Cross AWS Account access policies for BPLM deployment

Terms:

  • LHO Application Role - a IAM role that is assigned to the EC2 Instance (VM) where the Lakehouse Monitor is deployed, the role allows sts:AssumeRole permission for cross account access or just regular permission policies for resource access.

  • LHO Agent Role - a IAM role that will be assumed by the Databricks Workspace Instance Profile Roles enabled for the Databricks workloads monitored by LHO.

  • LHM Application host AWS Account - AWS account where the LHO app (VM) is deployed and where DynamoDB and SQS artifacts are also created.

  • Databricks Workspace AWS account - AWS accounts hosting Databricks workspaces


Databricks costs

Cloud Costs via AWS CostExplorer

DynamoDB and SQS