Amazon AWS #
This page covers configuration from AWS to your Starburst Galaxy cluster.
In addition, read more about different connectivity configuration support for AWS.
- AWS IP allow list
- Set up a bastion host in AWS
- AWS external security
- AWS cross-region support
- AWS PrivateLink
Cross account IAM roles #
AWS cross account IAM role usage is more secure than using access keys, and is often the only allowed method to authenticate to data sources.
In Starburst Galaxy, you can use an AWS cross account IAM role to configure access to data in S3 and the metadata in Amazon Glue in your S3 catalogs. This means you can define a cross account IAM role once, and then use it in multiple catalogs.
Use the following steps to configure a cross account IAM role:
-
Configure a cross account IAM role in your AWS console, and take note of the ARN in the summary section. Alternatively request the ARN from your network administrator.
-
Open Admin in the Starburst Galaxy navigation menu.
-
Expand the Admin > Cloud Settings menu, and select the AWS tab.
-
In Cross account IAM roles, click Configure IAM role.
-
Provide a Starburst Galaxy-internal name for the IAM role in the Cross account IAM role alias field. This value displays in the list of cross account IAM roles as well as in the selection dialog in the catalog configuration.
-
Input the ARN in the AWS IAM ARN field.
-
Click Validate cross account IAM role.
-
The new cross account IAM role is now configured in your account.
-
Click Close. Your new role is now listed in the Cross account IAM roles list.
SSH tunnels #
Securely connect to private data sources using an SSH tunnel through a bastion host.
Learn how to set up an SSH tunnel.
Is the information on this page helpful?
Yes
No