Standard JSON IAM permissions policy template

To activate an AWS environment for Cloudera Data Warehouse (CDW) and have CDW automatically create all of the necessary cloud resources, you can use this sample JSON template when you register an environment in CDP.

The following template contains all of the necessary IAM permissions needed to create a credential for registering an environment in CDP that you plan to use for CDW. You can use it to create your own IAM policy to upload to the AWS console. For information about creating an AWS credential and registering an AWS environment in CDP, see the links at the bottom of this page.

{
    "Version":"2012-10-17",
    "Statement": [
        {
            "Sid":"VisualEditor0",
            "Effect":"Allow",
            "Action":[
                "ec2:AuthorizeSecurityGroupIngress",
                "acm:DeleteCertificate",
                "iam:RemoveRoleFromInstanceProfile",
                "s3:CreateBucket",
                "iam:CreateRole",
                "iam:AttachRolePolicy",
                "iam:PutRolePolicy",
                "dynamodb:DeleteTable",
                "ec2:DescribePlacementGroups",
                "rds:CreateDBSubnetGroup",
                "iam:AddRoleToInstanceProfile",
                "iam:DetachRolePolicy",
                "ec2:CreatePlacementGroup",
                "acm:RequestCertificate",
                "ec2:RevokeSecurityGroupEgress",
                "ec2:DescribeAccountAttributes",
                "autoscaling:UpdateAutoScalingGroup",
                "s3:DeleteObject",
                "rds:DeleteDBInstance",
                "iam:GetRole",
                "ec2:DescribeLaunchTemplates",
                "iam:DeleteRole",
                "ec2:RunInstances",
                "acm:AddTagsToCertificate",
                "eks:DeleteCluster",
                "ec2:RevokeSecurityGroupIngress",
                "rds:DeleteDBSubnetGroup",
                "acm:DescribeCertificate",
                "elasticfilesystem:CreateMountTarget",
                "cloudformation:DeleteStack",
                "eks:DescribeCluster",
                "autoscaling:DeleteAutoScalingGroup",
                "iam:GetRolePolicy",
                "autoscaling:CreateAutoScalingGroup",
                "kms:DeleteAlias",
                "elasticfilesystem:DeleteFileSystem",
                "iam:CreateInstanceProfile",
                "rds:DescribeDBSubnetGroups",
                "elasticfilesystem:CreateFileSystem",
                "kms:GenerateDataKeyWithoutPlaintext",
                "iam:PassRole",
                "kms:TagResource",
                "s3:PutBucketTagging",
                "ec2:DescribeAvailabilityZones",
                "autoscaling:DescribeScalingActivities",
                "iam:DeleteRolePolicy",
                "ec2:CreateSecurityGroup",
                "rds:CreateDBInstance",
                "kms:ScheduleKeyDeletion",
                "rds:DescribeDBInstances",
                "kms:DescribeKey",
                "kms:CreateKey",
                "elasticfilesystem:DescribeFileSystems",
                "elasticfilesystem:DeleteMountTarget",
                "s3:DeleteBucket",
                "kms:CreateGrant",
                "eks:CreateCluster",
                "iam:DeleteInstanceProfile",
                "rds:AddTagsToResource",
                "kms:EnableKeyRotation",
                "ec2:AuthorizeSecurityGroupEgress",
                "elasticfilesystem:DescribeMountTargets",
                "ec2:DeleteLaunchTemplate",
                "s3:PutBucketPublicAccessBlock",
                "ec2:DeletePlacementGroup",
                "ec2:DescribeLaunchTemplateVersions",
                "ec2:DescribeSecurityGroups",
                "ec2:CreateLaunchTemplate",
                "cloudformation:CreateStack",
                "ec2:DeleteSecurityGroup",
                "kms:GenerateDataKey",
                "kms:CreateAlias",
                "s3:GetEncryptionConfiguration",
                "s3:PutEncryptionConfiguration",
                "acm:ListCertificates",
                "cloudformation:DescribeStackEvents",
                "cloudformation:DescribeStacks",
                "cloudformation:UpdateStack",
                "logs:PutRetentionPolicy",
                "ec2:CreateKeyPair",
                "ec2:CreateTags",
                "ec2:DeleteKeyPair",
                "ec2:DescribeDhcpOptions",
                "ec2:DescribeKeyPairs",
                "ec2:DescribeLaunchTemplatesVersions",
                "ec2:DescribeRouteTables",
                "ec2:DescribeSubNets",
                "ec2:DescribeVpcAttribute",
                "ec2:DescribeVpcs",
                "autoscaling:DescribeAutoScalingGroups",
                "autoscaling:DeleteAutoScalingGroup",
                "autoscaling:SuspendProcesses",
                "eks:DescribeUpdate",
                "eks:TagResource",
                "eks:UpdateClusterConfig",
                "eks:UpdateClusterVersion",
                "iam:SimulatePrincipalPolicy",
                "s3:GetBucketLocation",
                "s3:GetObject",
                "s3:ListBucket",
                "s3:PutObjectAcl",
                "s3:PutObject"
            ],
            "Resource":"*"
        }
    ]
}