search

Configure Cross-account Catalog to Access Unity Catalog

To connect your e6data Workspace to a unity catalog and S3 data source in a different cloud account, please follow the steps below:

circle-info

This guide assumes:

  • the e6data Workspace (clusters/compute) is installed in a cloud account named Account A.

  • the unity catalog & S3 data stores are located in a different cloud account named Account B.

  • Both Account A & Account B are in the same AWS region.

hashtag
Step 1: Create policies to access S3 data sources in Account B

  1. Sign in to the Account B AWS Console.

  2. Search for IAM.

  3. In the navigation pane, choose Roles.

  4. Click Create role.

  5. Under Select type of trusted entity, choose AWS account.

  6. Click on Another AWS account to enter the Account ID.

  7. Enter the account ID of Account A.

  8. Click Next: Permissions.

  9. Attach the below policy to the role.

  10. Replace the ARN of the S3 bucket/s containing the data.

S3 & Hive Policy

  • Click Next: Add tags.

  • Optional: You can add tags to the role. Or leave these fields blank, and click Next: Review.

  • Enter a Role name that follows your organization's naming convention.

  • Click Create role.

  1. Copy the ARN of the newly created role.

Step 2: Configure access in Account A

  • In Account B, copy the ARN of the role created in

  • Sign in to the Account A AWS Console.

  • Create a policy and choose the JSON view.

  • Replace the ARN with the ARN of the role created in Account B.

  • Copy & paste the edited

  • In Account A, attach the policy created in Step 3 to:

    e6data_engine_role (e6data-workspace-<workspace_name>-engine-role)

STS Policy

PreviousConfigure Cross-account Catalog to Access AWS Hive MetastoreNextConfigure Cross-account Catalog to Access AWS Glue

Last updated