pulumi-databricks 1.77.0a1762276204__py3-none-any.whl → 1.78.0__py3-none-any.whl

pulumi_databricks/get_service_principals.py

@@ -78,6 +78,38 @@ def get_service_principals(application_ids: Optional[Sequence[_builtins.str]] =
 
     > This data source can be used with an account or workspace-level provider.
 
+    ## Example Usage
+
+    Adding all service principals of which display name contains `my-spn` to admin group
+
+    ```python
+    import pulumi
+    import pulumi_databricks as databricks
+    import pulumi_std as std
+
+    admins = databricks.get_group(display_name="admins")
+    spns = databricks.get_service_principals(display_name_contains="my-spn")
+    spn = {__key: databricks.get_service_principal(application_id=__value) for __key, __value in std.toset(input=spns.application_ids).result}
+    my_member_spn = []
+    for range in [{"key": k, "value": v} for [k, v] in enumerate(std.toset(input=spns.application_ids).result)]:
+        my_member_spn.append(databricks.GroupMember(f"my_member_spn-{range['key']}",
+            group_id=admins.id,
+            member_id=spn[range["value"]].sp_id))
+    ```
+
+    ## Related Resources
+
+    The following resources are used in the same context:
+
+    - End to end workspace management guide.
+    - get_current_user data to retrieve information about User or databricks_service_principal, that is calling Databricks REST API.
+    - Group to manage [Account-level](https://docs.databricks.com/aws/en/admin/users-groups/groups) or [Workspace-level](https://docs.databricks.com/aws/en/admin/users-groups/workspace-local-groups) groups.
+    - Group data to retrieve information about Group members, entitlements and instance profiles.
+    - GroupInstanceProfile to attach InstanceProfile (AWS) to databricks_group.
+    - GroupMember to attach users and groups as group members.
+    - Permissions to manage [access control](https://docs.databricks.com/security/access-control/index.html) in Databricks workspace.
+    - databricks_service principal to manage service principals
+
 
     :param Sequence[_builtins.str] application_ids: List of `application_ids` of service principals.  Individual service principal can be retrieved using ServicePrincipal data source
     :param _builtins.str display_name_contains: Only return ServicePrincipal display name that match the given name string
@@ -100,6 +132,38 @@ def get_service_principals_output(application_ids: Optional[pulumi.Input[Optiona
 
     > This data source can be used with an account or workspace-level provider.
 
+    ## Example Usage
+
+    Adding all service principals of which display name contains `my-spn` to admin group
+
+    ```python
+    import pulumi
+    import pulumi_databricks as databricks
+    import pulumi_std as std
+
+    admins = databricks.get_group(display_name="admins")
+    spns = databricks.get_service_principals(display_name_contains="my-spn")
+    spn = {__key: databricks.get_service_principal(application_id=__value) for __key, __value in std.toset(input=spns.application_ids).result}
+    my_member_spn = []
+    for range in [{"key": k, "value": v} for [k, v] in enumerate(std.toset(input=spns.application_ids).result)]:
+        my_member_spn.append(databricks.GroupMember(f"my_member_spn-{range['key']}",
+            group_id=admins.id,
+            member_id=spn[range["value"]].sp_id))
+    ```
+
+    ## Related Resources
+
+    The following resources are used in the same context:
+
+    - End to end workspace management guide.
+    - get_current_user data to retrieve information about User or databricks_service_principal, that is calling Databricks REST API.
+    - Group to manage [Account-level](https://docs.databricks.com/aws/en/admin/users-groups/groups) or [Workspace-level](https://docs.databricks.com/aws/en/admin/users-groups/workspace-local-groups) groups.
+    - Group data to retrieve information about Group members, entitlements and instance profiles.
+    - GroupInstanceProfile to attach InstanceProfile (AWS) to databricks_group.
+    - GroupMember to attach users and groups as group members.
+    - Permissions to manage [access control](https://docs.databricks.com/security/access-control/index.html) in Databricks workspace.
+    - databricks_service principal to manage service principals
+
 
     :param Sequence[_builtins.str] application_ids: List of `application_ids` of service principals.  Individual service principal can be retrieved using ServicePrincipal data source
     :param _builtins.str display_name_contains: Only return ServicePrincipal display name that match the given name string

pulumi_databricks/instance_profile.py

@@ -177,62 +177,6 @@ class InstanceProfile(pulumi.CustomResource):
 
