From d5ce895cff75d3901b86c360b92ad3d3347b57ef Mon Sep 17 00:00:00 2001 From: Mahmoud Ismail Date: Mon, 4 Nov 2024 11:11:29 +0100 Subject: [PATCH 1/2] [CLOUD-633] Add support for RDRS in the cloud --- docs/setup_installation/aws/instance_profile_permissions.md | 6 ++++-- docs/setup_installation/aws/restrictive_permissions.md | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/setup_installation/aws/instance_profile_permissions.md b/docs/setup_installation/aws/instance_profile_permissions.md index 3be3ad208..caa0430d3 100644 --- a/docs/setup_installation/aws/instance_profile_permissions.md +++ b/docs/setup_installation/aws/instance_profile_permissions.md @@ -48,7 +48,8 @@ Replace the following placeholders with their appropiate values "arn:aws:ecr:REGION:822623301872:repository/airflow", "arn:aws:ecr:REGION:822623301872:repository/git", "arn:aws:ecr:REGION:822623301872:repository/testconnector", - "arn:aws:ecr:REGION:822623301872:repository/flyingduck" + "arn:aws:ecr:REGION:822623301872:repository/flyingduck", + "arn:aws:ecr:REGION:822623301872:repository/rdrs" ] }, { @@ -81,7 +82,8 @@ Replace the following placeholders with their appropiate values "arn:aws:ecr:REGION:ECR_AWS_ACCOUNT_ID:repository/*/airflow", "arn:aws:ecr:REGION:ECR_AWS_ACCOUNT_ID:repository/*/git", "arn:aws:ecr:REGION:ECR_AWS_ACCOUNT_ID:repository/*/testconnector", - "arn:aws:ecr:REGION:ECR_AWS_ACCOUNT_ID:repository/*/flyingduck" + "arn:aws:ecr:REGION:ECR_AWS_ACCOUNT_ID:repository/*/flyingduck", + "arn:aws:ecr:REGION:ECR_AWS_ACCOUNT_ID:repository/*/rdrs" ] }, { diff --git a/docs/setup_installation/aws/restrictive_permissions.md b/docs/setup_installation/aws/restrictive_permissions.md index 6b4b42837..8cb4aabbc 100644 --- a/docs/setup_installation/aws/restrictive_permissions.md +++ b/docs/setup_installation/aws/restrictive_permissions.md @@ -264,7 +264,7 @@ If you are using terraform, then you can also remove most of the *Describe* perm ``` #### Load balancers permissions for external access -If you plan to access your Hopsworks cluster from an external python environment, especially if you plan to use the [ArrowFlight with DuckDB](../../common/arrow_flight_duckdb), then it is required to create a network load balancer that forward requests to the ArrowFlight server(s) co-located with the RonDB MySQL Server(s). If you are not planning to use ArrowFlight server(s) or multiple mysql server(s), you can skip adding the following permissions. If you still wish to use the ArrowFlight server(s) but without adding the following permissions to your cross account role, check [this advanced terraform example for more details](https://github.com/logicalclocks/terraform-provider-hopsworksai/tree/main/examples/complete/aws/advanced/arrowflight-no-loadbalancer-permissions). +If you plan to access your Hopsworks cluster from an external python environment, especially if you plan to use the [ArrowFlight with DuckDB](../../common/arrow_flight_duckdb) and the [Feature store REST API server](../../../user_guides/fs/feature_view/feature-server), then it is required to create a network load balancer that forward requests to the ArrowFlight server(s) co-located with the RonDB MySQL Server(s). If you are not planning to use ArrowFlight server(s) or multiple mysql server(s), you can skip adding the following permissions. If you still wish to use the ArrowFlight server(s) but without adding the following permissions to your cross account role, check [this advanced terraform example for more details](https://github.com/logicalclocks/terraform-provider-hopsworksai/tree/main/examples/complete/aws/advanced/arrowflight-no-loadbalancer-permissions). ```json From d2d849abadad72c92647dbc5bcfba666e96d071d Mon Sep 17 00:00:00 2001 From: Mahmoud Ismail Date: Tue, 5 Nov 2024 09:04:21 +0100 Subject: [PATCH 2/2] fixes for review --- docs/setup_installation/aws/restrictive_permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/setup_installation/aws/restrictive_permissions.md b/docs/setup_installation/aws/restrictive_permissions.md index 8cb4aabbc..d0d9b085c 100644 --- a/docs/setup_installation/aws/restrictive_permissions.md +++ b/docs/setup_installation/aws/restrictive_permissions.md @@ -264,7 +264,7 @@ If you are using terraform, then you can also remove most of the *Describe* perm ``` #### Load balancers permissions for external access -If you plan to access your Hopsworks cluster from an external python environment, especially if you plan to use the [ArrowFlight with DuckDB](../../common/arrow_flight_duckdb) and the [Feature store REST API server](../../../user_guides/fs/feature_view/feature-server), then it is required to create a network load balancer that forward requests to the ArrowFlight server(s) co-located with the RonDB MySQL Server(s). If you are not planning to use ArrowFlight server(s) or multiple mysql server(s), you can skip adding the following permissions. If you still wish to use the ArrowFlight server(s) but without adding the following permissions to your cross account role, check [this advanced terraform example for more details](https://github.com/logicalclocks/terraform-provider-hopsworksai/tree/main/examples/complete/aws/advanced/arrowflight-no-loadbalancer-permissions). +If you plan to access your Hopsworks cluster from an external python environment, especially if you plan to use the [ArrowFlight with DuckDB](../../common/arrow_flight_duckdb) and the [Feature Store REST API server](../../../user_guides/fs/feature_view/feature-server), then it is required to create a network load balancer that forward requests to the ArrowFlight server(s) co-located with the RonDB MySQL Server(s). If you are not planning to use ArrowFlight server(s) or multiple mysql server(s), you can skip adding the following permissions. If you still wish to use the ArrowFlight server(s) but without adding the following permissions to your cross account role, check [this advanced terraform example for more details](https://github.com/logicalclocks/terraform-provider-hopsworksai/tree/main/examples/complete/aws/advanced/arrowflight-no-loadbalancer-permissions). ```json