AWS environment fails to activate
Learn how to resolve AWS environment activation failure in Cloudera Data Warehouse (CDW) Public Cloud.
When activating an AWS environment in CDW Public Cloud, the following error message might be returned if your cloud resources reside in the us-east-1 region:
TemplateURL must reference a valid S3 object to which you have access.
Cause of the issue
For this region, the endpoint URL is incorrect and cannot load the CloudFormation template to create the AWS CloudFormation stack in your AWS account. CDW uses these stack resources for Database Catalogs and Virtual Warehouses in CDW.
Steps to resolve the issue
Use the reduced permissions mode feature for AWS environments to manually create the CloudFormation stack for CDW. This feature enables you to manually crate the CloudFormation stack resources from a template with a reduced set of IAM permissions. When you no longer need the environment, you must manually delete the CloudFormation stack resources in your AWS account.
Remove one of the permissions in your IAM permissions policy for the AWS account that you used to register the environment you want to activate for CDW. For example, remove the
s3:CreateBucketpermission from your IAM permissions policy:
Removing one of the required permissions from your IAM policy causes CDW to display the reduced permissions mode option in the system dialog box when you activate your environment in CDW.
Follow the steps in Activating AWS environments in reduced permissions mode.
- After you activate the environment and create the AWS CloudFormation stack resources in your AWS account, make sure that you apply the required tags to the stack that are listed in Required tags for CloudFormation stacks created with reduced permissions mode.
- Add the
s3:CreateBucketIAM permission back to your IAM permissions policy to make sure you have adequate permissions so CDW can create CloudFormation stack resources for you when you activate environments later.
Deactivating environments created with the reduced permissions mode
When you no longer need the environment, you must manually delete the CloudFormation stack resources in the AWS Console by following the steps in Deactivating AWS environments created with reduced permissions mode.