Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Note
This information applies to Databricks CLI versions 0.205 and above. The Databricks CLI is in Public Preview.
Databricks CLI use is subject to the Databricks License and Databricks Privacy Notice, including any Usage Data provisions.
The account credentials command group within the Databricks CLI contains commands to manage credential configurations for your account. Databricks needs access to a cross-account service IAM role in your AWS account so that Databricks can deploy clusters in the appropriate VPC for new workspaces. A credential configuration encapsulates this role information, and its ID is used when creating a new workspace.
databricks account credentials create
Create a Databricks credential configuration that represents cloud cross-account credentials for a specified account. Databricks uses this to set up network infrastructure properly to host Databricks clusters. For your AWS IAM role, you need to trust the External ID (the Databricks Account API account ID) in the returned credential object, and configure the required access policy.
Tip
Save the response's credentials_id field, which is the ID for your new credential configuration object.
databricks account credentials create [flags]
Options
--json JSON
The inline JSON string or the @path to the JSON file with the request body
Examples
The following example creates a credential configuration using JSON:
databricks account credentials create --json '{"credentials_name": "my-credentials", "aws_credentials": {"sts_role": {"role_arn": "arn:aws:iam::123456789012:role/databricks-cross-account-role"}}}'
The following example creates a credential configuration using a JSON file:
databricks account credentials create --json @credentials.json
databricks account credentials delete
Delete a Databricks credential configuration object for an account, both specified by ID. You cannot delete a credential that is associated with any workspace.
databricks account credentials delete CREDENTIALS_ID [flags]
Arguments
CREDENTIALS_ID
Databricks Account API credential configuration ID.
Options
Examples
The following example deletes a credential configuration by ID:
databricks account credentials delete cred-abc123
databricks account credentials get
Get a Databricks credential configuration object for an account, both specified by ID.
databricks account credentials get CREDENTIALS_ID [flags]
Arguments
CREDENTIALS_ID
Credential configuration ID.
Options
Examples
The following example gets a credential configuration by ID:
databricks account credentials get cred-abc123
databricks account credentials list
List Databricks credential configuration objects for an account, specified by ID.
databricks account credentials list [flags]
Options
Examples
The following example lists all credential configurations:
databricks account credentials list
Global flags
--debug
Whether to enable debug logging.
-h or --help
Display help for the Databricks CLI or the related command group or the related command.
--log-file string
A string representing the file to write output logs to. If this flag is not specified then the default is to write output logs to stderr.
--log-format format
The log format type, text or json. The default value is text.
--log-level string
A string representing the log format level. If not specified then the log format level is disabled.
-o, --output type
The command output type, text or json. The default value is text.
-p, --profile string
The name of the profile in the ~/.databrickscfg file to use to run the command. If this flag is not specified then if it exists, the profile named DEFAULT is used.
--progress-format format
The format to display progress logs: default, append, inplace, or json
-t, --target string
If applicable, the bundle target to use