Granting Remote Access to ML Workspaces on EKS

This topic shows you how to allow specific users remote access to the underlying EKS cluster that powers an ML workspace.

Required Role: MLAdmin

As part of this process, you will be required to enter the user's Amazon Resource Name (ARN). Make sure you have access to this information before you begin. Either get the ARN from the user OR look up a user's ARN in your AWS account. For the latter, go to your organisation's AWS Account > Identity and Access Management (IAM) > Users and lookup the user. The ARN is available on their Summary page.

If you are using the AWS CLI, you can run the following command to get the ARN:

aws sts get-caller-identity

#Sample output
{
"UserId": "ABCDE12345FGHIJKLMNO6789",
"Account": "888888888888",
"Arn": "arn:aws:iam::888888888888:user/<username>"
}

Log in to the CDP web interface at https://console.us-west-1.cdp.cloudera.com using your corporate credentials or any other credentials that you received from your CDP administrator.
Click ML Workspaces.
Click Actions to expand the dropdown menu.
Click Manage Remote Access.
Enter the user's ARN, or select the user's name.
Click Grant Access.
To remove access for a user, in the Actions column, click Revoke Access next to the user's name.
Click Download Kubeconfig.

Send the downloaded Kubernetes config file to the user who has been granted access. To be able to connect to the EKS cluster, they will need to have aws-iam-authenticator installed.