Why does Databricks need ec2:CreateTags and ec2:DeleteTags permissions in the cross-account IAM role?

- - Certifications
- - Learning Paths

- - Community Discussions
- - GenAI Insight Hub
- - Get Started Discussions

- - Get Started Resources
- - Events
- - Product Platform Updates
- - Support FAQs
- - Technical Blog
- - What's New in Databricks
- - Get Started Guides
- - Knowledge Sharing Hub
- - Announcements
- - Databricks TV

- - Technical Councils
- - Private Groups
- - Skills@Scale

- - Databricks Community Champions
- - Khoros Community Forums Support (Not for Databricks Product Questions)
- - Databricks Community Code of Conduct
- - Community Newsletter

Administration & Architecture

1 REPLY 1

These permissions are one of the list described here in Step 6.c

https://docs.databricks.com/administration-guide/account-api/iam-role.html

It is required because we use tags to identify the owners, and other minimum information, of clusters on AWS. It is not possible to remove these permissions.

never-displayed

You must be signed in to add attachments

never-displayed

Announcements

🔔 Attention Databricks Academy Users: SSO Implementation Incoming! Secure Your Account Today!

Announcing the General Availability of Databricks Asset Bundles

How to successfully build GenAI applications

Meet DBRX, the New Standard for High-Quality LLMs

Databricks

Why does Databricks need ec2:CreateTags and ec2:DeleteTags permissions in the cross-account IAM role?

Databricks Community Social - May 2024

🔔 Attention Databricks Academy Users: SSO Implementation Incoming! Secure Your Account Today!

Announcing the General Availability of Databricks Asset Bundles

How to successfully build GenAI applications

Meet DBRX, the New Standard for High-Quality LLMs