AWS Installation

This guide will walk you through setting up the Security Analysis Tool (SAT) on AWS Databricks.

Unity Catalog Required

SAT v0.5.0 and higher requires Unity Catalog. Make sure Unity Catalog is enabled in your Databricks environment before installing SAT.

AWS GovCloud Support

SAT is compatible with AWS GovCloud for the Civilian Shard. To install and run SAT on AWS GovCloud, please use classic compute resources.

Note: DoD Shard compatibility will be coming soon.

Best for Premium & Enterprise Tiers

SAT is especially beneficial to customers on Databricks Premium or Enterprise tiers, as most checks and recommendations involve security features only available in these tiers.

Prerequisites

Before you begin, ensure you have:

• ✅ Reviewed the general prerequisites
• ✅ Appropriate permissions in your Databricks Account Console
• ✅ A metastore attached to your installation workspace
• ✅ Databricks CLI installed and configured
• ✅ Python version lower than 3.12 (for local installation using install.sh)

---

Step 1: Create Service Principal

The Service Principal allows SAT to authenticate with your Databricks workspaces and collect security information.

Follow these steps in the Databricks Account Console:

1. Navigate to the Account Console
2. Click on User management in the left sidebar
3. Select Service Principal → Add service principal
4. Enter a name for the service principal (e.g., "SAT-Service-Principal")
5. Grant the Account Admin role
6. Assign the Workspace Admin role for each workspace to be monitored
7. Add to the Metastore Admin group or role
8. Create a new OAuth Secret
9. Save the Secret and Client ID (you'll need these later)
10. Add the Service Principal to each workspace you want to analyze

Required Permissions:

• Account Admin role
• Workspace Admin role for each workspace
• Metastore admin group membership

---

Step 2: Run Installation

Credentials Required

Have these credentials ready before starting:

• 🔑 Databricks Account ID
• 🔑 Databricks Service Principal ID (Client ID from Step 1)
• 🔑 Databricks Service Principal Secret (from Step 1)

Installation Steps

Run these commands on your workstation or a VM with internet access and Databricks workspace connectivity:

1. Clone the SAT repository:

git clone https://github.com/databricks-industry-solutions/security-analysis-tool.git
cd security-analysis-tool

Databricks CLI Required

Make sure the target workspace has a profile configured in the Databricks CLI.

2. Make the installation script executable and run it:

chmod +x install.sh
./install.sh

Proxy Support

Proxies are supported! You can add your HTTP and HTTPS proxy values during the install.sh script when prompted.

3. Follow the interactive prompts:

The installation script will guide you through the setup process. Here's what it looks like:

---

Next Steps

Congratulations! You've successfully installed SAT on AWS Databricks.

Installation Complete

SAT is now ready to analyze your Databricks workspaces. Click here for a detailed guide on how to run and use it.

---

Need Help?

If you encounter problems during installation:

Common Issues:

• ✓ Double-check your credentials are correct
• ✓ Verify you have the required permissions in your Databricks environment
• ✓ Ensure the Service Principal has been added to all workspaces
• ✓ Confirm the metastore is attached to your workspace

Resources:

• Review our FAQ page for common questions
• Use the diagnostic notebook to verify your setup
• Check the troubleshooting guide for specific errors

Still need help? Contact us at sat@databricks.com