Registering Amazon S3 cloud account in Replication Manager

You must have valid Amazon S3 credentials to register the cloud account with Cloudera Replication Manager.

Consider the following requirements before you register an Amazon S3 cloud account in Replication Manager:

You need a cloud bucket with user credentials that you can enter in Replication Manager, so Replication Manager can access the bucket.
The bucket has to have enough space for the replicated data, and write permissions to copy the data.
The bucket needs to support cloud storage encryption types supported by Replication Manager (SSE-S3 & SSE-KMS).

When you add cloud credentials for your Amazon S3 account, you can choose one of the following authentication methods:

Access secret key. To use this authentication type, you require an AWS Access Key and an AWS Secret key that you obtain from Amazon. Cloudera Manager stores these values securely and does not store them in world-readable locations. The credentials are masked and encrypted in the configurations passed to processes managed by Cloudera Manager, and redacted from the logs.
IAM role. Amazon Identity and Access Management (IAM) can be used to create users, groups, and roles for use with Amazon Web Services, such as EC2 and Amazon S3. IAM role-based access provides the same level of access to all clients that use the role.
important
IAM role conditions
You can choose the IAM role authentication type only when the following conditions are met:
- The source cluster is hosted on an AWS EC2 infrastructure.
- The source cluster Cloudera Manager and all the nodes in the cluster are running on an EC2 instance.
- The source cluster Cloudera Manager has the same IAM role.
For information about configuring AWS credentials, see Introduction to role based provisioning credential in AWS.

Go to the Replication Manager > Cloud Credentials page, and click Add.
In the Add Cloud Credential window, perform the following steps:
1. Select the Cluster.
2. Select S3 as the Cloud Storage Type.
3. Name - Provide a unique cloud credential name.
4. Authentication Type - Select one of the following authentication types:
  - Select the authentication type as Access Secret Key from the drop-down.
    - Access Key - Enter the valid access key.
    - Secret Key - Enter the valid secret key.
  - Select IAM Role if the IAM role conditions mentioned in the About this task section are met, and click Save
Click Validate.

note
Using the validation feature is recommended to ensure that the Amazon S3 bucket keys are valid. If the keys are not valid, the Replication Manager policy cannot copy data to the target Amazon S3 bucket.

Verify whether your credentials are listed on the Cloud Credentials page.