Instance Profiles API 2.0
The Instance Profiles API allows admins to add, list, and remove instance profiles that users can launch clusters with. Regular users can list the instance profiles available to them. See Secure access to S3 buckets using instance profiles for more information.
Important
To access Databricks REST APIs, you must authenticate.
Add
Endpoint |
HTTP Method |
|---|---|
|
|
Register an instance profile. In the UI, you can select the instance profile when launching clusters.
This API is only available to admin users.
Example
curl --netrc -X POST \
https://dbc-a1b2345c-d6e7.cloud.databricks.com/api/2.0/instance-profiles/add \
--data '{ "instance_profile_arn": "arn:aws:iam::123456789012:instance-profile/my-profile" }'
{}
Request structure
Field Name |
Type |
Description |
|---|---|---|
instance_profile_arn |
|
The AWS ARN of the instance profile to register with Databricks. It should look like:
|
iam_role_arn |
|
The AWS IAM role ARN of the role associated with the instance profile.
It must have the form |
is_meta_instance_profile |
|
Whether the instance profile is a meta instance profile. Used only in IAM credential passthrough. This field is optional. |
skip_validation |
|
By default, Databricks validates that it has sufficient permissions to launch instances with
the instance profile. This validation uses AWS dry-run mode for the |
Edit
Endpoint |
HTTP Method |
|---|---|
|
|
Edit an instance profile, but the only supported field to change is the optional IAM role ARN associated with the instance profile. It is required to specify the IAM role ARN if both of the following are true:
Your role name and instance profile name do not match. The name is the part after the last slash in each ARN.
You want to use the instance profile with Databricks SQL Serverless.
To understand where these fields are in the AWS console, see Enable Serverless SQL warehouses.
This API is only available to admin users.
Example
curl --netrc -X POST \
https://dbc-a1b2345c-d6e7.cloud.databricks.com/api/2.0/instance-profiles/edit \
--data '{ "instance_profile_arn": "arn:aws:iam::123456789012:instance-profile/my-profile",
"iam_role_arn": "arn:aws:iam::123456789012:role/my-profile2" }'
{}
Request structure
Field Name |
Type |
Description |
|---|---|---|
instance_profile_arn |
|
The AWS ARN of the instance profile to register with <Databricks>. It should look like:
|
iam_role_arn |
|
The AWS IAM role ARN of the role associated with the instance profile.
It must have the form |
List
Endpoint |
HTTP Method |
|---|---|
|
|
List the instance profiles that the calling user can use to launch a cluster.
This API is available to all users.
Example
curl --netrc -X GET \
https://dbc-a1b2345c-d6e7.cloud.databricks.com/api/2.0/instance-profiles/list \
| jq .
{
"instance_profiles": [
{
"instance_profile_arn": "arn:aws:iam::123456789012:instance-profile/my-profile",
"is_meta_instance_profile": false
}
]
}
Response structure
Field Name |
Type |
Description |
|---|---|---|
instance_profiles |
An array of InstanceProfile |
A list of instance profiles that the user can access. |
Remove
Endpoint |
HTTP Method |
|---|---|
|
|
Remove the instance profile with the provided ARN. Existing clusters with this instance profile will continue to function.
This API is only accessible to admin users.
Data structures
In this section:
InstanceProfile
An IAM instance profile that can be attached to instances when launching a cluster.
Field Name |
Type |
Description |
|---|---|---|
instance_profile_arn |
|
The AWS ARN of the instance profile to register with Databricks. It should look like:
|
is_meta_instance_profile |
|
Whether the instance profile is a meta instance profile. Used only in IAM credential passthrough. For more information, see Set up a meta instance profile. |