[ISSUE] Issue with `databricks_external_location` resource

[sasidhar-aws]

databricks_external_location is not getting created in first run, when we run terraform plan and apply after some time without any fix, its getting created.

Configuration

resource "databricks_storage_credential" "credential" {
  provider = databricks.workspace
  name     = "${var.name}"
  aws_iam_role {
    role_arn = aws_iam_role.role.arn
  }
  depends_on = [time_sleep.wait_for_role]
}

resource "databricks_external_location" "external_location" {
  provider        = databricks.workspace
  name            = aws_s3_bucket.bucket.id
  depends_on      = [aws_s3_bucket.bucket, databricks_storage_credential.credential]
  url             = "s3://${aws_s3_bucket.bucket.id}/"
  credential_name = databricks_storage_credential.credential.id
}

Expected Behavior

external location is created without issues

Actual Behavior

Error: cannot create external location: AWS IAM role does not have READ permissions on url s3://bucket-name/. Please contact your account admin to update the storage credential. PERMISSION_DENIED: Access denied. Cause: AccessDeniedException error from cloud storage provider. exceptionTraceId=77a04e71-3352-4923-8010-44a96413b3ce

Steps to Reproduce

terraform - 1.6.4 databricks - 1.24.0

Is it a regression?

Debug Output

Important Factoids

Would you like to implement a fix?

[nkvuong]

the aws_iam_role is created in the same script from my reading of the code? AWS says IAM policies are valid "almost" immediately, although this may be longer, see this SO post

in this case, either you need to add a longer wait time, or set skip_validation in the external location creation