User credentials security

by Cloudera Employee Laith on ‎04-19-2017 11:04 AM - edited on ‎06-26-2018 08:40 AM by Cloudera Employee Anthony

Question

Does Cloudera save AWS user credentials (AWS Access Key ID or AWS Access Key)?

Answer

No, Cloudera doesn't save AWS user credentials. If Cloudera Altus environment is set-up using the Cloudera Altus Quickstart, the user is prompted for these credentials, but they are never sent to Cloudera Altus. They are used by the web application residing within the user's brower that sends commands directly to AWS to create necessary resources using a CloudFormation script.

In case of the Environment being created via Cloudera Altus Wizard, credentials will never need to appear inside the Cloudera Altus console. User needs to create necessary resources in AWS console and then grant access to them using AWS cross account access mechanism, which does not involve explicit key management.