create-aws-environment¶
- subtitle
Creates a new AWS environment by providing the cloud provider access and network information. A FreeIPA server will be automatically provisioned when an environment is created.
- version
0.9.128
Description¶
Creates a new AWS environment.
Synopsis¶
create-aws-environment
--environment-name <value>
--credential-name <value>
--region <value>
--security-access <value>
--authentication <value>
--log-storage <value>
[--network-cidr <value>]
[--vpc-id <value>]
[--subnet-ids <value>]
[--create-private-subnets | --no-create-private-subnets]
[--create-service-endpoints | --no-create-service-endpoints]
[--endpoint-access-gateway-scheme <value>]
[--endpoint-access-gateway-subnet-ids <value>]
[--description <value>]
[--enable-tunnel | --no-enable-tunnel]
[--workload-analytics | --no-workload-analytics]
[--report-deployment-logs | --no-report-deployment-logs]
[--free-ipa <value>]
[--enable-compute-cluster | --no-enable-compute-cluster]
[--compute-cluster-configuration <value>]
[--image <value>]
[--tags <value>]
[--proxy-config-name <value>]
[--encryption-key-arn <value>]
[--custom-docker-registry <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton]
Options¶
--environment-name
(string)
The name of the environment. Must contain only lowercase letters, numbers and hyphens.
--credential-name
(string)
Name of the credential to use for the environment.
--region
(string)
The region of the environment.
--security-access
(object)
Security control configuration for FreeIPA and Datalake deployment. Choosing a CIDR will automatically create security groups. Alternatively existing security groups can be specified.
cidr -> (string)
CIDR range which is allowed for inbound traffic. Either IPv4 or IPv6 is allowed.
securityGroupIdForKnox -> (string)
Security group where Knox-enabled hosts are placed. Mutually exclusive with cidr.
defaultSecurityGroupId -> (string)
Security group where all other hosts are placed. Mutually exclusive with cidr.
securityGroupIDsForKnox -> (array)
Security group IDs where Knox-enabled hosts are placed. Mutually exclusive with CIDR.
item -> (string)
defaultSecurityGroupIDs -> (array)
Security group IDs where all other hosts are placed. Mutually exclusive with CIDR.
item -> (string)
Shorthand Syntax:
cidr=string,securityGroupIdForKnox=string,defaultSecurityGroupId=string,securityGroupIDsForKnox=string,string,defaultSecurityGroupIDs=string,string
JSON Syntax:
{
"cidr": "string",
"securityGroupIdForKnox": "string",
"defaultSecurityGroupId": "string",
"securityGroupIDsForKnox": ["string", ...],
"defaultSecurityGroupIDs": ["string", ...]
}
--authentication
(object)
Additional SSH key authentication configuration for accessing cluster node.
publicKey -> (string)
Public SSH key string. Mutually exclusive with publicKeyId.
publicKeyId -> (string)
Public SSH key ID already registered in the cloud provider. Mutually exclusive with publicKey.
Shorthand Syntax:
publicKey=string,publicKeyId=string
JSON Syntax:
{
"publicKey": "string",
"publicKeyId": "string"
}
--log-storage
(object)
AWS storage configuration for cluster and audit logs.
storageLocationBase -> (string)
The base location to store logs in S3. This should be an s3a:// url.
instanceProfile -> (string)
The AWS instance profile that which contains the necessary permissions to access the S3 storage location.
backupStorageLocationBase -> (string)
The base location to store backup in S3. This should be an s3a:// url.
Shorthand Syntax:
storageLocationBase=string,instanceProfile=string,backupStorageLocationBase=string
JSON Syntax:
{
"storageLocationBase": "string",
"instanceProfile": "string",
"backupStorageLocationBase": "string"
}
--network-cidr
(string)
The network CIDR. This will create a VPC along with subnets in multiple Availability Zones.
--vpc-id
(string)
The Amazon VPC ID. Mutually exclusive with networkCidr.
--subnet-ids
(array)
One or more subnet IDs within the VPC. Mutually exclusive with networkCidr.
Syntax:
"string" "string" ...
--create-private-subnets
| --no-create-private-subnets
(boolean)
Whether to create private subnets or not.
--create-service-endpoints
| --no-create-service-endpoints
(boolean)
Whether to create service endpoints or not.
--endpoint-access-gateway-scheme
(string)
The scheme for the endpoint gateway. PUBLIC creates an external endpoint that can be accessed over the Internet. Defaults to PRIVATE which restricts the traffic to be internal to the VPC.
Possible values:
PUBLIC
PRIVATE
--endpoint-access-gateway-subnet-ids
(array)
The subnets to use for endpoint access gateway.
Syntax:
"string" "string" ...
