Skip to main content

Create a security group for VPC Endpoint

When deploying a CelerData cluster, you can either use the same security group for the VPC Endpoint as the one for the cluster, or create a different one for the VPC Endpoint for fine-granular security control.

You do not have to create the security group for VPC Endpoint before deploying the cluster. It can be done after the deployment.

To create a security group for VPC Endpoint, follow these steps:

  1. Sign in to the AWS VPC console as a user with administrator privileges.

  2. In the upper-right corner of the page, select your AWS region.

  3. In the left-side navigation pane, choose Security > Security groups.

  4. On the Security groups page, click Create security group.

  5. On the Create security group page, do as follows:

    a. For Security group name, enter a name for the security group.

    NOTE

    A name can be up to 255 characters in length. Allowed characters are lowercase letters (a-z), uppercase letters (A-Z), digits (0-9), spaces, and the following special characters: ._-:/()#,@[]+=;{}!$*. If the name contains trailing spaces, we trim the spaces when we save the name. For example, if you enter "Test Security Group " for the name, we store it as "Test Security Group".

    b. For Description, enter a description for the security group.

    NOTE

    A description can be up to 255 characters in length. Allowed characters are lowercase letters (a-z), uppercase letters (A-Z), digits (0-9), spaces, and the following special characters: ._-:/()#,@[]+=;{}!$*.

    c. For VPC, select the VPC with which you want to associate the security group.

    d. Click Create security group.

    NOTICE

    Do not create inbound or outbound rules in this step. Create inbound and outbound rules after the security group is created.

    You are directed to the details page of the security group that you just created.

  6. Create inbound and outbound rules for the security group.

    Create inbound rules as follows:

    a. On the Inbound rules tab, click Edit inbound rules.

    b. On the Edit inbound rules page, click Add rule to add an inbound rule.

    c. Edit the inbound rule as follows:

    • Set Type to Custom TCP.
    • Set Port range to 443.
    • Select the security group of your CelerData cluster from the Source drop-down list. Note that it is not the security group you just created.

    d. Click Save rules.

    Create outbound rules as follows:

    a. On the Outbound rules tab, click Edit outbound rules.

    b. On the Edit outbound rules page, delete the default outbound rule and click Add rule twice to add two outbound rules.

    c. Edit the outbound rule as follows:

    • Set Type to HTTPS.
    • Select 0.0.0.0/0 from the Destination drop-down list.

    d. Click Save rules.

  7. Copy the ID of the security group and save the ID to a location that you can access later.