         > Please switch to StorageCredential with Unity Catalog to manage storage credentials, which provides a better and faster way for managing credential security.
 
-        ```python
-        import pulumi
-        import pulumi_aws as aws
-        import pulumi_databricks as databricks
-
-        config = pulumi.Config()
-        # Role that you've specified on https://accounts.cloud.databricks.com/#aws
-        crossaccount_role_name = config.require("crossaccountRoleName")
-        assume_role_for_ec2 = aws.iam.get_policy_document(statements=[{
-            "effect": "Allow",
-            "actions": ["sts:AssumeRole"],
-            "principals": [{
-                "identifiers": ["ec2.amazonaws.com"],
-                "type": "Service",
-            }],
-        }])
-        role_for_s3_access = aws.iam.Role("role_for_s3_access",
-            name="shared-ec2-role-for-s3",
-            description="Role for shared access",
-            assume_role_policy=assume_role_for_ec2.json)
-        pass_role_for_s3_access = aws.iam.get_policy_document_output(statements=[{
-            "effect": "Allow",
-            "actions": ["iam:PassRole"],
-            "resources": [role_for_s3_access.arn],
-        }])
-        pass_role_for_s3_access_policy = aws.iam.Policy("pass_role_for_s3_access",
-            name="shared-pass-role-for-s3-access",
-            path="/",
-            policy=pass_role_for_s3_access.json)
-        cross_account = aws.iam.RolePolicyAttachment("cross_account",
-            policy_arn=pass_role_for_s3_access_policy.arn,
-            role=crossaccount_role_name)
-        shared = aws.iam.InstanceProfile("shared",
-            name="shared-instance-profile",
-            role=role_for_s3_access.name)
-        shared_instance_profile = databricks.InstanceProfile("shared", instance_profile_arn=shared.arn)
-        latest = databricks.get_spark_version()
-        smallest = databricks.get_node_type(local_disk=True)
-        this = databricks.Cluster("this",
-            cluster_name="Shared Autoscaling",
-            spark_version=latest.id,
-            node_type_id=smallest.id,
-            autotermination_minutes=20,
-            autoscale={
-                "min_workers": 1,
-                "max_workers": 50,
-            },
-            aws_attributes={
-                "instance_profile_arn": shared_instance_profile.id,
-                "availability": "SPOT",
-                "zone_id": "us-east-1",
-                "first_on_demand": 1,
-                "spot_bid_price_percent": 100,
-            })
-        ```
-
         ## Usage with Cluster Policies
 
         It is advised to keep all common configurations in Cluster Policies to maintain control of the environments launched, so `Cluster` above could be replaced with `ClusterPolicy`:
@@ -267,41 +211,6 @@ class InstanceProfile(pulumi.CustomResource):
             instance_profile_id=this.id)
         ```
 
-        ## Usage with Databricks SQL serverless
-
-        When the instance profile ARN and its associated IAM role ARN don't match and the instance profile is intended for use with Databricks SQL serverless, the `iam_role_arn` parameter can be specified.
-
-        ```python
-        import pulumi
-        import pulumi_aws as aws
-        import pulumi_databricks as databricks
-
-        sql_serverless_assume_role = aws.iam.get_policy_document(statements=[{
-            "actions": ["sts:AssumeRole"],
-            "principals": [{
-                "type": "AWS",
-                "identifiers": ["arn:aws:iam::790110701330:role/serverless-customer-resource-role"],
-            }],
-            "conditions": [{
-                "test": "StringEquals",
-                "variable": "sts:ExternalID",
-                "values": [
-                    "databricks-serverless-<YOUR_WORKSPACE_ID1>",
-                    "databricks-serverless-<YOUR_WORKSPACE_ID2>",
-                ],
-            }],
-        }])
-        this = aws.iam.Role("this",
-            name="my-databricks-sql-serverless-role",
-            assume_role_policy=sql_serverless_assume_role.json)
-        this_instance_profile = aws.iam.InstanceProfile("this",
-            name="my-databricks-sql-serverless-instance-profile",
-            role=this.name)
-        this_instance_profile2 = databricks.InstanceProfile("this",
-            instance_profile_arn=this_instance_profile.arn,
-            iam_role_arn=this.arn)
-        ```
-
         ## Import
 
         The resource instance profile can be imported using the ARN of it
@@ -344,62 +253,6 @@ class InstanceProfile(pulumi.CustomResource):
 
