Create a provisioning credential for AWS

Create a role-based credential referencing the IAM role created earlier. This can be done from the Cloudera web interface or CDP CLI.

Before you begin

Prior to performing these steps. you should create a cross-account role. See Cross-account access IAM role.

These steps assume that you have the ARN of the IAM role that you created in an earlier step. You can obtain the IAM Role ARN from the IAM console > Roles on AWS by selecting a role and clicking on your IAM role to navigate to its summary and then copying the Role ARN:

Required role: EnvironmentCreator

Steps

Cloudera UI
CDP CLI

Log in to the Cloudera web interface.
note

These steps show you how to create a credential from the Credentials page in the Cloudera web interface, but you may also create a credential directly from the Environments page as part of environment registration process.
Navigate to the Cloudera Management Console.
Select Shared Resources > Credentials from the navigation pane.
Click Create Credential.
Select AWS to access credential options for Amazon Web Services.

Provide the following information:


Parameter	Description
Select Credential Type	Select Role Based (default value).
Name	Enter a name for your credential.
Description	(Optional) Enter a description.
Enable Permission Verification	Activate the Enable Permission Verification button if you want Cloudera to check permissions for your credential. CDP will verify that you have the required permissions for your environment.
IAM Role ARN	Paste the IAM Role ARN corresponding to the “CredentialRole” that you created earlier. For example `arn:aws:iam::315627065446:role/CredentialRole` is a valid IAM Role ARN.

Click Create.
Your credential should now be displayed in the Credentials pane.

You have three options:
1. (The simplest option) In CDP CLI, use the following command to create a credential:
```
cdp environments create-aws-credential \
--credential-name <value> --role-arn <value>
```
2. Alternatively, you can provide the credential information in the Cloudera web interface > Cloudera Management Console > Environments > Shared Resources > Credentials > Create Credential and then click on SHOW CLI COMMAND and copy the JSON snippet. Next, save the JSON in a text file and use the following command to create a credential:
```
cdp environments create-aws-credential --cli-input-json <value>
```
3. Alternatively, you can use the following commands: Use the first command to obtain the JSON snipped, then provide the missing information, and then use the second command to create the credential:
```
cdp environments create-aws-credential --generate-cli-skeleton
cdp environments create-aws-credential --cli-input-json <value>
```

After you finish

Now that you have created the credential, you can use it to register your AWS environment.