Configure non-transparent proxies for Cloudera Data Warehouse on AWS environments

You can configure an AWS environment to use non-transparent proxy connections when activating environments for Cloudera Data Warehouse (CDW).

This task explains how to configure non-transparent proxies when you activate AWS environments for CDW.

Required role: DWAdmin

  • Before you can configure non-transparent proxies during environment activation for CDW, you must make sure that a proxy was configured for the environment when it was registered with Management Console. For details about configuring a proxy when registering an environment with Management Console, see Using a non-transparent proxy.

  • Before activating the environment that uses a proxy for CDW, set up the following VPC endpoints for your AWS account in the AWS Console:

    • sts.amazonaws.com
    • sts.<region>.amazonaws.com
    • .s3.<region>.amazonaws.com
    • .s3.amazonaws.com
    • s3.amazonaws.com
    • dynamodb.<region>.amazonaws.com
    • api.ecr.<region>.amazonaws.com
    • dkr.ecr.<region>.amazonaws.com
    • ec2.<region>.amazonaws.com
    • cloudformation.<region>.amazonaws.com
    • autoscaling.<region>.amazonaws.com
    • elasticfilesystem.<region>.amazonaws.com
    • elasticloadbalancing.<region>.amazonaws.com

    For information about creating VPC endpoints, see the Amazon documentation. If you cannot create a VPC endpoint for one of the required outbound destinations that are listed here, you must delete it from the Bypass proxy settings for these domains text box in Step 5 below, and add it to the proxy allowlist.

  • Add other AWS specific outbound destinations to your proxy allowlist because creating VPC endpoints for them is not supported by AWS:

    • eks.<region>.amazonaws.com
    • rds.<region>.amazonaws.com
    • servicequotas.<region>.amazonaws.com
    • pricing.<region>.amazonaws.com

    For more information about the AWS specific outbound destinations used by CDP, see Outbound network access destinations for AWS in the Management Console documentation.

  1. In the CDW service, go to the Environments tab.
  2. Locate the environment you configured a non-transparent proxy for when you registered it with Management Console.
  3. When you locate the environment, click Activate to launch the Activation Settings dialog box where you can configure non-transparent proxies for the environment.
  4. In the Activation Settings dialog box, click Advanced Settings to expand the dialog box options.
  5. In the expanded dialog box, select Use default environment Proxy. When you select this option, the Bypass proxy settings for these domains option appears, and a text box listing all destinations that by-pass this proxy also appears. These are the destinations that you created VPC endpoints for in the above Before you begin section.
  6. Click Activate to complete environment activation for CDW.