Accessing buckets in a different AWS account

You must configure read-only or read/write access using default encryption to external S3 buckets in AWS accounts that are different from the Cloudera Data Warehouse cluster account.

Required role: DWAdmin

• Identify and activate the environment you want to configure for access to an external bucket in a different AWS account.
• In the AWS Management Console, identify the external S3 bucket you want to configure access to.

1. On the Cloudera Data Warehouse UI Overview page, go to the Environments tab and locate the environment for which you want to configure access to an external AWS bucket, and then click > Edit.
   This loads the Environment Details page.
2. Go to the Configuration tab and type the name of the AWS bucket you want to configure access to in the Add External S3 Bucket field.
3. Select Bucket belongs to different AWS Account. The Cloudera Data Warehouse bucket policy appears.
4. Click Copy .

   

5. Open the AWS Management Console for the different account where the external bucket is located and navigate to the bucket to which you want to configure access.
6. On the bucket details page of AWS Management Console, click the Permissions tab, click Bucket Policy, paste the policy from Cloudera Data Warehouse, and click Save:

   

7. In the Cloudera Data Warehouse UI Environment Details page, specify either Read Only or Read Write access for the external bucket.
8. Click Add Bucket to save the configuration. A success message displays at the top of the page.

If you have configured Read Write access, you must restart the Virtual Warehouses that are associated with this environment for the configuration changes to take effect.