create-aws-environment

subtitle

Creates a new AWS environment by providing the cloud provider access and network information. A FreeIPA server will be automatically provisioned when an environment is created.

version

0.9.66

Description

Creates a new AWS environment.

Synopsis

  create-aws-environment
--environment-name <value>
--credential-name <value>
--region <value>
--security-access <value>
--authentication <value>
--log-storage <value>
[--network-cidr <value>]
[--vpc-id <value>]
[--subnet-ids <value>]
[--create-private-subnets | --no-create-private-subnets]
[--create-service-endpoints | --no-create-service-endpoints]
[--endpoint-access-gateway-scheme <value>]
[--endpoint-access-gateway-subnet-ids <value>]
[--s3-guard-table-name <value>]
[--description <value>]
[--enable-tunnel | --no-enable-tunnel]
[--workload-analytics | --no-workload-analytics]
[--report-deployment-logs | --no-report-deployment-logs]
[--free-ipa <value>]
[--image <value>]
[--tags <value>]
[--proxy-config-name <value>]
[--encryption-key-arn <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton]

Options

--environment-name (string)

The name of the environment. Must contain only lowercase letters, numbers and hyphens.

--credential-name (string)

Name of the credential to use for the environment.

--region (string)

The region of the environment.

--security-access (object)

Security control configuration for FreeIPA and Datalake deployment. Choosing a CIDR will automatically create security groups. Alternatively existing security groups can be specified.

cidr -> (string)

CIDR range which is allowed for inbound traffic. Either IPv4 or IPv6 is allowed.

securityGroupIdForKnox -> (string)

Security group where Knox-enabled hosts are placed. Mutually exclusive with cidr.

defaultSecurityGroupId -> (string)

Security group where all other hosts are placed. Mutually exclusive with cidr.

Shorthand Syntax:

cidr=string,securityGroupIdForKnox=string,defaultSecurityGroupId=string

JSON Syntax:

{
  "cidr": "string",
  "securityGroupIdForKnox": "string",
  "defaultSecurityGroupId": "string"
}

--authentication (object)

Additional SSH key authentication configuration for accessing cluster node.

publicKey -> (string)

Public SSH key string. Mutually exclusive with publicKeyId.

publicKeyId -> (string)

Public SSH key ID already registered in the cloud provider. Mutually exclusive with publicKey.

Shorthand Syntax:

publicKey=string,publicKeyId=string

JSON Syntax:

{
  "publicKey": "string",
  "publicKeyId": "string"
}

--log-storage (object)

AWS storage configuration for cluster and audit logs.

storageLocationBase -> (string)

The base location to store logs in S3. This should be an s3a:// url.

instanceProfile -> (string)

The AWS instance profile that which contains the necessary permissions to access the S3 storage location.

backupStorageLocationBase -> (string)

The base location to store backup in S3. This should be an s3a:// url.

Shorthand Syntax:

storageLocationBase=string,instanceProfile=string,backupStorageLocationBase=string

JSON Syntax:

{
  "storageLocationBase": "string",
  "instanceProfile": "string",
  "backupStorageLocationBase": "string"
}

--network-cidr (string)

The network CIDR. This will create a VPC along with subnets in multiple Availability Zones.

--vpc-id (string)

The Amazon VPC ID. Mutually exclusive with networkCidr.

--subnet-ids (array)

One or more subnet IDs within the VPC. Mutually exclusive with networkCidr.

Syntax:

"string" "string" ...

--create-private-subnets | --no-create-private-subnets (boolean)

Whether to create private subnets or not.

--create-service-endpoints | --no-create-service-endpoints (boolean)

Whether to create service endpoints or not.

--endpoint-access-gateway-scheme (string)

The scheme for the endpoint gateway. PUBLIC creates an external endpoint that can be accessed over the Internet. Defaults to PRIVATE which restricts the traffic to be internal to the VPC.

Possible values:

  • PUBLIC

  • PRIVATE

--endpoint-access-gateway-subnet-ids (array)

The subnets to use for endpoint access gateway.

Syntax:

"string" "string" ...

