diff --git a/examples/aws-workspace-basic/README.md b/examples/aws-workspace-basic/README.md index c8f11bc5..bbe23940 100644 --- a/examples/aws-workspace-basic/README.md +++ b/examples/aws-workspace-basic/README.md @@ -21,3 +21,37 @@ This template provides an example of a simple deployment of AWS Databricks E2 wo 6. (Optional) Configure your [remote backend](https://developer.hashicorp.com/terraform/language/settings/backends/s3) 7. Run `terraform init` to initialize terraform and get provider ready. 8. Run `terraform apply` to create the resources. + +## Requirements + +| Name | Version | +|------------------------------------------------------------------------------|----------| +| [aws](#requirement\_aws) | ~> 5.0 | +| [databricks](#requirement\_databricks) | >=1.13.0 | + +## Providers + +No providers. + +## Modules + +| Name | Source | Version | +|-----------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------|---------| +| [aws-workspace-basic](#module\_aws-workspace-basic) | github.com/databricks/terraform-databricks-examples/modules/aws-workspace-basic | n/a | + +## Resources + +No resources. + +## Inputs + +| Name | Description | Type | Default | Required | +|-------------------------------------------------------------------------------------------------------|-------------------------------------------|---------------|-----------------|:--------:| +| [cidr\_block](#input\_cidr\_block) | IP range for AWS VPC | `string` | `"10.4.0.0/16"` | no | +| [databricks\_account\_id](#input\_databricks\_account\_id) | Databricks Account ID | `string` | n/a | yes | +| [region](#input\_region) | AWS region to deploy to | `string` | `"eu-west-1"` | no | +| [tags](#input\_tags) | Optional tags to add to created resources | `map(string)` | `{}` | no | + +## Outputs + +No outputs. \ No newline at end of file diff --git a/examples/aws-workspace-config/README.md b/examples/aws-workspace-config/README.md index afcff3fa..600bc06a 100644 --- a/examples/aws-workspace-config/README.md +++ b/examples/aws-workspace-config/README.md @@ -69,7 +69,6 @@ The process will be: provision ordinary users -> assign users to groups -> assig You can manage users/groups inside terraform. Examples were given in `main.tf`. Note that with Unity Catalog, you can have account level users/groups. The example here is at workspace level. - ## Requirements No requirements. @@ -77,41 +76,32 @@ No requirements. ## Providers | Name | Version | -| ---------------------------------------------------------------------------------- | ------- | +|------------------------------------------------------------------------------------|---------| | [databricks](#provider\_databricks) | 1.3.1 | | [databricks.ws1](#provider\_databricks.ws1) | 1.3.1 | -## Modules - -| Name | Source | Version | -| -------------------------------------------------------------------------------------------------------------------------- | ------------------------ | ------- | -| [engineering\_compute\_policy](#module\_engineering\_compute\_policy) | ./modules/base_policy | n/a | -| [ip\_access\_list\_workspace\_1](#module\_ip\_access\_list\_workspace\_1) | ./modules/ip_access_list | n/a | -| [ip\_access\_list\_workspace\_2](#module\_ip\_access\_list\_workspace\_2) | ./modules/ip_access_list | n/a | - ## Resources -| Name | Type | -| ------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | -| [databricks_cluster.tiny](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/cluster) | resource | -| [databricks_group.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/group) | resource | -| [databricks_group_member.vip_member](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/group_member) | resource | -| [databricks_user.user2](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/user) | resource | +| Name | Type | +|------|------| +| [databricks_cluster.tiny](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/cluster) | resource | +| [databricks_group.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/group) | resource | +| [databricks_group_member.vip_member](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/group_member) | resource | +| [databricks_user.user2](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/user) | resource | | [databricks_spark_version.latest_lts](https://registry.terraform.io/providers/databricks/databricks/latest/docs/data-sources/spark_version) | data source | -| [databricks_user.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/data-sources/user) | data source | +| [databricks_user.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/data-sources/user) | data source | ## Inputs | Name | Description | Type | Default | Required | -| -------------------------------------------------------------- | ----------- | -------- | ------- | :------: | +|----------------------------------------------------------------|-------------|----------|---------|:--------:| | [pat\_ws\_1](#input\_pat\_ws\_1) | n/a | `string` | n/a | yes | | [pat\_ws\_2](#input\_pat\_ws\_2) | n/a | `string` | n/a | yes | ## Outputs | Name | Description | -| --------------------------------------------------------------------------------------------------------------- | ----------- | +|-----------------------------------------------------------------------------------------------------------------|-------------| | [all\_allow\_lists\_patched](#output\_all\_allow\_lists\_patched) | n/a | | [all\_block\_lists\_patched](#output\_all\_block\_lists\_patched) | n/a | -| [sample\_cluster\_id](#output\_sample\_cluster\_id) | n/a | - \ No newline at end of file +| [sample\_cluster\_id](#output\_sample\_cluster\_id) | n/a | \ No newline at end of file diff --git a/examples/aws-workspace-uc-simple/README.md b/examples/aws-workspace-uc-simple/README.md index 4223e2e0..dc453d17 100644 --- a/examples/aws-workspace-uc-simple/README.md +++ b/examples/aws-workspace-uc-simple/README.md @@ -14,3 +14,70 @@ When running tf configs for UC resources, due to sometimes requires a few minute > Step 1: Fill in values in `terraform.tfvars`; also configure env necessary variables for AWS provider authentication. > Step 2: Run `terraform init` and `terraform apply` to deploy the resources. This will deploy both AWS resources that Unity Catalog requires and Databricks Account Level resources. + +## Requirements + +| Name | Version | +|------------------------------------------------------------------------------|-------------------| +| [aws](#requirement\_aws) | ~> 5.0 | +| [databricks](#requirement\_databricks) | >= 1.2.0, < 2.0.0 | +| [random](#requirement\_random) | =3.4.1 | +| [time](#requirement\_time) | =0.9.1 | + +## Providers + +| Name | Version | +|------------------------------------------------------------------------------------------------------|-------------------| +| [aws](#provider\_aws) | ~> 5.0 | +| [databricks.mws](#provider\_databricks.mws) | >= 1.2.0, < 2.0.0 | +| [databricks.workspace](#provider\_databricks.workspace) | >= 1.2.0, < 2.0.0 | +| [random](#provider\_random) | =3.4.1 | +| [time](#provider\_time) | =0.9.1 | + + +## Resources + +| Name | Type | +|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------| +| [databricks_catalog.demo_catalog](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/catalog) | resource | +| [databricks_cluster.unity_catalog_cluster](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/cluster) | resource | +| [databricks_grants.unity_catalog_grants](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/grants) | resource | +| [databricks_group.admin_group](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/group) | resource | +| [databricks_group.users](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/group) | resource | +| [databricks_group_member.admin_group_member](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/group_member) | resource | +| [databricks_group_member.my_service_principal](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/group_member) | resource | +| [databricks_group_member.users_group_members](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/group_member) | resource | +| [databricks_mws_permission_assignment.add_admin_group](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/mws_permission_assignment) | resource | +| [databricks_mws_permission_assignment.add_user_group](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/mws_permission_assignment) | resource | +| [databricks_user.unity_users](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/user) | resource | +| [random_string.naming](https://registry.terraform.io/providers/hashicorp/random/3.4.1/docs/resources/string) | resource | +| [time_sleep.wait_for_permission_apis](https://registry.terraform.io/providers/hashicorp/time/0.9.1/docs/resources/sleep) | resource | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [databricks_node_type.smallest](https://registry.terraform.io/providers/databricks/databricks/latest/docs/data-sources/node_type) | data source | +| [databricks_service_principal.admin_service_principal](https://registry.terraform.io/providers/databricks/databricks/latest/docs/data-sources/service_principal) | data source | +| [databricks_spark_version.latest_version](https://registry.terraform.io/providers/databricks/databricks/latest/docs/data-sources/spark_version) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|-----------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------|---------|:--------:| +| [aws\_access\_services\_role\_name](#input\_aws\_access\_services\_role\_name) | (Optional) Name for the AWS Services role by this module | `string` | `null` | no | +| [aws\_profile](#input\_aws\_profile) | (Required) AWS cli profile to be used for authentication with AWS | `string` | n/a | yes | +| [cidr\_block](#input\_cidr\_block) | (Required) CIDR block to be used to create the Databricks VPC | `string` | n/a | yes | +| [databricks\_account\_id](#input\_databricks\_account\_id) | (Required) Databricks Account ID | `string` | n/a | yes | +| [databricks\_client\_id](#input\_databricks\_client\_id) | (Required) Client ID to authenticate the Databricks provider at the account level | `string` | n/a | yes | +| [databricks\_client\_secret](#input\_databricks\_client\_secret) | (Required) Client secret to authenticate the Databricks provider at the account level | `string` | n/a | yes | +| [databricks\_metastore\_admins](#input\_databricks\_metastore\_admins) | List of Admins to be added at account-level for Unity Catalog.
Enter with square brackets and double quotes
e.g ["first.admin@domain.com", "second.admin@domain.com"] | `list(string)` | n/a | yes | +| [databricks\_users](#input\_databricks\_users) | List of Databricks users to be added at account-level for Unity Catalog.
