\u7531\u4e8e\u4e4b\u524d\u53ea\u662f\u7ffb\u8bd1\u4e86\u6587\u4ef6\uff0c\u5b9e\u9645\u4e0a\u5e76\u6ca1\u6709\u505a\u8fc7\uff0c\u6240\u4ee5\u6211\u6309\u7167\u8fd9\u7bc7\u6587\u7ae0\u7684\u6b65\u9aa4\u8fdb\u884c\u90e8\u7f72\u3002Git\u7684\u6b65\u9aa4\u5c06\u88ab\u5ffd\u7565\u3002<\/p>\n
<\/p>\n
\u8fd9\u91cc\u4e5f\u6709\u8bf4\u660e\u6b65\u9aa4\u7684\u3002<\/p>\n
<\/p>\n
<\/p>\n
\u5728\u7ec8\u7aef\u4e2d\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u3002<\/p>\n
brew tap hashicorp\/tap\r\nbrew install hashicorp\/tap\/terraform\r\n<\/span><\/code><\/pre>\n\u6267\u884c\u4ee5\u4e0a\u547d\u4ee4\u65f6\uff0c<\/p>\n
==> Installing terraform from hashicorp\/tap\r\nError: Your Command Line Tools are too outdated.\r\nUpdate them from Software Update in System Preferences.\r\n\r\nIf that doesn't show you any updates, run:\r\n sudo rm -rf \/Library\/Developer\/CommandLineTools\r\n sudo xcode-select --install\r\n\r\nAlternatively, manually download them from:\r\n https:\/\/developer.apple.com\/download\/all\/.\r\nYou should download the Command Line Tools for Xcode 13.4.\r\n<\/code><\/pre>\n\u5982\u679c\u51fa\u73b0\u4ee5\u4e0b\u9519\u8bef\uff0c\u8bf7\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u6765\u66f4\u65b0\u547d\u4ee4\u884c\u5de5\u5177\u3002<\/p>\n
sudo rm -rf \/Library\/Developer\/CommandLineTools\r\nsudo xcode-select --install\r\n<\/code><\/pre>\n\u5b89\u88c5\u548c\u914d\u7f6eAWS CLI\u3002<\/h2>\n
\u6211\u4f1a\u4f7f\u7528\u8fd9\u4e2aGUI\u5b89\u88c5\u7a0b\u5e8f\u6765\u5b89\u88c5\u3002<\/p>\n
<\/p>\n
\u53c2\u8003\u6b64\u8bbe\u5b9a\uff0c\u8bf7\u83b7\u53d6AWS\u8bbf\u95ee\u5bc6\u94a5\uff0c\u5e76\u5728\u6267\u884caws configure\u65f6\u6307\u5b9a\u3002<\/p>\n
<\/p>\n
Terraform\u7684\u8bbe\u5b9a (Terraform de<\/h1>\n
\u521b\u5efa\u4e00\u4e2a\u5de5\u4f5c\u76ee\u5f55\u5e76\u8fdb\u5165\u8be5\u76ee\u5f55\u3002<\/p>\n
mkdir <\/span>normal_workspace\r\ncd <\/span>normal_workspace\r\n<\/code><\/pre>\n\u5728\u63a5\u4e0b\u6765\u7684\u8fc7\u7a0b\u4e2d\uff0c\u6211\u5c06\u521b\u5efa\u4e00\u4e9b\u6587\u4ef6\u3002<\/p>\n
vars.tf -> \u53d8\u91cf.tf<\/h2>\n
\u8fd9\u662f\u4e00\u4e2a\u5b9a\u4e49\u53d8\u91cf\u7684\u6587\u4ef6\u3002\u8bf7\u6839\u636e\u9700\u8981\u66f4\u65b0\u8981\u90e8\u7f72\u5230\u7684AWS\u533a\u57df\uff08region\uff09\u548cVPC\u7684CIDR\uff08cidr_block\uff09\u3002<\/p>\n
variable<\/span> \"databricks_account_username\"<\/span> {}<\/span>\r\nvariable<\/span> \"databricks_account_password\"<\/span> {}<\/span>\r\nvariable<\/span> \"databricks_account_id\"<\/span> {}<\/span>\r\n\r\nvariable<\/span> \"tags\"<\/span> {<\/span>\r\n default<\/span> =<\/span> {}<\/span>\r\n}<\/span>\r\n\r\nvariable<\/span> \"cidr_block\"<\/span> {<\/span>\r\n