--description
(string)
An description of the environment.
--enable-tunnel
| --no-enable-tunnel
(boolean)
Whether to enable SSH tunneling for the environment.
--workload-analytics
| --no-workload-analytics
(boolean)
When this is enabled, diagnostic information about job and query execution is sent to Workload Manager for Data Hub clusters created within this environment.
--report-deployment-logs
| --no-report-deployment-logs
(boolean)
When true, this will report additional diagnostic information back to Cloudera.
--free-ipa
(object)
Request object for creating FreeIPA in the environment.
instanceCountByGroup -> (integer)
The number of FreeIPA instances to create per group when creating FreeIPA in the environment
recipes -> (array)
The recipes for the FreeIPA cluster.
item -> (string)
instanceType -> (string)
Custom instance type of FreeIPA instances.
multiAz -> (boolean)
Flag which marks that the FreeIPA will be deployed in a multi-availability zone way or not.
Shorthand Syntax:
instanceCountByGroup=integer,recipes=string,string,instanceType=string,multiAz=boolean
JSON Syntax:
{
"instanceCountByGroup": integer,
"recipes": ["string", ...],
"instanceType": "string",
"multiAz": true|false
}
--enable-compute-cluster
| --no-enable-compute-cluster
(boolean)
Enable compute clusters for environment
--compute-cluster-configuration
(object)
Request object for creating Externalized compute cluster for the environment.
privateCluster -> (boolean)
If true, creates private cluster.
kubeApiAuthorizedIpRanges -> (array)
Kubernetes API authorized IP ranges in CIDR notation. Mutually exclusive with privateCluster.
item -> (string)
workerNodeSubnets -> (array)
Specify subnets for Kubernetes Worker Nodes
item -> (string)
Shorthand Syntax:
privateCluster=boolean,kubeApiAuthorizedIpRanges=string,string,workerNodeSubnets=string,string
JSON Syntax:
{
"privateCluster": true|false,
"kubeApiAuthorizedIpRanges": ["string", ...],
"workerNodeSubnets": ["string", ...]
}
--image
(object)
Request object for FreeIPA image.
catalog -> (string)
Image catalog to use for FreeIPA image selection.
id -> (string)
Image ID to use for creating FreeIPA instances.
os -> (string)
The OS to use for creating FreeIPA instances.
Shorthand Syntax:
catalog=string,id=string,os=string
JSON Syntax:
{
"catalog": "string",
"id": "string",
"os": "string"
}
--tags
(array)
Tags associated with the resources.
Shorthand Syntax:
key=string,value=string ... (separate items with spaces)
JSON Syntax:
[
{
"key": "string",
"value": "string"
}
...
]
--proxy-config-name
(string)
Name of the proxy config to use for the environment.
--encryption-key-arn
(string)
ARN of the AWS KMS CMK to use for the server-side encryption of AWS storage resources.
--custom-docker-registry
(object)
The desired custom docker registry for data services to be used.
crn -> (string)
The CRN of the desired custom docker registry for data services to be used.
Shorthand Syntax:
crn=string
JSON Syntax:
{
"crn": "string"
}
--cli-input-json
(string)
Performs service operation based on the JSON string provided. The JSON string follows the format provided by
--generate-cli-skeleton
. If other arguments are provided on the command line, the CLI values will override the JSON-provided values.
--generate-cli-skeleton
(boolean)
Prints a sample input JSON to standard output. Note the specified operation is not run if this argument is specified. The sample input can be used as an argument for
--cli-input-json
.
Output¶
environment -> (object)
The environment.
environmentName -> (string)
Name of the environment.
crn -> (string)
CRN of the environment.
status -> (string)
Status of the environment.
region -> (string)
Region of the environment.
cloudPlatform -> (string)
Cloud platform of the environment.
credentialName -> (string)
Name of the credential of the environment.
network -> (object)
The network.
networkName -> (string)
Name or id of the network
subnetIds -> (array)
Subnet names or ids of the network.
item -> (string)
endpointAccessGatewayScheme -> (string)
The scheme for the endpoint gateway. PUBLIC indicates an external endpoint that can be accessed over the Internet.
endpointAccessGatewaySubnetIds -> (array)
The subnets to use for endpoint access gateway.
item -> (string)
aws -> (object)
AWS network parameters.
vpcId -> (string)
VPC ids of the specified networks.
azure -> (object)
Azure network parameters.
networkId -> (string)
The id of the Azure VNet.
resourceGroupName -> (string)
The name of the resource group associated with the VNet.
usePublicIp -> (boolean)
Whether to associate public ip’s to the resources within the network.
databasePrivateDnsZoneId -> (string)
The full Azure resource ID of the existing Private DNS Zone used for Flexible Server and Single Server Databases.
