Databricks v1.78.0 published on Friday, Nov 7, 2025 by Pulumi
databricks.getAwsBucketPolicy
Start a Neo task
Explain and create a databricks.getAwsBucketPolicy resource
This datasource configures a simple access policy for AWS S3 buckets, so that Databricks can access data in it.
This data source can be used with an account or workspace-level provider.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as databricks from "@pulumi/databricks";
const thisS3Bucket = new aws.index.S3Bucket("this", {
bucket: "<unique_bucket_name>",
forceDestroy: true,
});
const _this = databricks.getAwsBucketPolicy({
bucket: thisS3Bucket.bucket,
});
const thisS3BucketPolicy = new aws.index.S3BucketPolicy("this", {
bucket: thisS3Bucket.id,
policy: _this.json,
});
import pulumi
import pulumi_aws as aws
import pulumi_databricks as databricks
this_s3_bucket = aws.index.S3Bucket("this",
bucket=<unique_bucket_name>,
force_destroy=True)
this = databricks.get_aws_bucket_policy(bucket=this_s3_bucket["bucket"])
this_s3_bucket_policy = aws.index.S3BucketPolicy("this",
bucket=this_s3_bucket.id,
policy=this.json)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws"
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
thisS3Bucket, err := aws.NewS3Bucket(ctx, "this", &aws.S3BucketArgs{
Bucket: "<unique_bucket_name>",
ForceDestroy: true,
})
if err != nil {
return err
}
this, err := databricks.GetAwsBucketPolicy(ctx, &databricks.GetAwsBucketPolicyArgs{
Bucket: thisS3Bucket.Bucket,
}, nil)
if err != nil {
return err
}
_, err = aws.NewS3BucketPolicy(ctx, "this", &aws.S3BucketPolicyArgs{
Bucket: thisS3Bucket.Id,
Policy: this.Json,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var thisS3Bucket = new Aws.Index.S3Bucket("this", new()
{
Bucket = "<unique_bucket_name>",
ForceDestroy = true,
});
var @this = Databricks.GetAwsBucketPolicy.Invoke(new()
{
Bucket = thisS3Bucket.Bucket,
});
var thisS3BucketPolicy = new Aws.Index.S3BucketPolicy("this", new()
{
Bucket = thisS3Bucket.Id,
Policy = @this.Apply(getAwsBucketPolicyResult => getAwsBucketPolicyResult.Json),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.S3Bucket;
import com.pulumi.aws.S3BucketArgs;
import com.pulumi.databricks.DatabricksFunctions;
import com.pulumi.databricks.inputs.GetAwsBucketPolicyArgs;
import com.pulumi.aws.S3BucketPolicy;
import com.pulumi.aws.S3BucketPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var thisS3Bucket = new S3Bucket("thisS3Bucket", S3BucketArgs.builder()
.bucket("<unique_bucket_name>")
.forceDestroy(true)
.build());
final var this = DatabricksFunctions.getAwsBucketPolicy(GetAwsBucketPolicyArgs.builder()
.bucket(thisS3Bucket.bucket())
.build());
var thisS3BucketPolicy = new S3BucketPolicy("thisS3BucketPolicy", S3BucketPolicyArgs.builder()
.bucket(thisS3Bucket.id())
.policy(this_.json())
.build());
}
}
resources:
thisS3Bucket:
type: aws:S3Bucket
name: this
properties:
bucket: <unique_bucket_name>
forceDestroy: true
thisS3BucketPolicy:
type: aws:S3BucketPolicy
name: this
properties:
bucket: ${thisS3Bucket.id}
policy: ${this.json}
variables:
this:
fn::invoke:
function: databricks:getAwsBucketPolicy
arguments:
bucket: ${thisS3Bucket.bucket}
Bucket policy with full access:
Using getAwsBucketPolicy
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getAwsBucketPolicy(args: GetAwsBucketPolicyArgs, opts?: InvokeOptions): Promise<GetAwsBucketPolicyResult>
function getAwsBucketPolicyOutput(args: GetAwsBucketPolicyOutputArgs, opts?: InvokeOptions): Output<GetAwsBucketPolicyResult>def get_aws_bucket_policy(aws_partition: Optional[str] = None,
bucket: Optional[str] = None,
databricks_account_id: Optional[str] = None,
databricks_e2_account_id: Optional[str] = None,
full_access_role: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetAwsBucketPolicyResult
def get_aws_bucket_policy_output(aws_partition: Optional[pulumi.Input[str]] = None,
bucket: Optional[pulumi.Input[str]] = None,
databricks_account_id: Optional[pulumi.Input[str]] = None,
databricks_e2_account_id: Optional[pulumi.Input[str]] = None,
full_access_role: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetAwsBucketPolicyResult]func GetAwsBucketPolicy(ctx *Context, args *GetAwsBucketPolicyArgs, opts ...InvokeOption) (*GetAwsBucketPolicyResult, error)
func GetAwsBucketPolicyOutput(ctx *Context, args *GetAwsBucketPolicyOutputArgs, opts ...InvokeOption) GetAwsBucketPolicyResultOutput> Note: This function is named GetAwsBucketPolicy in the Go SDK.
