Create Databricks IAM policy to pass role in AWS
Learn how to create an Identity and Access Management (IAM) policy in your AWS account to pass role for Databricks.
- Log in to the AWS Management Console.
- In the search field, search for iam.
- In the drop-down list of items, hover over IAM and select Policies.
- In the Policies page, select Create Policy.
- In the Create policy page, provide the permissions for the policy.
- Service: Select the iamservice.
- Actions: In the Write access level, select PassRole.
- Resources: Select Add ARN and add the buckets account id and role name from Create buckets IAM role with an external ID in AWS.
- Select Add.
- Select Next:Tags.
- Select Next:Review.
- In the Review Policy page, provide the policy details.
- Name: Enter a policy name. For example: pm-doc-pass.
- Description: Enter a description for the policy.
- Select Create Policy. For more information, see topic Creating IAM policies.
- Associate the policy to the Databricks role, the one you created in Create Databricks IAM role in AWS
{
"Version": "2024-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": [
"arn:aws:iam::WORKSPACE_AWS_ACCOUNT_ID:role/rolename"
]
}
]
}