         > Please switch to StorageCredential with Unity Catalog to manage storage credentials, which provides a better and faster way for managing credential security.
 
-        ```python
-        import pulumi
-        import pulumi_aws as aws
-        import pulumi_databricks as databricks
-
-        config = pulumi.Config()
-        # Role that you've specified on https://accounts.cloud.databricks.com/#aws
-        crossaccount_role_name = config.require("crossaccountRoleName")
-        assume_role_for_ec2 = aws.iam.get_policy_document(statements=[{
-            "effect": "Allow",
-            "actions": ["sts:AssumeRole"],
-            "principals": [{
-                "identifiers": ["ec2.amazonaws.com"],
-                "type": "Service",
-            }],
-        }])
-        role_for_s3_access = aws.iam.Role("role_for_s3_access",
-            name="shared-ec2-role-for-s3",
-            description="Role for shared access",
-            assume_role_policy=assume_role_for_ec2.json)
-        pass_role_for_s3_access = aws.iam.get_policy_document_output(statements=[{
-            "effect": "Allow",
-            "actions": ["iam:PassRole"],
-            "resources": [role_for_s3_access.arn],
-        }])
-        pass_role_for_s3_access_policy = aws.iam.Policy("pass_role_for_s3_access",
-            name="shared-pass-role-for-s3-access",
-            path="/",
-            policy=pass_role_for_s3_access.json)
-        cross_account = aws.iam.RolePolicyAttachment("cross_account",
-            policy_arn=pass_role_for_s3_access_policy.arn,
-            role=crossaccount_role_name)
-        shared = aws.iam.InstanceProfile("shared",
-            name="shared-instance-profile",
-            role=role_for_s3_access.name)
-        shared_instance_profile = databricks.InstanceProfile("shared", instance_profile_arn=shared.arn)
-        latest = databricks.get_spark_version()
-        smallest = databricks.get_node_type(local_disk=True)
-        this = databricks.Cluster("this",
-            cluster_name="Shared Autoscaling",
-            spark_version=latest.id,
-            node_type_id=smallest.id,
-            autotermination_minutes=20,
-            autoscale={
-                "min_workers": 1,
-                "max_workers": 50,
-            },
-            aws_attributes={
-                "instance_profile_arn": shared_instance_profile.id,
-                "availability": "SPOT",
-                "zone_id": "us-east-1",
-                "first_on_demand": 1,
-                "spot_bid_price_percent": 100,
-            })
-        ```
-
         ## Usage with Cluster Policies
 
         It is advised to keep all common configurations in Cluster Policies to maintain control of the environments launched, so `Cluster` above could be replaced with `ClusterPolicy`:
@@ -434,41 +287,6 @@ class InstanceProfile(pulumi.CustomResource):
             instance_profile_id=this.id)
         ```
 
-        ## Usage with Databricks SQL serverless
-
-        When the instance profile ARN and its associated IAM role ARN don't match and the instance profile is intended for use with Databricks SQL serverless, the `iam_role_arn` parameter can be specified.
-
-        ```python
-        import pulumi
-        import pulumi_aws as aws
-        import pulumi_databricks as databricks
-
-        sql_serverless_assume_role = aws.iam.get_policy_document(statements=[{
-            "actions": ["sts:AssumeRole"],
-            "principals": [{
-                "type": "AWS",
-                "identifiers": ["arn:aws:iam::790110701330:role/serverless-customer-resource-role"],
-            }],
-            "conditions": [{
-                "test": "StringEquals",
-                "variable": "sts:ExternalID",
-                "values": [
-                    "databricks-serverless-<YOUR_WORKSPACE_ID1>",
-                    "databricks-serverless-<YOUR_WORKSPACE_ID2>",
-                ],
-            }],
-        }])
-        this = aws.iam.Role("this",
-            name="my-databricks-sql-serverless-role",
-            assume_role_policy=sql_serverless_assume_role.json)
-        this_instance_profile = aws.iam.InstanceProfile("this",
-            name="my-databricks-sql-serverless-instance-profile",
-            role=this.name)
-        this_instance_profile2 = databricks.InstanceProfile("this",
-            instance_profile_arn=this_instance_profile.arn,
-            iam_role_arn=this.arn)
-        ```
-
         ## Import
 
