Databricks for AWS Guide
Learn more about the benefits of Satori for Databricks and Schedule a demo
Satori streamlines and simplifies the process of controlling access to data in Databricks. Satori reduces the risk of data leakage caused by misconfiguring users or permissions.
Databricks Unity Catalog is designed for centralized data governance. Satori integrates with several of its features such as user management, access controls and audit logs. It only takes a few minutes to get started with Satori. Ensure that you have the following prepared in advance:
- Access to the Satori Management Console.
- The hostname of your Databricks Unit Catalog.
Configuring your AWS Cloud Platform Account
Perform the following steps to grant Satori access to Databricks on AWS.
Go to your Databricks account and get the following configuration details:
Account Information Details
- Databricks Instance
- Account ID
- SQL Warehouses ID
Step 1 - Create a New User for Satori
Perform the following tasks to setup AWS for Databricks:
- Login to your Databricks account.
- Follow the instructions to obtain your databricks-instance from the following Databricks instructions.
Extract the Account Information from Databricks
To extract the relevant Account information from Databricks, perform the following steps:
- Get your account ID - Go to the Databricks Admin console and click on your username located in the right hand corner of the interface and extract Account ID.
- Get your SQL Warehouses ID - In the Workspace console select the SQL Warehouse tab and then copy the ID from Name input field.
Creating a New Satori User in AWS
To create a new Satori user with username password in the *AWS Databricks Admin console for accessing the Unity Catalog, perform the following tasks:
- Go to the User management view add a new Satori user
- Now press the Send Invite button.
- Open the email you received from Databricks and reset the password for that user. You can now generate a password.
- In the Databricks User Management view, select the Satori service principle and then go to the Roles tab and assign the Satori service principle as the Account Admin role.
- In the Databricks User management view, select the Groups tab and then select the admin group that manages the metastore.
- Verify the group that manages the metastore. This configuration is located in the Metastore configuration section in the Data View.
- Now, go to the Workspace view and select your workspace and click the Permissions Tab and select the Satori service principle. Then, set the Permission Role to user.
- Now go the the Databicks Workspace and click on the SQL Warehouses view. Now locate the Satori Warehouse and grant Satori Service Principle permission to use the warehouse.
Step 2 - Enabling the Audit Log on your Account
To take advantage of the system tables and the associated resources on AWS, refer to the Databricks documentation Monitor usage with system tables and enable the Audit logs module on your account using the Enable a system schema API.
Step 3 - Adding a Databricks Unity Catalog to Satori
- Login to the Satori management console https://app.satoricyber.com
- In the Data Stores view, click the plus button to add a new data store.
- Select the Databricks option.
- Now, provide an informative name for the data store, for example: Sales Data Warehouse.
- Enter the Databricks Instance of your Databricks account.
- Enter your databricks account ID.
- Enter your databricks SQL Warehouse ID.
- Select AWS Username / Password
- Enter the username and password that you created for Satori.
- Select your Satori Data Access Controller cloud provider
- Select your Satori Data Access Controller region
- Click Create.
- Finally, you will be redirected to the Data Stores list view