cancel
Showing results forย 
Search instead forย 
Did you mean:ย 
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

Error: cannot create mws credentials: Cannot complete request; user is unauthenticated

Andrei_Radulesc
Contributor III

I am configuring databricks_mws_credentials through Terraform on AWS. This used to work up to a couple days ago - now, I am getting "Error: cannot create mws credentials: Cannot complete request; user is unauthenticated".

My user/pw/account credentials are correct. They are passed through environment variables:

export TF_VAR_databricks_account_username="[...]"

export TF_VAR_databricks_account_password="[...]"

export TF_VAR_databricks_account_id="[...]"

I boiled it down to a minimal example showing the error. It is based on https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/mws_credentials:

terraform {

 required_providers {

   aws = {

     source = "hashicorp/aws"

     version = "~> 3.70.0"

   }

   databricks = {

     source = "databricks/databricks"

     version = "1.2.0"

   }

 }

 required_version = ">= 1.0.0"

}

provider "aws" {

 alias = "databricks"

 region = var.region

 assume_role {

   role_arn = "arn:aws:iam::${var.isee_databricks_aws_account_id}:role/terraform"

 }

}

// Initialize provider in "MWS" mode to provision the new workspace.

// See https://registry.terraform.io/providers/databricks/databricks/latest/docs#authentication

provider "databricks" {

 alias   = "mws"

 host    = "https://accounts.cloud.databricks.com"

 username = var.databricks_account_username

 password = var.databricks_account_password

}

data "databricks_aws_assume_role_policy" "this" {

 external_id = var.databricks_account_id

}

resource "aws_iam_role" "cross_account_role" {

 name              = "test-crossaccount"

 assume_role_policy = data.databricks_aws_assume_role_policy.this.json

}

data "databricks_aws_crossaccount_policy" "this" {

}

resource "aws_iam_role_policy" "this" {

 name  = "test-policy"

 role  = aws_iam_role.cross_account_role.id

 policy = data.databricks_aws_crossaccount_policy.this.json

}

resource "databricks_mws_credentials" "this" {

 provider        = databricks.mws

 account_id      = var.databricks_account_id

 credentials_name = "test-creds"

 role_arn        = aws_iam_role.cross_account_role.arn

}

1 ACCEPTED SOLUTION

Accepted Solutions

Andrei_Radulesc
Contributor III

Update: after changing the account password, the error went away. There seems to have been a temporary glitch in Databricks preventing Terraform from working with the old password - because the old password was correctly set up.

Anyhow, now I have a workaround, given that changing the password solved the issue.

View solution in original post

1 REPLY 1

Andrei_Radulesc
Contributor III

Update: after changing the account password, the error went away. There seems to have been a temporary glitch in Databricks preventing Terraform from working with the old password - because the old password was correctly set up.

Anyhow, now I have a workaround, given that changing the password solved the issue.

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group