         The resource instance profile can be imported using the ARN of it

pulumi_databricks/metastore.py

@@ -45,7 +45,7 @@ class MetastoreArgs:
         :param pulumi.Input[_builtins.str] name: Name of metastore.
         :param pulumi.Input[_builtins.str] owner: Username/groupname/sp application_id of the metastore owner.
         :param pulumi.Input[_builtins.str] region: The region of the metastore
-        :param pulumi.Input[_builtins.str] storage_root: Path on cloud storage account, where managed `Table` are stored. Change forces creation of a new resource. If no `storage_root` is defined for the metastore, each catalog must have a `storage_root` defined.
+        :param pulumi.Input[_builtins.str] storage_root: Path on cloud storage account, where managed `Table` are stored.  If the URL contains special characters, such as space, `&`, etc., they should be percent-encoded (space > `%20`, etc.). Change forces creation of a new resource. If no `storage_root` is defined for the metastore, each catalog must have a `storage_root` defined.
         """
         if cloud is not None:
             pulumi.set(__self__, "cloud", cloud)
@@ -224,7 +224,7 @@ class MetastoreArgs:
     @pulumi.getter(name="storageRoot")
     def storage_root(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
-        Path on cloud storage account, where managed `Table` are stored. Change forces creation of a new resource. If no `storage_root` is defined for the metastore, each catalog must have a `storage_root` defined.
+        Path on cloud storage account, where managed `Table` are stored.  If the URL contains special characters, such as space, `&`, etc., they should be percent-encoded (space > `%20`, etc.). Change forces creation of a new resource. If no `storage_root` is defined for the metastore, each catalog must have a `storage_root` defined.
         """
         return pulumi.get(self, "storage_root")
 
@@ -289,7 +289,7 @@ class _MetastoreState:
         :param pulumi.Input[_builtins.str] name: Name of metastore.
         :param pulumi.Input[_builtins.str] owner: Username/groupname/sp application_id of the metastore owner.
         :param pulumi.Input[_builtins.str] region: The region of the metastore
-        :param pulumi.Input[_builtins.str] storage_root: Path on cloud storage account, where managed `Table` are stored. Change forces creation of a new resource. If no `storage_root` is defined for the metastore, each catalog must have a `storage_root` defined.
+        :param pulumi.Input[_builtins.str] storage_root: Path on cloud storage account, where managed `Table` are stored.  If the URL contains special characters, such as space, `&`, etc., they should be percent-encoded (space > `%20`, etc.). Change forces creation of a new resource. If no `storage_root` is defined for the metastore, each catalog must have a `storage_root` defined.
         """
         if cloud is not None:
             pulumi.set(__self__, "cloud", cloud)
@@ -468,7 +468,7 @@ class _MetastoreState:
     @pulumi.getter(name="storageRoot")
     def storage_root(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
-        Path on cloud storage account, where managed `Table` are stored. Change forces creation of a new resource. If no `storage_root` is defined for the metastore, each catalog must have a `storage_root` defined.
+        Path on cloud storage account, where managed `Table` are stored.  If the URL contains special characters, such as space, `&`, etc., they should be percent-encoded (space > `%20`, etc.). Change forces creation of a new resource. If no `storage_root` is defined for the metastore, each catalog must have a `storage_root` defined.
         """
         return pulumi.get(self, "storage_root")
 
@@ -558,6 +558,43 @@ class Metastore(pulumi.CustomResource):
 
         For Azure
 
+        ```python
+        import pulumi
+        import pulumi_databricks as databricks
+        import pulumi_std as std
+
+        this = databricks.Metastore("this",
+            name="primary",
+            storage_root=std.format(input="abfss://%s@%s.dfs.core.windows.net/",
+                args=[
+                    unity_catalog["name"],
+                    unity_catalog_azurerm_storage_account["name"],
+                ]).result,
+            owner="uc admins",
+            region="eastus",
+            force_destroy=True)
+        this_metastore_assignment = databricks.MetastoreAssignment("this",
+            metastore_id=this.id,
+            workspace_id=workspace_id)
+        ```
+
+        For GCP
+
+        ```python
+        import pulumi
+        import pulumi_databricks as databricks
+
+        this = databricks.Metastore("this",
+            name="primary",
+            storage_root=f"gs://{unity_metastore['name']}",
+            owner="uc admins",
+            region=us_east1,
+            force_destroy=True)
+        this_metastore_assignment = databricks.MetastoreAssignment("this",
+            metastore_id=this.id,
+            workspace_id=workspace_id)
+        ```
+
         ## Import
 
