Cloud provider requirements
Review the requirements related to the AWS, Azure, or GCP account that you would like to use with Cloudera.
AWS account
To follow this guide, you need to have access to an AWS account. In this guide, we assume that you have a newly created account or a sub-account with default settings and no network restrictions (custom routes to the Internet) or policy restrictions (AWS Organizations policies or Service Control Policies (SCPs)) in place. SCPs configured on the parent AWS Organization of your AWS account may impact certain steps described in this guide and may require that you follow a custom deployment path.
You also need the following account-level AWS settings:
- An AWS role that has permissions to create IAM objects (cross-account role and policy, IAM roles and policies, S3 buckets). You will also need to create credentials for your IAM user role. You will need these in the next section for configuring the Terraform Provider for AWS on your machine. See AWS security credentials.
- Select a supported AWS region for your deployment. See Supported AWS regions.
- A vCPU quota of at least 200 cores. You may need a higher limit for larger deployments. You can check your current vCPU quota under the name Running On-Demand Standard (A, C, D, H, I, M, R, T, Z) instances. Make sure that the quota value is 200 or larger. See the AWS documentation for requesting an EC2 vCPU limit increase.
- An elastic IP quota of at least 5 elastic IPs (for the public and semi-private patterns). The recommended quota is 10 elastic IPs.
Azure account
To follow this guide, you need to have access to an Azure account. In this guide, we assume that you have a newly created account or a sub-account with default settings and no network restrictions (custom routes to the Internet) or policy restrictions (Azure Organizations policies or Service Control Policies (SCPs)) in place. SCPs configured on the parent Azure Organization of your Azure account may impact certain steps described in this guide and may require that you follow a custom deployment path.
You also need the following tenant and subscription-level Azure permissions and settings:
- You need to have write permissions for Azure AD in order to create the Azure service principal (App registration).
- Your user needs to have Contributor privileges at least at the scope of the Azure resource group in which you will deploy Cloudera; That is, your user needs to have permissions to create managed identities, grant role assignments at the scope of the resource group, and create VNet/subnets and storage accounts.
- Select a supported Azure region for your deployment. See Supported Azure regions.
- A Total Regional vCPU quota of at least 200 cores. You may need a higher limit for larger deployments. For requesting a compute quota increase, see the Azure documentation. Make sure that the Standard DSv3 Family vCPUs quota is also 200 cores or larger.
- A Public IP Addresses quota of at least 5 public IP addresses (for the public and semi-private patterns). The recommended quota is 10 IP addresses.
- Make sure that all services required by Cloudera are available in your selected Azure region. You may need to request that Azure Support whitelists a particular service (such as Azure Database for PostgreSQL) for your subscription in your selected region. See Overview of Azure resources used by Cloudera.
GCP account
To follow this guide, you need to have access to a GCP account. In this guide, we assume that you have a newly created account or a sub-account with default settings and no network restrictions (custom routes to the Internet) or policy restrictions (GCP Organizations policies or Service Control Policies (SCPs)) in place. SCPs configured on the parent GCP Organization of your GCP account may impact certain steps described in this guide and may require that you follow a custom deployment path.
You also need the following tenant and subscription-level GCP permissions and settings:
- Contributor privileges for the GCP project, and the following permissions:
- Compute Admin to create and manage Compute Engine instances.
- VPC Admin to create and manage VPCs, subnets, and network resources.
- Storage Admin to provision and manage Google Cloud Storage buckets.
- IAM Admin to create managed identities and assign roles.
- Service Account Admin to create and manage service accounts. Service
accounts must have the following roles:
- roles/storage.admin for managing GCS buckets;
- roles/compute.admin for creating VMs and managing networks;
- roles/resourcemanager.projectIamAdmin for managing project-level IAM roles.
- Cloud API Access to access APIs and services required by Cloudera.
- The following GCP APIs should be enabled for your project:
- Compute Engine API (compute.googleapis.com) to create and manage virtual machines.
- Cloud Storage API (storage.googleapis.com) to provision storage buckets.
- IAM API (iam.googleapis.com) to manage service accounts and roles.
- Cloud Resource Manager API (cloudresourcemanager.googleapis.com) for project-level role assignments.
- Ensure a total regional vCPU quota of at least 200 cores is available. For larger deployments may require additional quota, which can be requested from GCP support.
- A minimum of 5 public IP addresses is required for public or semi-private deployments. We recommend a quota of 10 public IP addresses for flexibility.
- Select a supported GCP region for your deployment. For more information, see Supported GCP regions.
- Make sure that all services required by Cloudera are available in your selected GCP region. You may need to request that GCP Support whitelists a particular service (such PostgreSQL database) for your subscription in your selected region. For more information, see Overview of GCP resources used by Cloudera.
