Granting remote access to Kubernetes clusters on Amazon EKS

This topic describes how you can grant users access to Cloudera Data Warehouse (CDW) service Kubernetes clusters on Amazon EKS.

To grant remote access to Kubernetes clusters on Amazon EKS, add the Amazon Resource Name identifiers (ARNs) to the list of trusted users.

Required role: DWAdmin

  • You must activate an environment before you can grant users access to the Kubernetes cluster.
  • Contact your AWS account administrator or the user who is requesting access to the Kubernetes cluster on AWS to get the ARN identifier for their Amazon account:

    Using the Amazon Management Console
    1. On the Amazon Management Console home page, enter IAM in Find Services, and then select IAM in the search results.

    2. On the Identity and Access Management home page, in the left navigation menu, select Users.

    3. On the User page, locate the user and click or tap their User name.

    4. On the Summary page for the user, their User ARN is listed at the top. Copy it to paste into the Data Warehouse service UI in Step 4 below.

    Using the AWS CLI

    As an alternative to copying the User ARN from the AWS Management Console, you can also ask the user who is requesting access to enter the following command in the AWS CLI:

    aws sts get-caller-identity

    This command evokes the AWS Security Token Service (sts) and returns the following type of information on the requesting user:

    #Sample output
    {
    "UserId": "ABCDE12345FGHIJKLMNO6789",
    "Account": "888888888888",
    "Arn": "arn:aws:iam::888888888888:user/<username>"
    }

    A link to the Amazon documentation on this command is available at the bottom of this page.

  1. Log in to the Data Warehouse service as DWAdmin.
  2. Go to the Environments tab from the Overview page.
  3. Click > Edit > GROUP ACCESS corresponding to the environment for which you want to grant access to ARNs.


  4. Enter the ARN identifier under Add new group and click Grant Access.