Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

This page contains:

  • how to run the script to grant rights

  • script is run recurrently to automatically add rights to new assets (workflows, clusters etc)

python_provising.py → grants permissions to the service principal used by LHM based on user input

  • script requires admin Databricks account with which permissions can be granted

Required files

How to create the AWS Canary

Step 1. Create a python virtualenv
On your local machine create a virtual env in order to prepare the canary archive.

mkdir lhm-grant
cd lhm-grant
python3 -m venv .venv
source .venv/bin/activate

Step 2. Download the requirements.txt into the created lhm-grant folder

Step 3. Install required packages

pip install -r requirements.txt

Step 4. Copy all the installed libraries into a folder called python

mkdir python
cp -rfv .venv/lib/python3.7/site-packages/* python/

Step 5. Download aws_main.py and python_provisioning.py into the python directory

Step 6. Modify aws_main.py script and provide the needed information for the grant code in the section marked for change

Step 7. Create an archive with the python folder

zip -r9 lhm-grant.zip python

Step 8. Upload the archive to s3

Step 9. Create CloudWatch canary from s3 bucket artifact

  • name you canary as lhm-grant (or any other name that you want to use)

  • select the S3 location for the archive

  • set the lambda handler (your entry point for the script) to aws_main.handler

  • set the schedule to continuously with intervals of 15 mins

    • recommended configuration

Step 10. Check logs of the python_provisioning.py script run

Open the list of Synthetic Canaries and select the canary configured previously (e.g. lhm-grant) in order to select a particular run and view the logs.

To check the logs of a run you will download the artifacts archive from that run, unzip it and there should be a file called python_provisioning.log

  • No labels