Update UC example to allow role to assume-itself

databricks / terraform-databricks-examples

Examples of using Terraform to deploy Databricks resources

https://registry.terraform.io/modules/databricks/examples/databricks/latest

Other

187 stars 116 forks source link

Update UC example to allow role to assume-itself #118

Closed hectorcast-db closed 4 months ago

hectorcast-db commented 5 months ago

Update UC example to allow role to assume-itself

alexott commented 5 months ago

In general looks good, was it tested somewhere? I don't have environment to test right now

hectorcast-db commented 5 months ago

@yuchenhuo @alexott I just tested creating the policy and role from the example. My understanding is that the condition is required if you want to add permissions in the assume_role_policy, but not for the permission policy itself. This is because the role in the assume_role_policy must exist at creation time, so we get a chicken and egg problem.

But using assume_role_policies, seems a better choice. Let me try to rewrite this.