Creating DynamoDB Access Policy

In order to configure S3Guard, you must provide read and write permissions for the DynamoDB table that S3Guard will create and use.

To do this, you must add a DynamoDB access policy to your IAM role using the following steps:

  1. Log in to your AWS account and navigate to the Identity and Access Management (IAM) console.

  2. In the IAM console, select Roles from the left pane.

  3. Search for an IAM role that you want to update:

  4. Click on the role.

  5. In the Permissions tab, click Create Role Policy:

  6. Click Select next to the Policy Generator:

  7. Enter the following:

    Table 1.
    Step Considerations
    Effect Allow
    AWS Service Amazon DynamoDB
    Actions All Actions
    Amazon Resource Name (ARN) *

    Your configuration should look similar to:

  8. Click Add Statement.

  9. Click Next Step.

  10. On the Review Policy page, review your new policy and then click Apply Policy:

Now the policy will be attached to your IAM role and your cluster will be able to talk to DynamoDB, including creating a table for S3 metadata when S3Guard is configured.

You must also configure S3Guard in Cloudera Manager.