diff --git a/README.md b/README.md
index 37ecf4c..993e0e3 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,54 @@
-# Azure <> Terraform module
-Terraform module for creation Azure <>
+# AWS Databricks Unity Role Terraform module
+Terraform module for creation AWS Databricks Unity Role
## Usage
+## Requirements
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 1.7 |
+| [aws](#requirement\_aws) | ~>5.0 |
+| [databricks](#requirement\_databricks) | ~>1.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [databricks](#provider\_databricks) | ~>1.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [iam\_uc\_role](#module\_iam\_uc\_role) | terraform-aws-modules/iam/aws//modules/iam-assumable-role | ~>5.0 |
+| [iam\_uc\_role\_policy](#module\_iam\_uc\_role\_policy) | terraform-aws-modules/iam/aws//modules/iam-policy | ~>5.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [databricks_storage_credential.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/storage_credential) | resource |
+| [databricks_aws_unity_catalog_assume_role_policy.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/data-sources/aws_unity_catalog_assume_role_policy) | data source |
+| [databricks_aws_unity_catalog_policy.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/data-sources/aws_unity_catalog_policy) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [aws\_account\_id](#input\_aws\_account\_id) | The AWS account ID | `string` | n/a | yes |
+| [bucket\_names](#input\_bucket\_names) | A map of bucket names to their IDs | `map(string)` | n/a | yes |
+| [iam\_role\_boundary\_arn](#input\_iam\_role\_boundary\_arn) | The ARN of the IAM permissions boundary | `string` | n/a | yes |
+| [iam\_role\_name](#input\_iam\_role\_name) | The name of the IAM role | `string` | n/a | yes |
+| [metastore\_id](#input\_metastore\_id) | The ID of the Databricks metastore | `string` | n/a | yes |
+| [storage\_credential\_name](#input\_storage\_credential\_name) | The name of the Databricks storage credential. | `string` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [storage\_creds\_id](#output\_storage\_creds\_id) | The ID of the Databricks storage credential. |
## License
diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..dbfc6e2
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,45 @@
+resource "databricks_storage_credential" "this" {
+ name = coalesce(var.storage_credential_name, "${var.iam_role_name}-creds")
+ metastore_id = var.metastore_id
+ force_update = true
+ force_destroy = true
+
+ aws_iam_role {
+ role_arn = "arn:aws:iam::${var.aws_account_id}:role/${var.iam_role_name}"
+ }
+}
+
+data "databricks_aws_unity_catalog_assume_role_policy" "this" {
+ aws_account_id = var.aws_account_id
+ role_name = var.iam_role_name
+ external_id = databricks_storage_credential.this.aws_iam_role[0].external_id
+}
+
+data "databricks_aws_unity_catalog_policy" "this" {
+ for_each = var.bucket_names
+
+ aws_account_id = var.aws_account_id
+ bucket_name = each.value
+ role_name = var.iam_role_name
+}
+
+module "iam_uc_role_policy" {
+ for_each = var.bucket_names
+ source = "terraform-aws-modules/iam/aws//modules/iam-policy"
+ version = "~>5.0"
+
+ name = each.value
+ policy = data.databricks_aws_unity_catalog_policy.this[each.key].json
+}
+
+module "iam_uc_role" {
+ source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role"
+ version = "~>5.0"
+
+ role_name = var.iam_role_name
+ create_role = true
+ create_custom_role_trust_policy = true
+ custom_role_trust_policy = data.databricks_aws_unity_catalog_assume_role_policy.this.json
+ role_permissions_boundary_arn = var.iam_role_boundary_arn
+ custom_role_policy_arns = [for k, v in var.bucket_names : module.iam_uc_role_policy[k].arn]
+}
diff --git a/outputs.tf b/outputs.tf
new file mode 100644
index 0000000..bb68c36
--- /dev/null
+++ b/outputs.tf
@@ -0,0 +1,4 @@
+output "storage_creds_id" {
+ description = "The ID of the Databricks storage credential."
+ value = databricks_storage_credential.this.id
+}
diff --git a/variables.tf b/variables.tf
new file mode 100644
index 0000000..22e3e14
--- /dev/null
+++ b/variables.tf
@@ -0,0 +1,30 @@
+variable "aws_account_id" {
+ description = "The AWS account ID"
+ type = string
+}
+
+variable "bucket_names" {
+ description = "A map of bucket names to their IDs"
+ type = map(string)
+}
+
+variable "iam_role_boundary_arn" {
+ description = "The ARN of the IAM permissions boundary"
+ type = string
+}
+
+variable "metastore_id" {
+ description = "The ID of the Databricks metastore"
+ type = string
+}
+
+variable "iam_role_name" {
+ description = "The name of the IAM role"
+ type = string
+}
+
+variable "storage_credential_name" {
+ description = "The name of the Databricks storage credential."
+ type = string
+ default = null
+}
diff --git a/versions.tf b/versions.tf
new file mode 100644
index 0000000..7b84c6f
--- /dev/null
+++ b/versions.tf
@@ -0,0 +1,14 @@
+terraform {
+ required_version = ">= 1.7"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = "~>5.0"
+ }
+ databricks = {
+ source = "databricks/databricks"
+ version = "~>1.0"
+ }
+ }
+}