Skip to main content

AWS

Setting Up Terraform

Unity Catalog Required

SAT v0.5.0 and higher requires Unity Catalog. Make sure Unity Catalog is enabled in your Databricks environment before installing SAT.

Step 1: Install Required Tools

  1. Install Terraform.
  2. Install Git on your local machine.

Step 2: Clone the Repository

Clone the Security Analysis Tool repository using:

git clone https://github.com/databricks-industry-solutions/security-analysis-tool.git

Step 3: Navigate to the Terraform Directory

Navigate to the relevant cloud directory:

cd security-analysis-tool/terraform/<cloud>/

Step 4: Configure Variables

  1. Create a terraform.tfvars file using the template.tfvars file as a base.
  2. Refer to the variables.tf for descriptions of the variables.
  3. Set all required variables for your deployment.

Further Documentation for some of the variables:

Proxies are now supported as part of SAT. You can add your HTTP and HTTPS links to use your proxies.

{
    "http": "http://example.com",
    "https": "https://example.com"
}

Run Terraform and SAT Workflows

Step 5: Run Terraform Commands

  1. Initialize Terraform:
terraform init
  1. Plan Terraform Changes - create a plan to preview changes to your infrastructure:
terraform plan
  1. Apply Terraform Plan - Execute the proposed changes:
terraform apply

Step 6: Run Databricks Jobs

  1. Run "SAT Initializer Notebook":
  • This must be run successfully once. While it can be run multiple times, a single successful run is sufficient.
  1. Run "SAT Driver Notebook":
  • This notebook can be scheduled to run periodically (e.g., every Monday, Wednesday, and Friday).
  1. Run "SAT Secrets Scanner Notebook" (Optional):
  • This notebook scans workspace notebooks for exposed secrets using TruffleHog. Can be run on-demand or scheduled based on security requirements.

Step 7: Access the SAT Dashboard

  1. Navigate to the SQL > Dashboard in the left menu from the Databricks workspace.
  2. Select the SAT Dashboard, choose a Workspace from the dropdown, and refresh the dashboard.

Supplemental Documentation

Additional Considerations:

If a pre-existing secret scope named sat_scope causes jobs to fail:

  1. Rename the secret scope in secrets.tf
  2. Re-run terraform apply.
  3. Update the secret scope name in 6 locations (CMD 4 and CMD 5) of Workspace -> Applications -> SAT-TF/notebooks/Utils/initialize.
  4. Re-run failed jobs
Permissions Analysis App Setup

To set up the Permissions Analysis app and make it execute correctly, refer to the Permissions Analysis Setup section.

Congratulations! 🎉 You are now ready to start using the SAT. Please click here for a detailed description on how to run and use it.