Accessing a bucket in the same AWS account under RAZ

In a Ranger Authorized (RAZ) environment, to access an S3 external bucket in the same AWS account as the cluster, you must configure a policy that manages access to the CDP data lake. You modify a JSON file that defines the IAM policy to do this.

You update the following IAM policy definition for the minimal cloud storage setup: aws-cdp-datalake-admin-S3-policy.

You must meet the prerequisites mentioned in the topic above.

Add the ARN of the external bucket to the "Resource" array of values in the JSON file for the aws-cdp-datalake-admin-S3-policy.

For example, the values in the Resource array give the CDW cluster access to external bucket MY_EXTERNAL_BUCKET.