Editing Knox topologies in AWS environments

Configure Knox topologies to define request proxy rules, token lifetimes, and per-user token limits for authenticated external access to Cloudera services.

You must identify the username of the account responsible for generating the CLIENT_ID and CLIENT_SECRET.

The cdp-datashare-access Knox topology is automatically deployed. Editing the token lifetime and the token allowance per user is possible for each topology by adding the KNOXTOKEN:knox.token.limit.per.user=[***TOKENLIMIT***] parameter). The editing steps override the general settings in the Knox Gateway for a specific Knox topology. You can add multiple topologies. For more information, see Add a custom descriptor to Apache Knox.

Go to Cloudera Manager > Knox > Configuration.
Select the Knox Gateway scope.
Edit the default cdp-datashare-access topology by searching for cdp_datashare_access_descriptor.
Set the KNOXTOKEN:knox.token.ttl=36000000 value.

note
The default value of 36000000 for the knox.token.ttl property means a 10-hour duration. Adjust this value to modify the lifetime of temporary access tokens.

Figure 1. Editing the default topology

important
The knox.token.ttl property controls the lifetime of your Knox access token received in exchange for the Client ID and Secret of your external users. Once it expires, external users need to request a new access token to maintain access to the Data Share. For more information, see Editing Knox topologies.
Optional: If additional users are needed, duplicate the marked section needs to be duplicated to add the user in the cdp_datashare_access_provider property.
Click Save Changes and refresh the configuration.

The relevant Knox topologies are updated.

Continue with configuring Knox.