Configure non-transparent proxies for Cloudera Data Warehouse on AWS environments

You can configure an AWS environment to use non-transparent proxy connections when activating environments for Cloudera Data Warehouse (CDW).

This task explains how to configure non-transparent proxies when you activate AWS environments for CDW.

Required role: DWAdmin

  • Before you can configure non-transparent proxies during environment activation for CDW, you must make sure that a proxy was configured for the environment when it was registered with Management Console. For details about configuring a proxy when registering an environment with Management Console, see Using a non-transparent proxy.

  • Before activating the environment that uses a proxy for CDW, set up the following VPC endpoints for your AWS account in the AWS Console:

    • sts.amazonaws.com
    • sts.<region>.amazonaws.com
    • .s3.<region>.amazonaws.com
    • .s3.amazonaws.com
    • s3.amazonaws.com
    • dynamodb.<region>.amazonaws.com
    • api.ecr.<region>.amazonaws.com
    • dkr.ecr.<region>.amazonaws.com
    • ec2.<region>.amazonaws.com
    • cloudformation.<region>.amazonaws.com
    • autoscaling.<region>.amazonaws.com
    • elasticfilesystem.<region>.amazonaws.com
    • elasticloadbalancing.<region>.amazonaws.com

    For information about creating VPC endpoints, see the Amazon documentation. If you cannot create a VPC endpoint for one of the required outbound destinations that are listed here, you must delete it from the Bypass proxy settings for these domains text box in Step 5 below, and add it to the proxy whitelist.

  • Add other AWS specific outbound destinations to your proxy whitelist because creating VPC endpoints for them is not supported by AWS:

    • eks.<region>.amazonaws.com
    • rds.<region>.amazonaws.com
    • servicequotas.<region>.amazonaws.com
    • pricing.<region>.amazonaws.com

    For more information about the AWS specific outbound destinations used by CDP, see the section "AWS specific endpoints" in Outbound network access destinations in the Management Console documentation.

  1. In the CDW service, expand the Environments column by clicking the More… menu on the left side of the page.
  2. In the Environments column, click the search icon and locate the environment you configured a non-transparent proxy for when you registered it with Management Console.
  3. When you locate the environment, click the activation icon to launch the Activation Settings dialog box where you can configure non-transparent proxies for the environment.
  4. In the Activation Settings dialog box, click Advanced Settings to expand the dialog box options.
  5. In the expanded dialog box, select Use default environment Proxy. When you select this option, the Bypass proxy settings for these domains option appears, and a text box listing all destinations that by-pass this proxy also appears. These are the destinations that you created VPC endpoints for in the above Before you begin section.
  6. Click Activate to complete environment activation for CDW.