Azure

Setting Up Terraform

Note

SAT v0.2.0 or higher introduces full support for Unity Catalog. You can now pick your own catalog instead of being limited to the hive_metastore. Additionally, you have the flexibility to choose your own schema name.

Note

SAT requires at least one SAT set up in a workspace per Azure subscription.

Step 1: Install Required Tools

1. Install Terraform.
2. Install Git on your local machine.

Step 2: Clone the Repository

Clone the Security Analysis Tool repository using:

git clone https://github.com/databricks-industry-solutions/security-analysis-tool.git

Step 3: Navigate to the Terraform Directory

Navigate to the relevant cloud directory:

cd security-analysis-tool/terraform/<cloud>/

Step 4: Configure Variables

1. Create a terraform.tfvars file using the template.tfvars file as a base.
2. Refer to the variables.tf for descriptions of the variables.
3. Set all required variables for your deployment.

Azure-Specific Configuration

• Follow the Azure Setup Guide for variable setup.

Service Principal Role Requirements:

• "Reader" role at the subscription level via Access control (IAM).
• Accounts Admin role
• Admin role for each workspace
• Member of the metastore admin group

Refer to the documentation for workspace_url, workspace_id, and account_console_id

Step 5: Configure Azure CLI Credentials

1. Set up Azure CLI credentials for the provider block in provider.tf.
2. Use the Azure CLI to log in. The CLI will open a web browser for authentication:

az login

Proxies are now supported as part of SAT. You can add your HTTP and HTTPS links to use your proxies.

{
    "http": "http://example.com",
    "https": "https://example.com"
}

Run Terraform and SAT Workflows

Step 6: Run Terraform Commands

1. Initialize Terraform:

terraform init

2. Plan Terraform Changes - create a plan to preview changes to your infrastructure:

terraform plan

3. Apply Terraform Plan - Execute the proposed changes:

terraform apply

Step 7: Run Databricks Jobs

1. Run "SAT Initializer Notebook":

• This must be run successfully once. While it can be run multiple times, a single successful run is sufficient.

2. Run "SAT Driver Notebook":

• This notebook can be scheduled to run periodically (e.g., every Monday, Wednesday, and Friday).

Step 8: Access the SAT Dashboard

1. Navigate to the SQL > Dashboard in the left menu from the Databricks workspace.
2. Select the SAT Dashboard, choose a Workspace from the dropdown, and refresh the dashboard.

Supplemental Documentation

• Databricks Documentation Terraform
• Databricks Terraform Provider Docs

Additional Considerations:

If a pre-existing secret scope named sat_scope causes jobs to fail:

1. Rename the secret scope in secrets.tf
2. Re-run terraform apply.
3. Update the secret scope name in 6 locations (CMD 4 and CMD 5) of Workspace -> Applications -> SAT-TF/notebooks/Utils/initialize.
4. Re-run failed jobs

Congratulations! 🎉 You are now ready to start using the SAT. Please click here for a detailed description on how to run and use it.