add new files for module

adding test for regulated workspace module

commiting terraform lock file

adding lock file

Author: rportilla-databricks

Diff for: .gitignore

@@ -1,40 +1,44 @@
-./aws/base/.terraform/*
-./aws/base/.terraform.lock.hcl
-./aws/base/terraform.tfstate
-./aws/base/terraform.tfstate.backup
-./aws/base_customer_vpc/.terraform/*
-./aws/base_customer_vpc/.terraform.lock.hcl
-./aws/base_customer_vpc/terraform.tfstate
-./aws/base_customer_vpc/terraform.tfstate.backup
-./aws/security/.terraform/*
-./aws/security/.terraform.lock.hcl
-./aws/security/terraform.tfstate
-./aws/security/terraform.tfstate.backup
-./aws/fs_lakehouse/.terraform/*
-./aws/fs_lakehouse/.terraform.lock.hcl
-./aws/fs_lakehouse/terraform.tfstate
-./aws/fs_lakehouse/terraform.tfstate.backup
-./azure/base/.terraform/*
-./azure/base/.terraform.lock.hcl
-./azure/base/terraform.tfstate
-./azure/base/terraform.tfstate.backup
-./azure/managed_vnet/.terraform/*
-./azure/managed_vnet/.terraform.lock.hcl
-./azure/managed_vnet/terraform.tfstate
-./azure/managed_vnet/terraform.tfstate.backup
-./gcp/.terraform/*
-./gcp/.idea/*
-./gcp/terraform.tfstate
-./gcp/terraform.tfstate.backup
-./gcp/.terraform.lock.hcl
-./azure/.idea/*
-./azure/terraform.tfstate
-./azure/terraform.tfstate.backup
-./azure/.terraform.lock.hcl
+# MacOS
+.DS_Store
 
+# IntelliJ
+.idea/
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
 
 .idea
 ./.idea
-./.idea/*
-/azure/managed_vnet/.terraform/
-/azure/.terraform/
+./.idea/*

Diff for: aws/fs_lakehouse/data/pii_data.csv

@@ -2,10 +2,11 @@
 page_title: "Provisioning Secure Databricks Workspaces on AWS with Terraform"
 ---
 
-# How to Deploy a Lakehouse Blueprint using Best Practices and Industry Helper Libraries
+# Module to Deploy a Lakehouse Blueprint using Best Practices and Industry Helper Libraries
 
-This guide uses the following variables. Please all variables here in a terraform.tfvars file (outside the github project) and reference it using `terraform apply -var-file="<location for tfvars file>/terraform.tfvars"`.
+This modules uses the following input variables. Please all variables here in a terraform.tfvars file (outside the github project) and reference it using `terraform apply -var-file="<location for tfvars file>/terraform.tfvars"`.
 
+### Input Variables 
 - `databricks_account_id`: The ID per Databricks AWS account used for accessing account management APIs. After the AWS E2 account is created, this is available after logging into [https://accounts.cloud.databricks.com](https://accounts.cloud.databricks.com).
 - `databricks_account_username`: E2 user account email address
 - `databricks_account_password` - E2 account password
@@ -19,10 +20,33 @@ This guide uses the following variables. Please all variables here in a terrafor
 -  `security_group_id` - security group ID used for VPC subnets
 -  `cross_account_arn` - existing cross-account role arn
 
-This guide is provided as-is and you can use this guide as the basis for your custom Terraform module.
+### Output Variables 
 
+-  `workspace_url` - URL which allows users to log into the created regulated workspace
+-  `workspace_id` - Numeric ID mapping to the newly created regulated workspace
 
 
+### Usage
+
+```hcl
+module "aws_customer_managed_vpc" {
+  source = "databricks/aws_customer_managed_vpc/"
+  
+  databricks_account_id = # see description above
+  databricks_account_username = # see description above
+  databricks_account_password = # see description above
+  region = # see description above
+  relay_vpce_service = # see description above
+  workspace_vpce_service = # see description above
+  vpce_subnet_cidr = # see description above
+  vpc_id = # see description above
+  subnet_ids = # see description above
+  security_group_id = # see description above
+  cross_account_arn = # see description above
+  
+}
+```
+
 ## Provider initialization
 
 Initialize [provider with `mws` alias](https://www.terraform.io/language/providers/configuration#alias-multiple-provider-configurations) to set up account-level resources.

