Skip to main content

Create a security group for NLB

When deploying a CelerData cluster, you can either use the same security group for the NLB as the one for the cluster, or create a different one for the NLB against your CelerData cluster for fine-granular security control.

The NLB is the endpoint you will access to submit SQL queries or Stream Load requests to ingest data.

To create a security group for NLB, follow these steps:

  1. Sign in to the AWS VPC console as a user with administrator privileges.

  2. In the upper-right corner of the page, select your AWS region.

  3. In the left-side navigation pane, choose Security > Security groups.

  4. On the Security groups page, click Create security group.

  5. On the Create security group page, do as follows:

    a. For Security group name, enter a name for the security group.

    NOTE

    A name can be up to 255 characters in length. Allowed characters are lowercase letters (a-z), uppercase letters (A-Z), digits (0-9), spaces, and the following special characters: ._-:/()#,@[]+=;{}!$*. If the name contains trailing spaces, we trim the spaces when we save the name. For example, if you enter "Test Security Group " for the name, we store it as "Test Security Group".

    b. For Description, enter a description for the security group.

    NOTE

    A description can be up to 255 characters in length. Allowed characters are lowercase letters (a-z), uppercase letters (A-Z), digits (0-9), spaces, and the following special characters: ._-:/()#,@[]+=;{}!$*.

    c. For VPC, select the VPC with which you want to associate the security group.

    d. Click Create security group.

    NOTICE

    Do not create inbound or outbound rules in this step. Create inbound and outbound rules after the security group is created.

    You are directed to the details page of the security group that you just created.

  6. Create inbound and outbound rules for the security group.

    Create inbound rules as follows:

    a. On the Inbound rules tab, click Edit inbound rules.

    b. On the Edit inbound rules page, click Add rule to add an inbound rule.

    c. Edit the inbound rule as follows:

    • Set Type to Custom TCP.
    • Set Port range to 9030.
    • Select Anywhere-IPv4 from the Source drop-down list.

    d. (Optional) If you will need to ingest data from your local file system via Stream Load, add another inbound rule as follows:

    • Set Type to HTTPS.
    • Select Anywhere-IPv4 from the Source drop-down list.

    e. Click Save rules.

    Create outbound rules as follows:

    a. On the Outbound rules tab, click Edit outbound rules.

    b. On the Edit outbound rules page, delete the default outbound rule and click Add rule twice to add two outbound rules.

    c. Edit the outbound rule as follows:

    • Set Type to Custom TCP.
    • Set Port range to 9030.
    • Select the security group of your CelerData cluster from the Destination drop-down list. Note that it is not the security group you just created.

    d. (Optional) If you will need to ingest data from your local file system via Stream Load, add another outbound rule as follows:

    • Set Type to HTTPS.
    • Select the security group of your CelerData cluster from the Destination drop-down list. Note that it is not the security group you just created.

    e. Click Save rules.

  7. Copy the ID of the security group and save the ID to a location that you can access later.