topic Re: AWS custom role for Databricks clusters - no instance profile ARN in Administration & Architecture https://community.databricks.com/t5/administration-architecture/aws-custom-role-for-databricks-clusters-no-instance-profile-arn/m-p/110982#M3042 <P><a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/50560">@Wayne</a>&nbsp;</P><P>I need to understand more about what you’re trying to achieve,</P><P>but if you’re looking to grant permissions to the EC2 instances running behind a Databricks cluster using an instance profile, the following documentation provides a detailed explanation.</P><P>It includes an example of granting access to S3</P><P><A href="https://docs.databricks.com/aws/en/connect/storage/tutorial-s3-instance-profile" target="_new" rel="noopener">Use Instance Profiles to Access S3 from Databricks</A></P> Sun, 23 Feb 2025 05:43:27 GMT Takuya-Omi 2025-02-23T05:43:27Z AWS custom role for Databricks clusters - no instance profile ARN https://community.databricks.com/t5/administration-architecture/aws-custom-role-for-databricks-clusters-no-instance-profile-arn/m-p/110927#M3039 <P>Try to follow the instructions to create custom IAM role for EC2 instance in Databricks clusters, but I can't find the instance profile ARN on the role. If I create a regual IAM role on EC2, I can find both role ARN and instance profile ARN.<BR /><A href="https://docs.databricks.com/aws/en/admin/account-settings-e2/credentials" target="_blank" rel="noopener">https://docs.databricks.com/aws/en/admin/account-settings-e2/credentials</A><BR /><BR /></P><OL><LI>Get your Databricks account ID. See<SPAN>&nbsp;</SPAN><A href="https://docs.databricks.com/aws/en/admin/account-settings/#account-id" target="_blank" rel="noopener">Locate your account ID</A>.</LI><LI>Log into your AWS Console as a user with administrator privileges and go to the<SPAN>&nbsp;</SPAN><STRONG>IAM</STRONG><SPAN>&nbsp;</SPAN>console.</LI><LI>Click the<SPAN>&nbsp;</SPAN><STRONG>Roles</STRONG><SPAN>&nbsp;</SPAN>tab in the sidebar.</LI><LI>Click<SPAN>&nbsp;</SPAN><STRONG>Create role</STRONG>.<OL><LI>In<SPAN>&nbsp;</SPAN><STRONG>Select type of trusted entity</STRONG>, click the<SPAN>&nbsp;</SPAN><STRONG>AWS account</STRONG><SPAN>&nbsp;</SPAN>tile.</LI><LI>Select the<SPAN>&nbsp;</SPAN><STRONG>Another AWS account</STRONG><SPAN>&nbsp;</SPAN>checkbox.</LI><LI>In the Account ID field, enter the Databricks account ID<SPAN>&nbsp;</SPAN>414351767826. This is<SPAN>&nbsp;</SPAN><STRONG>not</STRONG><SPAN>&nbsp;</SPAN>the Account ID you copied from the Databricks account console. If you are are using<SPAN>&nbsp;</SPAN><A href="https://docs.databricks.com/aws/en/security/privacy/gov-cloud" target="_blank" rel="noopener">Databricks on AWS GovCloud</A><SPAN>&nbsp;</SPAN>use the Databricks account ID<SPAN>&nbsp;</SPAN>044793339203<SPAN>&nbsp;</SPAN>for AWS GovCloud or<SPAN>&nbsp;</SPAN>170661010020<SPAN>&nbsp;</SPAN>for AWS GovCloud DoD.</LI><LI>Select the<SPAN>&nbsp;</SPAN><STRONG>Require external ID</STRONG><SPAN>&nbsp;</SPAN>checkbox.</LI><LI>In the<SPAN>&nbsp;</SPAN><STRONG>External ID</STRONG><SPAN>&nbsp;</SPAN>field, enter your Databricks account ID, which you copied from the Databricks account console.</LI><LI>Click the<SPAN>&nbsp;</SPAN><STRONG>Next</STRONG><SPAN>&nbsp;</SPAN>button.</LI><LI>In the<SPAN>&nbsp;</SPAN><STRONG>Add Permissions</STRONG><SPAN>&nbsp;</SPAN>page, click the<SPAN>&nbsp;</SPAN><STRONG>Next</STRONG><SPAN>&nbsp;</SPAN>button. You should now be on the<SPAN>&nbsp;</SPAN><STRONG>Name, review, and create</STRONG><SPAN>&nbsp;</SPAN>page.</LI><LI>In the<SPAN>&nbsp;</SPAN><STRONG>Role name</STRONG><SPAN>&nbsp;</SPAN>field, enter a role name.</LI><LI>Click<SPAN>&nbsp;</SPAN><STRONG>Create role</STRONG>. The list of roles appears.<BR /><BR /><BR /><BR /></LI></OL></LI></OL> Fri, 21 Feb 2025 21:16:49 GMT https://community.databricks.com/t5/administration-architecture/aws-custom-role-for-databricks-clusters-no-instance-profile-arn/m-p/110927#M3039 Wayne 2025-02-21T21:16:49Z Re: AWS custom role for Databricks clusters - no instance profile ARN https://community.databricks.com/t5/administration-architecture/aws-custom-role-for-databricks-clusters-no-instance-profile-arn/m-p/110982#M3042 <P><a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/50560">@Wayne</a>&nbsp;</P><P>I need to understand more about what you’re trying to achieve,</P><P>but if you’re looking to grant permissions to the EC2 instances running behind a Databricks cluster using an instance profile, the following documentation provides a detailed explanation.</P><P>It includes an example of granting access to S3</P><P><A href="https://docs.databricks.com/aws/en/connect/storage/tutorial-s3-instance-profile" target="_new" rel="noopener">Use Instance Profiles to Access S3 from Databricks</A></P> Sun, 23 Feb 2025 05:43:27 GMT https://community.databricks.com/t5/administration-architecture/aws-custom-role-for-databricks-clusters-no-instance-profile-arn/m-p/110982#M3042 Takuya-Omi 2025-02-23T05:43:27Z