Databricks

Digan_Parikh · ‎06-11-2021

If you mount an S3 bucket using an AWS instance profile, does that mounted bucket become accessible to just that 1 cluster or to other clusters in that workspace as well?

Digan_Parikh · ‎06-17-2021

Mounts are global to all clusters but as a best practice, you can use IAM roles to prevent access tot he underlying data.

To take this one step further, you can use IAM credential passthrough rather than instance profile because instance profile can be associated with only one IAM role so all users on the clusters have to share that role and the data policies of that role.

doc -https://docs.databricks.com/security/credential-passthrough/iam-passthrough.html

View solution in original post

Digan_Parikh · ‎06-17-2021

Mounts are global to all clusters but as a best practice, you can use IAM roles to prevent access tot he underlying data.

To take this one step further, you can use IAM credential passthrough rather than instance profile because instance profile can be associated with only one IAM role so all users on the clusters have to share that role and the data policies of that role.

doc -https://docs.databricks.com/security/credential-passthrough/iam-passthrough.html

Databricks

S3 bucket mount

Unity Catalog Lakeguard: Industry-first and only data governance for multi-user Apache™ Spark cluste

Announcing the General Availability of Databricks Asset Bundles

Register now and save 50% on training at Data + AI Summit!

How to successfully build GenAI applications

Meet DBRX, the New Standard for High-Quality LLMs