | `"https://accounts.cloud.databricks.com"` | no |
 | <a name="input_existing_role_name"></a> [existing\_role\_name](#input\_existing\_role\_name) | If you want to use existing role name, else a new role will be created | `string` | `null` | no |
 | <a name="input_prjid"></a> [prjid](#input\_prjid) | Name of the project/stack e.g: mystack, nifieks, demoaci. Should not be changed after running 'tf apply' | `string` | n/a | yes |
+| <a name="input_profile"></a> [profile](#input\_profile) | profile to use for resource creation | `string` | `"default"` | no |
 | <a name="input_profile_for_iam"></a> [profile\_for\_iam](#input\_profile\_for\_iam) | profile to use for IAM | `string` | `null` | no |
-| <a name="input_profile"></a> [profile\_to\_use](#input\_profile\_to\_use) | Getting values from ~/.aws/credentials | `string` | `"default"` | no |
+| <a name="input_region"></a> [region](#input\_region) | AWS region to deploy resources | `string` | `"us-east-1"` | no |
 | <a name="input_teamid"></a> [teamid](#input\_teamid) | Name of the team/group e.g. devops, dataengineering. Should not be changed after running 'tf apply' | `string` | n/a | yes |
 
 ## Outputs
@@ -243,8 +246,11 @@ Error: MALFORMED_REQUEST: Failed credentials validation checks: Spot Cancellatio
 | <a name="output_databricks_mws_network_id"></a> [databricks\_mws\_network\_id](#output\_databricks\_mws\_network\_id) | databricks mws network id |
 | <a name="output_databricks_mws_storage_bucket_name"></a> [databricks\_mws\_storage\_bucket\_name](#output\_databricks\_mws\_storage\_bucket\_name) | databricks mws storage bucket name |
 | <a name="output_databricks_mws_storage_id"></a> [databricks\_mws\_storage\_id](#output\_databricks\_mws\_storage\_id) | databricks mws storage id |
+| <a name="output_databricks_token"></a> [databricks\_token](#output\_databricks\_token) | Value of the newly created token |
+| <a name="output_databricks_token_lifetime_hours"></a> [databricks\_token\_lifetime\_hours](#output\_databricks\_token\_lifetime\_hours) | Token validity |
 | <a name="output_iam_role_arn"></a> [iam\_role\_arn](#output\_iam\_role\_arn) | iam role arn |
 | <a name="output_inline_policy_id"></a> [inline\_policy\_id](#output\_inline\_policy\_id) | inline policy id |
+| <a name="output_nonsensitive_databricks_token"></a> [nonsensitive\_databricks\_token](#output\_nonsensitive\_databricks\_token) | Value of the newly created token (nonsensitive) |
 | <a name="output_s3_bucket_arn"></a> [s3\_bucket\_arn](#output\_s3\_bucket\_arn) | s3 bucket arn |
 | <a name="output_s3_bucket_id"></a> [s3\_bucket\_id](#output\_s3\_bucket\_id) | s3 bucket id |
 | <a name="output_s3_bucket_name"></a> [s3\_bucket\_name](#output\_s3\_bucket\_name) | s3 bucket name |

examples/sample/main.tf

@@ -1,16 +1,3 @@
-terraform {
-  required_version = ">= 1.0.1"
-  required_providers {
-    aws = {
-      version = "~> 3.63"
-    }
-  }
-}
-
-provider "aws" {
-  region = var.aws_region
-}
-
 module "databricks_workspace" {
   source = "../../"
 
@@ -19,11 +6,11 @@ module "databricks_workspace" {
   # - 'existing_role_name'
   profile_for_iam = "iam-admin"
   #existing_role_name         = "arn:aws:iam::123456789012:role/demo-role"
-  aws_region                  = var.aws_region
+
   databricks_account_username = "[email protected]"
   databricks_account_password = "sample123!"
   databricks_account_id       = "1234567-1234-1234-1234-1234567"
-
+  region                      = var.region
   custom_tags = tomap(
     {
       "Dept"        = "data",

examples/sample/variables.tf

@@ -8,7 +8,7 @@ variable "prjid" {
   type        = string
 }
 
-variable "aws_region" {
+variable "region" {
   description = "AWS region to deploy resources"
   type        = string
   default     = "us-west-2"

iam.tf

@@ -3,3 +3,38 @@ data "databricks_aws_assume_role_policy" "this" {
 }
 
 data "databricks_aws_crossaccount_policy" "cross_account_iam_policy" {}
+
+
+module "iam_role" {
+  source = "git::[email protected]:tomarv2/terraform-aws-iam-role.git//modules/iam_role_external?ref=v0.0.7"
+
+  count = var.existing_role_name == null ? 1 : 0
+
+  assume_role_policy = data.databricks_aws_assume_role_policy.this.json
+  # -----------------------------------------
+  # Do not change the teamid, prjid once set.
+  teamid = var.teamid
+  prjid  = "${var.prjid}-${local.suffix}"
+
+  providers = {
+    aws = aws.iam-management
+  }
+}
+
+module "iam_policies" {
+  source = "git::[email protected]:tomarv2/terraform-aws-iam-policies.git?ref=v0.0.4"
+
+  count = var.existing_role_name == null ? 1 : 0
+
+  role_name     = join("", module.iam_role.*.iam_role_name)
+  policy        = data.databricks_aws_crossaccount_policy.cross_account_iam_policy.json
+  inline_policy = true
+  # -----------------------------------------
+  # Do not change the teamid, prjid once set.
+  teamid = var.teamid
+  prjid  = "${var.prjid}-${local.suffix}"
+
+  providers = {
+    aws = aws.iam-management
+  }
+}

locals.tf

@@ -1,3 +1,6 @@
 locals {
+  region  = data.aws_region.current.name
   profile = var.profile_for_iam != null ? var.profile_for_iam : var.profile
 }
+
+data "aws_region" "current" {}

main.tf

@@ -1,60 +1,17 @@
-module "vpc" {
-  source = "git::[email protected]:tomarv2/terraform-aws-vpc.git?ref=v0.0.4"
+resource "databricks_mws_workspaces" "this" {
+  provider = databricks.mws
 
