This project provides Terraform configurations to deploy an example Databricks environment to Azure. It uses Docker containers to manage tooling such as Terraform itself. The project also includes a Makefile to streamline common operations. Note: Since creating this repo I've found this repo (https://github.com/databricks/terraform-databricks-sra) which is an excellent resource.
main.tf: Terraform configuration for deploying Databricks resources on Azure.variables.tf: Definitions for Terraform input variables.Dockerfile: Docker configuration for setting up the environment with necessary tools.Makefile: A file containing commands to manage the Terraform environment and tooling.README.md: This file.
- Docker installed on your machine.
- Make installed on your machine.
To use the SAT tool the service principal 'SP for Security Analysis Tool' which is generated by this needs to be given Account Admin rights. It is not possible to automated this so to use the SAT tool the process is:
- Make the SP for Security Analysis Tool an Account Admin
- Run the 'SAT Initializer Notebook (one-time)' job
The Docker container is configured to run Terraform and other tooling required for this project. It will map a volume to bring in the credentials for Azure and Databricks but you will either need to configure these prior to running or update the use the appropriate secrets.
core: Install this first as this creates a VNet and Bastion that can be used to deploy databricksdatabricks: If you enable full PrivateLink then you need to deploy from within your Azure VNet or it will fail.
Databricks SAT tool: https://github.com/databricks-industry-solutions/security-analysis-tool Databricks Dashboards: https://github.com/databricks/tmm/tree/main/System-Tables-Demo
The project includes a Makefile with several commands to help manage your Terraform configurations. Here’s a brief overview of each command:
-
make apply: Deploys the resources defined in your Terraform configuration to Azure.make apply
-
make check-security: Performs static analysis on your Terraform templates to identify potential security issues.make check-security
-
make destroy: Destroys all the resources created by the Terraform configuration.make destroy
-
make documentation: Generates theREADME.mdfile for your project.make documentation
-
make format: Rewrites all Terraform configuration files to a canonical format.make format
-
make lint: Checks for possible errors and best practices in your Terraform configuration.make lint
-
make plan: Shows the deployment plan for your Terraform configuration, outlining what changes will be made.make plan
| Name | Version |
|---|---|
| terraform | >= 1.0 |
| azurerm | ~> 3.1 |
| databricks | ~> 1.4 |
| Name | Version |
|---|---|
| azurerm | 3.113.0 |
| databricks.workspace | 1.49.0 |
No modules.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| azure_subscription_id | The ID of the Azure subscription | string |
n/a | yes |
| databricks_account_id | (Required) The ID of the Databricks | string |
n/a | yes |
| databricks_sku | (Optional) The SKU to use for the databricks instance | string |
n/a | yes |
| environment | (Required) Three character environment name | string |
n/a | yes |
| location | (Optional) The location for resource deployment | string |
"australiaeast" |
no |
| metastore_id | (Required) The ID of the Metastore | string |
n/a | yes |
| project | (Required) The project name | string |
n/a | yes |
No outputs.