Why does Databricks need ec2:CreateTags and ec2:DeleteTags permissions in the cross-account IAM role?

- - Certifications
- - Learning Paths
- - Databricks Product Tours
- - Get Started Guides
- - Product Platform Updates

- - Get Started Resources
- - Events
- - Support FAQs
- - Technical Blog
- - Knowledge Sharing Hub
- - Announcements
- - DatabricksTV

- - Private Groups
  - Farfetch Databricks User Community
- - Skills@Scale

- - Databricks Community Champions
- - Khoros Community Forums Support (Not for Databricks Product Questions)
- - Databricks Community Code of Conduct

Administration & Architecture

Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.

1 REPLY 1

These permissions are one of the list described here in Step 6.c

https://docs.databricks.com/administration-guide/account-api/iam-role.html

It is required because we use tags to identify the owners, and other minimum information, of clusters on AWS. It is not possible to remove these permissions.