Diff for: aws/fs_lakehouse/init.tf

@@ -1,4 +1,9 @@
 terraform {
+  backend "s3" {
+    bucket = "databricks-terraform-blueprints"
+    key = "aws_customer_managed_vpc.tfstate"
+    region = "us-east-1"
+  }
   required_providers {
     databricks = {
       source  = "databricks/databricks"

Diff for: aws/base/cross-account-role.tf renamed to modules/aws_base/cross-account-role.tf

@@ -32,4 +32,14 @@ resource "databricks_mws_workspaces" "this" {
   private_access_settings_id = databricks_mws_private_access_settings.pas.private_access_settings_id
   pricing_tier               = "ENTERPRISE"
   depends_on                 = [databricks_mws_networks.this]
+}
+
+output "workspace_url" {
+  value = databricks_mws_workspaces.this.workspace_url
+  description = "URL for newly created Databricks workspace"
+}
+
+output "workspace_id" {
+  value = databricks_mws_workspaces.this.id
+  description = "Workspace numeric ID"
 }

Diff for: aws/base/init.tf renamed to modules/aws_base/init.tf

@@ -0,0 +1,4 @@
+Name|Address|Credit_Card_Number|Card_Type
+Robert Aragon|10 South Point Lane|*4295|VISA
+Ashley Borden|233 Langley Drive|*3020|AMEX
+Thomas Conley|9181 Bisbey Court|*8111|MC

Diff for: aws/base/root-bucket.tf renamed to modules/aws_base/root-bucket.tf

@@ -0,0 +1,25 @@
+terraform {
+  backend "s3" {
+    bucket = "databricks-terraform-blueprints-aws-fs-lakehouse"
+    key = "aws_regulated_lakehouse.tfstate"
+    region = "us-east-1"
+  }
+  required_providers {
+    databricks = {
+      source  = "databricks/databricks"
+    }
+    aws = {
+      source = "hashicorp/aws"
+    }
+  }
+}
+
+provider "aws" {
+  region = local.region
+}
+
+provider "databricks" {
+  host     = var.workspace_url
+  username = var.databricks_account_username
+  password = var.databricks_account_password
+} # Authenticate using preferred method as described in Databricks provider

Diff for: aws/base/vars.tf renamed to modules/aws_base/vars.tf

@@ -0,0 +1,7 @@
+#module "aws_regulated_workspace" {
+#  source = "../aws_customer_managed_vpc/"
+#  providers = {
+#    databricks = databricks
+#  }
+#  display_name = "aws-regulated-workspace"
+#}

Diff for: aws/base/vpc.tf renamed to modules/aws_base/vpc.tf

@@ -3,6 +3,17 @@ variable "crossaccount_role_name" {
   description = "Role that you've specified on https://accounts.cloud.databricks.com/#aws"
 }
 
+variable "workspace_url" {
+
+}
+variable "databricks_account_username" {
+
+}
+
+variable "databricks_account_password" {
+
+}
+
 locals  {
   region = "us-east-1"
 }

Diff for: aws/base/workspace.tf renamed to modules/aws_base/workspace.tf

@@ -0,0 +1,30 @@
+terraform {
+  backend "s3" {
+    bucket = "databricks-terraform-blueprints"
+    key = "test_aws_customer_managed_vpc.tfstate"
+    region = "us-east-1"
+  }
+  required_providers {
+    databricks = {
+      source  = "databricks/databricks"
+      version = "0.5.0"
+    }
+    aws = {
+      source = "hashicorp/aws"
+      version = "3.49.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = var.region
+}
+
+// initialize provider in "MWS" mode for provisioning workspace with AWS PrivateLink
+provider "databricks" {
+  alias    = "mws"
+  host     = "https://accounts.cloud.databricks.com"
+  username = var.databricks_account_username
+  password = var.databricks_account_password
+}
+

Diff for: aws/base_customer_vpc/README.md renamed to modules/aws_customer_managed_vpc/README.md

@@ -0,0 +1,19 @@
+module "aws_customer_managed_vpc" {
+  source = "../aws_customer_managed_vpc/"
+
+  databricks_account_id = var.databricks_account_id
+  databricks_account_username = var.databricks_account_username
+  databricks_account_password = var.databricks_account_password
+  region = var.region
+  relay_vpce_service = var.relay_vpce_service
+  workspace_vpce_service = var.workspace_vpce_service
+  vpce_subnet_cidr = var.vpce_subnet_cidr
+  vpc_id = var.vpc_id
+  subnet_ids = var.subnet_ids
+  security_group_id = var.security_group_id
+  cross_account_arn = var.cross_account_arn
+}
+
+output "module_workspace_url" {
+  value = module.aws_customer_managed_vpc.workspace_url
+}

Diff for: aws/base_customer_vpc/cross-account-role.tf renamed to modules/aws_customer_managed_vpc/cross-account-role.tf

@@ -0,0 +1,27 @@
+variable "databricks_account_id" {}
+variable "databricks_account_username" {}
+variable "databricks_account_password" {}
+variable "region" {}
+
+variable "workspace_vpce_service" {}
+variable "relay_vpce_service" {}
+variable "vpce_subnet_cidr" {}
+
+variable "private_dns_enabled" { default = true}
+variable "tags" { default = {}}
+
+variable "cidr_block" {
+  default = "10.4.0.0/16"
+}
+
+variable "vpc_id" {}
+variable "subnet_ids" {
+  type=list(string)
+}
+variable "security_group_id" {}
+
+variable "cross_account_arn" {}
+
+locals {
+  prefix = "private-link-ws"
+}