Activating an AWS environment from CDW
You need to know how to start your environment and activate it from Cloudera Data Warehouse (CDW) to use many warehouse features. When you start an environment from CDW, activation options appear. You learn about these options, and how to set them for your use case.


Option | Brief Description | Requirements and Recommendations |
---|---|---|
Private Load Balancer, Private Executors | CDW nginix based load balancer runs on private subnets and all workload pods that also run on private subnets. | Requires a jump host or AWS direct connect to access CDW. Cloudera recommends that you use the Private Load Balancer, Private Executors deployment mode if possible for security reasons. |
Public Load Balancer, Private Executors |
CDW nginix based load balancer runs on public subnets and all workload pods that also run on private subnets. |
Select this option to connect to CDW from anywhere as long as the source CIDR filters allow the connection. |
Public Load Balancer, Public Executors |
CDW nginix based load balancer runs on public subnets and all workload pods that also run on public subnets. |
Select this option to connect to CDW from anywhere as long as the source CIDR filters allow the connection. Cloudera does not recommend selecting this option for security reasons. |
Option | Brief Description | Requirements and Recommendations |
---|---|---|
Private Subnets | Accept the selected subnets you configured during AWS environment registration for load balancer and workload pods, or deselect subnets. |
Cloudera recommends three subnets for each load balancer to enable high availability (HA). |
Enable IP CIDR for Kubernetes cluster | Enter the IP Classless Inter-Domain Routing (CIDRs) from which the Kubernetes cluster should accept incoming connections. Connections from other IP ranges are dropped. | Obtain your internal network's IP CIDR ranges of IP addresses that need access to endpoints on the Kubernetes cluster. For more information, see Restricting access to endpoints in AWS. |
Enable IP CIDRs for the load balancer | Enter the IP CIDR(s) from which the load balancer should accept incoming connections. Connections from other IP ranges are dropped. | Obtain your internal network's IP CIDR ranges of IP addresses that need access to endpoints that are load balanced. For more information, see Restricting access to endpoints in AWS. |
Use Overlay Network |
Overlay Networks for AWS environments can increase the number of available IP addresses for your deployments of CDW if you have an existing Virtual Private Cloud (VPC). |
Use this feature if your VPC subnet has fewer than 1,024 IP addresses. Cloudera recommends that you do not configure more than 200 executor nodes for an overlay network to operate. |
Attach Managed Policy ARN to Node Role | If you do not want to provide PutRolePolicy permission in your cross account role, you can attach a managed policy ARN to a node role to provide the cross account role permissions. | You must create a new NodeInstanceRole manually, and provide the ARN during activation of the environment from CDW. |
Use Reduced Permissoins Mode | If you cannot provide the standard set of IAM permissions required by CDW for environment activation, you can use reduced permissions mode to activate an AWS environment with fewer than half of these permissions. | To use this feature, a minimum set of IAM permissions are required. |
Enable CloudWatch Logs | Enable CloudWatch logs if you use Amazon CloudWatch. In your AWS account, you can then find the logs in /aws/eks/<cluster name>/cluster. | Before enabling CloudWatch, you must add required permissions to your IAM policy to access CloudWatch logs; otherwise, you cannot activate the environment. |