[ aws . datasync ]

create-location-hdfs

Description

Creates a transfer location for a Hadoop Distributed File System (HDFS). DataSync can use this location as a source or destination for transferring data.

Before you begin, make sure that you understand how DataSync accesses HDFS clusters .

See also: AWS API Documentation

Synopsis

  create-location-hdfs
[--subdirectory <value>]
--name-nodes <value>
[--block-size <value>]
[--replication-factor <value>]
[--kms-key-provider-uri <value>]
[--qop-configuration <value>]
--authentication-type <value>
[--simple-user <value>]
[--kerberos-principal <value>]
[--kerberos-keytab <value>]
[--kerberos-krb5-conf <value>]
--agent-arns <value>
[--tags <value>]
[--cmk-secret-config <value>]
[--custom-secret-config <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]
[--cli-error-format <value>]

Options

--subdirectory (string)

A subdirectory in the HDFS cluster. This subdirectory is used to read data from or write data to the HDFS cluster. If the subdirectory isn’t specified, it will default to / .

Constraints:

• max: 4096
• pattern: ^[a-zA-Z0-9_\-\+\./\(\)\$\p{Zs}]+$

--name-nodes (list) [required]

The NameNode that manages the HDFS namespace. The NameNode performs operations such as opening, closing, and renaming files and directories. The NameNode contains the information to map blocks of data to the DataNodes. You can use only one NameNode.

Constraints:

• min: 1

(structure)

The NameNode of the Hadoop Distributed File System (HDFS). The NameNode manages the file system’s namespace. The NameNode performs operations such as opening, closing, and renaming files and directories. The NameNode contains the information to map blocks of data to the DataNodes.

Hostname -> (string) [required]

The hostname of the NameNode in the HDFS cluster. This value is the IP address or Domain Name Service (DNS) name of the NameNode. An agent that’s installed on-premises uses this hostname to communicate with the NameNode in the network.

Constraints:

• min: 1
• max: 255
• pattern: ^(([a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9\-]*[A-Za-z0-9])$

Port -> (integer) [required]

The port that the NameNode uses to listen to client requests.

Constraints:

• min: 1
• max: 65536

Shorthand Syntax:

Hostname=string,Port=integer ...

JSON Syntax:

[
  {
    "Hostname": "string",
    "Port": integer
  }
  ...
]

--block-size (integer)

The size of data blocks to write into the HDFS cluster. The block size must be a multiple of 512 bytes. The default block size is 128 mebibytes (MiB).

Constraints:

• min: 1048576
• max: 1073741824

--replication-factor (integer)

The number of DataNodes to replicate the data to when writing to the HDFS cluster. By default, data is replicated to three DataNodes.

Constraints:

• min: 1
• max: 512

--kms-key-provider-uri (string)

The URI of the HDFS cluster’s Key Management Server (KMS).

Constraints:

• min: 1
• max: 255
• pattern: ^kms:\/\/http[s]?@(([a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9\-]*[A-Za-z0-9])(;(([a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9\-]*[A-Za-z0-9]))*:[0-9]{1,5}\/kms$

--qop-configuration (structure)

The Quality of Protection (QOP) configuration specifies the Remote Procedure Call (RPC) and data transfer protection settings configured on the Hadoop Distributed File System (HDFS) cluster. If QopConfiguration isn’t specified, RpcProtection and DataTransferProtection default to PRIVACY . If you set RpcProtection or DataTransferProtection , the other parameter assumes the same value.

RpcProtection -> (string)

The RPC protection setting configured on the HDFS cluster. This setting corresponds to your hadoop.rpc.protection setting in your core-site.xml file on your Hadoop cluster.

Possible values:

• DISABLED
• AUTHENTICATION
• INTEGRITY
• PRIVACY

DataTransferProtection -> (string)

The data transfer protection setting configured on the HDFS cluster. This setting corresponds to your dfs.data.transfer.protection setting in the hdfs-site.xml file on your Hadoop cluster.