aksPrivateDnsZoneId -> (string)
The full Azure resource ID of an existing Private DNS zone used for the AKS.
enableOutboundLoadBalancer -> (boolean)
Whether the outbound load balancer was created for this environment.
flexibleServerSubnetIds -> (array)
The subnets delegated for Flexible Server database. Accepts either the name or the full resource id.
item -> (string)
gcp -> (object)
GCP network parameters.
networkName -> (string)
The name of the GCP VPC.
usePublicIp -> (boolean)
Whether to associate public ip’s to the resources within the network.
sharedProjectId -> (string)
The ID of the Google project associated with the VPC.
networkCidr -> (string)
The range of private IPv4 addresses that resources will use under this network.
subnetMetadata -> (map)
Additional subnet metadata of the network.
key -> (string)
value -> (object)
Information about a cloud provider subnet.
subnetId -> (string)
The id of the subnet.
subnetName -> (string)
The name of the subnet.
availabilityZone -> (string)
The availability zone of the subnet.
cidr -> (string)
The CIDR IP range of the subnet.
logStorage -> (object)
Storage configuration for cluster and audit logs.
enabled -> (boolean)
Whether external log storage is enabled.
awsDetails -> (object)
AWS-specific log storage configuration information.
storageLocationBase -> (string)
The base location to store logs in S3. This should be an s3a:// url.
instanceProfile -> (string)
The AWS instance profile that which contains the necessary permissions to access the S3 storage location.
azureDetails -> (object)
Azure-specific log storage configuration information.
storageLocationBase -> (string)
The storage location to use. The location has to be in the following format abfs://filesystem@storage-account-name.dfs.core.windows.net.
managedIdentity -> (string)
The managed identity associated with the logger. This identity should have Storage Blob Data Contributor role on the given storage account.
gcpDetails -> (object)
GCP-specific log storage configuration information.
storageLocationBase -> (string)
The storage location to use. This should be a gs:// url.
serviceAccountEmail -> (string)
Email ID of the service account associated with the logging instances.
backupStorage -> (object)
Storage configuration for backup.
enabled -> (boolean)
Whether external backup storage is enabled. The default value is disabled.
awsDetails -> (object)
AWS-specific backup storage configuration information.
storageLocationBase -> (string)
The base location to store backup in S3. This should be an s3a:// url.
instanceProfile -> (string)
The AWS instance profile which contains the necessary permissions to access the S3 storage location.
azureDetails -> (object)
Azure-specific backup storage configuration information.
storageLocationBase -> (string)
The storage location to use. The location has to be in the following format abfs://filesystem@storage-account-name.dfs.core.windows.net.
managedIdentity -> (string)
The managed identity associated with the backup. This identity should have Storage Blob Data Contributor role on the given storage account.
gcpDetails -> (object)
GCP-specific backup storage configuration information.
storageLocationBase -> (string)
The storage location to use. This should be a gs:// url.
serviceAccountEmail -> (string)
Email ID of the service account associated with the backup instances.
authentication -> (object)
Additional SSH key authentication configuration for accessing cluster node instances.
publicKey -> (string)
SSH Public key string.
publicKeyId -> (string)
Public SSH key ID already registered in the cloud provider.
loginUserName -> (string)
The SSH user name created on the nodes for SSH access.
securityAccess -> (object)
Security control configuration for FreeIPA and Datalake deployment.
cidr -> (string)
CIDR range which is allowed for inbound traffic. Either IPv4 or IPv6 is allowed.
securityGroupIdForKnox -> (string)
Security group where Knox-enabled hosts are placed.
defaultSecurityGroupId -> (string)
Security group where all other hosts are placed.
description -> (string)
Description of the environment
statusReason -> (string)
The status reason.
created -> (datetime)
Creation date
creator -> (string)
The CRN of the user who has created the given environment.
awsDetails -> (object)
AWS-specific environment configuration information.
azureDetails -> (object)
Azure specific environment configuration information.
resourceGroupName -> (string)
Name of an existing Azure resource group to be used for the environment. If it is not specified then new resource groups will be generated.
resourceEncryptionParameters -> (object)
Object containing details of encryption parameters for Azure cloud.
encryptionKeyUrl -> (string)
URL of the key which is used to encrypt the Azure Managed Disks.
encryptionKeyResourceGroupName -> (string)
Name of the existing Azure resource group hosting the Azure Key Vault containing customer managed key which is used to encrypt the Azure Managed Disks.
diskEncryptionSetId -> (string)
ID of the Disk Encryption Set created in Azure which is used to encrypt Managed Disks of FreeIPA, Data Lake, Data Hub and PostgreSQL.
encryptionUserManagedIdentity -> (string)
User managed identity for encryption.