default<\/span> =<\/span> \"10.4.0.0\/16\"<\/span>\r\n}<\/span>\r\n\r\nvariable<\/span> \"region\"<\/span> {<\/span>\r\n default<\/span> =<\/span> \"ap-northeast-1\"<\/span>\r\n}<\/span>\r\n\r\n\/\/ See https:\/\/registry.terraform.io\/providers\/hashicorp\/random\/latest\/docs\/resources\/string<\/span>\r\nresource<\/span> \"random_string\"<\/span> \"naming\"<\/span> {<\/span>\r\n special<\/span> =<\/span> false<\/span>\r\n upper<\/span> =<\/span> false<\/span>\r\n length<\/span> =<\/span> 6<\/span>\r\n}<\/span>\r\n\r\nlocals<\/span> {<\/span>\r\n prefix<\/span> =<\/span> \"demo-<\/span>${<\/span>random_string<\/span>.<\/span>naming<\/span>.<\/span>result<\/span>}<\/span>\"<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u521d\u59cb\u5316.tf<\/h2>\n
\u4f7f\u7528\u5fc5\u8981\u7684Databricks\u63d0\u4f9b\u7a0b\u5e8f\u548cAWS\u63d0\u4f9b\u7a0b\u5e8f\u6765\u521d\u59cb\u5316Terraform\u3002<\/p>\n
terraform<\/span> {<\/span>\r\n required_providers<\/span> {<\/span>\r\n databricks<\/span> =<\/span> {<\/span>\r\n source<\/span> =<\/span> \"databricks\/databricks\"<\/span>\r\n version<\/span> =<\/span> \"1.0.0\"<\/span>\r\n }<\/span>\r\n aws<\/span> =<\/span> {<\/span>\r\n source<\/span> =<\/span> \"hashicorp\/aws\"<\/span>\r\n version<\/span> =<\/span> \"3.49.0\"<\/span>\r\n }<\/span>\r\n }<\/span>\r\n}<\/span>\r\n\r\nprovider<\/span> \"aws\"<\/span> {<\/span>\r\n region<\/span> =<\/span> var<\/span>.<\/span>region<\/span>\r\n}<\/span>\r\n\r\n\/\/ Initialize provider in \"MWS\" mode to provision the new workspace.<\/span>\r\n\/\/ alias = \"mws\" instructs Databricks to connect to https:\/\/accounts.cloud.databricks.com, to create<\/span>\r\n\/\/ a Databricks workspace that uses the E2 version of the Databricks on AWS platform.<\/span>\r\n\/\/ See https:\/\/registry.terraform.io\/providers\/databricks\/databricks\/latest\/docs#authentication<\/span>\r\nprovider<\/span> \"databricks\"<\/span> {<\/span>\r\n alias<\/span> =<\/span> \"mws\"<\/span>\r\n host<\/span> =<\/span> \"https:\/\/accounts.cloud.databricks.com\"<\/span>\r\n username<\/span> =<\/span> var<\/span>.<\/span>databricks_account_username<\/span>\r\n password<\/span> =<\/span> var<\/span>.<\/span>databricks_account_password<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u8de8\u8d26\u6237\u89d2\u8272.tf<\/h2>\n
\u6211\u4f1a\u5728\u60a8\u7684AWS\u5e10\u6237\u4e0a\u521b\u5efa\u6240\u9700\u7684IAM\u8de8\u5e10\u6237\u89d2\u8272\u548c\u76f8\u5173\u7b56\u7565\u3002<\/p>\n
