[FEATURE]: Create uber-IAM profile for performing external table migration on AWS #879

nfx · 2024-02-05T11:30:03Z

Is there an existing issue for this?

I have searched the existing issues

Problem statement

Related issues:

[FEATURE]: Migrate AWS IAM Instance Profiles to UC Storage Credentials #862
[FEATURE]: Create uber-principal for performing external migration on Azure #881
Add databricks labs ucx create-uber-principal command to automate the creation of SPN with storage access to all locations #693

Proposed Solution

Create AWS IAM role/profile that has read access for all of the S3 buckets for external table migration and add it to UCX cluster policy:

Creates cluster policy (ucx-policy) to be used by all UCX compute #853

Additional Context

No response

The text was updated successfully, but these errors were encountered:

…pal` command (#993) ## Changes Added CLI command `databricks labs ucx create-uber-principal` for creating uber-IAM profile for performing external table migration on AWS. Logic: * Stop if UCX migration cluster policy is not found * Collect paths of all locations/paths used in tables (call `external_location.snapshot`) * If cluster policy has an existing iam instance profile/role specified, then add/update migration policy providing access to the locations * If cluster policy does not have iam instance profile/role specified, then create new iam profile/role and migration policy, and add it to the cluster policy ### Linked issues Resolves #879 Related issues: - #976 - #693 ### Functionality - [x] added new CLI command ### Tests - [x] manually tested - [x] added unit tests ### TODO - [x] added integration tests - [x] verified on staging environment (screenshot attached) --------- Co-authored-by: Vuong <vuong.nguyen@databricks.com>

nfx added enhancement New feature or request migrate/external go/uc/upgrade SYNC EXTERNAL TABLES step credentials labels Feb 5, 2024

nfx added this to UCX Feb 5, 2024

github-project-automation bot moved this to Triage in UCX Feb 5, 2024

nfx changed the title ~~[FEATURE]: Create uber-IAM profile for performing external migration~~ [FEATURE]: Create uber-IAM profile for performing external table migration on AWS Feb 5, 2024

This was referenced Feb 5, 2024

[FEATURE]: Create uber-principal for performing external migration on Azure #881

Closed

[EPIC]: Figure out storage credential permissions for external locations #893

Closed

FastLee mentioned this issue Feb 7, 2024

[FEATURE]: Create a single principal with access to all table for HMS migration #911

Closed

1 task

mwojtyczka mentioned this issue Feb 29, 2024

Added AWS IAM role support to databricks labs ucx create-uber-principal command #993

Merged

5 tasks

mwojtyczka self-assigned this Feb 29, 2024

nfx closed this as completed in #993 Mar 11, 2024

github-project-automation bot moved this from Triage to Archive in UCX Mar 11, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[FEATURE]: Create uber-IAM profile for performing external table migration on AWS #879

[FEATURE]: Create uber-IAM profile for performing external table migration on AWS #879

nfx commented Feb 5, 2024 •

edited

Loading

[FEATURE]: Create uber-IAM profile for performing external table migration on AWS #879

[FEATURE]: Create uber-IAM profile for performing external table migration on AWS #879

Comments

nfx commented Feb 5, 2024 • edited Loading

Is there an existing issue for this?

Problem statement

Proposed Solution

Additional Context

nfx commented Feb 5, 2024 •

edited

Loading