gcpDetails -> (object)
GCP specific environment configuration information.
sharedProjectId -> (string)
ID of the Google project where the resources are created.
workloadAnalytics -> (boolean)
When this is enabled, diagnostic information about job and query execution is sent to Workload Manager for Data Hub clusters created within this environment.
reportDeploymentLogs -> (boolean)
When true, this will report additional diagnostic information back to Cloudera.
freeipa -> (object)
Details of a FreeIPA cluster.
crn -> (string)
CRN of the FreeIPA cluster.
domain -> (string)
The domain name of the FreeIPA cluster.
hostname -> (string)
The hostname of the FreeIPA cluster.
serverIP -> (array)
The IP addresses of the FreeIPA cluster.
item -> (string)
recipes -> (array)
The recipes for the FreeIPA cluster.
item -> (string)
instances -> (array)
The instances of the FreeIPA cluster.
item -> (object)
Object for a FreeIPA instance providing specific information about the instance.
availabilityZone -> (string)
The availability zone of the instance.
discoveryFQDN -> (string)
The fully qualified domain name of the instance in the service discovery cluster.
instanceId -> (string)
The instance ID for the instance.
instanceGroup -> (string)
The instance group that contains the instance.
instanceStatus -> (string)
The status of the instance.
instanceStatusReason -> (string)
The status reason for the instance.
instanceType -> (string)
The type of the instance (either GATEWAY or GATEWAY_PRIMARY).
instanceVmType -> (string)
The VM type of the instance. Supported values depend on the cloud platform.
lifeCycle -> (string)
The life cycle type for the instance (either NORMAL or SPOT).
privateIP -> (string)
The private IP of the instance.
publicIP -> (string)
The public IP of the instance.
sshPort -> (integer)
The SSH port of the instance.
subnetId -> (string)
The subnet ID of the instance.
attachedVolumes -> (array)
List of volumes attached to this instance.
item -> (object)
The attached volume configuration.
count -> (integer)
The number of volumes.
volumeType -> (string)
The type of volumes.
size -> (integer)
The size of each volume in GB.
instanceCountByGroup -> (integer)
The number of FreeIPA instances to create per group when creating FreeIPA in environment.
multiAz -> (boolean)
Whether the given FreeIPA is deployed in a multi-availability zone way or not.
proxyConfig -> (object)
A proxy config object.
proxyConfigName -> (string)
The name of the proxy config.
crn -> (string)
The CRN of the proxy config.
protocol -> (string)
The protocol.
host -> (string)
The proxy host.
port -> (integer)
The proxy port.
description -> (string)
A description for the proxy config.
noProxyHosts -> (string)
Comma-separated list of ‘CIDR’, ‘[.]host[:port]’ (can be a subdomain as well) and ‘IP[:port]’ entries that should not be proxied. Wildcards are not accepted. For example .cloudera.com,192.168.1.1
user -> (string)
The proxy user.
password -> (string)
The proxy password.
inboundProxyCidr -> (array)
Allow these CIDR for Inbound communication.
item -> (string)
tags -> (object)
Environment tags object containing the tag values defined for the environment.
userDefined -> (map)
Map of tag names to values, for user-defined tags.
key -> (string)
value -> (string)
Tag value for the user-defined tag.
defaults -> (map)
Map of tag names to values, for default tags.
key -> (string)
value -> (string)
Tag value for the default tag.
dataServices -> (object)
Data Services parameters response of the environment.
azure -> (object)
Azure-specific Data Service parameters response.
sharedManagedIdentity -> (string)
User-assigned managed identity used by the AKS control plane.
customDockerRegistry -> (object)
The configured custom docker registry for data services.
crn -> (string)
The CRN of the configured custom docker registry for data services on the environment.
awsComputeClusterConfiguration -> (object)
Externalized compute cluster configuration for the environment.
privateCluster -> (boolean)
If true, creates private cluster.
kubeApiAuthorizedIpRanges -> (array)
Kubernetes API authorized IP ranges in CIDR notation.
item -> (string)
workerNodeSubnets -> (array)
Subnets for Kubernetes Worker Nodes
item -> (string)
azureComputeClusterConfiguration -> (object)
Externalized compute cluster configuration for the environment.
privateCluster -> (boolean)
If true, creates private cluster.
kubeApiAuthorizedIpRanges -> (array)
Kubernetes API authorized IP ranges in CIDR notation.
item -> (string)
outboundType -> (string)
Cluster egress with defined outbound type in Azure Kubernetes Service.
workerNodeSubnets -> (array)
Subnets for Kubernetes Worker Nodes
item -> (string)
computeClusterEnabled -> (boolean)
Compute clusters enabled
Form Factors¶
public, private