Enter with square brackets and double quotes
e.g ["first.last@domain.com", "second.last@domain.com"] | `list(string)` | n/a | yes | +| [my\_username](#input\_my\_username) | (Required) Username in the form of an email to be added to the tags and be declared as owner of the assets | `string` | n/a | yes | +| [region](#input\_region) | (Required) AWS region where the assets will be deployed | `string` | n/a | yes | +| [tags](#input\_tags) | (Optional) List of tags to be propagated accross all assets in this demo | `map(string)` | n/a | yes | +| [unity\_admin\_group](#input\_unity\_admin\_group) | (Required) Name of the admin group. This group will be set as the owner of the Unity Catalog metastore | `string` | n/a | yes | +| [workspace\_name](#input\_workspace\_name) | (Required) Databricks workspace name to be used for deployment | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------------------------------------------------------------------------------------------------------------------|--------------------------| +| [databricks\_workspace\_id](#output\_databricks\_workspace\_id) | Databricks workspace ID | +| [databricks\_workspace\_url](#output\_databricks\_workspace\_url) | Databricks workspace URL | \ No newline at end of file diff --git a/examples/aws-workspace-with-firewall/README.md b/examples/aws-workspace-with-firewall/README.md index ce735835..b9e5cc82 100644 --- a/examples/aws-workspace-with-firewall/README.md +++ b/examples/aws-workspace-with-firewall/README.md @@ -21,3 +21,49 @@ This template provides an example of a simple deployment of AWS Databricks E2 wo 6. (Optional) Configure your [remote backend](https://developer.hashicorp.com/terraform/language/settings/backends/s3) 7. Run `terraform init` to initialize terraform and get provider ready. 8. Run `terraform apply` to create the resources. + +## Requirements + +| Name | Version | +|------------------------------------------------------------------------------|----------| +| [aws](#requirement\_aws) | ~> 5.0 | +| [databricks](#requirement\_databricks) | >=1.13.0 | + +## Providers + +| Name | Version | +|------------------------------------------------------------|---------| +| [random](#provider\_random) | n/a | + +## Modules + +| Name | Source | Version | +|-----------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------|---------| +| [aws-workspace-with-firewall](#module\_aws-workspace-with-firewall) | github.com/databricks/terraform-databricks-examples/modules/aws-workspace-with-firewall | n/a | + +## Resources + +| Name | Type | +|---------------------------------------------------------------------------------------------------------------|----------| +| [random_string.naming](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------|----------------|----------------------------------------------------------------------------------------------|:--------:| +| [cidr\_block](#input\_cidr\_block) | IP range for AWS VPC | `string` | `"10.4.0.0/16"` | no | +| [databricks\_account\_client\_id](#input\_databricks\_account\_client\_id) | Application ID of account-level service principal | `string` | n/a | yes | +| [databricks\_account\_client\_secret](#input\_databricks\_account\_client\_secret) | Client secret of account-level service principal | `string` | n/a | yes | +| [databricks\_account\_id](#input\_databricks\_account\_id) | Databricks Account ID | `string` | n/a | yes | +| [db\_control\_plane](#input\_db\_control\_plane) | IP Range for AWS Databricks control plane | `string` | `"18.134.65.240/28"` | no | +| [db\_rds](#input\_db\_rds) | Hostname of AWS RDS instance for built-in Hive Metastore | `string` | `"mdio2468d9025m.c6fvhwk6cqca.eu-west-2.rds.amazonaws.com"` | no | +| [db\_tunnel](#input\_db\_tunnel) | Hostname of Databricks SCC Relay | `string` | `"tunnel.eu-west-2.cloud.databricks.com"` | no | +| [db\_web\_app](#input\_db\_web\_app) | Hostname of Databricks web application | `string` | `"london.cloud.databricks.com"` | no | +| [prefix](#input\_prefix) | Prefix for use in the generated names | `string` | `"demo"` | no | +| [region](#input\_region) | AWS region to deploy to | `string` | `"eu-west-2"` | no | +| [tags](#input\_tags) | Optional tags to add to created resources | `map(string)` | `{}` | no | +| [whitelisted\_urls](#input\_whitelisted\_urls) | List of the domains to allow traffic to | `list(string)` | 
[
  ".pypi.org",
  ".pythonhosted.org",
  ".cran.r-project.org"
]
| no | + +## Outputs + +No outputs. \ No newline at end of file diff --git a/examples/dbsql-nyc-taxi-trip-analysis/README.md b/examples/dbsql-nyc-taxi-trip-analysis/README.md index cef9a7a9..56e51f35 100644 --- a/examples/dbsql-nyc-taxi-trip-analysis/README.md +++ b/examples/dbsql-nyc-taxi-trip-analysis/README.md @@ -28,3 +28,30 @@ Upon opening the dashboard URL as printed as part of the output of `terraform ap you should see the following: ![alt text](https://raw.githubusercontent.com/databricks/terraform-databricks-examples/main/examples/dbsql-nyc-taxi-trip-analysis/images/dbsql-nyc-taxi-trip-analysis.png?raw=true) + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------------------------------------------------------------------------|---------| +| [databricks](#provider\_databricks) | n/a | + +## Resources + +| Name | Type | +|-----------------------------------------------------------------------------------------------------------------------------------|-------------| +| [databricks_sql_endpoint.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/sql_endpoint) | resource | +| [databricks_current_user.me](https://registry.terraform.io/providers/databricks/databricks/latest/docs/data-sources/current_user) | data source | + +## Inputs + +No inputs. + +## Outputs + +| Name | Description | +|-------------------------------------------------------------------------------|-------------| +| [dashboard\_url](#output\_dashboard\_url) | n/a | diff --git a/examples/gcp-basic/README.md b/examples/gcp-basic/README.md index bfafb834..f47704e2 100644 --- a/examples/gcp-basic/README.md +++ b/examples/gcp-basic/README.md @@ -17,6 +17,45 @@ You can do the same thing by provisionning a service account that will have the ## Run the tempalte -- You need to fill in the variables.tf +- You need to fill in the `variables.tf` - run `terraform init` -- run `teraform apply` \ No newline at end of file +- run `teraform apply` + + +## Requirements + +No requirements. + +## Providers + +No providers. + +## Modules + +| Name | Source | Version | +|-----------------------------------------------------------------|---------------------------------------------------------------------------------|---------| +| [gcp-basic](#module\_gcp-basic) | github.com/databricks/terraform-databricks-examples/modules/gcp-workspace-basic | n/a | + +## Resources + +No resources. + +## Inputs + +| Name | Description | Type | Default | Required | +|---------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------|---------|:--------:| +| [databricks\_account\_id](#input\_databricks\_account\_id) | Databricks Account ID | `string` | n/a | yes | +| [databricks\_google\_service\_account](#input\_databricks\_google\_service\_account) | Email of the service account used for deployment | `string` | n/a | yes | +| [delegate\_from](#input\_delegate\_from) | Identities to allow to impersonate created service account (in form of user:user.name@example.com, group:deployers@example.com or serviceAccount:sa1@project.iam.gserviceaccount.com) | `list(string)` | n/a | yes | +| [google\_project](#input\_google\_project) | Google project for VCP/workspace deployment | `string` | n/a | yes | +| [google\_region](#input\_google\_region) | Google region for VCP/workspace deployment | `string` | n/a | yes | +| [google\_zone](#input\_google\_zone) | Zone in GCP region | `string` | n/a | yes | +| [prefix](#input\_prefix) | Prefix to use in generated VPC name | `string` | n/a | yes | +| [workspace\_name](#input\_workspace\_name) | Name of the workspace to create | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|----------------------------------------------------------------------------------------|-------------| +| [databricks\_host](#output\_databricks\_host) | n/a | +| [databricks\_token](#output\_databricks\_token) | n/a | \ No newline at end of file diff --git a/examples/gcp-byovpc/README.md b/examples/gcp-byovpc/README.md index 3ba2ce37..922d24ed 100644 --- a/examples/gcp-byovpc/README.md +++ b/examples/gcp-byovpc/README.md @@ -19,4 +19,52 @@ You can do the same thing by provisionning a service account that will have the - You need to fill in the variables.tf - run `terraform init` -- run `teraform apply` \ No newline at end of file +- run `teraform apply` + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------------------------------------------------------------|---------| +| [google](#provider\_google) | n/a | + +## Modules + +| Name | Source | Version | +|--------------------------------------------------------------------|----------------------------------------------------------------------------------|---------| +| [gcp-byovpc](#module\_gcp-byovpc) | github.com/databricks/terraform-databricks-examples/modules/gcp-workspace-byovpc | n/a | + +## Resources + +| Name | Type | +|----------------------------------------------------------------------------------------------------------------------------------------------|-------------| +| [google_client_config.current](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source | +| [google_client_openid_userinfo.me](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_openid_userinfo) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|---------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------|---------|:--------:| +| [databricks\_account\_id](#input\_databricks\_account\_id) | Databricks Account ID | `string` | n/a | yes | +| [databricks\_google\_service\_account](#input\_databricks\_google\_service\_account) | Email of the service account used for deployment | `string` | n/a | yes | +| [delegate\_from](#input\_delegate\_from) | Identities to allow to impersonate created service account (in form of user:user.name@example.com, group:deployers@example.com or serviceAccount:sa1@project.iam.gserviceaccount.com) | `list(string)` | n/a | yes | +| [google\_project](#input\_google\_project) | Google project for VCP/workspace deployment | `string` | n/a | yes | +| [google\_region](#input\_google\_region) | Google region for VCP/workspace deployment | `string` | n/a | yes | +| [google\_zone](#input\_google\_zone) | Zone in GCP region | `string` | n/a | yes | +| [nat\_name](#input\_nat\_name) | Name of the NAT service in compute router | `string` | n/a | yes | +| [pod\_ip\_cidr\_range](#input\_pod\_ip\_cidr\_range) | IP Range for Pods subnet (secondary) | `string` | n/a | yes | +| [prefix](#input\_prefix) | Prefix to use in generated VPC name | `string` | n/a | yes | +| [router\_name](#input\_router\_name) | Name of the compute router to create | `string` | n/a | yes | +| [subnet\_ip\_cidr\_range](#input\_subnet\_ip\_cidr\_range) | IP Range for Nodes subnet (primary) | `string` | n/a | yes | +| [subnet\_name](#input\_subnet\_name) | Name of the subnet to create | `string` | n/a | yes | +| [svc\_ip\_cidr\_range](#input\_svc\_ip\_cidr\_range) | IP Range for Services subnet (secondary) | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|----------------------------------------------------------------------------------------|-------------| +| [databricks\_host](#output\_databricks\_host) | n/a | +| [databricks\_token](#output\_databricks\_token) | n/a | \ No newline at end of file diff --git a/modules/adb-exfiltration-protection/README.md b/modules/adb-exfiltration-protection/README.md index 442e178f..0ae53bed 100644 --- a/modules/adb-exfiltration-protection/README.md +++ b/modules/adb-exfiltration-protection/README.md @@ -32,15 +32,15 @@ This module can be used to deploy the following: ## Requirements | Name | Version | -| ---------------------------------------------------------------------------- | ------- | -| [azurerm](#requirement\_azurerm) | =2.83.0 | -| [databricks](#requirement\_databricks) | 0.3.10 | +|------------------------------------------------------------------------------|---------| +| [azurerm](#requirement\_azurerm) | =4.00.0 | +| [databricks](#requirement\_databricks) | 1.52.0 | ## Providers | Name | Version | -| ---------------------------------------------------------------- | ------- | -| [azurerm](#provider\_azurerm) | 2.83.0 | +|------------------------------------------------------------------|---------| +| [azurerm](#provider\_azurerm) | 4.0.0 | | [external](#provider\_external) | 2.2.0 | | [random](#provider\_random) | 3.1.0 | | [dns](#provider\_dns) | 3.3.0 | @@ -52,7 +52,7 @@ No modules. ## Resources | Name | Type | -| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | +|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------| | [azurerm_databricks_workspace.this](https://registry.terraform.io/providers/hashicorp/azurerm/2.83.0/docs/resources/databricks_workspace) | resource | | [azurerm_firewall.hubfw](https://registry.terraform.io/providers/hashicorp/azurerm/2.83.0/docs/resources/firewall) | resource | | [azurerm_firewall_application_rule_collection.adbfqdn](https://registry.terraform.io/providers/hashicorp/azurerm/2.83.0/docs/resources/firewall_application_rule_collection) | resource | @@ -76,38 +76,40 @@ No modules. | [azurerm_virtual_network_peering.spokevnet](https://registry.terraform.io/providers/hashicorp/azurerm/2.83.0/docs/resources/virtual_network_peering) | resource | | [random_string.naming](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | | [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/2.83.0/docs/data-sources/client_config) | data source | +| [dns_a_record_set.eventhubs](https://registry.terraform.io/providers/hashicorp/dns/latest/docs/data-sources/a_record_set) | data source | +| [dns_a_record_set.metastore](https://registry.terraform.io/providers/hashicorp/dns/latest/docs/data-sources/a_record_set) | data source | +| [dns_a_record_set.scc_relay](https://registry.terraform.io/providers/hashicorp/dns/latest/docs/data-sources/a_record_set) | data source | | [external_external.me](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source | ## Inputs -| Name | Description | Type | Default | Required | -| -------------------------------------------------------------------------------------------------------------- | ----------- | ----------- | ----------------- | :------: | -| [bypass\_scc\_relay](#input\_bypass\_scc\_relay) | n/a | `bool` | `true` | no | -| [dbfs\_prefix](#input\_dbfs\_prefix) | n/a | `string` | `"dbfs"` | no | -| [eventhubs](#input\_eventhubs) | n/a | `list(string)` | n/a | yes | -| [firewallfqdn](#input\_firewallfqdn) | n/a | `list(string)` | n/a | yes | -| [hubcidr](#input\_hubcidr) | n/a | `string` | `"10.178.0.0/20"` | no | -| [metastore](#input\_metastore) | n/a | `list(string)` | n/a | yes | -| [no\_public\_ip](#input\_no\_public\_ip) | n/a | `bool` | `true` | no | -| [private\_subnet\_endpoints](#input\_private\_subnet\_endpoints) | n/a | `list` | `[]` | no | -| [rglocation](#input\_rglocation) | n/a | `string` | `"southeastasia"` | no | -| [scc_relay](#input\_scc_relay) | n/a | `list(string)` | n/a | yes | -| [spokecidr](#input\_spokecidr) | n/a | `string` | `"10.179.0.0/20"` | no | -| [tags](#input\_tags) | n/a | `map` | `{}` | no | -| [webappip](#input\_webappip) | n/a | `list(string)` | n/a | yes | -| [workspace\_prefix](#input\_workspace\_prefix) | n/a | `string` | `"adb"` | no | +| Name | Description | Type | Default | Required | +|:---------------------------------------------------------------------------------------------------------------|-----------------------------------------------|----------------|-------------------|:--------:| +| [bypass\_scc\_relay](#input\_bypass\_scc\_relay) | n/a | `bool` | `true` | no | +| [dbfs\_prefix](#input\_dbfs\_prefix) | n/a | `string` | `"dbfs"` | no | +| [eventhubs](#input\_eventhubs) | n/a | `list(string)` | n/a | yes | +| [firewallfqdn](#input\_firewallfqdn) | n/a | `list(string)` | n/a | yes | +| [hubcidr](#input\_hubcidr) | n/a | `string` | `"10.178.0.0/20"` | no | +| [metastore](#input\_metastore) | n/a | `list(string)` | n/a | yes | +| [private\_subnet\_endpoints](#input\_private\_subnet\_endpoints) | n/a | `list` | `[]` | no | +| [rglocation](#input\_rglocation) | n/a | `string` | `"southeastasia"` | no | +| [scc\_relay](#input\_scc_relay) | n/a | `list(string)` | n/a | yes | +| [spokecidr](#input\_spokecidr) | n/a | `string` | `"10.179.0.0/20"` | no | +| [tags](#input\_tags) | n/a | `map` | `{}` | no | +| [webapp\_ips](#input\_webapp\_ips) | List of IP ranges for Azure Databricks Webapp | `list(string)` | n/a | yes | +| [workspace\_prefix](#input\_workspace\_prefix) | n/a | `string` | `"adb"` | no | ## Outputs -| Name | Description | -| -------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | -| [arm\_client\_id](#output\_arm\_client\_id) | Deprecated | -| [arm\_subscription\_id](#output\_arm\_subscription\_id) | Deprecated | -| [arm\_tenant\_id](#output\_arm\_tenant\_id) | Deprecated | -| [azure\_region](#output\_azure\_region) | Deprecated | -| [databricks\_azure\_workspace\_resource\_id](#output\_databricks\_azure\_workspace\_resource\_id) | Deprecated | -| [resource\_group](#output\_resource\_group) | Deprecated | -| [workspace\_url](#output\_workspace\_url) | n/a | -| [resource\_group\_id](#output\_resource\_group\_id) | n/a | -| [resource\_workspace\_id](#output\_resource\_workspace\_id) | n/a | +| Name | Description | +|:---------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------| +| [arm\_client\_id](#output\_arm\_client\_id) | **Deprecated** | +| [arm\_subscription\_id](#output\_arm\_subscription\_id) | **Deprecated** | +| [arm\_tenant\_id](#output\_arm\_tenant\_id) | **Deprecated** | +| [azure\_region](#output\_azure\_region) | **Deprecated** | +| [azure\_resource\_group\_id](#output\_azure\_resource\_group\_id) | ID of the created Azure resource group | +| [databricks\_azure\_workspace\_resource\_id](#output\_databricks\_azure\_workspace\_resource\_id) | **Deprecated** The ID of the Databricks Workspace in the Azure management plane | +| [resource\_group](#output\_resource\_group) | **Deprecated** | +| [workspace\_id](#output\_workspace\_id) | The Databricks workspace ID | +| [workspace\_url](#output\_workspace\_url) | The Databricks workspace URL | diff --git a/modules/adb-lakehouse-uc/account-principals/README.md b/modules/adb-lakehouse-uc/account-principals/README.md new file mode 100644 index 00000000..5f68700a --- /dev/null +++ b/modules/adb-lakehouse-uc/account-principals/README.md @@ -0,0 +1,46 @@ +# Unity Catalog terraform blueprints + +This module contains Terraform code used to provision a Databricks service principal on account-level. + +## Module content + +This module can be used to deploy the following: + +* A Azure Databricks Service Principal + +## How to use + +1. Reference this module using one of the different [module source types](https://developer.hashicorp.com/terraform/language/modules/sources) +2. Add `terraform.tfvars` with the information about service principals to be provisioned at account level. + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------------------------------------------------------------------------|---------| +| [databricks](#provider\_databricks) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------| +| [databricks_service_principal.databricks_service_principal](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/service_principal) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|--------------------------------------------------------------------------------------------|--------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------|---------|:--------:| +| [service\_principals](#input\_service\_principals) | list of service principals we want to create at Databricks account | 
map(object({
    sp_id        = string
    display_name = optional(string)
    permissions  = list(string)
  }))
| `{}` | no | + +## Outputs + +No outputs. + + \ No newline at end of file diff --git a/modules/adb-lakehouse-uc/uc-data-assets/README.md b/modules/adb-lakehouse-uc/uc-data-assets/README.md new file mode 100644 index 00000000..b9e5a09d --- /dev/null +++ b/modules/adb-lakehouse-uc/uc-data-assets/README.md @@ -0,0 +1,66 @@ +# Unity Catalog terraform blueprints + +This module contains Terraform code used to provision assets required for Databricks Unity Catalog. + +## Module content + +This module can be used to deploy the following: + +* The Lakehouse platform resources, including: + * Azure role assignment for the storage account + * Databricks external location + * Databricks catalog + * Databricks schema + * Databricks grants required to admin the external location + * Databricks grants required to admin the catalog + +## How to use + +1. Reference this module using one of the different [module source types](https://developer.hashicorp.com/terraform/language/modules/sources) +2. Add `terraform.tfvars` with the information about the required input variables. + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------------------------------------------------------------------------|---------| +| [azurerm](#provider\_azurerm) | n/a | +| [databricks](#provider\_databricks) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|-----------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------| +| [azurerm_role_assignment.ext_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource | +| [databricks_catalog.bronze-catalog](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/catalog) | resource | +| [databricks_external_location.landing-external-location](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/external_location) | resource | +| [databricks_grants.catalog_bronze-grants](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/grants) | resource | +| [databricks_grants.landing-external-location-grants](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/grants) | resource | +| [databricks_schema.bronze_source1-schema](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/schema) | resource | +| [azurerm_storage_account.ext_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------|----------------|---------|:--------:| +| [access\_connector\_id](#input\_access\_connector\_id) | the id of the access connector | `string` | n/a | yes | +| [environment\_name](#input\_environment\_name) | the deployment environment | `string` | n/a | yes | +| [landing\_adls\_path](#input\_landing\_adls\_path) | The ADLS path of the landing zone | `string` | n/a | yes | +| [landing\_adls\_rg](#input\_landing\_adls\_rg) | The resource group name of the landing zone | `string` | n/a | yes | +| [landing\_external\_location\_name](#input\_landing\_external\_location\_name) | the name of the landing external location | `string` | n/a | yes | +| [metastore\_admins](#input\_metastore\_admins) | list of principals: service principals or groups that have metastore admin privileges | `list(string)` | n/a | yes | +| [metastore\_id](#input\_metastore\_id) | Id of the metastore | `string` | n/a | yes | +| [storage\_credential\_name](#input\_storage\_credential\_name) | the name of the storage credential | `string` | n/a | yes | + +## Outputs + +No outputs. + \ No newline at end of file diff --git a/modules/adb-lakehouse/README.md b/modules/adb-lakehouse/README.md index f35034d1..9cd5d5df 100644 --- a/modules/adb-lakehouse/README.md +++ b/modules/adb-lakehouse/README.md @@ -33,3 +33,76 @@ This module can be used to deploy the following: 5. (Optional) Configure your [remote backend](https://developer.hashicorp.com/terraform/language/settings/backends/azurerm) 6. Run `terraform init` to initialize terraform and get provider ready. 7. Run `terraform apply` to create the resources. + + +## Requirements + +| Name | Version | +|---------------------------------------------------------------------|---------| +| [azurerm](#requirement\_azurerm) | >=4.0.0 | + +## Providers + +| Name | Version | +|---------------------------------------------------------------|---------| +| [azurerm](#provider\_azurerm) | >=4.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------| +| [azurerm_data_factory.adf](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_factory) | resource | +| [azurerm_databricks_workspace.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/databricks_workspace) | resource | +| [azurerm_key_vault.example](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault) | resource | +| [azurerm_network_security_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) | resource | +| [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_route_table.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/route_table) | resource | +| [azurerm_storage_account.dls](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource | +| [azurerm_subnet.private](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource | +| [azurerm_subnet.public](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource | +| [azurerm_subnet_network_security_group_association.private](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_network_security_group_association) | resource | +| [azurerm_subnet_network_security_group_association.public](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_network_security_group_association) | resource | +| [azurerm_subnet_route_table_association.private](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_route_table_association) | resource | +| [azurerm_subnet_route_table_association.public](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_route_table_association) | resource | +| [azurerm_virtual_network.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) | resource | +| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source | +| [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|---------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------|----------------|---------|:--------:| +| [create\_resource\_group](#input\_create\_resource\_group) | (Optional) Creates resource group if set to true (default) | `bool` | `true` | no | +| [data\_factory\_name](#input\_data\_factory\_name) | The name of the Azure Data Factory to deploy. Won't be created if not specified | `string` | `""` | no | +| [databricks\_workspace\_name](#input\_databricks\_workspace\_name) | Name of Databricks workspace | `string` | n/a | yes | +| [environment\_name](#input\_environment\_name) | (Required) The name of the project environment associated with the infrastructure to be managed by Terraform | `string` | n/a | yes | +| [key\_vault\_name](#input\_key\_vault\_name) | The name of the Azure Key Vault to deploy. Won't be created if not specified | `string` | `""` | no | +| [location](#input\_location) | (Required) The location for the resources in this module | `string` | n/a | yes | +| [managed\_resource\_group\_name](#input\_managed\_resource\_group\_name) | (Optional) The name of the resource group where Azure should place the managed Databricks resources | `string` | `""` | no | +| [private\_subnet\_address\_prefixes](#input\_private\_subnet\_address\_prefixes) | Address space for private Databricks subnet | `list(string)` | n/a | yes | +| [project\_name](#input\_project\_name) | (Required) The name of the project associated with the infrastructure to be managed by Terraform | `string` | n/a | yes | +| [public\_subnet\_address\_prefixes](#input\_public\_subnet\_address\_prefixes) | Address space for public Databricks subnet | `list(string)` | n/a | yes | +| [spoke\_resource\_group\_name](#input\_spoke\_resource\_group\_name) | (Required) The name of the Resource Group to create | `string` | n/a | yes | +| [spoke\_vnet\_address\_space](#input\_spoke\_vnet\_address\_space) | (Required) The address space for the spoke Virtual Network | `string` | n/a | yes | +| [storage\_account\_names](#input\_storage\_account\_names) | Names of additional storage accounts to create | `list(string)` | `[]` | no | +| [tags](#input\_tags) | (Required) Map of tags to attach to resources | `map(string)` | n/a | yes | + +## Outputs + +| Name | Description | +|-----------------------------------------------------------------------------------------------------------------|--------------------------------------------------------| +| [azure\_resource\_group\_id](#output\_azure\_resource\_group\_id) | ID of the created Azure resource group | +| [nsg\_id](#output\_nsg\_id) | **Depricated** ID of the new NSG | +| [rg\_id](#output\_rg\_id) | **Depricated** ID of the resource group | +| [rg\_name](#output\_rg\_name) | **Depricated** Name of the resource group | +| [route\_table\_id](#output\_route\_table\_id) | **Depricated** ID of the new route table | +| [vnet\_id](#output\_vnet\_id) | **Depricated** ID of the new Vnet | +| [workspace\_id](#output\_workspace\_id) | ID of the Databricks workspace | +| [workspace\_name](#output\_workspace\_name) | **Depricated** Name of the Databricks workspace | +| [workspace\_resource\_id](#output\_workspace\_resource\_id) | **Depricated** ID of the Databricks workspace resource | +| [workspace\_url](#output\_workspace\_url) | URL of the Databricks workspace | + \ No newline at end of file diff --git a/modules/adb-overwatch-analysis/README.md b/modules/adb-overwatch-analysis/README.md index 3be9c912..77a3e32f 100644 --- a/modules/adb-overwatch-analysis/README.md +++ b/modules/adb-overwatch-analysis/README.md @@ -6,7 +6,7 @@ This module deploys the following Databricks [python notebooks](./notebooks) on ## Inputs -| Name | Description | Type | Default | Required | -|----------------|--------------------------------------|--------|---------|----------| -|`rg_name`|Resource group name|string||yes| -|`overwatch_ws_name`|Overwatch existing workspace name|string||yes| +| Name | Description | Type | Default | Required | +|-------------------------------------------------------------------------------------------|----------------------------------------------|----------|---------|:--------:| +| [overwatch\_ws\_name](#input\_overwatch\_ws\_name) | The name of the Overwatch existing workspace | `string` | n/a | yes | +| [rg\_name](#input\_rg\_name) | Resource group name | `string` | n/a | yes | diff --git a/modules/adb-overwatch-main-ws/README.md b/modules/adb-overwatch-main-ws/README.md index e044403c..acacf180 100644 --- a/modules/adb-overwatch-main-ws/README.md +++ b/modules/adb-overwatch-main-ws/README.md @@ -2,18 +2,44 @@ This module either creates a new workspace, or uses an existing one to deploy **Overwatch** + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|---------------------------------------------------------------------------------------------------------|---------| +| [azurerm](#provider\_azurerm) | n/a | +| [databricks.ow-main-ws](#provider\_databricks.ow-main-ws) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|---------------------------------------------------------------------------------------------------------------------------------------------------------|-------------| +| [azurerm_databricks_workspace.adb-new-ws](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/databricks_workspace) | resource | +| [azurerm_databricks_workspace.adb-existing-ws](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/databricks_workspace) | data source | +| [azurerm_resource_group.rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | +| [databricks_spark_version.latest_lts](https://registry.terraform.io/providers/databricks/databricks/latest/docs/data-sources/spark_version) | data source | + ## Inputs -| Name | Description | Type | Default | Required | -|----------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|---------|----------| -|`subscription_id`| Azure subscription ID | string ||yes| -|`rg_name`| Resource group name | string ||yes| -|`overwatch_ws_name`| The name of an existing workspace, or the name to use to create a new one for Overwatch | string ||yes| -|`use_existing_ws`| A boolean that determines to either use an existing Databricks workspace for Overwatch, when it is set to *true*, or create a new one when it is set to *false* | bool ||yes| +| Name | Description | Type | Default | Required | +|-------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|---------|:--------:| +| [overwatch\_ws\_name](#input\_overwatch\_ws\_name) | The name of an existing workspace, or the name to use to create a new one for Overwatch | `string` | n/a | yes | +| [rg\_name](#input\_rg\_name) | Resource group name | `string` | n/a | yes | +| [subscription\_id](#input\_subscription\_id) | Azure subscription ID | `string` | n/a | yes | +| [use\_existing\_ws](#input\_use\_existing\_ws) | A boolean that determines to either use an existing Databricks workspace for Overwatch, when it is set to true, or create a new one when it is set to false | `bool` | n/a | yes | -## Ouputs +## Outputs -| Name | Description | -|----------------|-----------------------| -|`adb_ow_main_ws_url`| Overwatch workspace url | -|`latest_lts`| The latest DBR LTS version | \ No newline at end of file +| Name | Description | +|----------------------------------------------------------------------------------------------------|----------------------------| +| [adb\_ow\_main\_ws\_url](#output\_adb\_ow\_main\_ws\_url) | Overwatch workspace url | +| [latest\_lts](#output\_latest\_lts) | The latest DBR LTS version | + \ No newline at end of file diff --git a/modules/adb-overwatch-mws-config/README.md b/modules/adb-overwatch-mws-config/README.md index 4a1c4d25..ae7e1d17 100644 --- a/modules/adb-overwatch-mws-config/README.md +++ b/modules/adb-overwatch-mws-config/README.md @@ -8,27 +8,62 @@ This module deploys the required resources for a multi-workspace Overwatch deplo - Databricks Overwatch [notebook runner](./notebooks/overwatch-runner.scala) - Databricks job that will run Overwatch with the notebook above + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------------------------------------------------------------------------|---------| +| [azuread](#provider\_azuread) | n/a | +| [azurerm](#provider\_azurerm) | n/a | +| [databricks](#provider\_databricks) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------| +| [azurerm_role_assignment.data-contributor-role](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource | +| [azurerm_storage_account.ow-sa](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource | +| [azurerm_storage_data_lake_gen2_filesystem.overwatch-db](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_data_lake_gen2_filesystem) | resource | +| [databricks_job.overwatch](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/job) | resource | +| [databricks_mount.overwatch_db](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/mount) | resource | +| [databricks_notebook.overwatch_etl](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/notebook) | resource | +| [databricks_secret_scope.overwatch-akv](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/secret_scope) | resource | +| [azuread_service_principal.overwatch-spn](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/service_principal) | data source | +| [azurerm_databricks_workspace.overwatch-ws](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/databricks_workspace) | data source | +| [azurerm_key_vault.existing-kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | +| [azurerm_key_vault_secret.spn-key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | +| [azurerm_resource_group.rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | + ## Inputs -| Name | Description | Type | Default | Required | -|----------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|-----------------------|----------| -|`overwatch_ws_name`| Overwatch workspace name | string || yes | -|`rg_name`| Resource group name | string || yes | -|`overwatch_spn_app_id`| Azure SPN ID used to create the mount points | string || yes | -|`tenant_id`| Azure Tenant ID | string || yes | -|`ow_sa_name`| The name of the Overwatch ETL storage account | string || yes | -|`akv_name`| Azure Key-Vault name | string || yes | -|`databricks_secret_scope_name`| Databricks secret scope name (backed by Azure Key-Vault) | string || yes | -|`overwatch_job_notification_email`| Overwatch Job Notification Email | string | email@example.com | no | -|`cron_job_schedule`| Cron expression to schedule the Overwatch Job | string | 0 0 8 * * ? | no | -|`cron_timezone_id`| Timezone for the cron schedule | string | Europe/Brussels | no | -|`overwatch_version`| Overwatch library maven version | string | overwatch_2.12:0.7.1.0 | yes | -|`random_string`| Random string used as a suffix for the resources names | string || yes | -|`latest_dbr_lts`| Latest DBR LTS version | string | | yes | - -## Ouputs - -| Name | Description | -|----------------|-----------------------| -|`etl_storage_prefix`| Overwatch ETL storage prefix, which represents a mount point to the ETL storage account | -|`databricks_mount_db_name`| Mount point name to the storage account where Overwatch will be writing the results | \ No newline at end of file +| Name | Description | Type | Default | Required | +|------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------|----------|----------------------------|:--------:| +| [akv\_name](#input\_akv\_name) | Azure Key-Vault name | `string` | n/a | yes | +| [cron\_job\_schedule](#input\_cron\_job\_schedule) | Cron expression to schedule the Overwatch Job | `string` | `"0 0 8 * * ?"` | no | +| [cron\_timezone\_id](#input\_cron\_timezone\_id) | Timezone for the cron schedule | `string` | `"Europe/Brussels"` | no | +| [databricks\_secret\_scope\_name](#input\_databricks\_secret\_scope\_name) | Databricks secret scope name (backed by Azure Key-Vault) | `string` | n/a | yes | +| [latest\_dbr\_lts](#input\_latest\_dbr\_lts) | Latest DBR LTS version | `string` | n/a | yes | +| [overwatch\_job\_notification\_email](#input\_overwatch\_job\_notification\_email) | Overwatch Job Notification Email | `string` | `"email@example.com"` | no | +| [overwatch\_spn\_app\_id](#input\_overwatch\_spn\_app\_id) | Azure SPN ID used to create the mount points | `string` | n/a | yes | +| [overwatch\_version](#input\_overwatch\_version) | Overwatch library maven version | `string` | `"overwatch_2.12:0.7.1.0"` | no | +| [overwatch\_ws\_name](#input\_overwatch\_ws\_name) | Overwatch workspace name | `string` | n/a | yes | +| [ow\_sa\_name](#input\_ow\_sa\_name) | The name of the Overwatch ETL storage account | `string` | n/a | yes | +| [random\_string](#input\_random\_string) | Random string used as a suffix for the resources names | `string` | n/a | yes | +| [rg\_name](#input\_rg\_name) | Resource group name | `string` | n/a | yes | +| [tenant\_id](#input\_tenant\_id) | Azure Tenant ID | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|--------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------| +| [databricks\_mount\_db\_name](#output\_databricks\_mount\_db\_name) | Mount point name to the storage account where Overwatch will be writing the results | +| [etl\_storage\_prefix](#output\_etl\_storage\_prefix) | Overwatch ETL storage prefix, which represents a mount point to the ETL storage account | + \ No newline at end of file diff --git a/modules/adb-overwatch-regional-config/README.md b/modules/adb-overwatch-regional-config/README.md index 245f204d..ae159834 100644 --- a/modules/adb-overwatch-regional-config/README.md +++ b/modules/adb-overwatch-regional-config/README.md @@ -7,23 +7,55 @@ This module deploys the regional Azure required resources for a multi-workspace - Azure Key-Vault with its access policy - Azure Vault secret to store the SPN secret value + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|---------------------------------------------------------------|---------| +| [azuread](#provider\_azuread) | n/a | +| [azurerm](#provider\_azurerm) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------| +| [azurerm_eventhub_namespace.ehn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/eventhub_namespace) | resource | +| [azurerm_eventhub_namespace_authorization_rule.ehn-ar](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/eventhub_namespace_authorization_rule) | resource | +| [azurerm_key_vault.kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault) | resource | +| [azurerm_key_vault_access_policy.kv-ap](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | +| [azurerm_key_vault_secret.spn-key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | +| [azurerm_role_assignment.data-contributor-role-log](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource | +| [azurerm_storage_account.log-sa](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource | +| [azuread_service_principal.overwatch-spn](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/service_principal) | data source | +| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source | +| [azurerm_resource_group.rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | + ## Inputs -| Name | Description | Type | Default | Required | -|----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|-----------------------|----------| -|`rg_name`| Resource group name | string || yes | -|`overwatch_spn_app_id`| Azure SPN ID | string || yes | -|`overwatch_spn_secret`| Azure SPN secret | string || yes | -|`logs_sa_name`| Logs storage account name | string || yes | -|`key_vault_prefix`| AKV prefix to use when creating the resource | string || yes | -|`random_string`| Random string used as a suffix for the resources names | string || yes | -|`ehn_name`| Eventhubs namespace name | string | | yes | - -## Ouputs - -| Name | Description | -|----------------|-----------------------------------------------------------------------------------------| -|`ehn_name`| Eventhubs namespace name | -|`ehn_ar_name`| Eventhubs namespace authorization rule name | -|`logs_sa_name`| Logs storage account name | -|`akv_name`| Azure Key-Vault name | \ No newline at end of file +| Name | Description | Type | Default | Required | +|------------------------------------------------------------------------------------------------------|--------------------------------------------------------|----------|---------|:--------:| +| [ehn\_name](#input\_ehn\_name) | Eventhubs namespace name | `any` | n/a | yes | +| [key\_vault\_prefix](#input\_key\_vault\_prefix) | AKV prefix to use when creating the resource | `string` | n/a | yes | +| [logs\_sa\_name](#input\_logs\_sa\_name) | Logs storage account name | `any` | n/a | yes | +| [overwatch\_spn\_app\_id](#input\_overwatch\_spn\_app\_id) | Azure SPN ID used to create the mount points | `string` | n/a | yes | +| [overwatch\_spn\_secret](#input\_overwatch\_spn\_secret) | Azure SPN secret | `string` | n/a | yes | +| [random\_string](#input\_random\_string) | Random string used as a suffix for the resources names | `string` | n/a | yes | +| [rg\_name](#input\_rg\_name) | Resource group name | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------------------------------------------------------------------------------|---------------------------------------------| +| [akv\_name](#output\_akv\_name) | AKV name | +| [ehn\_ar\_name](#output\_ehn\_ar\_name) | Eventhubs namespace authorization rule name | +| [ehn\_name](#output\_ehn\_name) | Eventhubs namespace name | +| [logs\_sa\_name](#output\_logs\_sa\_name) | Logs storage account name | + \ No newline at end of file diff --git a/modules/adb-overwatch-ws-to-monitor/README.md b/modules/adb-overwatch-ws-to-monitor/README.md index c5c045f1..927b1b78 100644 --- a/modules/adb-overwatch-ws-to-monitor/README.md +++ b/modules/adb-overwatch-ws-to-monitor/README.md @@ -14,36 +14,81 @@ This module deploys the required resources for a given Databricks workspace to b > **Note** > For more details on the column description, please refer to [Overwatch Deployment Configuration](https://databrickslabs.github.io/overwatch/deployoverwatch/configureoverwatch/configuration/) +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------------------------------------------------------------------------|---------| +| [azurerm](#provider\_azurerm) | n/a | +| [databricks](#provider\_databricks) | n/a | +| [null](#provider\_null) | n/a | +| [template](#provider\_template) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------| +| [azurerm_eventhub.eh](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/eventhub) | resource | +| [azurerm_eventhub_authorization_rule.eh-ar](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/eventhub_authorization_rule) | resource | +| [azurerm_key_vault_secret.adb-pat](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | +| [azurerm_key_vault_secret.eh-conn-string](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | +| [azurerm_monitor_diagnostic_setting.dgs-ws](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_diagnostic_setting) | resource | +| [azurerm_storage_data_lake_gen2_filesystem.cluster-logs-fs](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_data_lake_gen2_filesystem) | resource | +| [databricks_mount.cluster-logs-mount-ws](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/mount) | resource | +| [databricks_secret_scope.overwatch-akv](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/secret_scope) | resource | +| [databricks_token.pat-ws](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/token) | resource | +| [null_resource.local](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [azurerm_databricks_workspace.adb-ws](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/databricks_workspace) | data source | +| [azurerm_eventhub_namespace_authorization_rule.ehn-ar](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/eventhub_namespace_authorization_rule) | data source | +| [azurerm_key_vault.existing-kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | +| [azurerm_key_vault_secret.spn-key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | +| [azurerm_monitor_diagnostic_categories.dgs-cat](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_diagnostic_categories) | data source | +| [azurerm_resource_group.rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | +| [azurerm_storage_account.logs-sa](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source | +| [template_cloudinit_config.local](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/cloudinit_config) | data source | +| [template_file.ow-deployment-config](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source | ## Inputs -| Name | Description | Type | Default | Required | -|----------------|-----------------------------------------------------------------------------------------------------------------|--------|---------|----------| -|`adb_ws_name`| The name of an existing Databricks workspace that Overwatch will monitor | string || yes | -|`rg_name`| Resource group name | string || yes | -|`ehn_name`| Eventhub namespace name | string || yes | -|`tenant_id`| Azure tenant ID | string || yes | -|`overwatch_spn_app_id`| Azure SPN used to create Databricks mounts | string || yes | -|`ehn_auth_rule_name`| Eventhub namespace authorization rule name | string || yes | -|`logs_sa_name`| Logs storage account name | string || yes | -|`random_string`| Random string used as a suffix for the resources names | string || yes | -|`akv_name`| Azure Key-Vault name | string || yes | -|`databricks_secret_scope_name`| Databricks secret scope name (backed by Azure Key-Vault) | string || yes | -|`etl_storage_prefix`| Overwatch ETL storage prefix, which represents a mount point to the ETL storage account | string || yes | -|`interactive_dbu_price`| Contract price for interactive DBUs | number || yes | -|`automated_dbu_price`| Contract price for automated DBUs | number || yes | -|`sql_compute_dbu_price`| Contract price for DBSQL DBUs | number || yes | -|`jobs_light_dbu_price`| Contract price for interactive DBUs | number || yes | -|`max_days`| This is the max incremental days that will be loaded. Usually only relevant for historical loading and rebuilds | number || yes | -|`excluded_scopes`| Scopes that should not be excluded from the pipelines | string || no | -|`active`| Whether or not the workspace should be validated / deployed | bool || yes | -|`proxy_host`| Proxy url for the workspace | string || no | -|`proxy_port`| Proxy port for the workspace | string || no | -|`proxy_user_name`| Proxy user name for the workspace | string || no | -|`proxy_password_scope`| Scope which contains the proxy password key | string || no | -|`proxy_password_key`| Key which contains proxy password | string || no | -|`success_batch_size`|API Tunable - Indicates the size of the buffer on filling of which the result will be written to a temp location | string || no | -|`error_batch_size`| API Tunable - Indicates the size of the error writer buffer containing API call errors | string || no | -|`enable_unsafe_SSL`| API Tunable - Enables unsafe SSL | bool || no | -|`thread_pool_size`| API Tunable - Max number of API calls Overwatch is allowed to make in parallel | number || no | -|`api_waiting_time`| API Tunable - Overwatch makes async api calls in parallel, api_waiting_time signifies the max wait time in case of no response received from the api call | string || no | +| Name | Description | Type | Default | Required | +|------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|---------|:--------:| +| [active](#input\_active) | Whether or not the workspace should be validated / deployed | `bool` | n/a | yes | +| [adb\_ws\_name](#input\_adb\_ws\_name) | The name of an existing Databricks workspace that Overwatch will monitor | `string` | n/a | yes | +| [akv\_name](#input\_akv\_name) | Azure Key-Vault name | `string` | n/a | yes | +| [api\_waiting\_time](#input\_api\_waiting\_time) | API Tunable - Overwatch makes async api calls in parallel, api\_waiting\_time signifies the max wait time in case of no response received from the api call | `string` | n/a | yes | +| [auditlog\_prefix\_source\_path](#input\_auditlog\_prefix\_source\_path) | Location of auditlog (AWS/GCP Only) | `string` | n/a | yes | +| [automated\_dbu\_price](#input\_automated\_dbu\_price) | Contract price for automated DBUs | `number` | n/a | yes | +| [databricks\_secret\_scope\_name](#input\_databricks\_secret\_scope\_name) | Databricks secret scope name (backed by Azure Key-Vault) | `string` | n/a | yes | +| [ehn\_auth\_rule\_name](#input\_ehn\_auth\_rule\_name) | Eventhub namespace authorization rule name | `string` | n/a | yes | +| [ehn\_name](#input\_ehn\_name) | Eventhub namespace name | `string` | n/a | yes | +| [enable\_unsafe\_SSL](#input\_enable\_unsafe\_SSL) | API Tunable - Enables unsafe SSL | `string` | n/a | yes | +| [error\_batch\_size](#input\_error\_batch\_size) | API Tunable - Indicates the size of the error writer buffer containing API call errors | `string` | n/a | yes | +| [etl\_storage\_prefix](#input\_etl\_storage\_prefix) | Overwatch ETL storage prefix, which represents a mount point to the ETL storage account | `string` | n/a | yes | +| [excluded\_scopes](#input\_excluded\_scopes) | Scopes that should not be excluded from the pipelines | `string` | n/a | yes | +| [interactive\_dbu\_price](#input\_interactive\_dbu\_price) | Contract price for interactive DBUs | `number` | n/a | yes | +| [jobs\_light\_dbu\_price](#input\_jobs\_light\_dbu\_price) | Contract price for interactive DBUs | `number` | n/a | yes | +| [logs\_sa\_name](#input\_logs\_sa\_name) | Logs storage account name | `string` | n/a | yes | +| [max\_days](#input\_max\_days) | This is the max incremental days that will be loaded. Usually only relevant for historical loading and rebuilds | `number` | n/a | yes | +| [overwatch\_spn\_app\_id](#input\_overwatch\_spn\_app\_id) | Azure SPN used to create Databricks mounts | `string` | n/a | yes | +| [proxy\_host](#input\_proxy\_host) | Proxy url for the workspace | `string` | n/a | yes | +| [proxy\_password\_key](#input\_proxy\_password\_key) | Key which contains proxy password | `string` | n/a | yes | +| [proxy\_password\_scope](#input\_proxy\_password\_scope) | Scope which contains the proxy password key | `string` | n/a | yes | +| [proxy\_port](#input\_proxy\_port) | Proxy port for the workspace | `string` | n/a | yes | +| [proxy\_user\_name](#input\_proxy\_user\_name) | Proxy user name for the workspace | `string` | n/a | yes | +| [random\_string](#input\_random\_string) | Random string used as a suffix for the resources names | `string` | n/a | yes | +| [rg\_name](#input\_rg\_name) | Resource group name | `string` | n/a | yes | +| [sql\_compute\_dbu\_price](#input\_sql\_compute\_dbu\_price) | Contract price for DBSQL DBUs | `number` | n/a | yes | +| [success\_batch\_size](#input\_success\_batch\_size) | API Tunable - Indicates the size of the buffer on filling of which the result will be written to a temp location. This is used to tune performance in certain circumstance | `string` | n/a | yes | +| [tenant\_id](#input\_tenant\_id) | Azure tenant ID | `string` | n/a | yes | +| [thread\_pool\_size](#input\_thread\_pool\_size) | API Tunable - Max number of API calls Overwatch is allowed to make in parallel | `string` | n/a | yes | + +## Outputs + +No outputs. \ No newline at end of file diff --git a/modules/adb-uc-metastore/README.md b/modules/adb-uc-metastore/README.md index 83c05c14..aa1359ec 100644 --- a/modules/adb-uc-metastore/README.md +++ b/modules/adb-uc-metastore/README.md @@ -25,3 +25,48 @@ This module can be used to perform following tasks: 6. Run `terraform init` to initialize terraform and get provider ready. 7. Run `terraform apply` to create the resources. +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------------------------------------------------------------------------|---------| +| [azurerm](#provider\_azurerm) | 4.9.0 | +| [databricks](#provider\_databricks) | 1.58.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------| +| [azurerm_databricks_access_connector.access_connector](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/databricks_access_connector) | resource | +| [azurerm_resource_group.shared_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_role_assignment.unity_catalog](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource | +| [azurerm_storage_account.unity_catalog](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource | +| [azurerm_storage_container.unity_catalog](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource | +| [databricks_metastore.databricks-metastore](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/metastore) | resource | +| [databricks_metastore_data_access.access-connector-data-access](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/metastore_data_access) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------|---------------|---------|:--------:| +| [access\_connector\_name](#input\_access\_connector\_name) | Name of the access connector for Unity Catalog metastore | `string` | n/a | yes | +| [location](#input\_location) | (Required) The location for the resources in this module | `string` | n/a | yes | +| [metastore\_name](#input\_metastore\_name) | the name of the metastore | `string` | n/a | yes | +| [metastore\_storage\_name](#input\_metastore\_storage\_name) | Name of the storage account for Unity Catalog metastore | `string` | n/a | yes | +| [shared\_resource\_group\_name](#input\_shared\_resource\_group\_name) | Name of the shared resource group | `string` | n/a | yes | +| [tags](#input\_tags) | (Required) Map of tags to attach to resources | `map(string)` | n/a | yes | + +## Outputs + +| Name | Description | +|-----------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------| +| [access\_connector\_id](#output\_access\_connector\_id) | the id of the access connector | +| [access\_connector\_principal\_id](#output\_access\_connector\_principal\_id) | The Principal ID of the System Assigned Managed Service Identity that is configured on this Access Connector | +| [metastore\_id](#output\_metastore\_id) | n/a | \ No newline at end of file diff --git a/modules/adb-with-private-link-standard/README.md b/modules/adb-with-private-link-standard/README.md index e5cbebee..eb8fc55d 100644 --- a/modules/adb-with-private-link-standard/README.md +++ b/modules/adb-with-private-link-standard/README.md @@ -33,3 +33,97 @@ It covers a [standard deployment](https://learn.microsoft.com/en-us/azure/databr 5. (Optional) Configure your [remote backend](https://developer.hashicorp.com/terraform/language/settings/backends/azurerm) 6. Run `terraform init` to initialize terraform and get provider ready. 