I have couple of questions:
1) I'm unable to modify the security groups directly from the AWS console for security groups created by cloudbreak. Neither does cloudbreak provide any option to modify the security group after the cluster deployment. Am I missing something?
2) I created a security group in cloudbreak that opens all ports only within my company's exit IP. The cluster creation hangs with no information in the cbd logs. Is it mandatory to open up 22 and 443 globally?
Thanks for your reply.
Reg. point 2, I understand ports 443 and 22 needs to be there in every security group but should they be opened globally i.e 0.0.0.0/0?
They should not be opened globally - they should be accessed by the Cloudbreak application. You can deploy the Cloudbreak application (with CBD) on the same VPC (and/or subnet) as where the HDP clusters are provisioned - in that case it should not be opened globally. If you use the hosted Cloudbreak application (cloudbreak.sequenceiq.com) that you will have to open globally - but it's not really recommended, as you should use your own Cloudbreak instance.
Those ports don't need to be opened to all IPs. If you know what CIDR block or subnet(s) your cluster is on along with the Ambari server, then just open the ports up for that CIDR block, that should work.