Possible values:

• DISABLED
• AUTHENTICATION
• INTEGRITY
• PRIVACY

Shorthand Syntax:

RpcProtection=string,DataTransferProtection=string

JSON Syntax:

{
  "RpcProtection": "DISABLED"|"AUTHENTICATION"|"INTEGRITY"|"PRIVACY",
  "DataTransferProtection": "DISABLED"|"AUTHENTICATION"|"INTEGRITY"|"PRIVACY"
}

--authentication-type (string) [required]

The type of authentication used to determine the identity of the user.

Possible values:

• SIMPLE
• KERBEROS

--simple-user (string)

The user name used to identify the client on the host operating system.

Note

If SIMPLE is specified for AuthenticationType , this parameter is required.

Constraints:

• min: 1
• max: 256
• pattern: ^[_.A-Za-z0-9][-_.A-Za-z0-9]*$

--kerberos-principal (string)

The Kerberos principal with access to the files and folders on the HDFS cluster.

Note

If KERBEROS is specified for AuthenticationType , this parameter is required.

Constraints:

• min: 1
• max: 256
• pattern: ^.+$

--kerberos-keytab (blob)

The Kerberos key table (keytab) that contains mappings between the defined Kerberos principal and the encrypted keys. You can load the keytab from a file by providing the file’s address.

Note

If KERBEROS is specified for AuthenticationType , this parameter is required.

Constraints:

• max: 65536

--kerberos-krb5-conf (blob)

The krb5.conf file that contains the Kerberos configuration information. You can load the krb5.conf file by providing the file’s address. If you’re using the CLI, it performs the base64 encoding for you. Otherwise, provide the base64-encoded text.

Note

If KERBEROS is specified for AuthenticationType , this parameter is required.

Constraints:

• max: 131072

--agent-arns (list) [required]

The Amazon Resource Names (ARNs) of the DataSync agents that can connect to your HDFS cluster.

Constraints:

• min: 1
• max: 8

(string)

Constraints:

• max: 128
• pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):datasync:[a-z\-0-9]+:[0-9]{12}:agent/agent-[0-9a-z]{17}$

Syntax:

"string" "string" ...

--tags (list)

The key-value pair that represents the tag that you want to add to the location. The value can be an empty string. We recommend using tags to name your resources.

Constraints:

• min: 0
• max: 50

(structure)

A key-value pair representing a single tag that’s been applied to an Amazon Web Services resource.

Key -> (string) [required]

The key for an Amazon Web Services resource tag.

Constraints:

• min: 1
• max: 256
• pattern: ^[a-zA-Z0-9\s+=._:/-]+$

Value -> (string)

The value for an Amazon Web Services resource tag.

Constraints:

• min: 0
• max: 256
• pattern: ^[a-zA-Z0-9\s+=._:@/-]+$

Shorthand Syntax:

Key=string,Value=string ...

JSON Syntax:

[
  {
    "Key": "string",
    "Value": "string"
  }
  ...
]

--cmk-secret-config (structure)

Specifies configuration information for a DataSync-managed secret, which includes the Kerberos keytab that DataSync uses to access a specific Hadoop Distributed File System (HDFS) storage location, with a customer-managed KMS key.

When you include this parameter as part of a CreateLocationHdfs request, you provide only the KMS key ARN. DataSync uses this KMS key together with the KerberosKeytab you specify for to create a DataSync-managed secret to store the location access credentials.

Make sure that DataSync has permission to access the KMS key that you specify. For more information, see Using a service-managed secret encrypted with a custom KMS key .

Note

You can use either CmkSecretConfig (with KerberosKeytab ) or CustomSecretConfig (without KerberosKeytab ) to provide credentials for a CreateLocationHdfs request. Do not provide both parameters for the same request.

SecretArn -> (string)

Specifies the ARN for the DataSync-managed Secrets Manager secret that that is used to access a specific storage location. This property is generated by DataSync and is read-only. DataSync encrypts this secret with the KMS key that you specify for KmsKeyArn .

Constraints:

• max: 2048
• pattern: ^(arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):secretsmanager:[a-z\-0-9]+:[0-9]{12}:secret:.*|)$

KmsKeyArn -> (string)

Specifies the ARN for the customer-managed KMS key that DataSync uses to encrypt the DataSync-managed secret stored for SecretArn . DataSync provides this key to Secrets Manager.

