https://community.databricks.com/t5/data-governance/unity-catalog-databricks-metastore-terraform-not-authorized/m-p/32403#M945 <P>thanks <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Tue, 11 Oct 2022 16:47:02 GMT amitca71 2022-10-11T16:47:02Z https://community.databricks.com/t5/data-governance/unity-catalog-databricks-metastore-terraform-not-authorized/m-p/32401#M943 <P>i created unity catalog using terraform on AWS, and able to create manualy a meta store with same user.</P><P>when trying to create metsastore from terraform, i get unauthorized error:</P><P>Error: cannot create metastore: Unauthorized</P><P>│&nbsp;</P><P>│&nbsp;&nbsp;with module.unity_catalog_metastore.databricks_metastore.this,</P><P>│&nbsp;&nbsp;on modules/uc_metastore/main.tf line 1, in resource "databricks_metastore" "this":</P><P>│&nbsp;&nbsp;1: resource "databricks_metastore" "this" {</P><P></P><P>provider: </P><P>databricks = {</P><P> source = "databricks/databricks"</P><P> version = "~&gt;1.2.1"</P><P> }</P><P></P><P>i use the mws provider with user and password:</P><P>provider "databricks" {</P><P> alias = "mws"</P><P> host = "https://accounts.cloud.databricks.com"</P><P> account_id = var.databricks_account_id</P><P> username = var.databricks_username</P><P> password = var.databricks_password</P><P>}</P><P>my user is account admin (otherwise i wouldnt be able to create the catalog itself..)</P><P></P><P>the resource configuration:</P><P>resource "databricks_metastore" "this" {</P><P> name = "primary"</P><P> storage_root = "s3://${var.unity_metastore_bucket}/metastore"</P><P> owner = var.unity_admin_group</P><P> force_destroy = true</P><P>}</P><P></P><P>Any idea?</P><P>Thanks,</P><P>Amit</P> Wed, 07 Sep 2022 08:38:41 GMT https://community.databricks.com/t5/data-governance/unity-catalog-databricks-metastore-terraform-not-authorized/m-p/32401#M943 amitca71 2022-09-07T08:38:41Z https://community.databricks.com/t5/data-governance/unity-catalog-databricks-metastore-terraform-not-authorized/m-p/32402#M944 <P>Hello @Amit Cahanovich​&nbsp;,</P><P></P><P>You'll need to use the workspace provider when creating a UC metastore using TF. Please use this guide - <A href="https://registry.terraform.io/providers/databricks/databricks/latest/docs/guides/unity-catalog#create-a-unity-catalog-metastore-and-link-it-to-workspaces" target="test_blank">https://registry.terraform.io/providers/databricks/databricks/latest/docs/guides/unity-catalog#create-a-unity-catalog-metastore-and-link-it-to-workspaces</A></P><P></P><P>Few things to note</P><UL><LI>Unity catalogue APIs are currently exposed via the workspace endpoint, not the account endpoint. When you create via UI it uses account-level API but it's still not exposed to the public.</LI></UL><P><A href="https://api-docs.databricks.com/rest/latest/unity-catalog-api-specification-2-1.html" target="test_blank">https://api-docs.databricks.com/rest/latest/unity-catalog-api-specification-2-1.html</A></P><P></P><P>For better understanding, you could also check a similar query here - <A href="https://discuss.hashicorp.com/t/databricks-unity-catalog-account-vs-workspace-level-understanding/42570" target="test_blank">https://discuss.hashicorp.com/t/databricks-unity-catalog-account-vs-workspace-level-understanding/42570</A></P><P></P><P></P> Tue, 11 Oct 2022 14:23:33 GMT https://community.databricks.com/t5/data-governance/unity-catalog-databricks-metastore-terraform-not-authorized/m-p/32402#M944 Anonymous 2022-10-11T14:23:33Z https://community.databricks.com/t5/data-governance/unity-catalog-databricks-metastore-terraform-not-authorized/m-p/32403#M945 <P>thanks <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Tue, 11 Oct 2022 16:47:02 GMT https://community.databricks.com/t5/data-governance/unity-catalog-databricks-metastore-terraform-not-authorized/m-p/32403#M945 amitca71 2022-10-11T16:47:02Z