Create Databricks IAM policy to pass role in AWS
Learn how to create an Identity and Access Management (IAM) policy in your AWS account to pass role for Databricks.
To create a policy:
- Log in to the AWS Management Console.
- In the search field, search for iam.
- In the drop-down list of items, hover over IAM and select Policies.
- In the Policies page, select Create Policy.
- In the Create policy page, provide the permissions for the policy.
- Service: Select the iamservice.
- Actions: In the Write access level, select PassRole.
- Resources: Select Add ARN and add the buckets account id and role name from Create buckets IAM role with an external ID in AWS.
- Select Add.
- Select Next:Tags.
- Select Next:Review.
- In the Review Policy page, provide the policy details.
- Name: Enter a policy name. For example: pm-doc-pass.
- Description: Enter a description for the policy.
- Select Create Policy. For more information, see topic Creating IAM policies.
- Associate the policy to the Databricks role, the one you created in Create Databricks IAM role in AWS
{
"Version": "2024-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": [
"arn:aws:iam::WORKSPACE_AWS_ACCOUNT_ID:role/rolename"
]
}
]
}