Managing an environment The following management options are available for an existing environment: Stop and restart an environmentYou can stop an environment if you need to suspend but not terminate the resources within the environment. When you stop an environment, all of the resources within the environment are also stopped, including Data Lakes and Data Hubs. You can also restart the environment.Delete an environmentDeleting an environment terminates all resources within the environment including the Data Lake.Cleaning up a failed environmentWhen environment creation fails, you should delete the environment. If environment termination fails, you should clean up any resources that might have already been created on your AWS account. Add subnets to an environmentYou can add additional subnets to an existing environment. These subnets will only be used for all Data Hub clusters created within the environment in the future.Add security groups to an environmentYou can add additional security groups to an existing environment. These security groups will be used for all Data Hub clusters created within the environment in the future.Add root SSH key to an environmentYou can add an additional SSH public key to an existing environment. This SSH public key will be used for root access to all Data Hub clusters created within the environment in the future.Change environment's credentialYou can change the credential attached to an environment as long as the new credential provides the required level of access to the same AWS account as the old credential. Enabling environment telemetryYou can optionally enable workload analytics so that diagnostic information about job and query execution is sent to Cloudera Observability for Data Hub clusters. Similarly, you can optionally enable logs collection so that logs generated during deployments will be automatically sent to Cloudera. Adding a customer managed encryption key to a CDP environment running on AWSBy default, Data Lake and FreeIPA's Amazon Elastic Block Store (EBS) volumes and Relational Database Service (RDS) are encrypted using a default key from Amazon’s KMS, but you can optionally configure encryption using Customer Managed Keys (CMK). Data Hubs inherit environment's encryption key by default but you have an option to specify a different CMK during Data Hub creation.Deploying CDP in multiple AWS availability zonesBy default, CDP provisions Data Lake, FreeIPA and Data Hubs in a single AWS availability zone (AZ), but you can optionally choose to deploy them across multiple availability zones (multi-AZ). It is possible to enable it either for all or some of these components.Defining custom tagsIn the Management Console user interface, you can define tenant-level or environment-level custom tags across all instances and resources provisioned in your organization’s cloud provider account. Restricting access for CDP services that create their own security groups on AWSThe security groups that you select to use during environment registration are only used for the Data Lake, FreeIPA, Data Hubs, and Operational Databases running in that environment. The Kubernetes-based CDP services (Data Engineering, Data Flow, Data Warehouse, and Machine Learning) create their own security groups with rules that should be restricted separately. Configure lifecycle management for logs on AWSTo avoid unnecessary costs related to Amazon S3 cloud storage, you should create lifecycle management rules for your cloud storage bucket used by CDP for storing logs so that these logs get deleted once they are no longer useful.