Constraints:

• max: 2048
• pattern: ^(arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):kms:[a-z\-0-9]+:[0-9]{12}:key/.*|)$

Shorthand Syntax:

SecretArn=string,KmsKeyArn=string

JSON Syntax:

{
  "SecretArn": "string",
  "KmsKeyArn": "string"
}

--custom-secret-config (structure)

Specifies configuration information for a customer-managed Secrets Manager secret where the Kerberos keytab for the HDFS storage location is stored in binary, in Secrets Manager. This configuration includes the secret ARN, and the ARN for an IAM role that provides access to the secret. For more information, see Using a secret that you manage .

Note

You can use either CmkSecretConfig (with KerberosKeytab ) or CustomSecretConfig (without KerberosKeytab ) to provide credentials for a CreateLocationHdfs request. Do not provide both parameters for the same request.

SecretArn -> (string)

Specifies the ARN for an Secrets Manager secret.

Constraints:

• max: 2048
• pattern: ^(arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):secretsmanager:[a-z\-0-9]+:[0-9]{12}:secret:.*|)$

SecretAccessRoleArn -> (string)

Specifies the ARN for the Identity and Access Management role that DataSync uses to access the secret specified for SecretArn .

Constraints:

• max: 2048
• pattern: ^(arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):iam::[0-9]{12}:role/[a-zA-Z0-9+=,.@_-]+|)$

Shorthand Syntax:

SecretArn=string,SecretAccessRoleArn=string

JSON Syntax:

{
  "SecretArn": "string",
  "SecretAccessRoleArn": "string"
}

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command. The generated JSON skeleton is not stable between versions of the AWS CLI and there are no backwards compatibility guarantees in the JSON skeleton generated.

Global Options

--debug (boolean)

Turn on debug logging.

--endpoint-url (string)

Override command’s default URL with the given URL.

--no-verify-ssl (boolean)

By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.

--no-paginate (boolean)

Disable automatic pagination. If automatic pagination is disabled, the AWS CLI will only make one call, for the first page of results.

--output (string)

The formatting style for command output.

• json
• text
• table
• yaml
• yaml-stream
• off

--query (string)

A JMESPath query to use in filtering the response data.

--profile (string)

Use a specific profile from your credential file.

--region (string)

The region to use. Overrides config/env settings.

--version (string)

Display the version of this tool.

--color (string)

Turn on/off color output.

• on
• off
• auto

--no-sign-request (boolean)

Do not sign requests. Credentials will not be loaded if this argument is provided.

--ca-bundle (string)

The CA certificate bundle to use when verifying SSL certificates. Overrides config/env settings.

--cli-read-timeout (int)

The maximum socket read time in seconds. If the value is set to 0, the socket read will be blocking and not timeout. The default value is 60 seconds.

--cli-connect-timeout (int)

The maximum socket connect time in seconds. If the value is set to 0, the socket connect will be blocking and not timeout. The default value is 60 seconds.

--cli-binary-format (string)

The formatting style to be used for binary blobs. The default format is base64. The base64 format expects binary blobs to be provided as a base64 encoded string. The raw-in-base64-out format preserves compatibility with AWS CLI V1 behavior and binary values must be passed literally. When providing contents from a file that map to a binary blob fileb:// will always be treated as binary and use the file contents directly regardless of the cli-binary-format setting. When using file:// the file contents will need to properly formatted for the configured cli-binary-format.

• base64
• raw-in-base64-out

--no-cli-pager (boolean)

Disable cli pager for output.

--cli-auto-prompt (boolean)

Automatically prompt for CLI input parameters.

--no-cli-auto-prompt (boolean)

Disable automatically prompt for CLI input parameters.

--cli-error-format (string)

The formatting style for error output. By default, errors are displayed in enhanced format.

• legacy
• json
• yaml
• text
• table
• enhanced

Output

LocationArn -> (string)

The ARN of the source HDFS cluster location that you create.

Constraints:

• max: 128
• pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):datasync:[a-z\-0-9]+:[0-9]{12}:location/loc-[0-9a-z]{17}$