Community Articles

Find and share helpful community-sourced technical articles.
avatar

In a recent release, CDW is now fully integrated with RAZ.  This means once you provision an environment in CDP with RAZ enabled, adding an S3 bucket into CDW follows the same principles as the services within CDP (CML, CDE, COD, CDF, and DataHub).  

I was able to add a new S3 bucket called "ryancicak" in two steps, after receiving the 403 Forbidden error within Hue:

CDW_with_RAZ_error.png

Two steps:

 

Step 1 - Since I used the -datalake-admin-role for RAZ, I modified the "datalake-admin-s3-policy to include my new bucket "ryancicak" with the two lines:

"arn:aws:s3:::ryancicak",
"arn:aws:s3:::ryancicak/*"

 

*Notice I also removed the subdirectory from my cicak-cdp-stack to include the root directory.  This is important to make this modification as well.  Instead of "cicak-cdp-stack/my-data", I state "cicak-cdp-stack"

CDW_with_RAZ_step_1_add_to_permissions_on_raz_policy.png

Step 2 - I added a new policy in Ranger under cm_s3 for my bucket "ryancicak", for the users rcicak (me), and Hive.  

CDW_with_RAZ_step_2_add_s3_bucket_to_ranger.png

 

DONE - When re-running the create table using the bucket "ryancicak", no more errors!  The table "rupert" is now reading/writing to the "ryancicak" bucket.  Since I have my Ranger (RAZ) policy created, from step 2, I'm able to access this bucket from CDP (CML, CDE, COD, CDF, and DataHub).

re_run_create_table.png

 

Note: I used the default "-datalake-admin-role" that was created through the CloudFormation script in the AWS Quickstart.  In my case, I named the stack "cicak-cdp-stack" in the CloudFormation script.  

s3_identity_iam_role.png

That was EASY:

676 Views
0 Kudos