Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DEV and version next

...

Excerpt

When you are running the 

D s platform
 on an EC2 instance, you can leverage your enterprise IAM roles to manage permissions on the instance for the 
D s platform
. When this type of authentication is enabled, 
D s item
itemadministrators
 can apply a role to the EC2 instance where the platform is running. That role's permissions apply to all users of the platform.

IAM roles

Before you begin, your IAM roles should be defined and attached to the associated EC2 instance.

Info

NOTE: The IAM instance role used for S3 access should have access to resources at the bucket level.

 

For more information, see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html.

AWS System Mode

To enable role-based instance authentication, the following parameter must be enabled.

Code Block
"aws.mode": "system",

Additional AWS Configuration

The following additional parameters must be specified:

 

ParameterDescription
aws.credentialProviderSet this value to instance. IAM instance role is used for providing access.
aws.hadoopFsUseSharedInstanceProvider

Set this value to true for CDH. The class information is provided below.

Shared instance provider class information

Hortonworks:

Code Block
"com.amazonaws.auth.InstanceProfileCredentialsProvider",
Pre-Cloudera 6.0.0:
Code Block
"org.apache.hadoop.fs.s3a.SharedInstanceProfileCredentialsProvider"

Cloudera 6.0.0 and later:

Set the above parameters as follows:

Code Block
"aws.credentialProvider": "instance",
"aws.hadoopFSUseSharedInstanceProvider": false,

 

Use of S3 Sources

To access S3 for storage, additional configuration for S3 may be required.

Info

NOTE: Do not configure the properties that apply to user mode.

Output sizing recommendations:

For more information, see Enable S3 Access.