Missing Log Location Base access policy in IDBroker Role
anuragpatro opened this issue · comments
Anurag Patro commented
As per Minimal setup for cloud storage, the IDBROKER_ROLE requires two policies:
- aws-cdp-idbroker-assume-role-policy
- aws-cdp-log-policy
Current cloudera-deploy AWS setup here shows that the IDBroker_role only has the IDBroker Assume Role Policy and is lacking the CDP Log policy hence failing validations in cdpctl, specifically describing the actions under the aws-cdp-log-policy
.
- IdBroker role has the necessary S3 logs location actions. ❌
- IdBroker role has the necessary S3 bucket actions. ❌