--s3-guard-table-name (string)

The name for the DynamoDB table backing S3Guard.

--description (string)

An description of the environment.

--enable-tunnel | --no-enable-tunnel (boolean)

Whether to enable SSH tunneling for the environment.

--workload-analytics | --no-workload-analytics (boolean)

When this is enabled, diagnostic information about job and query execution is sent to Workload Manager for Data Hub clusters created within this environment.

--report-deployment-logs | --no-report-deployment-logs (boolean)

When true, this will report additional diagnostic information back to Cloudera.

--free-ipa (object)

Request object for creating FreeIPA in the environment.

instanceCountByGroup -> (integer)

The number of FreeIPA instances to create per group when creating FreeIPA in the environment

multiAz -> (boolean)

Flag which marks that the freeIPA will be deployed in a multi-availability zone way or not.

Shorthand Syntax:

instanceCountByGroup=integer,multiAz=boolean

JSON Syntax:

{
  "instanceCountByGroup": integer,
  "multiAz": true|false
}

--image (object)

Request object for FreeIPA image.

catalog -> (string)

Image catalog to use for FreeIPA image selection.

id -> (string)

Image ID to use for creating FreeIPA instances.

Shorthand Syntax:

catalog=string,id=string

JSON Syntax:

{
  "catalog": "string",
  "id": "string"
}

--tags (array)

Tags associated with the resources.

Shorthand Syntax:

key=string,value=string ... (separate items with spaces)

JSON Syntax:

[
  {
    "key": "string",
    "value": "string"
  }
  ...
]

--proxy-config-name (string)

Name of the proxy config to use for the environment.

--encryption-key-arn (string)

ARN of the AWS KMS CMK to use for the server-side encryption of AWS storage resources.

--cli-input-json (string)

Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values.

--generate-cli-skeleton (boolean)

Prints a sample input JSON to standard output. Note the specified operation is not run if this argument is specified. The sample input can be used as an argument for --cli-input-json.

Output

environment -> (object)

The environment.

environmentName -> (string)

Name of the environment.

crn -> (string)

CRN of the environment.

status -> (string)

Status of the environment.

region -> (string)

Region of the environment.

cloudPlatform -> (string)

Cloud platform of the environment.

credentialName -> (string)

Name of the credential of the environment.

network -> (object)

The network.

networkName -> (string)

Name or id of the network

subnetIds -> (array)

Subnet names or ids of the network.

item -> (string)

endpointAccessGatewayScheme -> (string)

The scheme for the endpoint gateway. PUBLIC indicates an external endpoint that can be accessed over the Internet.

endpointAccessGatewaySubnetIds -> (array)

The subnets to use for endpoint access gateway.

item -> (string)

aws -> (object)

AWS network parameters.

vpcId -> (string)

VPC ids of the specified networks.

azure -> (object)

Azure network parameters.

networkId -> (string)

The id of the Azure VNet.

resourceGroupName -> (string)

The name of the resource group associated with the VNet.

usePublicIp -> (boolean)

Whether to associate public ip’s to the resources within the network.

databasePrivateDnsZoneId -> (string)

The ID of an existing private DNS zone used for the database.

gcp -> (object)

GCP network parameters.

networkName -> (string)

The name of the GCP VPC.

usePublicIp -> (boolean)

Whether to associate public ip’s to the resources within the network.

sharedProjectId -> (string)

The ID of the Google project associated with the VPC.

networkCidr -> (string)

The range of private IPv4 addresses that resources will use under this network.

subnetMetadata -> (map)

Additional subnet metadata of the network.

key -> (string)

value -> (object)

Information about a cloud provider subnet.

subnetId -> (string)

The id of the subnet.

subnetName -> (string)

The name of the subnet.

availabilityZone -> (string)

The availability zone of the subnet.

cidr -> (string)

The CIDR IP range of the subnet.

logStorage -> (object)

Storage configuration for cluster and audit logs.

enabled -> (boolean)

Whether external log storage is enabled.

awsDetails -> (object)

AWS-specific log storage configuration information.

storageLocationBase -> (string)

