Closed cxinyi closed 4 months ago
Hi, cxinyi.
I had the same problem, I solved it with this steps:
https://kb.databricks.com/terraform/failed-credential-validation-checks-error-with-terraform
Hi monicamejiav,
I was able to solve the issue using the steps in the link you provided. Thank you!
I was trying out on using Terraform code to deploy Databricks Workspace in my Databricks account. The code was working last week, but it stopped working while I was testing it this week. To verify if my Terraform code is causing the issue, I manually created a storage credential in Databricks UI with the same IAM role. It worked successfully. Below is the error message I received:
│` Error: cannot create mws credentials: unexpected error handling request: invalid character 'M' looking for beginning of value. This is likely a bug in the Databricks SDK for Go or the underlying REST API. Please report this issue with the following debugging information to the SDK issue tracker at https://github.com/databricks/databricks-sdk-go/issues. Request log: │ │ POST /api/2.0/accounts/my-databricks-account-id/credentials │ > Host: │ > Accept: application/json │ > Authorization: REDACTED │ > Content-Type: application/json │ > Traceparent: 00-a7c458418e5616228cb0bdabc541af4b-9af50b8340e8ad99-01 │ > User-Agent: databricks-tf-provider/1.48.2 databricks-sdk-go/0.43.0 go/1.22.4 os/linux terraform/1.9.0 resource/mws_credentials auth/oauth-m2m │ > { │ > "aws_credentials": { │ > "sts_role": { │ > "role_arn": "arn:aws:iam::my-aws-account-id:role/demozgwmmk-crossaccount" │ > } │ > }, │ > "credentials_name": "demozgwmmk-creds" │ > } │ < HTTP/2.0 400 Bad Request │ < Content-Type: text/plain; charset=utf-8 │ < Date: Wed, 10 Jul 2024 07:13:13 GMT │ < Server: databricks │ < Strict-Transport-Security: max-age=31536000; includeSubDomains; preload │ < Vary: Accept-Encoding │ < X-Content-Type-Options: nosniff │ < MALFORMED_REQUEST: Failed credential validation checks: please use a valid cross account IAM role with permissions setup correctly. │ │ │ with databricks_mws_credentials.this, │ on main.tf line 62, in resource "databricks_mws_credentials" "this": │ 62: resource "databricks_mws_credentials" "this" { │
I am using the code provided in the Databricks Terraform provider documentation (https://registry.terraform.io/providers/databricks/databricks/latest/docs/guides/aws-workspace#cross-account-iam-role) for testing.