Created on - edited on by
VidyaSargur
In a recent release, CDW is now fully integrated with RAZ. This means once you provision an environment in CDP with RAZ enabled, adding an S3 bucket into CDW follows the same principles as the services within CDP (CML, CDE, COD, CDF, and DataHub).
I was able to add a new S3 bucket called "ryancicak" in two steps, after receiving the 403 Forbidden error within Hue:
Two steps:
Step 1 - Since I used the -datalake-admin-role for RAZ, I modified the "datalake-admin-s3-policy to include my new bucket "ryancicak" with the two lines:
"arn:aws:s3:::ryancicak",
"arn:aws:s3:::ryancicak/*"
*Notice I also removed the subdirectory from my cicak-cdp-stack to include the root directory. This is important to make this modification as well. Instead of "cicak-cdp-stack/my-data", I state "cicak-cdp-stack"
Step 2 - I added a new policy in Ranger under cm_s3 for my bucket "ryancicak", for the users rcicak (me), and Hive.
DONE - When re-running the create table using the bucket "ryancicak", no more errors! The table "rupert" is now reading/writing to the "ryancicak" bucket. Since I have my Ranger (RAZ) policy created, from step 2, I'm able to access this bucket from CDP (CML, CDE, COD, CDF, and DataHub).
Note: I used the default "-datalake-admin-role" that was created through the CloudFormation script in the AWS Quickstart. In my case, I named the stack "cicak-cdp-stack" in the CloudFormation script.
That was EASY:
