Granting remote access to Kubernetes clusters on Amazon EKS

This topic describes how you can grant users access to Cloudera Data Warehouse (CDW) service Kubernetes clusters on Amazon EKS.

To grant remote access to Kubernetes clusters on Amazon EKS, add the Amazon Resource Name identifiers (ARNs) to the list of trusted users.

Required role: DWAdmin

  • You must activate an environment before you can grant users access to the Kubernetes cluster.
  • Contact your AWS account administrator or the user who is requesting access to the Kubernetes cluster on AWS to get the ARN identifier for their Amazon account:

    Using the Amazon Management Console
    1. On the Amazon Management Console home page, enter IAM in Find Services, and then select IAM in the search results.

    2. On the Identity and Access Management home page, in the left navigation menu, select Users.

    3. On the User page, locate the user and click or tap their User name.

    4. On the Summary page for the user, their User ARN is listed at the top. Copy it to paste into the Data Warehouse service UI in Step 4 below.

    Using the AWS CLI

    As an alternative to copying the User ARN from the AWS Management Console, you can also ask the user who is requesting access to enter the following command in the AWS CLI:

    aws sts get-caller-identity

    This command evokes the AWS Security Token Service (sts) and returns the following type of information on the requesting user:

    #Sample output
    "UserId": "ABCDE12345FGHIJKLMNO6789",
    "Account": "888888888888",
    "Arn": "arn:aws:iam::888888888888:user/<username>"

    A link to the Amazon documentation on this command is available at the bottom of this page.

  1. In the Data Warehouse service, expand the Environments column by clicking the Moreā€¦ menu on the left side of the page.
  2. In the Environments column, click the search icon and locate the environment for which you want to grant access to ARNs.
  3. In the environment tile, click the options menu and select Show Kubeconfig.
  4. A dialog opens where you can enter the ARN identifier:

  5. Click Grant Access to save your changes and click Hide to close the dialog box.