Activating your environment in reduced permissions mode

IAM permissions are required by Cloudera Data Warehouse (CDW) for environment activation. You can choose to provide a reduced set of IAM permissions for environment activation instead of the full set in the AWS restricted permissions policy.

You can activate an AWS environment for CDW with fewer than half the set of required IAM permissions on your AWS cross-account IAM role. You can choose reduced permissions mode in two ways:

  • Select the Use reduced permissions mode when you activate your environment from CDW.
  • Alternatively, let the system detect your account does not have the AWS restricted permissions policy.
    The following dialog appears. You can select Check to activate environment with reduced permissions mode.

In this task, you activate your environment from CDW in reduced permissions mode. In steps 6 and 7, you manually create the stack and then remove it:

  1. In the Data Warehouse service, in Environments, click the search icon and locate the environment that you want to activate.
  2. Activate the environment.
  3. In Activation Settings, if you do not have the standard set of required IAM permissions or a restricted policy in place, select Use Reduced Permissions Mode.
    For example:
    Alternatively, if Environment Validations appears, select Check to activate environment with reduced permissions mode. Skip the next step and go to step 6.
  4. If you do not want to activate the environment in reduced permissions mode, uncheck the option, and click Activate. Skip the rest of the steps in this procedure. CDW automatically creates the cloud resources in your AWS account for you.
  5. Manually create the cloud resources in your AWS account and tag them appropriately, as described in topic, "Setting up cloud resources for reduced permissions mode" below.
    CDW pre-populates the required CloudFormation template for you within the AWS console, and you perform the manual steps to create the stack.
  6. When you are finished using the stack, manually delete it in the AWS console.