For security reasons, if you do not want to provide PutRolePolicy permission
in your cross account role, which would be used later to add an inline policy to the Node instance role, you must create a managed policy. Failure to do so results in an
authorization error. You learn how to create the managed policy in a few steps.
Follow instructions in steps 1-4 to activate your environment in Cloudera Data
Warehouse, as described in the "Activating an AWS environment" above.
Select Attach Managed policy ARN to Node Role, and pass
the ARN.
For example:
When you remove the PutRolePolicy permission, which is one of the standard
permissions needed, from your cross account role, the reduced permissions mode
UI appears.
For example:
For more information about reduced permissions mode, see the topic below.
In Environmental Activations, optionally do not select Reduced Permissions mode.
Click Activate.
The noderole-inline-policy.json is
attached to the Node Instance role instead of a inline policy requiring the
PutRolePolicy permission in your cross account role.
${DATALAKE_BUCKET} - Replace this with the name of your S3 bucket. For
example my-bucket.
${STORAGE_LOCATION_BASE} - Replace this with the path to your Data Lake
directory in the S3 bucket specified as ${DATALAKE_BUCKET}{}/SOME_PATH.
For example my-bucket/my-dl.
${LOGS_BUCKET} - Replace this with the name of your S3 bucket for logs.
For example my-bucket. ${LOGS_LOCATION_BASE} - Replace this with the
path to your S3 location for logs. For example my-bucket/my-dl.
${BACKUP_LOCATION_BASE} - Replace this with the path to your S3 location
for backups. This location is used for both FreeIPA and Data Lake
backups. For example my-bucket/my-dl.
${BACKUP_BUCKET} - Replace this with the name of your S3 bucket for
backup. For example my-bucket.