Minimum set of IAM permissions required for reduced permissions mode
Review a list of the minimum IAM permissions required to activate AWS environments for Cloudera Data Warehouse (CDW) in reduced permissions mode.
The following is a list of the minimum permissions that are required for your IAM policy to activate environments for CDW in reduced permissions mode. In this mode you must manually create your CloudFormation stack from a template that CDW pre-populates in the AWS console for you. When you are finished using the stack, you must manually delete its resources in your AWS account.
| AWS service | "Allow" actions |
|---|---|
Certificate Manager (acm) |
DescribeCertificate |
| ListCertificates | |
CloudFormation
(cloudformation) |
DescribeStackEvents |
| DescribeStacks | |
| UpdateStack | |
CloudWatch (logs) |
CreateLogGroup |
| CreateLogStream | |
| DescribeLogStreams | |
| PutLogEvents | |
| PutRetentionPolicy | |
EC2 (ec2) |
CreateKeyPair |
| CreateTags | |
| DeleteKeyPair | |
| DeleteTags | |
| DescribeDhcpOptions | |
| DescribeKeyPairs | |
| DescribeRouteTables | |
| DescribeSubNets | |
| DescribeVpcAttribute | |
| DescribeVpcs | |
EC2 Auto Scaling
(autoscaling) |
DescribeAutoScalingGroups |
| SuspendProcesses | |
| UpdateAutoScalingGroup | |
EKS (eks) |
DescribeCluster |
| DescribeUpdate | |
| TagResource | |
| UpdateClusterConfig | |
| UpdateClusterVersion | |
IAM (iam) |
DeleteRolePolicy |
| GetRolePolicy | |
| ListAttachedRolePolicies* | |
| PutRolePolicy | |
| SimulatePrincipalPolicy | |
S3 (s3) |
GetBucketLocation |
| GetObject | |
| ListBucket | |
| PutObjectAcl | |
| PutObject |
*Needed only in a Ranger Authorization (RAZ) environment.