The base location to store logs in S3. This should be an s3a:// url.

instanceProfile -> (string)

The AWS instance profile that which contains the necessary permissions to access the S3 storage location.

azureDetails -> (object)

Azure-specific log storage configuration information.

storageLocationBase -> (string)

The storage location to use. The location has to be in the following format abfs://filesystem@storage-account-name.dfs.core.windows.net.

managedIdentity -> (string)

The managed identity associated with the logger. This identity should have Storage Blob Data Contributor role on the given storage account.

gcpDetails -> (object)

GCP-specific log storage configuration information.

storageLocationBase -> (string)

The storage location to use. This should be a gs:// url.

serviceAccountEmail -> (string)

Email ID of the service account associated with the logging instances.

backupStorage -> (object)

Storage configuration for backup.

enabled -> (boolean)

Whether external backup storage is enabled. The default value is disabled.

awsDetails -> (object)

AWS-specific backup storage configuration information.

storageLocationBase -> (string)

The base location to store backup in S3. This should be an s3a:// url.

instanceProfile -> (string)

The AWS instance profile which contains the necessary permissions to access the S3 storage location.

azureDetails -> (object)

Azure-specific backup storage configuration information.

storageLocationBase -> (string)

The storage location to use. The location has to be in the following format abfs://filesystem@storage-account-name.dfs.core.windows.net.

managedIdentity -> (string)

The managed identity associated with the backup. This identity should have Storage Blob Data Contributor role on the given storage account.

gcpDetails -> (object)

GCP-specific backup storage configuration information.

storageLocationBase -> (string)

The storage location to use. This should be a gs:// url.

serviceAccountEmail -> (string)

Email ID of the service account associated with the backup instances.

authentication -> (object)

Additional SSH key authentication configuration for accessing cluster node instances.

publicKey -> (string)

SSH Public key string.

publicKeyId -> (string)

Public SSH key ID already registered in the cloud provider.

loginUserName -> (string)

The SSH user name created on the nodes for SSH access.

securityAccess -> (object)

Security control configuration for FreeIPA and Datalake deployment.

cidr -> (string)

CIDR range which is allowed for inbound traffic. Either IPv4 or IPv6 is allowed.

securityGroupIdForKnox -> (string)

Security group where Knox-enabled hosts are placed.

defaultSecurityGroupId -> (string)

Security group where all other hosts are placed.

description -> (string)

Description of the environment

statusReason -> (string)

The status reason.

created -> (datetime)

Creation date

creator -> (string)

The CRN of the user who has created the given environment.

awsDetails -> (object)

AWS-specific environment configuration information.

s3GuardTableName -> (string)

The name for the DynamoDB table backing S3Guard.

gcpDetails -> (object)

GCP specific environment configuration information.

sharedProjectId -> (string)

ID of the Google project where the resources are created.

workloadAnalytics -> (boolean)

When this is enabled, diagnostic information about job and query execution is sent to Workload Manager for Data Hub clusters created within this environment.

reportDeploymentLogs -> (boolean)

When true, this will report additional diagnostic information back to Cloudera.

freeipa -> (object)

Details of a FreeIPA cluster.

crn -> (string)

CRN of the FreeIPA cluster.

domain -> (string)

The domain name of the FreeIPA cluster.

hostname -> (string)

The hostname of the FreeIPA cluster.

serverIP -> (array)

The IP addresses of the FreeIPA cluster.

item -> (string)

proxyConfig -> (object)

A proxy config object.

proxyConfigName -> (string)

The name of the proxy config.

crn -> (string)

The CRN of the proxy config.

protocol -> (string)

The protocol.

host -> (string)

The proxy host.

port -> (integer)

The proxy port.

description -> (string)

A description for the proxy config.

noProxyHosts -> (string)

Comma-separated list of ‘CIDR’, ‘[.]host[:port]’ (can be a subdomain as well) and ‘IP[:port]’ entries that should not be proxied. Wildcards are not accepted. For example .cloudera.com,192.168.1.1

user -> (string)

The proxy user.

password -> (string)

The proxy password.

Form Factors

public, private