upd

Author: MyroslavLevchyk

README.md

@@ -17,6 +17,7 @@ Here we provide some examples of how to provision it with a different options.
 6. Create Cluster policy                                                 
 7. Create an Azure Key Vault-backed secret scope                         
 
+### Example for Azure Cloud:
 ```hcl
 # Prerequisite resources
 
@@ -176,6 +177,175 @@ module "databricks_runtime_premium" {
 
 ```
 
+### In example below, these features of given module would be covered:
+1. Clusters (i.e., for Unity Catalog and Shared Autoscaling)             
+2. Workspace IP Access list creation                                                                                 
+3. Create Secret Scope and assign permissions to custom groups                                                  
+4. SQL Endpoint creation and configuration                               
+5. Create Cluster policy                                                 
+
+### Example for AWS Cloud:
+```hcl
+
+# Prerequisite resources
+
+variable "databricks_account_id" {}
+variable "region" {}
+
+# Databricks Workspace ID
+data "databricks_mws_workspaces" "example" {
+  account_id = var.databricks_account_id
+}
+
+# Provider configuration for SSM
+provider "aws" {
+  alias  = "ssm"
+  region = var.region
+}
+
+# Databricks Account-Level Provider configuration
+provider "databricks" {
+  alias         = "mws"
+  host          = "https://accounts.cloud.databricks.com"
+  account_id    = data.aws_ssm_parameter.this["databricks_account_id"].value
+  client_id     = data.aws_ssm_parameter.this["databricks_admin_sp_id"].value
+  client_secret = data.aws_ssm_parameter.this["databricks_admin_sp_secret"].value
+}
+
+# Databricks Provider configuration
+provider "databricks" {
+  alias         = "workspace"
+  host          = module.databricks_workspace.workspace_url
+  client_id     = data.aws_ssm_parameter.this["databricks_admin_sp_id"].value
+  client_secret = data.aws_ssm_parameter.this["databricks_admin_sp_secret"].value
+}
+
+locals {
+  ssm_parameters = [
+    "databricks_account_id",
+    "databricks_admin_sp_id",
+    "databricks_admin_sp_secret",
+    "github_pat_token"
+  ]
+
+  ssm_parameters_prefix = "/example-prefix/" # Prefix for parameters stored in AWS SSM
+
+  dbx_runtime = {
+    iam_account_groups_assignment = [
+      { group_name = "example gm1", permissions = ["USER"] },
+      { group_name = "example gm2", permissions = ["USER"] }
+    ]
+
+    sql_endpoints = [{
+      name = "example_test"
+      permissions = [
+        { group_name = "example gm1", permission_level = "CAN_MANAGE" },
+      ]
+    }]
+
+    clusters = [{
+      cluster_name = "example1"
+      permissions = [
+        { group_name = "example gm2", permission_level = "CAN_RESTART" },
+      ]
+      }, {
+      cluster_name = "example2"
+      permissions = [
+        { group_name = "example gm2", permission_level = "CAN_RESTART" },
+        { group_name = "example gm1", permission_level = "CAN_MANAGE" },
+      ]
+    }]
+  }
+
+  databricks_custom_cluster_policies = [{
+    name       = null
+    can_use    = null
+    definition = null
+  }]
+
+  dbx_inputs = {
+    vpc_id             = "vpc-example"
+    subnet_ids         = ["subnet-example1", "subnet-example2"]
+    security_group_ids = ["sg-example"]
+  }
+
+  iam_default_permission_boundary_policy_arn = "arn:aws:iam::{ AWS Account ID }:policy/eo_role_boundary"
+}
+
+# SSM Parameter
+data "aws_ssm_parameter" "this" {
+  for_each = local.ssm_parameters
+  name = "${local.ssm_parameters_prefix}${each.key}"
+  provider = aws.ssm
+}
+
+# Label configuration
+module "label" {
+  source  = "cloudposse/label/null"
+  version = "0.25.0"
+
+  namespace   = "example-namespace" 
+  environment = "example-environment"
+  stage       = "example-stage"
+}
+
+# Databricks Workspace configuration
+module "databricks_workspace" {
+  source  = "data-platform-hq/aws-workspace/databricks"
+  version = "1.0.1"
+
+  label              = module.label.id
+  vpc_id             = local.dbx_inputs.vpc_id
+  subnet_ids         = local.dbx_inputs.subnet_ids
+  security_group_ids = local.dbx_inputs.security_group_ids
+  region             = var.region
+  account_id         = data.aws_ssm_parameter.this["databricks_account_id"].value
+  iam_cross_account_workspace_role_config = {
+    permission_boundary_arn = local.iam_default_permission_boundary_policy_arn    
+  }
+
+  providers = {
+    databricks = databricks.mws
+  }
+}
+
+# Account level group assignment to the Workspace
+module "databricks_account_groups" {
+  source  = "data-platform-hq/databricks-account-groups/databricks"
+  version = "1.0.1"
+
+  workspace_id               = module.databricks_workspace.workspace_id
+  workspace_group_assignment = local.dbx_runtime.iam_account_groups_assignment
+
+  providers = {
+    databricks = databricks.mws
+  }
+}
+
+# Databricks Runtime resources configuration (clusters, sql, secrets, etc.)
+module "databricks_runtime" {  
+  source  = "data-platform-hq/runtime/databricks"
+  version = "1.0.0"
+
+  clusters                      = local.dbx_runtime.clusters
+  sql_endpoint                  = local.dbx_runtime.sql_endpoints
+  secret_scope                  = flatten([var.dbx_runtime.secret_scopes, local.demo_wwi_secret_scope])
+  workspace_admin_token_enabled = var.workspace_admin_token_enabled
+  system_schemas_enabled        = alltrue([var.databricks_system_schemas_enabled])
+
+  iam_account_groups      = local.dbx_runtime.iam_account_groups_assignment
+  cloud_name              = "aws"
+  custom_cluster_policies = local.databricks_custom_cluster_policies
+
+  providers = {
+    databricks = databricks.workspace
+  }
+
+  depends_on = [module.databricks_workspace, module.databricks_account_groups]
+}
+
+```
+
 <!-- BEGIN_TF_DOCS -->
 ## Requirements