S3 bucket mount

Digan_Parikh
Databricks Employee
Databricks Employee

If you mount an S3 bucket using an AWS instance profile, does that mounted bucket become accessible to just that 1 cluster or to other clusters in that workspace as well?

Digan_Parikh
Databricks Employee
Databricks Employee

Mounts are global to all clusters but as a best practice, you can use IAM roles to prevent access tot he underlying data.

To take this one step further, you can use IAM credential passthrough rather than instance profile because instance profile can be associated with only one IAM role so all users on the clusters have to share that role and the data policies of that role.

doc -https://docs.databricks.com/security/credential-passthrough/iam-passthrough.html

View solution in original post