Suppress instance profile skip_validation diff (#884)

* Fixed missing diff skip for `skip_validation` in `databricks_instance_profile`

Author: nfx

CHANGELOG.md

@@ -3,6 +3,7 @@
 ## 0.3.10
 
 * Added `private_access_level` and `allowed_vpc_endpoint_ids` to `databricks_mws_private_access_settings` resource, which is also now updatable ([#867](https://github.com/databrickslabs/terraform-provider-databricks/issues/867)).
+* Fixed missing diff skip for `skip_validation` in `databricks_instance_profile` ([#860](https://github.com/databrickslabs/terraform-provider-databricks/issues/860)).
 
 ## 0.3.9
 

identity/resource_instance_profile.go

@@ -138,6 +138,12 @@ func ResourceInstanceProfile() *schema.Resource {
 	instanceProfileSchema := common.StructToSchema(InstanceProfileInfo{},
 		func(m map[string]*schema.Schema) map[string]*schema.Schema {
 			m["instance_profile_arn"].ValidateDiagFunc = ValidInstanceProfile
+			m["skip_validation"].DiffSuppressFunc = func(k, old, new string, d *schema.ResourceData) bool {
+				if old == "false" && new == "true" {
+					return true
+				}
+				return false
+			}
 			return m
 		})
 	return common.Resource{

scripts/awsmt-integration/main.tf

@@ -64,19 +64,38 @@ resource "databricks_mws_credentials" "this" {
   depends_on = [aws_iam_role_policy.this]
 }
 
-module "this" {
-  source     = "../modules/aws-mws-common"
-  cidr_block = local.cidr_block
-  region     = local.region
-  prefix     = local.prefix
-  tags       = local.tags
+resource "aws_s3_bucket" "root_storage_bucket" {
+  bucket = "${local.prefix}-root-bucket"
+  acl    = "private"
+  versioning {
+    enabled = false
+  }
+  force_destroy = true
+  tags = merge(local.tags, {
+    Name = "${local.prefix}-root-bucket"
+  })
+}
+
+resource "aws_s3_bucket_public_access_block" "root_storage_bucket" {
+  bucket             = aws_s3_bucket.root_storage_bucket.id
+  ignore_public_acls = true
+  depends_on         = [aws_s3_bucket.root_storage_bucket]
+}
+
+data "databricks_aws_bucket_policy" "this" {
+  bucket = aws_s3_bucket.root_storage_bucket.bucket
+}
+
+resource "aws_s3_bucket_policy" "root_bucket_policy" {
+  bucket = aws_s3_bucket.root_storage_bucket.id
+  policy = data.databricks_aws_bucket_policy.this.json
 }
 
 // register root bucket
 resource "databricks_mws_storage_configurations" "this" {
   provider                   = databricks.mws
   account_id                 = local.account_id
-  bucket_name                = module.this.root_bucket
+  bucket_name                = aws_s3_bucket.root_storage_bucket.bucket
   storage_configuration_name = "${local.prefix}-storage"
 }
 
@@ -94,6 +113,7 @@ module "vpc" {
 
   enable_dns_hostnames = true
   enable_nat_gateway   = true
+  single_nat_gateway   = true
   create_igw           = true
 
   public_subnets  = [cidrsubnet(local.cidr_block, 3, 0)]
@@ -113,45 +133,6 @@ module "vpc" {
   }]
 }
 
-module "vpc_endpoints" {
-  source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
-  version = "3.2.0"
-
-  vpc_id             = module.vpc.vpc_id
-  security_group_ids = [module.vpc.default_security_group_id]
-
-  endpoints = {
-    s3 = {
-      service         = "s3"
-      service_type    = "Gateway"
-      route_table_ids = flatten([
-        module.vpc.private_route_table_ids, 
-        module.vpc.public_route_table_ids])
-      tags            = {
-        Name = "${local.prefix}-s3-vpc-endpoint"
-      }
-    },
-    sts = {
-      service             = "sts"
-      private_dns_enabled = true
-      subnet_ids          = module.vpc.private_subnets
-      tags                = {
-        Name = "${local.prefix}-sts-vpc-endpoint"
-      }
-    },
-    kinesis-streams = {
-      service             = "kinesis-streams"
-      private_dns_enabled = true
-      subnet_ids          = module.vpc.private_subnets
-      tags                = {
-        Name = "${local.prefix}-kinesis-vpc-endpoint"
-      }
-    },    
-  }
-
-  tags = local.tags
-}
-
 resource "databricks_mws_networks" "this" {
   provider           = databricks.mws
   account_id         = local.account_id