public static class GetAwsBucketPolicy
{
public static Task<GetAwsBucketPolicyResult> InvokeAsync(GetAwsBucketPolicyArgs args, InvokeOptions? opts = null)
public static Output<GetAwsBucketPolicyResult> Invoke(GetAwsBucketPolicyInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetAwsBucketPolicyResult> getAwsBucketPolicy(GetAwsBucketPolicyArgs args, InvokeOptions options)
public static Output<GetAwsBucketPolicyResult> getAwsBucketPolicy(GetAwsBucketPolicyArgs args, InvokeOptions options)
fn::invoke:
function: databricks:index/getAwsBucketPolicy:getAwsBucketPolicy
arguments:
# arguments dictionaryThe following arguments are supported:
- Bucket string
- AWS S3 Bucket name for which to generate the policy document. The name must follow the S3 bucket naming rules.
- Aws
Partition string - AWS partition. The options are
aws,aws-us-gov, oraws-us-gov-dod. Defaults toaws - Databricks
Account stringId - Databricks
E2Account stringId - Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
- Full
Access stringRole - Data access role that can have full access for this bucket
- Bucket string
- AWS S3 Bucket name for which to generate the policy document. The name must follow the S3 bucket naming rules.
- Aws
Partition string - AWS partition. The options are
aws,aws-us-gov, oraws-us-gov-dod. Defaults toaws - Databricks
Account stringId - Databricks
E2Account stringId - Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
- Full
Access stringRole - Data access role that can have full access for this bucket
- bucket String
- AWS S3 Bucket name for which to generate the policy document. The name must follow the S3 bucket naming rules.
- aws
Partition String - AWS partition. The options are
aws,aws-us-gov, oraws-us-gov-dod. Defaults toaws - databricks
Account StringId - databricks
E2Account StringId - Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
- full
Access StringRole - Data access role that can have full access for this bucket
- bucket string
- AWS S3 Bucket name for which to generate the policy document. The name must follow the S3 bucket naming rules.
- aws
Partition string - AWS partition. The options are
aws,aws-us-gov, oraws-us-gov-dod. Defaults toaws - databricks
Account stringId - databricks
E2Account stringId - Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
- full
Access stringRole - Data access role that can have full access for this bucket
- bucket str
- AWS S3 Bucket name for which to generate the policy document. The name must follow the S3 bucket naming rules.
- aws_
partition str - AWS partition. The options are
aws,aws-us-gov, oraws-us-gov-dod. Defaults toaws - databricks_
account_ strid - databricks_
e2_ straccount_ id - Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
- full_
access_ strrole - Data access role that can have full access for this bucket
- bucket String
- AWS S3 Bucket name for which to generate the policy document. The name must follow the S3 bucket naming rules.
- aws
Partition String - AWS partition. The options are
aws,aws-us-gov, oraws-us-gov-dod. Defaults toaws - databricks
Account StringId - databricks
E2Account StringId - Your Databricks account ID. Used to generate restrictive IAM policies that will increase the security of your root bucket
- full
Access StringRole - Data access role that can have full access for this bucket
getAwsBucketPolicy Result
The following output properties are available:
- Bucket string
- Id string
- The provider-assigned unique ID for this managed resource.
- Json string
- (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
- Aws
Partition string - Databricks
Account stringId - Databricks
E2Account stringId - Full
Access stringRole
- Bucket string
- Id string
- The provider-assigned unique ID for this managed resource.
- Json string
- (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
- Aws
Partition string - Databricks
Account stringId - Databricks
E2Account stringId - Full
Access stringRole
- bucket String
- id String
- The provider-assigned unique ID for this managed resource.
- json String
- (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
- aws
Partition String - databricks
Account StringId - databricks
E2Account StringId - full
Access StringRole
- bucket string
- id string
- The provider-assigned unique ID for this managed resource.
- json string
- (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
- aws
Partition string - databricks
Account stringId - databricks
E2Account stringId - full
Access stringRole
- bucket str
- id str
- The provider-assigned unique ID for this managed resource.
- json str
- (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
- aws_
partition str - databricks_
account_ strid - databricks_
e2_ straccount_ id - full_
access_ strrole
- bucket String
- id String
- The provider-assigned unique ID for this managed resource.
- json String
- (Read-only) AWS IAM Policy JSON document to grant Databricks full access to bucket.
- aws
Partition String - databricks
Account StringId - databricks
E2Account StringId - full
Access StringRole
Package Details
- Repository
- databricks pulumi/pulumi-databricks
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
databricksTerraform Provider.