7. Run `terraform apply` to create the resources. + +## Requirements + +| Name | Version | +|---------------------------------------------------------------------|---------| +| [azurerm](#requirement\_azurerm) | >=4.0.0 | + +## Providers + +| Name | Version | +|------------------------------------------------------------------|---------| +| [azurerm](#provider\_azurerm) | >=4.0.0 | +| [external](#provider\_external) | n/a | +| [http](#provider\_http) | n/a | +| [random](#provider\_random) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------| +| [azurerm_databricks_workspace.dp_workspace](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/databricks_workspace) | resource | +| [azurerm_databricks_workspace.transit_workspace](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/databricks_workspace) | resource | +| [azurerm_network_interface.testvmnic](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface) | resource | +| [azurerm_network_interface_security_group_association.testvmnsgassoc](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface_security_group_association) | resource | +| [azurerm_network_security_group.dp_sg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) | resource | +| [azurerm_network_security_group.testvm-nsg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) | resource | +| [azurerm_network_security_group.transit_sg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) | resource | +| [azurerm_network_security_rule.dp_aad](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule) | resource | +| [azurerm_network_security_rule.dp_azfrontdoor](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule) | resource | +| [azurerm_network_security_rule.test0](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule) | resource | +| [azurerm_network_security_rule.transit_aad](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule) | resource | +| [azurerm_network_security_rule.transit_azfrontdoor](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule) | resource | +| [azurerm_private_dns_zone.dns_auth_front](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource | +| [azurerm_private_dns_zone.dnsdbfs_blob](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource | +| [azurerm_private_dns_zone.dnsdbfs_dfs](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource | +| [azurerm_private_dns_zone.dnsdpcp](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource | +| [azurerm_private_dns_zone_virtual_network_link.dbfsdnszonevnetlink_blob](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_dns_zone_virtual_network_link.dbfsdnszonevnetlink_dfs](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_dns_zone_virtual_network_link.dpcpdnszonevnetlink](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_dns_zone_virtual_network_link.transitdnszonevnetlink](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_endpoint.dp_dbfspe_blob](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | +| [azurerm_private_endpoint.dp_dbfspe_dfs](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | +| [azurerm_private_endpoint.dp_dpcp](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | +| [azurerm_private_endpoint.front_pe](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | +| [azurerm_private_endpoint.transit_auth](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | +| [azurerm_public_ip.testvmpublicip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource | +| [azurerm_resource_group.dp_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_resource_group.transit_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_subnet.dp_plsubnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource | +| [azurerm_subnet.dp_private](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource | +| [azurerm_subnet.dp_public](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource | +| [azurerm_subnet.testvmsubnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource | +| [azurerm_subnet.transit_plsubnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource | +| [azurerm_subnet.transit_private](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource | +| [azurerm_subnet.transit_public](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource | +| [azurerm_subnet_network_security_group_association.dp_private](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_network_security_group_association) | resource | +| [azurerm_subnet_network_security_group_association.dp_public](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_network_security_group_association) | resource | +| [azurerm_subnet_network_security_group_association.transit_private](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_network_security_group_association) | resource | +| [azurerm_subnet_network_security_group_association.transit_public](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_network_security_group_association) | resource | +| [azurerm_virtual_network.dp_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) | resource | +| [azurerm_virtual_network.transit_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) | resource | +| [azurerm_windows_virtual_machine.testvm](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_virtual_machine) | resource | +| [random_string.naming](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | +| [random_string.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | +| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source | +| [external_external.me](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source | +| [http_http.my_public_ip](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------|----------------|---------|:--------:| +| [cidr\_dp](#input\_cidr\_dp) | (Required) The CIDR for the Azure Data Plane VNet | `string` | n/a | yes | +| [cidr\_transit](#input\_cidr\_transit) | (Required) The CIDR for the Azure transit VNet | `string` | n/a | yes | +| [location](#input\_location) | (Required) The location for the resources in this module | `string` | n/a | yes | +| [private\_subnet\_endpoints](#input\_private\_subnet\_endpoints) | The list of Service endpoints to associate with the private subnet. | `list(string)` | `[]` | no | +| [public\_network\_access\_enabled](#input\_public\_network\_access\_enabled) | (Optional, default: false) If access from the public networks should be enabled | `bool` | `false` | no | +| [transit\_private\_subnet\_endpoints](#input\_transit\_private\_subnet\_endpoints) | The list of Service endpoints to associate with the private transit subnet. | `list(string)` | `[]` | no | + +## Outputs + +| Name | Description | +|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------| +| [dp\_databricks\_azure\_workspace\_resource\_id](#output\_dp\_databricks\_azure\_workspace\_resource\_id) | **Depricated** The ID of the Databricks Workspace in the Azure management plane. | +| [dp\_workspace\_url](#output\_dp\_workspace\_url) | **Depricated** Renamed to `workspace_url` to align with naming used in other modules | +| [my\_ip\_addr](#output\_my\_ip\_addr) | n/a | +| [test\_vm\_password](#output\_test\_vm\_password) | Password to access the Test VM, use `terraform output -json test_vm_password` to get the password value | +| [test\_vm\_public\_ip](#output\_test\_vm\_public\_ip) | Public IP of the created virtual machine | +| [workspace\_id](#output\_workspace\_id) | The Databricks workspace ID | +| [workspace\_url](#output\_workspace\_url) | The workspace URL which is of the format 'adb-{workspaceId}.{random}.azuredatabricks.net' | diff --git a/modules/adb-with-private-links-exfiltration-protection/README.md b/modules/adb-with-private-links-exfiltration-protection/README.md index 9d50a867..c6bcd1ed 100644 --- a/modules/adb-with-private-links-exfiltration-protection/README.md +++ b/modules/adb-with-private-links-exfiltration-protection/README.md @@ -30,3 +30,102 @@ With this deployment, traffic from user client to webapp (notebook UI), backend 5. (Optional) Configure your [remote backend](https://developer.hashicorp.com/terraform/language/settings/backends/azurerm) 6. Run `terraform init` to initialize terraform and get provider ready. 7. Run `terraform apply` to create the resources. + + +## Requirements + +| Name | Version | +|---------------------------------------------------------------------|---------| +| [azurerm](#requirement\_azurerm) | >=4.0.0 | + +## Providers + +| Name | Version | +|------------------------------------------------------------------|---------| +| [azurerm](#provider\_azurerm) | >=4.0.0 | +| [external](#provider\_external) | n/a | +| [http](#provider\_http) | n/a | +| [random](#provider\_random) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------| +| [azurerm_databricks_workspace.