Configure non-transparent proxies for Cloudera Data Warehouse on AWS environments
You can configure an AWS environment to use non-transparent proxy connections when activating environments for Cloudera Data Warehouse (CDW).
This task explains how to configure non-transparent proxies when you activate AWS environments for CDW.
Required role: DWAdmin
-
Before you can configure non-transparent proxies during environment activation for CDW, you must make sure that a proxy was configured for the environment when it was registered with Management Console. For details about configuring a proxy when registering an environment with Management Console, see Using a non-transparent proxy.
-
Before activating the environment that uses a proxy for CDW, set up the following VPC endpoints for your AWS account in the AWS Console:
sts.amazonaws.com
sts.<region>.amazonaws.com
.s3.<region>.amazonaws.com
.s3.amazonaws.com
s3.amazonaws.com
dynamodb.<region>.amazonaws.com
api.ecr.<region>.amazonaws.com
dkr.ecr.<region>.amazonaws.com
ec2.<region>.amazonaws.com
cloudformation.<region>.amazonaws.com
autoscaling.<region>.amazonaws.com
elasticfilesystem.<region>.amazonaws.com
elasticloadbalancing.<region>.amazonaws.com
For information about creating VPC endpoints, see the Amazon documentation. If you cannot create a VPC endpoint for one of the required outbound destinations that are listed here, you must delete it from the Bypass proxy settings for these domains text box in Step 5 below, and add it to the proxy allowlist.
-
Add other AWS specific outbound destinations to your proxy allowlist because creating VPC endpoints for them is not supported by AWS:
eks.<region>.amazonaws.com
rds.<region>.amazonaws.com
servicequotas.<region>.amazonaws.com
pricing.<region>.amazonaws.com
For more information about the AWS specific outbound destinations used by CDP, see Outbound network access destinations for AWS in the Management Console documentation.