Databricks

karthik_p · ‎06-09-2022

HI Team,

we are using below workspace config scripts, when we try to create workspace previously from EC2 Instance, we are able to create Workspace without any issue. but when we are trying to run through Github actions, we are getting below error

Error: cannot create mws credentials: MALFORMED_REQUEST: Failed credential validation checks: please use a valid cross account IAM role with permissions setup correctly

it says IAM role creation Issue (which should be cross account role), we are using iam.tf script to create that, as far as recommendation if we run that script once cross account role should be created. some how it is not able to create it, we have tried to manually create and map in terraform, that is not working. what are the option that we have . what can we pass in credentialID ( If directly we need to pass)

https://github.com/databrickslabs/terraform-provider-databricks/blob/master/docs/guides/aws-workspac...

Prabakar · ‎08-02-2022

@karthik p this can be fixed by setting timeout. Please check this https://kb.databricks.com/en_US/cloud/failed-credential-validation-checks-error-with-terraform

View solution in original post

Kaniz · ‎06-10-2022

Hi @karthik p,

Creating a Databricks workspace requires many steps, especially when using the Databricks and AWS account consoles. In this tutorial, you will programmatically use the Databricks Terraform provider and the AWS provider to create a Databricks workspace and the required AWS resources. These providers are based on HashiCorp Terraform, a widespread open source infrastructure as code (IaC) tool for managing the operational lifecycle of cloud resources.

Databricks or AWS does not formally support the Databricks Terraform provider. It is maintained by Databricks field engineering teams and provided as-is. There is no service level agreement (SLA). Databricks and AWS make no guarantees of any kind. If you discover an issue with the provider, file a GitHub Issue, and project maintainers will review it as time permits.

If you get an error that you are not authorized to perform this operation, check that your IAM role has all of the necessary policies, as defined in the IAM role article.

karthik_p · ‎06-10-2022

@Kaniz Fatma we have followed steps as a part of both terraform website and Databricks AWS article and also we have raised git issue, git team said that, issue is related to iam and we can reach Databricks. but in logs it is clearly saying it is unable complete creation of credential set. it is holding our development environment build, can you please point to right team.

if we manually create IAM role, are we going to provide role name in credential ID section

https://docs.databricks.com/dev-tools/terraform/e2-workspace.html

"credentials_id = databricks_mws_credentials.this.credentials_id" (we tried to pass role name also with arn, but no luck)

please find git issue that was raised

https://github.com/databrickslabs/terraform-provider-databricks/issues/1363

let me know please know if anything needed

Prabakar · ‎08-02-2022

@karthik p this can be fixed by setting timeout. Please check this https://kb.databricks.com/en_US/cloud/failed-credential-validation-checks-error-with-terraform

jose_gonzalez · ‎08-08-2022

Hi @karthik p,

Just a friendly follow-up. Did you see Prabakar's response? did it hep to solved your issue?

Databricks

Unable to create Databricks workspace using Terraform on AWS

Unity Catalog Lakeguard: Industry-first and only data governance for multi-user Apache™ Spark cluste

Announcing the General Availability of Databricks Asset Bundles

Register now and save 50% on training at Data + AI Summit!

How to successfully build GenAI applications

Meet DBRX, the New Standard for High-Quality LLMs