cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Administration & Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Databricks AWS Secrets Manager access

eric-cordeiro
New Contributor II

‎10-03-2023 04:50 PM - edited ‎10-03-2023 04:58 PM

I have a workspace deployed in AWS and need to read some secrets from AWS Secrets Manager in my notebook. I'm aware that there is no default process similar to Azure Key Vault, however I know that we can try to access it using boto3, but I'm stuck at the authentication process. I'm not allowed by the company to create key values for it, so it needs to be done with roles. I've been trying to follow the Databricks documentation to use instance profiles in the cluster (https://docs.databricks.com/en/aws/iam/instance-profile-tutorial.html) but it's specific for s3 and not necessarily for AWS secrets manager. If someone have done it before and could share how is the appropriated way, it would be very appreciated!

Labels:
3 REPLIES 3

Kaniz
Community Manager
Community Manager

‎10-04-2023 01:44 AM

Hi @eric-cordeiro

IAM roles are used for authentication to access AWS Secrets Manager from a Databricks Notebook in AWS.

- Create a Cross-Account IAM Role with permissions to access secrets in AWS Secrets Manager.
- Create an access policy that grants necessary permissions to the IAM role.
- Call the Create credential configuration API with the IAM role ARN to establish cross-account trust and get a reference ID.
- Add the IAM role to the EC2 instance policy attached to the Databricks workspace to allow it to assume the role and access secrets.
- Access AWS Secrets Manager using the provided Python code snippet using boto3.
- The code assumes the IAM role attached to the EC2 instance has the necessary permissions.

0 Kudos

eric-cordeiro
New Contributor II
In response to Kaniz

‎10-04-2023 06:30 AM

Thank you for the reply Kaniz ! By any chance, would you have any terraform reference to create, configure and attach this EC2 IAM role? 

0 Kudos

fbuechel92
New Contributor II
In response to Kaniz

‎03-03-2024 07:28 AM

Hi @Kaniz ,

I tried out your steps but it still doesn't work for me, possibly because I skipped step 3. That's because I already have a credential configuration for my workspace. So I just went on with step 4 and added what you described to the ec2 policy of the role which is linked in my current credential config.

Anyways, my question to you is whether you know of any documentation on this topic? I haven't found much online surprisingly.

Many thanks!

Fabian

0 Kudos
Announcements
Welcome to Databricks Community: Lets learn, network and celebrate together

Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections. 

Click here to register and join today! 

Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.