upd

Author: MyroslavLevchyk

README.md

@@ -9,70 +9,96 @@ The main idea behind this module is to deploy resources for Databricks Workspace
 Here we provide some examples of how to provision it with a different options.
 
 ### In example below, these features of given module would be covered:
-1. Permissions and entitlements for users and groups within Databricks
-2. Clusters (i.e., for Unity Catalog and Shared Autoscaling)             
-3. Workspace IP Access list creation                                     
-4. ADLS Gen2 Mount                                                       
-5. Create Secret Scope and assign permissions to custom groups                                                  
-6. SQL Endpoint creation and configuration                               
-7. Create Cluster policy                                                 
-8. Create an Azure Key Vault-backed secret scope                         
+1. Clusters (i.e., for Unity Catalog and Shared Autoscaling)             
+2. Workspace IP Access list creation                                     
+3. ADLS Gen2 Mount                                                       
+4. Create Secret Scope and assign permissions to custom groups                                                  
+5. SQL Endpoint creation and configuration                               
+6. Create Cluster policy                                                 
+7. Create an Azure Key Vault-backed secret scope                         
 
 ```hcl
 # Prerequisite resources
 
+variable "databricks_account_id" {}
+variable "cloud_name" {} # cloud provider (e.g., aws, azure)
+
 # Databricks Workspace with Premium SKU
 data "azurerm_databricks_workspace" "example" {
   name                = "example-workspace"
   resource_group_name = "example-rg"
 }
 
+# Databricks Workspace ID for Azure
+data "azurerm_databricks_workspace" "example" {
+  name                = "example-workspace"
+  resource_group_name = "example-rg"
+}
+
+# Databricks Workspace ID for AWS
+data "databricks_mws_workspaces" "example" {
+  account_id = var.databricks_account_id
+}
+
 # Databricks Provider configuration
 provider "databricks" {
   alias                       = "main"
   host                        = data.azurerm_databricks_workspace.example.workspace_url
   azure_workspace_resource_id = data.azurerm_databricks_workspace.example.id
 }
 
+# Databricks Account-Level Provider configuration
+provider "databricks" {
+  alias      = "account"
+  host       = "https://accounts.azuredatabricks.net"
+  account_id = var.databricks_account_id
+}
+
 # Key Vault where Service Principal's secrets are stored. Used for mounting Storage Container
 data "azurerm_key_vault" "example" {
   name                = "example-key-vault"
   resource_group_name = "example-rg"
 }
 
+locals {
+  databricks_iam_account_groups = [{
+    group_name  = "example-gn"
+    permissions = ["ADMIN"]
+    entitlements = [
+      "allow_instance_pool_create",
+      "allow_cluster_create",
+      "databricks_sql_access"
+    ]
+  }]  
+}
+
 # Assigns Databricks Account groups to Workspace. It is required to assign Unity Catalog Metastore before assigning Account groups to Workspace
 module "databricks_account_groups" {
-  count   = length(var.databricks_iam_account_groups) != 0 ? 1 : 0
+  count   = length(local.databricks_iam_account_groups) != 0 ? 1 : 0
   source  = "data-platform-hq/databricks-account-groups/databricks"
   version = "1.0.1"
-
-  workspace_id               = module.databricks_workspace.workspace_id
-  workspace_group_assignment = var.databricks_iam_account_groups
+  
+  workspace_id               = var.cloud_provider == "azure" ? data.azurerm_databricks_workspace.example.id : data.databricks_mws_workspaces.example.workspaces[0].workspace_id
+  workspace_group_assignment = local.databricks_iam_account_groups
 
   providers = {
     databricks = databricks.account
   }
 }
 
 # Example usage of module for Runtime Premium resources.
-module "databricks_runtime_premium" {
