cancel
Showing results for 
Search instead for 
Did you mean: 
Data Governance
Join discussions on data governance practices, compliance, and security within the Databricks Community. Exchange strategies and insights to ensure data integrity and regulatory compliance.
cancel
Showing results for 
Search instead for 
Did you mean: 

unity catalog databricks_metastore terraform - not authorized

amitca71
Contributor II

i created unity catalog using terraform on AWS, and able to create manualy a meta store with same user.

when trying to create metsastore from terraform, i get unauthorized error:

Error: cannot create metastore: Unauthorized

│ 

│  with module.unity_catalog_metastore.databricks_metastore.this,

│  on modules/uc_metastore/main.tf line 1, in resource "databricks_metastore" "this":

│  1: resource "databricks_metastore" "this" {

provider:

databricks = {

source = "databricks/databricks"

version = "~>1.2.1"

}

i use the mws provider with user and password:

provider "databricks" {

alias = "mws"

host = "https://accounts.cloud.databricks.com"

account_id = var.databricks_account_id

username = var.databricks_username

password = var.databricks_password

}

my user is account admin (otherwise i wouldnt be able to create the catalog itself..)

the resource configuration:

resource "databricks_metastore" "this" {

name = "primary"

storage_root = "s3://${var.unity_metastore_bucket}/metastore"

owner = var.unity_admin_group

force_destroy = true

}

Any idea?

Thanks,

Amit

1 ACCEPTED SOLUTION

Accepted Solutions

Anonymous
Not applicable

Hello @Amit Cahanovich​ ,

You'll need to use the workspace provider when creating a UC metastore using TF. Please use this guide - https://registry.terraform.io/providers/databricks/databricks/latest/docs/guides/unity-catalog#creat...

Few things to note

  • Unity catalogue APIs are currently exposed via the workspace endpoint, not the account endpoint. When you create via UI it uses account-level API but it's still not exposed to the public.

https://api-docs.databricks.com/rest/latest/unity-catalog-api-specification-2-1.html

For better understanding, you could also check a similar query here - https://discuss.hashicorp.com/t/databricks-unity-catalog-account-vs-workspace-level-understanding/42...

View solution in original post

2 REPLIES 2

Anonymous
Not applicable

Hello @Amit Cahanovich​ ,

You'll need to use the workspace provider when creating a UC metastore using TF. Please use this guide - https://registry.terraform.io/providers/databricks/databricks/latest/docs/guides/unity-catalog#creat...

Few things to note

  • Unity catalogue APIs are currently exposed via the workspace endpoint, not the account endpoint. When you create via UI it uses account-level API but it's still not exposed to the public.

https://api-docs.databricks.com/rest/latest/unity-catalog-api-specification-2-1.html

For better understanding, you could also check a similar query here - https://discuss.hashicorp.com/t/databricks-unity-catalog-account-vs-workspace-level-understanding/42...

amitca71
Contributor II

thanks 🙂

Join 100K+ Data Experts: Register Now & Grow with Us!

Excited to expand your horizons with us? Click here to Register and begin your journey to success!

Already a member? Login and join your local regional user group! If there isn’t one near you, fill out this form and we’ll create one for you to join!