         This resource can be imported by ID:
@@ -589,7 +626,7 @@ class Metastore(pulumi.CustomResource):
         :param pulumi.Input[_builtins.str] name: Name of metastore.
         :param pulumi.Input[_builtins.str] owner: Username/groupname/sp application_id of the metastore owner.
         :param pulumi.Input[_builtins.str] region: The region of the metastore
-        :param pulumi.Input[_builtins.str] storage_root: Path on cloud storage account, where managed `Table` are stored. Change forces creation of a new resource. If no `storage_root` is defined for the metastore, each catalog must have a `storage_root` defined.
+        :param pulumi.Input[_builtins.str] storage_root: Path on cloud storage account, where managed `Table` are stored.  If the URL contains special characters, such as space, `&`, etc., they should be percent-encoded (space > `%20`, etc.). Change forces creation of a new resource. If no `storage_root` is defined for the metastore, each catalog must have a `storage_root` defined.
         """
         ...
     @overload
@@ -627,6 +664,43 @@ class Metastore(pulumi.CustomResource):
 
         For Azure
 
+        ```python
+        import pulumi
+        import pulumi_databricks as databricks
+        import pulumi_std as std
+
+        this = databricks.Metastore("this",
+            name="primary",
+            storage_root=std.format(input="abfss://%s@%s.dfs.core.windows.net/",
+                args=[
+                    unity_catalog["name"],
+                    unity_catalog_azurerm_storage_account["name"],
+                ]).result,
+            owner="uc admins",
+            region="eastus",
+            force_destroy=True)
+        this_metastore_assignment = databricks.MetastoreAssignment("this",
+            metastore_id=this.id,
+            workspace_id=workspace_id)
+        ```
+
+        For GCP
+
+        ```python
+        import pulumi
+        import pulumi_databricks as databricks
+
+        this = databricks.Metastore("this",
+            name="primary",
+            storage_root=f"gs://{unity_metastore['name']}",
+            owner="uc admins",
+            region=us_east1,
+            force_destroy=True)
+        this_metastore_assignment = databricks.MetastoreAssignment("this",
+            metastore_id=this.id,
+            workspace_id=workspace_id)
+        ```
+
         ## Import
 
         This resource can be imported by ID:
@@ -748,7 +822,7 @@ class Metastore(pulumi.CustomResource):
         :param pulumi.Input[_builtins.str] name: Name of metastore.
         :param pulumi.Input[_builtins.str] owner: Username/groupname/sp application_id of the metastore owner.
         :param pulumi.Input[_builtins.str] region: The region of the metastore
-        :param pulumi.Input[_builtins.str] storage_root: Path on cloud storage account, where managed `Table` are stored. Change forces creation of a new resource. If no `storage_root` is defined for the metastore, each catalog must have a `storage_root` defined.
+        :param pulumi.Input[_builtins.str] storage_root: Path on cloud storage account, where managed `Table` are stored.  If the URL contains special characters, such as space, `&`, etc., they should be percent-encoded (space > `%20`, etc.). Change forces creation of a new resource. If no `storage_root` is defined for the metastore, each catalog must have a `storage_root` defined.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
 
@@ -863,7 +937,7 @@ class Metastore(pulumi.CustomResource):
     @pulumi.getter(name="storageRoot")
     def storage_root(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
-        Path on cloud storage account, where managed `Table` are stored. Change forces creation of a new resource. If no `storage_root` is defined for the metastore, each catalog must have a `storage_root` defined.
+        Path on cloud storage account, where managed `Table` are stored.  If the URL contains special characters, such as space, `&`, etc., they should be percent-encoded (space > `%20`, etc.). Change forces creation of a new resource. If no `storage_root` is defined for the metastore, each catalog must have a `storage_root` defined.
         """
         return pulumi.get(self, "storage_root")
 

pulumi_databricks/metastore_data_access.py

@@ -479,6 +479,30 @@ class MetastoreDataAccess(pulumi.CustomResource):
 
         For Azure using managed identity as credential (recommended)
 
+        ```python
+        import pulumi
+        import pulumi_databricks as databricks
+        import pulumi_std as std
+
+        this = databricks.Metastore("this",
+            name="primary",
+            storage_root=std.format(input="abfss://%s@%s.dfs.core.windows.net/",
+                args=[
+                    unity_catalog["name"],
+                    unity_catalog_azurerm_storage_account["name"],
+                ]).result,
+            owner="uc admins",
+            region="eastus",
+            force_destroy=True)
+        this_metastore_data_access = databricks.MetastoreDataAccess("this",
+            metastore_id=this.id,
+            name="mi_dac",
+            azure_managed_identity={
+                "access_connector_id": access_connector_id,
+            },
+            is_default=True)
+        ```
+
         ## Import
 
         This resource can be imported by combination of metastore id and the data access name.
@@ -541,6 +565,30 @@ class MetastoreDataAccess(pulumi.CustomResource):
 