-  source  = "data-platform-hq/databricks-runtime-premium/databricks"
+module "databricks_runtime_premium" {  
+  source  = "data-platform-hq/runtime/databricks"
+  version = "~>1.0" 
 
   project  = "datahq"
   env      = "example"
   location = "eastus"
 
-  # Parameters of Service principal used for ADLS mount
-  # Imports App ID and Secret of Service Principal from target Key Vault
-  key_vault_id             =  data.azurerm_key_vault.example.id
-  sp_client_id_secret_name = "sp-client-id" # secret's name that stores Service Principal App ID
-  sp_key_secret_name       = "sp-key" # secret's name that stores Service Principal Secret Key
-  tenant_id_secret_name    = "infra-arm-tenant-id" # secret's name that stores tenant id value
-
   # Cloud provider
-  cloud_name = cloud-name # cloud provider (e.g., aws, azure)
+  cloud_name = var.cloud_name
 
-  # 1. Permissions and entitlements for users and groups within Databricks
+  # Example configuration for Workspace Groups
   iam_workspace_groups = {
     dev = {
       user = [
@@ -84,17 +110,10 @@ module "databricks_runtime_premium" {
     }
   }
 
-  iam_account_groups = [{
-    group_name  = "example-gn"
-    permissions = ["ADMIN"]
-    entitlements = [
-      "allow_instance_pool_create",
-      "allow_cluster_create",
-      "databricks_sql_access"
-    ]
-  }]
+  # Example configuration for Account Groups
+  iam_account_groups = local.databricks_iam_account_groups
 
-  # 2. Databricks clusters configuration, and assign permission to a custom group on clusters.
+  # 1. Databricks clusters configuration, and assign permission to a custom group on clusters.
   databricks_cluster_configs = [ {
     cluster_name       = "Unity Catalog"
     data_security_mode = "USER_ISOLATION"
@@ -110,33 +129,39 @@ module "databricks_runtime_premium" {
     permissions        = [{group_name = "DEVELOPERS", permission_level = "CAN_MANAGE"}]
   }]
 
-  # 3. Workspace could be accessed only from these IP Addresses:
+  # 2. Workspace could be accessed only from these IP Addresses:
   ip_rules = {
     "ip_range_1" = "10.128.0.0/16",
     "ip_range_2" = "10.33.0.0/16",
   }
   
-  # 4. ADLS Gen2 Mount
+  # 3. ADLS Gen2 Mount
   mountpoints = {
     storage_account_name = data.azurerm_storage_account.example.name
     container_name       = "example_container"
   }
 
-  # 5. Create Secret Scope and assign permissions to custom groups 
+  # Parameters of Service principal used for ADLS mount
+  # Imports App ID and Secret of Service Principal from target Key Vault  
+  sp_client_id_secret_name = "sp-client-id" # secret's name that stores Service Principal App ID
+  sp_key_secret_name       = "sp-key" # secret's name that stores Service Principal Secret Key
+  tenant_id_secret_name    = "infra-arm-tenant-id" # secret's name that stores tenant id value 
+
+  # 4. Create Secret Scope and assign permissions to custom groups 
   secret_scope = [{
     scope_name = "extra-scope"
     acl        = [{ principal = "DEVELOPERS", permission = "READ" }] # Only custom workspace group names are allowed. If left empty then only Workspace admins could access these keys
     secrets    = [{ key = "secret-name", string_value = "secret-value"}]
   }]
 
-  # 6. SQL Warehouse Endpoint
+  # 5. SQL Warehouse Endpoint
   databricks_sql_endpoint = [{
     name        = "default"  
     enable_serverless_compute = true  
     permissions = [{ group_name = "DEVELOPERS", permission_level = "CAN_USE" },]
   }]
 
-  # 7. Databricks cluster policies
+  # 6. Databricks cluster policies
   custom_cluster_policies = [{
     name     = "custom_policy_1",
     can_use  =  "DEVELOPERS", # custom workspace group name, that is allowed to use this policy
@@ -149,7 +174,7 @@ module "databricks_runtime_premium" {
     }
   }]
 
-  # 8. Azure Key Vault-backed secret scope
+  # 7. Azure Key Vault-backed secret scope
   key_vault_secret_scope = [{
     name         = "external"
     key_vault_id = data.azurerm_key_vault.example.id