Update Security Group - Teaching Big Data Skills with Amazon EMR

Update Security Group

Once your baseline infrastructure is set up, update your security group {emr-web-access-sg} with a few inbound rules. These rules allow you to access the EMR cluster and its resources.

To update the security group:

  1. Sign in to the AWS Management Console and choose Services, then VPC.

  2. In the left navigation pane, choose Security Groups.

  3. In the list of security groups, select emr-web-access-sg. Choose the Inbound rules tab, then choose Edit Inbound rules.

    Note

    Use caution when you edit security group rules. Be sure to add rules that only allow traffic from trusted clients for the protocols and ports that are required. We do not recommend any inbound rules that allow public access, that is, traffic from sources specified as IPv4 0.0.0.0/0 or IPv6 ::/0.

    Security Groups interface showing EMR security group with options to edit inbound rules.

    Figure 8: Edit inbound rules

  4. Add the following inbound rules:

    Type Protocol Port Source IP Description
    Custom TCP TCP 22 {IP address or CIDR block} For connecting to the Amazon EMR master node using SSH to run interactive queries, examine log files, submit Linux commands, and more.
    Custom TCP TCP 80 {IP address or CIDR block}

    For accessing Ganglia

    http://master-public-dns-name/ganglia/

    Custom TCP TCP 8088 {IP address or CIDR block}

    For accessing YARN Resource manager

    http://master-public-dns-name:8088/

    Custom TCP TCP 8890 {IP address or CIDR block}

    For accessing Zeppelin

    http://master-public-dns-name:8890/

    Custom TCP TCP 8888 {IP address or CIDR block}

    For access to Hue

    http://master-public-dns-name:8888/

    Custom TCP TCP 18080 {IP address or CIDR block}

    For accessing the Spark History server

    http://master-public-dns-name:18080/

  5. Choose Save rules.