Access from CDP to customer resources
CDP creates clusters and runs jobs in your cloud provider account on your behalf.
CDP requires your permission to be able to use the resources required by the clusters and jobs in your cloud provider account. To allow CDP to create clusters or run jobs in your cloud provider account:
- Your AWS administrator must create a cross-account access IAM role and grant CDP access to the role as a trusted principal. The policy defined for the cross-account access IAM role must include permissions to allow CDP to create and manage resources and to perform the tasks and access the resources required for the CDP clusters and jobs.
- Your Azure account administrator must create an app registration and assign a role to it with permissions allowing CDP to create and manage resources and to perform the tasks and access the resources required for the CDP clusters and jobs.
- Your GCP account administrator must create a service account and assign permissions allowing CDP to create and manage resources and to perform the tasks and access the resources required for the CDP clusters and jobs.
For more information about credentials and security groups, refer to the following documentation:
