Accelerate the Value of Data

Create Databricks IAM policy to pass role in AWS

Learn how to create an Identity and Access Management (IAM) policy in your AWS account to pass role for Databricks.

Create an IAM policy to pass the role you created in Create Databricks IAM role in AWS to the EC2 instance to assume the role from the buckets AWS account you created in Create buckets IAM role with an external ID in AWS. For more information, see topic Policies and permissions in IAM.
To create a policy:
  1. Log in to the AWS Management Console.
  2. In the search field, search for iam.
  3. In the drop-down list of items, hover over IAM and select Policies.
  4. In the Policies page, select Create Policy.
  5. In the Create policy page, provide the permissions for the policy.
    1. Service: Select the iamservice.
    2. Actions: In the Write access level, select PassRole.
    3. Resources: Select Add ARN and add the buckets account id and role name from Create buckets IAM role with an external ID in AWS.
    4. Select Add.
  6. Select Next:Tags.
  7. Select Next:Review.
  8. In the Review Policy page, provide the policy details.
    1. Name: Enter a policy name. For example: pm-doc-pass.
    2. Description: Enter a description for the policy.
  9. Select Create Policy. For more information, see topic Creating IAM policies.
  10. Associate the policy to the Databricks role, the one you created in Create Databricks IAM role in AWS
{
    "Version": "2024-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "iam:PassRole",
            "Resource": [
                "arn:aws:iam::WORKSPACE_AWS_ACCOUNT_ID:role/rolename"
            ]
        }
    ]
}