2019

Specifying multiple CIDRs on security groups

CDP supports specifying multiple comma-separated CIDRs during environment registration under Security Access Settings > Access CIDR.

Enabling workload analytics for Data Hub clusters

For each environment, you can manually enable and disable workload analytics so that diagnostic information about job and query execution is sent to Workload Manager for Data Hub clusters created within this environment. The option is available during environment creation under Logs Storage and Audits > Enable Workload Analytics. You can also update it once the environment is running by navigating to environment details > Actions > Enable/Disable Workload Analytics:

IAM role selection

When providing IAM instance profiles or IAM roles required for environment's Logs Storage and Audits and Data Access configuration, you can now select from available instance profiles and roles instead of manually providing IAM role ARNs.

Wire encryption

CDP now offers TLS encryption across all endpoints for both data and control traffic, providing an internal Certificate Authority (CA) with commonly trusted certificates and automatic certificate expiry warnings. Adding new cluster hosts or services to a cluster with auto-TLS enabled automatically (which is CDP's default setting) creates and deploys the required certificates. CDP supports TLS 1.2.

Existing DynamoDB table

Removal of environment groups

There is no longer need to create the cdp_$env group for each newly created environment and assign it to the environment.

Consistent FreeIPA password across all environments

There is no longer need to reset the FreeIPA password after creating a new environment. The password is automatically propagated to each newly created environment. You can still manage your FreeIPA password from the User Management page and reset it if needed.

Knox uses port 443 instead of 8443

Knox gateway now uses port 443. If you select for CDP to create security groups automatically, this port is automatically open to your organization's CIDR as needed. If you are creating your environment's security groups manually, you should open port 443 instead of 8443 to your organization's CIDR.

Adding or updating IDBroker mappings on a running environment

To add or update the IDBroker mappings on a running environment, navigate to Environments > select an environment > Actions > Manage Access > IDBroker Mappings. For more information, refer to Editing IAM role to S3 mappings.

Retry option for Data Lake

When stack provisioning or Data Lake cluster creation fails, the retry option to resume the process from the last failed step. For more information, refer to Retry a Data Lake.