Accessing buckets in a RAZ environment
In a RAZ (Ranger Authorized) environment, you must configure permissions to access an S3 bucket. The procedures for configuring the permissions differ depending on the AWS account that owns the bucket.
If you have enabled RAZ in your environment, policies attached to the Ranger RAZ Service role control access to external S3 buckets.
You must meet the following prerequisites before adding access permissions to buckets to the RAZ environment within the same AWS account or in a different account:
- Obtain the DWAdmin role.
- Follow steps similar to the minimum setup for cloud storage to create the Ranger RAZ role.
- Register an environment with
RAZ using the CDP web interface.
In the web interface, in Fine-grained access control on S3, select Enable Ranger Authorization for AWS S3.