topic databricks terraform provider, databricks_credential resource, service in Administration & Architecture

databricks terraform provider, databricks_credential resource, service

sunykim — Tue, 26 Aug 2025 15:38:24 GMT

I cannot make the databricks_credential resource create a service credential. It works fine with storage credentials. However, when i put `purpose = "SERVICE"` plus aws_iam_role and comment, in the apply phase it fails with
`Error: cannot create credential: failed during request visitor: default auth: cannot configure default credentials, please check` It surprises me to see an auth error here. The auth of the databricks service principal works fine with everything else. I tried with both workspace level and account level provider. If you need more information i'm happy to provide it

Re: databricks terraform provider, databricks_credential resource, service

Khaja_Zaffer — Tue, 26 Aug 2025 17:17:53 GMT

Hello @sunykim

Good day!
Sad to see you going through issue But

Please ensure AWS credentials are set in your environment before running terraform apply. Has IAM role details (e.g., via iam:GetRole) got sufficient credentials permissions to read the role?.

You can set them as environment variables:

The below must resolve your issue ( I am open to other solutions from contributors as well. )

export AWS_ACCESS_KEY_ID="your-access-key"
export AWS_SECRET_ACCESS_KEY="your-secret-key"
# If using temporary credentials (e.g., from STS):
export AWS_SESSION_TOKEN="your-session-token"

Re: databricks terraform provider, databricks_credential resource, service

sunykim — Tue, 26 Aug 2025 17:22:05 GMT

Hi and thanks for the reaction. The pipeline (github actions) is gets some AWS powers that are unknown to me (more than my personal user) and created the role.

Re: databricks terraform provider, databricks_credential resource, service

sunykim — Wed, 27 Aug 2025 10:29:00 GMT

I have the same error message now when trying to create a USE_SCHEMA grant for a service principal as in https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/grant#schema-grants . I create a new service principal and then assign the grant. The creation works, the assignement doesn't. So the databricks credentials do work. Also, there is no AWS IAM role involved. I again tried both with account level and workspace level provider.