Hortonworks Docs » Cloudbreak 2.8.0 » Advanced Cluster Options
Advanced Cluster Options
Also available as:
PDF

Permissions for using EBS encryption

If planning to use encryption, ensure that the IAM role (if using role-based credential) or IAM user (if using key-based credential) that you are using for the Cloudbreak credential has the following permissions.

Note
Note

If you created your CredentialRole according to Cloudbreak 2.8 (or newer) documentation, these permissions are already included. However, if you created your CredentialRole according to the documentation for a Cloudbreak version earlier than 2.8, you must update your CbPolicy.

EC2 permissions

{
  "Version": "2012-10-17",
  "Statement": {
    "Effect": "Allow",
    "Action": [
      "ec2:CopyImage",
      "ec2:CreateSnapshot",
      "ec2:DeleteSnapshot",
      "ec2:DescribeSnapshots",
      "ec2:CreateVolume",
      "ec2:DeleteVolume",
      "ec2:DescribeVolumes",
      "ec2:DeregisterImage",
    ],
    "Resource": "*"
  }
}

KMS permissions

{
  "Version": "2012-10-17",
  "Statement": {
    "Effect": "Allow",
    "Action": [
      "kms:ListKeys",
      "kms:ListKeyPolicies",
      "kms:ListAliases"
    ],
    "Resource": "*"
  }
}
© 2012–2019, Hortonworks, Inc.
Document licensed under the Creative Commons Attribution ShareAlike 4.0 License.
Hortonworks.com | Documentation | Support | Community