Needed files

...

This page contains:

• how to run the script to grant rights

• script is run recurrently to automatically add rights to new assets (workflows, clusters etc)

python_

...

provising.py

...

...

→ grants permissions to the service principal used by LHM based on user input

• script requires admin Databricks account with which permissions can be granted

Required files

How to create the AWS Canary

Step 1. Create a python virtualenv
On your local machine create a virtual env in order to prepare the canary archive.

mkdir lhm-grant
cd lhm-grant
python3 -m venv .venv
source .venv/bin/activate

Step 2. Download the requirements.txt into the created lhm-grant folder

Step 3. Install required packages

pip install -r requirements.txt

Step 4. Copy all the installed libraries into a folder called python

mkdir python
cp -rfv .venv/lib/python3.7/site-packages/* python/

Step 5. Download aws_main.py and python_provisioning.py into the python directory

Step 6. Modify

...

aws_main.py script and provide the needed information for the grant code in the section marked for change

Step 7. Create an archive with the python folder

zip -r9 lhm-grant.zip python

Step 8. Upload the archive to s3

Step 9. Create CloudWatch canary from s3 bucket artifact

...

Notes:

...

• name you canary as lhm-grant (or any other name that you want to use)

• select the S3 location for the archive

• set the lambda handler (your entry point for the script) to aws_main.handler

• set the schedule to continuously with intervals of 15 mins

  • recommended configuration

...

Step 10. Check logs of the python_provisioning.py script run

Open the list of Synthetic Canaries and select the canary configured previously (e.g. lhm-grant) in order to select a particular run and view the logs.

To check the logs of a run you will download the artifacts archive from that run, unzip it and there should be a file called python_provisioning.log

...