Access from Cloudera to customer resources
Cloudera creates clusters and runs jobs in your cloud provider account on your behalf.
Cloudera requires your permission to be able to use the resources required by the clusters and jobs in your cloud provider account. To allow Cloudera to create clusters or run jobs in your cloud provider account:
- Your AWS administrator must create a cross-account access IAM role and grant Cloudera access to the role as a trusted principal. The policy defined for the cross-account access IAM role must include permissions to allow Cloudera to create and manage resources and to perform the tasks and access the resources required for the Cloudera clusters and jobs.
- Your Azure account administrator must create an app registration and assign a role to it with permissions allowing Cloudera to create and manage resources and to perform the tasks and access the resources required for the Cloudera clusters and jobs.
- Your GCP account administrator must create a service account and assign permissions allowing Cloudera to create and manage resources and to perform the tasks and access the resources required for the Cloudera clusters and jobs.
For more information about credentials and security groups, refer to the following documentation:
