Skip to main content

GCP

Setting Up Terraform

Note

SAT v0.2.0 or higher introduces full support for Unity Catalog. You can now pick your own catalog instead of being limited to the hive_metastore. Additionally, you have the flexibility to choose your own schema name.

Step 1: Install Required Tools

  1. Install Terraform.
  2. Install Git on your local machine.

Step 2: Clone the Repository

Clone the Security Analysis Tool repository using:

git clone https://github.com/databricks-industry-solutions/security-analysis-tool.git

Step 3: Navigate to the Terraform Directory

Navigate to the relevant cloud directory:

cd security-analysis-tool/terraform/<cloud>/

Step 4: Configure Variables

  1. Create a terraform.tfvars file using the template.tfvars file as a base.
  2. Refer to the variables.tf for descriptions of the variables.
  3. Set all required variables for your deployment.

Further Documentation for some of the variables:

workspace_id

account_console_id

GCP Specific Variables - navigate to the "Installation -> Credentials Needed" section

Proxies are now supported as part of SAT. You can add your HTTP and HTTPS links to use your proxies.

{
    "http": "http://example.com",
    "https": "https://example.com"
}

Run Terraform and SAT Workflows

Step 5: Run Terraform Commands

  1. Initialize Terraform:
terraform init
  1. Plan Terraform Changes - create a plan to preview changes to your infrastructure:
terraform plan
  1. Apply Terraform Plan - Execute the proposed changes:
terraform apply

Step 6: Run Databricks Jobs

  1. Run "SAT Initializer Notebook":
  • This must be run successfully once. While it can be run multiple times, a single successful run is sufficient.
  1. Run "SAT Driver Notebook":
  • This notebook can be scheduled to run periodically (e.g., every Monday, Wednesday, and Friday).

Step 7: Access the SAT Dashboard

  1. Navigate to the SQL > Dashboard in the left menu from the Databricks workspace.
  2. Select the SAT Dashboard, choose a Workspace from the dropdown, and refresh the dashboard.

Supplemental Documentation

Additional Considerations:

If a pre-existing secret scope named sat_scope causes jobs to fail:

  1. Rename the secret scope in secrets.tf
  2. Re-run terraform apply.
  3. Update the secret scope name in 6 locations (CMD 4 and CMD 5) of Workspace -> Applications -> SAT-TF/notebooks/Utils/initialize.
  4. Re-run failed jobs

Congratulations! 🎉 You are now ready to start using the SAT. Please click here for a detailed description on how to run and use it.