Posts: 17
Registered: ‎11-22-2017

security group for the cluster and edges on AWS

Hi all,

I am trying to define security group for the cluster and edge nodes in my environment. Firstly, I know that I should allow the terrific from edges to the cluster security group. Is there any sample that I can follow to define this sort of security group.

Also in Cloudera config file, where should I define the security group for each instance. I know there security group id which is defined at the provider details, but how I can allocate each of these security group to the instances. Look forward to hearing from you.



Cloudera Employee
Posts: 33
Registered: ‎08-24-2015

Re: security group for the cluster and edges on AWS

It's possible to define the security group ids and subnet id at the instance template level (same place where instance type is defined). I'm not sure if there is a sample you can refer to since most Director setups place all cluster instances in the same subnet and security group. Something to keep in mind when setting up the network is that Director requires SSH access to all instances and we generally expect full connectivity among cluster and CM instances. If you want to restrict specific ports, you can refer to the Cloudera Manager docs to see which ports are needed by CM and CDH.