Configure non-transparent proxies for Cloudera Data Warehouse on AWS environments
You can configure an AWS environment to use non-transparent proxy connections when activating environments for Cloudera Data Warehouse.
This task explains how to configure non-transparent proxies when you activate AWS environments for Cloudera Data Warehouse.
Required role: DWAdmin
-
Before you can configure non-transparent proxies during environment activation for Cloudera Data Warehouse, you must make sure that a proxy was configured for the environment when it was registered with Cloudera Management Console. For details about configuring a proxy when registering an environment with Cloudera Management Console, see Using a non-transparent proxy.
-
Before activating the environment that uses a proxy for Cloudera Data Warehouse, set up the following VPC endpoints for your AWS account in the AWS Console:
sts.amazonaws.comsts.<region>.amazonaws.com.s3.<region>.amazonaws.com.s3.amazonaws.coms3.amazonaws.comdynamodb.<region>.amazonaws.comapi.ecr.<region>.amazonaws.comdkr.ecr.<region>.amazonaws.comec2.<region>.amazonaws.comcloudformation.<region>.amazonaws.comautoscaling.<region>.amazonaws.comelasticfilesystem.<region>.amazonaws.comelasticloadbalancing.<region>.amazonaws.com
For information about creating VPC endpoints, see the Amazon documentation. If you cannot create a VPC endpoint for one of the required outbound destinations that are listed here, you must delete it from the Bypass proxy settings for these domains text box in Step 5 below, and add it to the proxy allowlist.
-
Add other AWS specific outbound destinations to your proxy allowlist because creating VPC endpoints for them is not supported by AWS:
eks.<region>.amazonaws.comrds.<region>.amazonaws.comservicequotas.<region>.amazonaws.compricing.<region>.amazonaws.com
For more information about the AWS specific outbound destinations used by Cloudera, see Outbound network access destinations for AWS in the Cloudera Management Console documentation.
