cancel
Showing results for 
Search instead for 
Did you mean: 
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Error: cannot create mws credentials: Cannot complete request; user is unauthenticated

Andrei_Radulesc
Contributor III

I am configuring databricks_mws_credentials through Terraform on AWS. This used to work up to a couple days ago - now, I am getting "Error: cannot create mws credentials: Cannot complete request; user is unauthenticated".

My user/pw/account credentials are correct. They are passed through environment variables:

export TF_VAR_databricks_account_username="[...]"

export TF_VAR_databricks_account_password="[...]"

export TF_VAR_databricks_account_id="[...]"

I boiled it down to a minimal example showing the error. It is based on https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/mws_credentials:

terraform {

 required_providers {

   aws = {

     source = "hashicorp/aws"

     version = "~> 3.70.0"

   }

   databricks = {

     source = "databricks/databricks"

     version = "1.2.0"

   }

 }

 required_version = ">= 1.0.0"

}

provider "aws" {

 alias = "databricks"

 region = var.region

 assume_role {

   role_arn = "arn:aws:iam::${var.isee_databricks_aws_account_id}:role/terraform"

 }

}

// Initialize provider in "MWS" mode to provision the new workspace.

// See https://registry.terraform.io/providers/databricks/databricks/latest/docs#authentication

provider "databricks" {

 alias   = "mws"

 host    = "https://accounts.cloud.databricks.com"

 username = var.databricks_account_username

 password = var.databricks_account_password

}

data "databricks_aws_assume_role_policy" "this" {

 external_id = var.databricks_account_id

}

resource "aws_iam_role" "cross_account_role" {

 name              = "test-crossaccount"

 assume_role_policy = data.databricks_aws_assume_role_policy.this.json

}

data "databricks_aws_crossaccount_policy" "this" {

}

resource "aws_iam_role_policy" "this" {

 name  = "test-policy"

 role  = aws_iam_role.cross_account_role.id

 policy = data.databricks_aws_crossaccount_policy.this.json

}

resource "databricks_mws_credentials" "this" {

 provider        = databricks.mws

 account_id      = var.databricks_account_id

 credentials_name = "test-creds"

 role_arn        = aws_iam_role.cross_account_role.arn

}

1 ACCEPTED SOLUTION

Accepted Solutions

Andrei_Radulesc
Contributor III

Update: after changing the account password, the error went away. There seems to have been a temporary glitch in Databricks preventing Terraform from working with the old password - because the old password was correctly set up.

Anyhow, now I have a workaround, given that changing the password solved the issue.

View solution in original post

1 REPLY 1

Andrei_Radulesc
Contributor III

Update: after changing the account password, the error went away. There seems to have been a temporary glitch in Databricks preventing Terraform from working with the old password - because the old password was correctly set up.

Anyhow, now I have a workaround, given that changing the password solved the issue.

Join 100K+ Data Experts: Register Now & Grow with Us!

Excited to expand your horizons with us? Click here to Register and begin your journey to success!

Already a member? Login and join your local regional user group! If there isn’t one near you, fill out this form and we’ll create one for you to join!