         For Azure using managed identity as credential (recommended)
 
+        ```python
+        import pulumi
+        import pulumi_databricks as databricks
+        import pulumi_std as std
+
+        this = databricks.Metastore("this",
+            name="primary",
+            storage_root=std.format(input="abfss://%s@%s.dfs.core.windows.net/",
+                args=[
+                    unity_catalog["name"],
+                    unity_catalog_azurerm_storage_account["name"],
+                ]).result,
+            owner="uc admins",
+            region="eastus",
+            force_destroy=True)
+        this_metastore_data_access = databricks.MetastoreDataAccess("this",
+            metastore_id=this.id,
+            name="mi_dac",
+            azure_managed_identity={
+                "access_connector_id": access_connector_id,
+            },
+            is_default=True)
+        ```
+
         ## Import
 
         This resource can be imported by combination of metastore id and the data access name.

pulumi_databricks/mlflow_webhook.py

@@ -252,9 +252,9 @@ class MlflowWebhook(pulumi.CustomResource):
             language="PYTHON",
             content_base64=std.base64encode(input=\"\"\"import json
          
-        event_message = dbutils.widgets.get("event_message")
+        event_message = dbutils.widgets.get(\\"event_message\\")
         event_message_dict = json.loads(event_message)
-        print(f"event data={event_message_dict}")
+        print(f\\"event data={event_message_dict}\\")
         \"\"\").result)
         this_job = databricks.Job("this",
             name=f"Pulumi MLflowWebhook Demo ({me.alphanumeric})",
@@ -354,9 +354,9 @@ class MlflowWebhook(pulumi.CustomResource):
             language="PYTHON",
             content_base64=std.base64encode(input=\"\"\"import json
          
-        event_message = dbutils.widgets.get("event_message")
+        event_message = dbutils.widgets.get(\\"event_message\\")
         event_message_dict = json.loads(event_message)
-        print(f"event data={event_message_dict}")
+        print(f\\"event data={event_message_dict}\\")
         \"\"\").result)
         this_job = databricks.Job("this",
             name=f"Pulumi MLflowWebhook Demo ({me.alphanumeric})",

pulumi_databricks/mws_credentials.py

@@ -249,18 +249,18 @@ class MwsCredentials(pulumi.CustomResource):
         # Names of created resources will be prefixed with this value
         prefix = config.require_object("prefix")
         this = databricks.get_aws_assume_role_policy(external_id=databricks_account_id)
-        cross_account_role = aws.iam.Role("cross_account_role",
-            name=f"{prefix}-crossaccount",
+        cross_account_role = aws.index.IamRole("cross_account_role",
+            name=f{prefix}-crossaccount,
             assume_role_policy=this.json,
             tags=tags)
         this_get_aws_cross_account_policy = databricks.get_aws_cross_account_policy()
-        this_role_policy = aws.iam.RolePolicy("this",
-            name=f"{prefix}-policy",
+        this_iam_role_policy = aws.index.IamRolePolicy("this",
+            name=f{prefix}-policy,
             role=cross_account_role.id,
             policy=this_get_aws_cross_account_policy.json)
         this_mws_credentials = databricks.MwsCredentials("this",
             credentials_name=f"{prefix}-creds",
-            role_arn=cross_account_role.arn)
+            role_arn=cross_account_role["arn"])
         ```
 
         ## Related Resources
@@ -324,18 +324,18 @@ class MwsCredentials(pulumi.CustomResource):
         # Names of created resources will be prefixed with this value
         prefix = config.require_object("prefix")
         this = databricks.get_aws_assume_role_policy(external_id=databricks_account_id)
-        cross_account_role = aws.iam.Role("cross_account_role",
-            name=f"{prefix}-crossaccount",
+        cross_account_role = aws.index.IamRole("cross_account_role",
+            name=f{prefix}-crossaccount,
             assume_role_policy=this.json,
             tags=tags)
         this_get_aws_cross_account_policy = databricks.get_aws_cross_account_policy()
-        this_role_policy = aws.iam.RolePolicy("this",
-            name=f"{prefix}-policy",
+        this_iam_role_policy = aws.index.IamRolePolicy("this",
+            name=f{prefix}-policy,
             role=cross_account_role.id,
             policy=this_get_aws_cross_account_policy.json)
         this_mws_credentials = databricks.MwsCredentials("this",
             credentials_name=f"{prefix}-creds",
-            role_arn=cross_account_role.arn)
+            role_arn=cross_account_role["arn"])
         ```
 
         ## Related Resources