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/databricks_workspace) | resource | +| [azurerm_firewall.hubfw](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall) | resource | +| [azurerm_firewall_application_rule_collection.adbfqdn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall_application_rule_collection) | resource | +| [azurerm_firewall_network_rule_collection.adbfnetwork](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall_network_rule_collection) | resource | +| [azurerm_network_interface.testvmnic](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface) | resource | +| [azurerm_network_interface_security_group_association.testvmnsgassoc](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface_security_group_association) | resource | +| [azurerm_network_security_group.testvm-nsg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) | resource | +| [azurerm_network_security_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) | resource | +| [azurerm_network_security_rule.aad](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule) | resource | +| [azurerm_network_security_rule.azfrontdoor](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule) | resource | +| [azurerm_network_security_rule.test0](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule) | resource | +| [azurerm_private_dns_zone.dnsdbfs_blob](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource | +| [azurerm_private_dns_zone.dnsdbfs_dfs](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource | +| [azurerm_private_dns_zone.dnsdpcp](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource | +| [azurerm_private_dns_zone_virtual_network_link.dbfsdnszonevnetlink_blob](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_dns_zone_virtual_network_link.dbfsdnszonevnetlink_dfs](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_dns_zone_virtual_network_link.dpcpdnszonevnetlink](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_endpoint.auth](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | +| [azurerm_private_endpoint.dbfspe_blob](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | +| [azurerm_private_endpoint.dbfspe_dfs](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | +| [azurerm_private_endpoint.dpcp](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | +| [azurerm_public_ip.fwpublicip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource | +| [azurerm_public_ip.testvmpublicip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource | +| [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_route_table.adbroute](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/route_table) | resource | +| [azurerm_subnet.hubfw](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource | +| [azurerm_subnet.plsubnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource | +| [azurerm_subnet.private](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource | +| [azurerm_subnet.public](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource | +| [azurerm_subnet.testvmsubnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource | +| [azurerm_subnet_network_security_group_association.private](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_network_security_group_association) | resource | +| [azurerm_subnet_network_security_group_association.public](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_network_security_group_association) | resource | +| [azurerm_subnet_route_table_association.privateudr](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_route_table_association) | resource | +| [azurerm_subnet_route_table_association.publicudr](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_route_table_association) | resource | +| [azurerm_virtual_network.hubvnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) | resource | +| [azurerm_virtual_network.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) | resource | +| [azurerm_virtual_network_peering.hubvnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network_peering) | resource | +| [azurerm_virtual_network_peering.spokevnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network_peering) | resource | +| [azurerm_windows_virtual_machine.testvm](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_virtual_machine) | resource | +| [random_string.naming](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | +| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source | +| [external_external.me](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source | +| [http_http.my_public_ip](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|----------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------|----------------|-------------------|:--------:| +| [dbfs\_prefix](#input\_dbfs\_prefix) | Prefix for DBFS storage account name | `string` | `"dbfs"` | no | +| [firewallfqdn](#input\_firewallfqdn) | Additional list of fully qualified domain names to add to firewall rules | `list(any)` | n/a | yes | +| [hubcidr](#input\_hubcidr) | CIDR for Hub VNet | `string` | `"10.178.0.0/20"` | no | +| [metastoreip](#input\_metastoreip) | IP Address of built-in Hive Metastore in the target region | `string` | n/a | yes | +| [private\_subnet\_endpoints](#input\_private\_subnet\_endpoints) | The list of Service endpoints to associate with the private subnet. | `list(string)` | `[]` | no | +| [rglocation](#input\_rglocation) | Location of resource group to create | `string` | `"southeastasia"` | no | +| [spokecidr](#input\_spokecidr) | CIDR for Spoke VNet | `string` | `"10.179.0.0/20"` | no | +| [tags](#input\_tags) | map of tags to add to all resources | `map(any)` | `{}` | no | +| [test\_vm\_password](#input\_test\_vm\_password) | Password for Test VM | `string` | `"TesTed567!!!"` | no | +| [workspace\_prefix](#input\_workspace\_prefix) | Prefix to use for Workspace name | `string` | `"adb"` | no | + +## Outputs + +| Name | Description | +|----------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------| +| [arm\_client\_id](#output\_arm\_client\_id) | ***Depricated***. Client ID for current user/service principal | +| [arm\_subscription\_id](#output\_arm\_subscription\_id) | ***Depricated***. Azure Subscription ID for current user/service principal | +| [arm\_tenant\_id](#output\_arm\_tenant\_id) | ***Depricated***. Azure Tenant ID for current user/service principal | +| [azure\_region](#output\_azure\_region) | ***Depricated***. Geo location of created resources | +| [azure\_resource\_group\_id](#output\_azure\_resource\_group\_id) | ID of the created Azure resource group | +| [databricks\_azure\_workspace\_resource\_id](#output\_databricks\_azure\_workspace\_resource\_id) | ***Depricated***. The ID of the Databricks Workspace in the Azure management plane. | +| [my\_ip\_addr](#output\_my\_ip\_addr) | ***Depricated***. IP address of caller | +| [resource\_group](#output\_resource\_group) | Name of created resource group | +| [test\_vm\_public\_ip](#output\_test\_vm\_public\_ip) | Public IP of the created virtual machine | +| [workspace\_id](#output\_workspace\_id) | The Databricks workspace ID | +| [workspace\_url](#output\_workspace\_url) | The workspace URL which is of the format 'adb-{workspaceId}.{random}.azuredatabricks.net' | diff --git a/modules/aws-databricks-base-infra/README.md b/modules/aws-databricks-base-infra/README.md new file mode 100644 index 00000000..1f90044f --- /dev/null +++ b/modules/aws-databricks-base-infra/README.md @@ -0,0 +1,87 @@ +# AWS Databricks Workspace +This Terraform module creates the necessary AWS resources for setting up a Databricks workspace. + +## Architecture Overview + +Include: + +1. An IAM cross-account role for Databricks to assume +2. An S3 bucket to serve as the root storage for Databricks +3. Necessary IAM policies and S3 bucket policies +4. VPC resources (implied by the outputs, but not directly created in the provided resource list) + + +## How to use + +> **Note** +> You can customize this module by adding, deleting or updating the AWS resources to adapt the module to your requirements. +> A deployment example using this module can be found in [examples/aws-workspace-basic](../../examples/aws-workspace-basic) + + +## How to use + +1. Reference this module using one of the different [module source types](https://developer.hashicorp.com/terraform/language/modules/sources) +2. Add `terraform.tfvars` with the information about the required input variables. + +## Requirements + +| Name | Version | +|------------------------------------------------------------------------------|----------| +| [aws](#requirement\_aws) | >=4.57.0 | +| [databricks](#requirement\_databricks) | >=1.24.1 | + +## Providers + +| Name | Version | +|------------------------------------------------------------------------------------|----------| +| [aws](#provider\_aws) | >=4.57.0 | +| [databricks](#provider\_databricks) | >=1.24.1 | +| [databricks.mws](#provider\_databricks.mws) | >=1.24.1 | + +## Modules + +| Name | Source | Version | +|-------------------------------------------------------------------------------|------------------------------------------------------|---------| +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 5.7.0 | +| [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | 5.7.0 | + +## Resources + +| Name | Type | +|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------| +| [aws_iam_role.cross_account_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_s3_bucket.root_storage_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | +| [aws_s3_bucket_policy.root_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource | +| [aws_s3_bucket_public_access_block.root_storage_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource | +| [aws_s3_bucket_server_side_encryption_configuration.root_storage_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource | +| [aws_s3_bucket_versioning.versioning_example](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource | +| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | +| [aws_iam_policy_document.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [databricks_aws_assume_role_policy.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/data-sources/aws_assume_role_policy) | data source | +| [databricks_aws_bucket_policy.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/data-sources/aws_bucket_policy) | data source | +| [databricks_aws_crossaccount_policy.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/data-sources/aws_crossaccount_policy) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|-------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|----------------|---------|:--------:| +| [cidr\_block](#input\_cidr\_block) | (Required) CIDR block for the VPC that will be used to create the Databricks workspace | `string` | n/a | yes | +| [databricks\_account\_id](#input\_databricks\_account\_id) | (Required) Databricks Account ID | `string` | n/a | yes | +| [prefix](#input\_prefix) | (Required) Prefix for the resources deployed by this module | `string` | n/a | yes | +| [region](#input\_region) | (Required) AWS region where the resources will be deployed | `string` | n/a | yes | +| [roles\_to\_assume](#input\_roles\_to\_assume) | (Optional) List of AWS roles that the cross account role can pass to the clusters (important when creating instance profiles) | `list(string)` | n/a | yes | +| [tags](#input\_tags) | (Required) Map of tags to be applied to the kinesis stream | `map(string)` | n/a | yes | + +## Outputs + +| Name | Description | +|-------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------| +| [cross\_account\_role\_arn](#output\_cross\_account\_role\_arn) | AWS Cross account role arn | +| [private\_route\_table\_ids](#output\_private\_route\_table\_ids) | IDs for the private route tables associated with this VPC | +| [root\_bucket](#output\_root\_bucket) | root bucket | +| [security\_group\_ids](#output\_security\_group\_ids) | Security group ID for DB Compliant VPC | +| [subnets](#output\_subnets) | private subnets for workspace creation | +| [vpc\_id](#output\_vpc\_id) | VPC ID | +| [vpc\_main\_route\_table\_id](#output\_vpc\_main\_route\_table\_id) | ID for the main route table associated with this VPC | + \ No newline at end of file