\u8bf7\u6ce8\u610f\uff0c\u4ee5\u4e0b\u7684”time_sleep.wait_for_cross_account_role”\u8d44\u6e90\u662f\u4e3a\u4e86\u7b49\u5f85IAM\u89d2\u8272\u7684\u521b\u5efa\u800c\u8bbe\u7f6e\u7684\u3002<\/div>\n\/\/ Create the required AWS STS assume role policy in your AWS account.<\/span>\r\n\/\/ See https:\/\/registry.terraform.io\/providers\/databricks\/databricks\/latest\/docs\/data-sources\/aws_assume_role_policy<\/span>\r\ndata<\/span> \"databricks_aws_assume_role_policy\"<\/span> \"this\"<\/span> {<\/span>\r\n external_id<\/span> =<\/span> var<\/span>.<\/span>databricks_account_id<\/span>\r\n}<\/span>\r\n\r\n\/\/ Create the required IAM role in your AWS account.<\/span>\r\n\/\/ See https:\/\/registry.terraform.io\/providers\/hashicorp\/aws\/latest\/docs\/resources\/iam_role<\/span>\r\nresource<\/span> \"aws_iam_role\"<\/span> \"cross_account_role\"<\/span> {<\/span>\r\n name<\/span> =<\/span> \"<\/span>${<\/span>local<\/span>.<\/span>prefix<\/span>}<\/span>-crossaccount\"<\/span>\r\n assume_role_policy<\/span> =<\/span> data<\/span>.<\/span>databricks_aws_assume_role_policy<\/span>.<\/span>this<\/span>.<\/span>json<\/span>\r\n tags<\/span> =<\/span> var<\/span>.<\/span>tags<\/span>\r\n}<\/span>\r\n\r\n\/\/ Create the required AWS cross-account policy in your AWS account.<\/span>\r\n\/\/ See https:\/\/registry.terraform.io\/providers\/databricks\/databricks\/latest\/docs\/data-sources\/aws_crossaccount_policy<\/span>\r\ndata<\/span> \"databricks_aws_crossaccount_policy\"<\/span> \"this\"<\/span> {}<\/span>\r\n\r\n\/\/ Create the required IAM role inline policy in your AWS account.<\/span>\r\n\/\/ See https:\/\/registry.terraform.io\/providers\/hashicorp\/aws\/latest\/docs\/resources\/iam_role_policy<\/span>\r\nresource<\/span> \"aws_iam_role_policy\"<\/span> \"this\"<\/span> {<\/span>\r\n name<\/span> =<\/span> \"<\/span>${<\/span>local<\/span>.<\/span>prefix<\/span>}<\/span>-policy\"<\/span>\r\n role<\/span> =<\/span> aws_iam_role<\/span>.<\/span>cross_account_role<\/span>.<\/span>id<\/span>\r\n policy<\/span> =<\/span> data<\/span>.<\/span>databricks_aws_crossaccount_policy<\/span>.<\/span>this<\/span>.<\/span>json<\/span>\r\n}<\/span>\r\n\r\nresource<\/span> \"time_sleep\"<\/span> \"wait_for_cross_account_role\"<\/span> {<\/span>\r\n depends_on<\/span> =<\/span> [<\/span>aws_iam_role_policy<\/span>.<\/span>this<\/span>,<\/span> aws_iam_role<\/span>.<\/span>cross_account_role<\/span>]<\/span>\r\n create_duration<\/span> =<\/span> \"20s\"<\/span>\r\n}<\/span>\r\n\r\n\/\/ Properly configure the cross-account role for the creation of new workspaces within your AWS account.<\/span>\r\n\/\/ See https:\/\/registry.terraform.io\/providers\/databricks\/databricks\/latest\/docs\/resources\/mws_credentials<\/span>\r\nresource<\/span> \"databricks_mws_credentials\"<\/span> \"this\"<\/span> {<\/span>\r\n provider<\/span> =<\/span> databricks<\/span>.<\/span>mws<\/span>\r\n account_id<\/span> =<\/span> var<\/span>.<\/span>databricks_account_id<\/span>\r\n role_arn<\/span> =<\/span>