Cloudera Docs

Storage prerequisites

Prepare your Amazon S3 cloud storage for access by creating an IAM user, generating access keys, setting up a bucket and folder, and configuring IAM policies.

  1. Create an AWS IAM user.

    For instructions, see Creating IAM users in the IAM documentation.

  2. Generate an access key and a secret access key for this user.

    For instructions, see Create new access keys for an IAM user in the AWS documentation.

  3. Create a bucket and a storage folder. 
    s3a://<BUCKET-NAME>/storage/
  4. Create an AWS IAM attached policy named S3RazPolicy by using the following permissions:

    For instructions, see Creating IAM policies in the IAM documentation.

    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AccessToBucketObjects",
      "Effect": "Allow",
      "Action": [
        "s3:AbortMultipartUpload",
        "s3:DeleteObject",
        "s3:DeleteObjectVersion",
        "s3:GetObject",
        "s3:GetObjectAcl",
        "s3:GetObjectVersion",
        "s3:GetObjectVersionAcl",
        "s3:PutObject",
        "s3:ListMultipartUploadParts"
      ],
      "Resource": "arn:aws:s3:::<BUCKET-NAME>/*"
    },
    {
      "Sid": "AccessToBucket",
      "Effect": "Allow",
      "Action": [
        "s3:GetBucketAcl",
        "s3:GetBucketLocation",
        "s3:GetBucketVersioning",
        "s3:GetEncryptionConfiguration",
        "s3:ListBucket",
        "s3:ListBucketMultipartUploads"
      ],
      "Resource": "arn:aws:s3:::<BUCKET-NAME>"
    }
  ]
}
  5. Create an AWS IAM role named S3RazRole by using the following trust policy, and then attach the previously created S3RazPolicy AWS IAM policy:

    For instructions, see Creating a role to delegate permissions to an IAM user in the IAM documentation.

    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::<ARN>:user/<IAM-USER-NAME>"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}