This page contains:
how to run the script to grant rights
script is run recurrently to automatically add rights to new assets (workflows, clusters etc)
python_provising
.py → grants permissions to the service principal used by LHM based on user input
script requires admin Databricks account with which permissions can be granted
Required files
How to create the AWS Canary
Step 1. Create a python virtualenv
On your local machine create a virtual env in order to prepare the canary archive.
mkdir lhm-grant cd lhm-grant python3 -m venv .venv source .venv/bin/activate
Step 2. Download the requirements.txt
into the created lhm-grant
folder
Step 3. Install required packages
pip install -r requirements.txt
Step 4. Copy all the installed libraries into a folder called python
mkdir python cp -rfv .venv/lib/python3.7/site-packages/* python/
Step 5. Download aws_main.py
and python_provisioning.py
into the python
directory
Step 6. Modify aws_main.py
script and provide the needed information for the grant code in the section marked for change
Step 7. Create an archive with the python folder
zip -r9 lhm-grant.zip python
Step 8. Upload the archive to s3
Step 9. Create CloudWatch canary from s3 bucket artifact
name you canary as
lhm-grant
(or any other name that you want to use)select the S3 location for the archive
set the lambda handler (your entry point for the script) to
aws_main.handler
set the schedule to continuously with intervals of 15 mins
recommended configuration
Step 10. Check logs of the python_provisioning.py
script run
Open the list of Synthetic Canaries and select the canary configured previously (e.g. lhm-grant
) in order to select a particular run and view the logs.
To check the logs of a run you will download the artifacts archive from that run, unzip it and there should be a file called python_provisioning.log
Add Comment