Create the IDBroker mapping
To enable your CDP user to utilize the central authentication features CDP provides and to exchange credentials for AWS or Azure access tokens, you have to map this CDP user to the correct IAM role or Azure Managed Service Identity (MSI). The option to add/modify these mappings is available from the Management Console in your CDP environment.
Access IDBroker Mappings.
- To access IDBroker Mappings in your environment, click Actions | Manage Access.
- Choose the IDBroker Mappings tab where you can provide mappings for users or groups and click Edit.
Add your CDP user and the corresponding AWS or Azure role that provides write
access to your folder in your S3 bucket or ADLS folder to the Current
- Click Save and Sync.
Go to the environment in which your Flow Management and Data Engineering
clusters are running. Click Actions | Manage Access and
select the IDBroker Mapping tab in the next screen. Add a
new mapping for your service user, mapping the user to an existing IAM role or
Azure Managed Identity Resource ID that has access to the underlying storage
which is used by the target Hive table.
- Ensure that your IDBroker mapping change is synchronized to the environment successfully.