From fc595acdeabbd3f67ac464f188c64eea2bcaadb2 Mon Sep 17 00:00:00 2001 From: Serge Smertin Date: Thu, 22 Apr 2021 13:25:10 +0200 Subject: [PATCH] Added AWS PrivateLink related resource documentation --- docs/resources/mws_networks.md | 3 +- docs/resources/mws_private_access_settings.md | 34 +++++++++++ docs/resources/mws_vpc_endpoint.md | 60 +++++++++++++++++++ 3 files changed, 96 insertions(+), 1 deletion(-) create mode 100644 docs/resources/mws_private_access_settings.md create mode 100644 docs/resources/mws_vpc_endpoint.md diff --git a/docs/resources/mws_networks.md b/docs/resources/mws_networks.md index c470f17e95..05f5652c79 100644 --- a/docs/resources/mws_networks.md +++ b/docs/resources/mws_networks.md @@ -64,13 +64,14 @@ resource "databricks_mws_networks" "this" { ## Argument Reference -The following arguments are required: +The following arguments are available: * `account_id` - Account Id that could be found in the bottom left corner of [Accounts Console](https://accounts.cloud.databricks.com/) * `network_name` - name under which this network is regisstered * `vpc_id` - [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) id * `subnet_ids` - ids of [aws_subnet](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) * `security_group_ids` - ids of [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) +* `vpc_endpoints` (Optional) - mapping of [databricks_mws_vpc_endpoint](mws_vpc_endpoint.md) for PrivateLink connections ## Attribute Reference diff --git a/docs/resources/mws_private_access_settings.md b/docs/resources/mws_private_access_settings.md new file mode 100644 index 0000000000..38c26349c4 --- /dev/null +++ b/docs/resources/mws_private_access_settings.md @@ -0,0 +1,34 @@ +--- +subcategory: "AWS" +--- +# databricks_mws_private_access_settings Resource + +-> **Public Preview** This feature is in [Public Preview](https://docs.databricks.com/release-notes/release-types.html). Contact your Databricks representative to request access. + +-> **Note** This resource has an evolving API, which will change in the upcoming versions of the provider in order to simplify user experience. + +## Example Usage + +```hcl +resource "databricks_mws_private_access_settings" "pas" { + account_id = var.databricks_account_id + private_access_settings_name = "Private Access Settings for ${aws_vpc.main.id}" + region = local.region +} +``` + +## Argument Reference + +The following arguments are available: + +* `account_id` - Account Id that could be found in the bottom left corner of [Accounts Console](https://accounts.cloud.databricks.com/) +* `private_access_settings_name` - Name of Private Access Settings in Databricks Account +* `public_access_enabled` (Boolean, Optional, `false` by default) - If `true`, the [databricks_mws_workspaces](mws_workspaces.md) can be accessed over the [databricks_mws_vpc_endpoint](mws_vpc_endpoint.md) as well as over the public network. In such a case, you could also configure an [databricks_ip_access_list](ip_access_list.md) for the workspace, to restrict the source networks that could be used to access it over the public network. If `false` (default), the workspace can be accessed only over VPC endpoints, and not over the public network. +* `region` - Region of AWS VPC + +## Attribute Reference + +In addition to all arguments above, the following attributes are exported: + +* `private_access_settings_id` - Canonical unique identifier of Private Access Settings in Databricks Account +* `status` - Status of Private Access Settings diff --git a/docs/resources/mws_vpc_endpoint.md b/docs/resources/mws_vpc_endpoint.md new file mode 100644 index 0000000000..92e2385ed5 --- /dev/null +++ b/docs/resources/mws_vpc_endpoint.md @@ -0,0 +1,60 @@ +--- +subcategory: "AWS" +--- +# databricks_mws_vpc_endpoint Resource + +-> **Public Preview** This feature is in [Public Preview](https://docs.databricks.com/release-notes/release-types.html). Contact your Databricks representative to request access. + +Connects [aws_vpc_endpoint](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) with [databricks_mws_networks](mws_networks.md) through PrivateLink. + +## Example Usage + +-> **Note** This resource has an evolving API, which will change in the upcoming versions of the provider in order to simplify user experience. + +```hcl +resource "aws_vpc_endpoint" "relay" { + service_name = local.private_link.relay_endpoint + vpc_id = aws_vpc.main.id + vpc_endpoint_type = "Interface" + security_group_ids = [aws_security_group.this.id] + subnet_ids = [aws_subnet.databricks_endpoints.id] + tags = { + "Name" = "${var.workspace_name}-databricks-relay" + } +} + +resource "databricks_mws_vpc_endpoint" "relay" { + account_id = var.databricks_account_id + aws_vpc_endpoint_id = aws_vpc_endpoint.relay.id + vpc_endpoint_name = "VPC Relay for ${aws_vpc.main.id}" + region = local.region +} + +resource "databricks_mws_networks" "this" { + # ... + + vpc_endpoints { + dataplane_relay = [databricks_mws_vpc_endpoint.relay.vpc_endpoint_id] + + # rest_api VPC endpoint is created in a similar way + rest_api = [databricks_mws_vpc_endpoint.rest.vpc_endpoint_id] + } +} +``` + +## Argument Reference + +The following arguments are required: + +* `account_id` - Account Id that could be found in the bottom left corner of [Accounts Console](https://accounts.cloud.databricks.com/) +* `aws_vpc_endpoint_id` - ID of configured [aws_vpc_endpoint](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) +* `vpc_endpoint_name` - Name of VPC Endpoint in Databricks Account +* `aws_endpoint_service_id` - ID of Databricks VPC endpoint service to connect to. Please contact your Databricks representative to request mapping +* `region` - Region of AWS VPC + +## Attribute Reference + +In addition to all arguments above, the following attributes are exported: + +* `vpc_endpoint_id` - Canonical unique identifier of VPC Endpoint in Databricks Account +* `state` - State of VPC Endpoint