topic Databricks workspace creation using Terraform and storage configuration IAM Role Arn in Administration & Architecture https://community.databricks.com/t5/administration-architecture/databricks-workspace-creation-using-terraform-and-storage/m-p/62492#M942 <P>Hi,</P><P>When creating a new AWS Databricks workspace in account console manually, it appears that IAM Role ARN is mandatory parameter when configuring a Storage Configuration</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="sampo_1-1709404789587.png" style="width: 400px;"><img src="https://community.databricks.com/t5/image/serverpage/image-id/6480i6B4B808A96E4053B/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="sampo_1-1709404789587.png" alt="sampo_1-1709404789587.png" /></span></P><P>However in the Terraform <A href="https://registry.terraform.io/providers/databricks/databricks/1.37.1/docs/resources/mws_storage_configurations" target="_self">databricks_mws_storage_configurations</A> resource there is apparently no way to set the IAM Role arn.</P><P>This then leads to failure when creating workspace using <A href="https://registry.terraform.io/providers/databricks/databricks/1.37.1/docs/resources/mws_workspaces" target="_self">databricks_mws_workspaces</A> resource</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="sampo_3-1709405245369.png" style="width: 400px;"><img src="https://community.databricks.com/t5/image/serverpage/image-id/6482i792B42A2A12BB206/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="sampo_3-1709405245369.png" alt="sampo_3-1709405245369.png" /></span></P><P>Has anyone else seen this problem?</P><P>&nbsp;</P> Sat, 02 Mar 2024 18:56:23 GMT sampo 2024-03-02T18:56:23Z Databricks workspace creation using Terraform and storage configuration IAM Role Arn https://community.databricks.com/t5/administration-architecture/databricks-workspace-creation-using-terraform-and-storage/m-p/62492#M942 <P>Hi,</P><P>When creating a new AWS Databricks workspace in account console manually, it appears that IAM Role ARN is mandatory parameter when configuring a Storage Configuration</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="sampo_1-1709404789587.png" style="width: 400px;"><img src="https://community.databricks.com/t5/image/serverpage/image-id/6480i6B4B808A96E4053B/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="sampo_1-1709404789587.png" alt="sampo_1-1709404789587.png" /></span></P><P>However in the Terraform <A href="https://registry.terraform.io/providers/databricks/databricks/1.37.1/docs/resources/mws_storage_configurations" target="_self">databricks_mws_storage_configurations</A> resource there is apparently no way to set the IAM Role arn.</P><P>This then leads to failure when creating workspace using <A href="https://registry.terraform.io/providers/databricks/databricks/1.37.1/docs/resources/mws_workspaces" target="_self">databricks_mws_workspaces</A> resource</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="sampo_3-1709405245369.png" style="width: 400px;"><img src="https://community.databricks.com/t5/image/serverpage/image-id/6482i792B42A2A12BB206/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="sampo_3-1709405245369.png" alt="sampo_3-1709405245369.png" /></span></P><P>Has anyone else seen this problem?</P><P>&nbsp;</P> Sat, 02 Mar 2024 18:56:23 GMT https://community.databricks.com/t5/administration-architecture/databricks-workspace-creation-using-terraform-and-storage/m-p/62492#M942 sampo 2024-03-02T18:56:23Z Re: Databricks workspace creation using Terraform and storage configuration IAM Role Arn https://community.databricks.com/t5/administration-architecture/databricks-workspace-creation-using-terraform-and-storage/m-p/62626#M945 <P>Investigated this further... Terraform code to create the workspace</P><P>&nbsp;</P><LI-CODE lang="markup">resource "databricks_mws_workspaces" "databricks_ws" { provider = databricks.mws account_id = var.databricks_account_id aws_region = var.region workspace_name = "databricks-workspace-${local.env}" credentials_id = databricks_mws_credentials.databricks_credential_conf.id storage_configuration_id = databricks_mws_storage_configurations.databricks_storage_conf.id network_id = databricks_mws_networks.databricks_network_conf.id token { comment = "Terraform" } }</LI-CODE><P>&nbsp;</P><P>From the Terraform log it looks like account_id string is added to credentials_id, network_id, and storage_configuration_id values</P><P>&nbsp;</P><LI-CODE lang="markup">POST /api/2.0/accounts/&lt;account_id&gt;/workspaces { "account_id": "&lt;account_id&gt;", "aws_region": "eu-west-1", "credentials_id": "&lt;account_id&gt;/bbf46eba-67e2-4538-8d19-426e75136ead", "is_no_public_ip_enabled": true, "network_id": "&lt;account_id&gt;/e9d9fb8a-3b9d-4ea3-8823-72c62e7c8f6d", "storage_configuration_id": "&lt;account_id&gt;/06bfb24a-4426-4343-b474-6fe593e20746", "workspace_name": "databricks-workspace-test" } &lt; HTTP/2.0 400 Bad Request</LI-CODE><P>&nbsp;</P><P>&nbsp;Looking at the Rest API sample for <A href="https://docs.databricks.com/api/account/workspaces/create" target="_self">new workspace creation</A></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="sampo_0-1709624314099.png" style="width: 421px;"><img src="https://community.databricks.com/t5/image/serverpage/image-id/6501i238B77AFB10927E1/image-dimensions/421x217/is-moderation-mode/true?v=v2" width="421" height="217" role="button" title="sampo_0-1709624314099.png" alt="sampo_0-1709624314099.png" /></span></P><P>There is no account_id in the credentials_id, network_id, and storage_configuration_id values</P><P>I replaced account_id string with empty string in the Terraform code and now workspace creation works without any errors</P><P>&nbsp;</P><LI-CODE lang="markup">resource "databricks_mws_workspaces" "databricks_ws" { provider = databricks.mws account_id = var.databricks_account_id aws_region = var.region workspace_name = "databricks-workspace-${local.env}" credentials_id = replace(databricks_mws_credentials.databricks_credential_conf.id, "${var.databricks_account_id}/", "") storage_configuration_id = replace(databricks_mws_storage_configurations.databricks_storage_conf.id, "${var.databricks_account_id}/", "") network_id = replace(databricks_mws_networks.databricks_network_conf.id, "${var.databricks_account_id}/", "") token { comment = "Terraform" } }</LI-CODE><P>&nbsp;</P> Tue, 05 Mar 2024 07:44:15 GMT https://community.databricks.com/t5/administration-architecture/databricks-workspace-creation-using-terraform-and-storage/m-p/62626#M945 sampo 2024-03-05T07:44:15Z