Using CDP CLI to register RAZ-enabled AWS environment

You can use the CDP CLI to register a RAZ-enabled AWS environment. You must download and install beta CDP CLI, and then use CDP CLI commands to register a RAZ-enabled AWS environment.

  1. To install beta CDP CLI, see Installing Beta CDP CLI.
  2. To register a RAZ-enabled AWS environment, you can use the --ranger-cloud-access-authorizer-role [***RAZ_ROLE***] and --enable-ranger-raz CDP CLI commands.

    If you have CDP CLI templates to create an AWS environment, modify them by adding the additional parameters required for RAZ.

    The additional option is highlighted in the following sample snippet:

    cdp environments create-aws-environment \
        --environment-name [***ENVIRONMENT_NAME***] \
        --credential-name [***CREDENTIAL_NAME***] \
        --region [***REGION***] \
        --security-access cidr=[***YOUR_CIDR***] \
        --authentication publicKeyId=[***SSH_PUBLIC_KEY***] \
        --log-storage storageLocationBase=[***S3-LOCATION***],instanceProfile=[***LOG_ROLE***] \
        --vpc-id [***VPC***] \
        --subnet-ids [***SUBNETS***]
     cdp environments set-id-broker-mappings \
        --environment-name [***ENVIRONMENT-NAME***] \
        --data-access-role [***DATALAKE-ADMIN-ROLE***] \
        --ranger-audit-role [***RANGER_AUDIT_ROLE***] \
        --ranger-cloud-access-authorizer-role [***RAZ_ROLE***] \
    cdp datalake create-aws-datalake \
        --datalake-name [***DATALAKE_NAME***] \
        --environment-name [***ENVIRONMENT-NAME***]\
        --cloud-provider-configuration instanceProfile=[***instance-profile***],storageBucketLocation=s3a://[***BUCKET***]/[***PATH***] \