Configuring the Qubole Data Service

Prerequisites

../../../_images/infographic.png

Click the respective tab (below) to follow the instructions under each of these steps.

Copy Credentials from QDS

  1. On the Home page, click Account Settings under Control Panel.

    Scroll down to the Access Settings section.

  2. From the Access Settings section, select IAM Role.

  3. Copy the Trusted Principal Account ID and External ID.

    ../../../_images/AccessSettings-IAMRoles.png

Create IAM Policies on AWS

  1. On the AWS Console, enter IAM in the search bar and click Enter. The Identity and Access Management Dashboard page appears.

  2. On the left pane, click Policies.

  3. On the right pane, click Create policy. This opens on a separate page.

  4. On the Create policy page, click the JSON tab.

  5. Copy and paste a JSON file from this page.

  6. Click Review policy.

    ../../../_images/createpolicy.png

  7. In the Name field, enter a name for the policy.

  8. Click Create policy. This creates your Amazon EC2 policy.

  9. Repeat steps 2 through 7 using this JSON code to create the Amazon S3 policy.

Note

Remember to replace <bucketpath> in the JSON text to match your Amazon S3 bucket name (from the prerequisites).

Create IAM Roles on AWS

  1. On the left pane, click Roles.

  2. On the right pane, click Create role. The Create role page appears.

  3. Click AWS service and select EC2. Click Next: Permissions.

    ../../../_images/selectec2.png

  4. In the search field beside Filter policies, search for Qubole, and add both the policies you created.

    ../../../_images/attachpolicies.png

  5. Click Next: Tags.

  6. Add any tags required (optional) and click Next: Review.

  7. Enter a role name and click Create role.

  8. On the Roles page, select the newly created role.

    ../../../_images/EditTrustRelationship.png

  9. Click the Trust Relationship tab and then click Edit trust relationship.

  10. Copy and paste this JSON text.

    Note

    Remember to replace <AccountID> and <ExternalID> in the JSON text to match the ones you saved in step 3 of Copy Credentials from QDS.

  11. Click Update trust policy. This takes you back to the Summary page.

  12. Copy the Role ARN.

Link AWS & QDS accounts

  1. On the Home page, click Account Settings under Control Panel.

  2. Scroll down to the Access Settings section and select IAM Role.

  3. In the Role ARN field, paste the Role ARN that you copied in step 12 of the Create IAM Roles on AWS.

  4. In the Default Location field, enter the Amazon S3 bucket path you had created and Save.

    ../../../_images/defloc.png

That’s it! Your account is set up. Run your first query.


Go back to Tabs.

Caution

Do not use words reserved by Qubole (such as qubole, qbol, Qubole, alias, and Name), while defining resources such as tags, security groups, and so on. See Qubole Cluster EC2 Tags (AWS) for a complete list of words reserved by Qubole.