Integration Guide

10.4.1
- 10.5.5
- 10.5.4.1
- 10.5.4
- 10.5.3
- 10.5.2
- 10.5.1
- 10.5
- 10.4.0
- 10.2.2 HotFix 1
- 10.2.2 Service Pack 1
- 10.2.2
- 10.2.1

Back Next

Step 3. Add IAM Roles to the EC2 Policy and Databricks

Add IAM roles to EC2 policy and the Databricks account.

The IAM role that you add in steps 1 and 2 below is different from the S3 IAM that you created in "Step 1. Create an IAM Role and Policy to Access an S3 Bucket."

Add the IAM role that corresponds to the Databricks account to the EC2 instance policy.

Log into the Databricks account and select the

AWS Account

tab.

Copy the role name at the end of the Role ARN.

The following image shows an example of the Role ARN pane. In this example, the role name to copy is

testco-role

Add the Role ARN to the EC2 policy.

Modify the EC2 instance policy to allow Databricks to pass the IAM role you copied in step 1 above to the EC2 instances for the Databricks Spark clusters:

In the AWS console, go to the IAM service and select the

Policies

tab.

Search for AwsDatabricksUserCreationPolicy.

Click

Edit Policy

The policy opens in a JSON statement editing pane.

Find the section of the statement that contains

"Action": "iam:PassRole"

The following text provides an example of the section to search for:

 {
      "Effect": "Allow",
      "Action": "iam:PassRole",
      "Resource": "arn:aws:iam::<aws-account-id-databricks>:role/<iam-role-for-s3-access>"
    },

Paste the IAM role in the place of the string

<iam-role-for-s3-access>

shown in the example.

Click

Review Policy

, then

Save changes

Add the Instance Profile ARN to the Databricks account.

In the Databricks Admin Console, click the

IAM Roles

tab.

Click