Using AWS IAM restricted roles and policies for compute and CDE
AWS IAM write permissions are used by the Cloudera Data Engineering (CDE) compute infrastructure to create and delete roles and instance profiles.
Some customers may not be willing to provide IAM write permission in the role’s policy. Instead, customers can set up static pre-created roles andinstance profiles defined and used by the CDE compute infrastructure to provision clusters.
- Create roles and an instance profile.
- Create restricted IAM policies for use by the compute infrastructure.
See the following topics for the procedures for creating the roles and policies.