Creating Cloudera Private Link Network with Authorization option
Learn about how to create Cloudera Private Link Network using the Authorization option.
Required Role: EnvironmentCreator or PowerUser
You need to use the following CLI command to create the Private Link Network using your own
network
automation:
cdp cloudprivatelinks authorize-private-link-service-access
This command is used to authorize access to the Private Link services for your cloud account.
The following parameters should be specified:
Parameter | Description |
---|---|
cloudAccountId |
Your AWS account ID where the private endpoints are created. The account ID needs to be provided, because CDP needs to authorize the account for private link service access. |
region |
Region of the CDP Control Plane. |
serviceGroup |
Name of the CDP service group. |
The following is an example command for creating Cloudera Private Link
Network:
cdp cloudprivatelinks authorize-private-link-service-access --cli-input-json '{
"cloudAccountId" : "112313717721",
"region": "us-west-2",
"serviceGroup": "cdp-control-plane",
}'
The executed command performs the following sequence of steps:
- Identifying the appropriate VPC endpoint service for the request. Existing vpc-svcs are filtered for the requested CDP service component and region.
- Authorizing access to the VPC endpoint service is performed.
The command returns the Private Link service name, CDP service component and the authorization
status as shown in the following example:
{
"authorizePrivateLinkServiceAccessResults": [
{
"privateLinkService": "com.amazonaws.vpce.us-west-2.vpce-svc-0ce5a427a56d80603",
"serviceComponent": "ccmv2",
"authorizationStatus": "SUCCESS",
"availabilityZoneList": "[usw2-az2, usw2-az1, usw2-az3]",
"vpceClientTcpPortList": "[443]",
"hostname": "[*.v2.ccm.cdp.mow-dev.cloudera.com]"
},
]
}
After executing the command, you have to manually complete the following steps:
- Create a security group for the VPC endpoint with the returned ports.
For more information about how to create security groups, see the AWS documentation.
- Create a VPC endpoint with the previously created security group and the VPC endpoint
service filtered.
For more information about how to create VPC endpoints, see the AWS documentation.
You can verify that the domains of the respective CDP service components are reachable and
resolve to private IPs from your VPC using the following command with the returned tracking ID
from creating private link
endpoints:
cdp cloudprivatelinks list-private-link-endpoint-statuses
--tracking-id [***ID***]
You can also check this by accessing the
Monitoring tab of the endpoints in the AWS Console.