AWS environment requirements checklist
To successfully activate environments that have been registered with CDP on AWS VPCs with Cloudera Data Warehouse service, your AWS VPC must meet these requirements.
- 1. VPC has DNS resolution and DNS hostnames enabled
- 2. DHCP option set uses default domain name with one domain
- 3. DHCP option set uses AmazonProvidedDNS
- 4. Ensure the correct subnets in VPC are specified
- 5. Ensure private subnets have outbound internet connectivity
- 6. Ensure the Amazon Security Token Service (STS) is activated
1. VPC has DNS resolution and DNS hostnames enabled
Ensure that your AWS VPC has DNS Resolution and DNS Hostnames enabled. For example, in the VPC Dashboard, click Your VPCs in the left navigation menu, and select the VPC you want to use for your Data Warehouse service environment on CDP. Then view its configuration details to make sure DNS resolution and DNS hostnames are Enabled:
2. DHCP option set uses default domain name with one domain
When you create your VPC to use for the Data Warehouse service, ensure that the DHCP option set attached to the VPC uses only one domain and that it is the default domain name, which is set as follows:
domain-name = <region>.compute.internal;
You can verify the setting in the VPC Dashboard of the AWS Console. Click the DHCP options set ID of the default DHCP options set (always named "-" by AWS) to view details about it, including its associated domain:
After clicking the default DHCP options set ID, you see a details page:
3. DHCP option set uses AmazonProvidedDNS
When you create your VPC to use for the Data Warehouse service, AWS automatically creates a set of DHCP options and associates them with the VPC. This set includes an option which specifies the Amazon DNS Server as the default domain name server:
domain-name-server = AmazonProvidedDNS;
Ensure that you use this setting for VPCs you use for the Data Warehouse service. See the above screen capture of the AWS Console VPC Dashboard to see where you can check to verify this setting.
4. Ensure the correct subnets in VPC are specified
When you activate an environment for the Data Warehouse service, ensure that the subnets are correct. If there are more than three private subnets in the VPC only the top three are selected. However, they may not be the subnets you intend to use for the Data Warehouse service, so check which subnets are correct.
5. Ensure private subnets have outbound internet connectivity
Also, ensure that your private subnets have outbound internet connectivity. Check the route tables of private subnets to verify the internet routing. Worker nodes must be able to download Docker images for Kubernetes, billing and metering information, and to perform API server registration.
6. Ensure the Amazon Security Token Service (STS) is activated
To successfully activate an environment in the Data Warehouse service, you must ensure the Amazon STS is activated in your AWS VPC:
- In the AWS Management Console home page, select IAM under Security, Identity, & Compliance.
- In the Identity and Access Management (IAM) dashboard, select Account settings in the left navigation menu.
- On the Account settings page, scroll down to the section for Security Token Service (STS).
- In the Endpoints section, locate the region in which your environment is located and make sure that the STS service is activated.