-  aws_region             = var.aws_region
-  enable_dns_hostnames   = true
-  enable_nat_gateway     = true
-  single_nat_gateway     = true
-  one_nat_gateway_per_az = false
-  create_igw             = true
-  default_security_group_egress = [{
-    cidr_blocks = "0.0.0.0/0"
-  }]
+  account_id      = var.databricks_account_id
+  aws_region      = local.region
+  workspace_name  = "${var.teamid}-${var.prjid}"
+  deployment_name = "${var.teamid}-${var.prjid}"
 
-  default_security_group_ingress = [{
-    description = "Allow all internal TCP and UDP"
-    self        = true
-  }]
-
-  public_subnets = [cidrsubnet(var.cidr_block, 3, 0)]
-  private_subnets = [cidrsubnet(var.cidr_block, 3, 1),
-  cidrsubnet(var.cidr_block, 3, 2)]
-  #------------------------------------------
-  # Do not change the teamid, prjid once set.
-  teamid = var.teamid
-  prjid  = var.prjid
+  credentials_id           = databricks_mws_credentials.this.credentials_id
+  storage_configuration_id = databricks_mws_storage_configurations.this.storage_configuration_id
+  network_id               = databricks_mws_networks.this.network_id
 }
 
-module "iam_role" {
-  source = "git::[email protected]:tomarv2/terraform-aws-iam-role.git//modules/iam_role_external?ref=v0.0.7"
-
-  count = var.existing_role_name == null ? 1 : 0
-
-  assume_role_policy = data.databricks_aws_assume_role_policy.this.json
-  # -----------------------------------------
-  # Do not change the teamid, prjid once set.
-  teamid = var.teamid
-  prjid  = "${var.prjid}-${local.suffix}"
-
-  providers = {
-    aws = aws.iam-management
-  }
-}
-
-module "iam_policies" {
-  source = "git::[email protected]:tomarv2/terraform-aws-iam-policies.git?ref=v0.0.4"
-
-  count = var.existing_role_name == null ? 1 : 0
-
-  role_name     = join("", module.iam_role.*.iam_role_name)
-  policy        = data.databricks_aws_crossaccount_policy.cross_account_iam_policy.json
-  inline_policy = true
-  # -----------------------------------------
-  # Do not change the teamid, prjid once set.
-  teamid = var.teamid
-  prjid  = "${var.prjid}-${local.suffix}"
-
-  providers = {
-    aws = aws.iam-management
-  }
+resource "time_sleep" "wait" {
+  depends_on      = [module.iam_role]
+  create_duration = "10s"
 }

s3.tf

@@ -1,5 +1,5 @@
 module "s3" {
-  source = "git::[email protected]:tomarv2/terraform-aws-s3.git?ref=v0.0.7"
+  source = "git::[email protected]:tomarv2/terraform-aws-s3.git?ref=v0.0.8"
 
   custom_tags = var.custom_tags
   # -----------------------------------------

variables.tf

@@ -8,18 +8,6 @@ variable "prjid" {
   type        = string
 }
 
-variable "profile" {
-  description = "Getting values from ~/.aws/credentials"
-  type        = string
-  default     = "default"
-}
-
-variable "aws_region" {
-  description = "default aws region"
-  type        = string
-  default     = "us-west-2"
-}
-
 variable "databricks_hostname" {
   description = "databricks hostname"
   type        = string
@@ -51,12 +39,6 @@ locals {
   suffix = random_string.naming.result
 }
 
-variable "profile_for_iam" {
-  description = "profile to use for IAM"
-  default     = null
-  type        = string
-}
-
 variable "existing_role_name" {
   description = "If you want to use existing role name, else a new role will be created"
   default     = null
@@ -74,3 +56,21 @@ variable "custom_tags" {
   description = "Extra custom tags"
   default     = null
 }
+
+variable "profile" {
+  description = "profile to use for resource creation"
+  default     = "default"
+  type        = string
+}
+
+variable "profile_for_iam" {
+  description = "profile to use for IAM"
+  default     = null
+  type        = string
+}
+
+variable "region" {
+  description = "AWS region to deploy resources"
+  type        = string
+  default     = "us-east-1"
+}

versions.tf

@@ -18,17 +18,18 @@ terraform {
 }
 
 provider "aws" {
-  region  = var.aws_region
+  region  = var.region
   profile = var.profile
 }
 
 provider "aws" {
   alias = "iam-management"
 
-  region  = var.aws_region
+  region  = var.region
   profile = local.profile
 }
 
+
 # initialize provider in "MWS" mode to provision new workspace
 provider "databricks" {
   alias = "mws"

vpc.tf

@@ -0,0 +1,17 @@
+module "vpc" {
+  source = "git::[email protected]:tomarv2/terraform-aws-vpc.git?ref=v0.0.6"
+
+  enable_dns_hostnames   = true
+  enable_nat_gateway     = true
+  single_nat_gateway     = true
+  one_nat_gateway_per_az = false
+  create_igw             = true
+
+  public_subnets = [cidrsubnet(var.cidr_block, 3, 0)]
+  private_subnets = [cidrsubnet(var.cidr_block, 3, 1),
+  cidrsubnet(var.cidr_block, 3, 2)]
+  #------------------------------------------
+  # Do not change the teamid, prjid once set.
+  teamid = var.teamid
+  prjid  = var.prjid
+}