Activating your environment in reduced permissions mode
IAM permissions are required by Cloudera Data Warehouse (CDW) for environment
activation. You can choose to provide a reduced set of IAM permissions for environment
activation instead of the full set in the AWS restricted permissions policy.
You can activate an AWS environment for CDW with fewer than half the set of required IAM
permissions on your AWS cross-account IAM role. You can choose reduced permissions mode in
two ways:
Select the Use reduced permissions mode when you activate your
environment from CDW.
The following
dialog appears. You can select Check to activate environment with reduced
permissions mode.
In this task, you activate your environment from CDW in reduced permissions mode. In steps 6
and 7, you manually create the stack and then remove it:
In the Data Warehouse service, in Environments, click the search
icon and locate the environment that you want to activate.
Activate the environment.
In Activation Settings, if you do not have the standard set of
required IAM permissions or a restricted policy in place, select Use Reduced
Permissions Mode.
For example:
Alternatively, if Environment Validations appears, select Check to
activate environment with reduced permissions mode. Skip the next step and
go to step 6.
If you do not want to activate the environment in reduced permissions mode, uncheck the
option, and click Activate. Skip the rest of the steps in this
procedure. CDW automatically creates the cloud resources in your AWS account for you.
Manually create the cloud resources in your AWS account and tag them appropriately, as
described in topic, "Setting up cloud resources for reduced permissions mode" below.
CDW pre-populates the required CloudFormation template for you within the AWS console,
and you perform the manual steps to create the stack.
When you are finished using the stack, manually delete it in the AWS console.