Instance Profiles API

The Instance Profiles API allows admins to add, list, and remove instance profiles that users can launch clusters with. Regular users can list the instance profiles available to them. See Secure Access to S3 Buckets Using IAM Roles for more information.

Table of Contents

Profiles Add
Profiles List
Profiles Remove
Data Structures

Profiles Add

Endpoint	HTTP Method
`2.0/instance-profiles/add`	`POST`

Register an instance profile in Databricks. In the UI, you can then give users the permission to use this instance profile when launching clusters.

This API is only available to admin users.

An example request:

{
  "instance_profile_arn": "arn:aws:iam::123456789:instance-profile/datascience-role"
}

Request Structure

Field Name	Type	Description
instance_profile_arn	`STRING`	The AWS ARN of the instance profile to register with Databricks. It should look like: `arn:aws:iam::<account-id>:instance-profile/<name>`. This field is required.
skip_validation	`BOOL`	By default, Databricks validates that it has sufficient permissions to launch instances with the instance profile. This validation uses AWS dry-run mode for the `RunInstances` API. If validation fails with an error message that does not indicate an IAM related permission issue, (e.g. “Your requested instance type is not supported in your requested Availability Zone”), you may pass this flag to skip the validation and forcibly add the instance profile.

Profiles List

Endpoint	HTTP Method
`2.0/instance-profiles/list`	`GET`

List the instance profiles that the calling user can use to launch a cluster.

This API is available to all users.

An example response:

{
  "instance_profiles": ["arn:aws:iam::123456789:instance-profile/datascience-role"]
}

Response Structure

Field Name	Type	Description
instance_profiles	An array of InstanceProfile	A list of instance profiles that the user can access.

Profiles Remove

Endpoint	HTTP Method
`2.0/instance-profiles/remove`	`POST`

Remove the instance profile with the provided ARN. Existing clusters with this instance profile will continue to function.

This API is only accessible to admin users.

An example request:

{
  "instance_profile_arn": "arn:aws:iam::123456789:instance-profile/datascience-role"
}

Request Structure

Field Name	Type	Description
instance_profile_arn	`STRING`	The ARN of the instance profile to remove. This field is required.

Data Structures

InstanceProfile

An IAM instance profile that can be attached to instances when launching a cluster.

Field Name	Type	Description
instance_profile_arn	`STRING`	The AWS ARN of the instance profile to register with Databricks. It should look like: `arn:aws:iam::<account-id>:instance-profile/<name>`. This field is required.