Granting Remote Access to ML Workspaces on EKS

This topic shows you how to allow specific users remote access to the underlying EKS cluster that powers an ML workspace.

Required Role: MLAdmin

As part of this process, you will be required to enter the user's Amazon Resource Name (ARN). Make sure you have access to this information before you begin. Either get the ARN from the user OR look up a user's ARN in your AWS account. For the latter, go to your organisation's AWS Account > Identity and Access Management (IAM) > Users and lookup the user. The ARN is available on their Summary page.

If you are using the AWS CLI, you can run the following command to get the ARN:

aws sts get-caller-identity --profile=mlx-dev

#Sample output
{
"UserId": "ABCDE12345FGHIJKLMNO6789",
"Account": "888888888888",
"Arn": "arn:aws:iam::888888888888:user/<username>"
}

Log in to the CDP web interface at https://console.us-west-1.cdp.cloudera.com using your corporate credentials or any other credentials that you received from your CDP administrator.
Click ML Workspaces.
Click Actions to expand the dropdown menu.
Click Manage Remote Access.
Select whether you are granting or revoking access for a user.
Enter the user's ARN.
Click Submit.
If you were granting access, you will be presented with a Kubernetes config file. Download this file and click OK.

Send the downloaded Kubernetes config file to the user that has been granted access. Note that to be able to connect to the EKS cluster, they will need to have aws-iam-authenticator installed.