Create an AWS Security Group
To allow communication between Dremio and other resources in your VPC, a security group must be created.
To create a security group for your VPC:
- Login to the AWS VPC Console and navigate to Security Groups from the navigation pane.
- Choose Create security group.
To create a security group, perform the following steps:
From the AWS VPC Console, navigate to Security Groups.
Click Create a security group.
Enter a Security Group Name and Description to identify the policy (for example, dremio-SG and Outbound access to Dremio). These cannot be changed again once the group is created.
For VPC, select the ID of the AWS VPC that you will use for your Dremio Cloud account.
Editing Inbound and Outbound Rules for the Security Group
Editing Inbound Rules
You need to edit the inbound rules to allow communication between Dremio Cloud engine nodes. All engine nodes are within your AWS VPC. There is no inbound communication needed from Dremio into your VPC.
To edit inbound rules:
- Find the security group you created in the previous step (for example dremio-SG) and select the Edit Inbound rules action.
- For Type, select Custom TCP.
- For Port range, enter 45678.
- For Source, select Custom. If your security group (for example dremio-SG) is not pre-populated, search for it and select it.
If you’re setting up a PrivateLink configuration, complete steps 5 and on. Otherwise, skip to step 9.
- Click Add rule again
- For Type, select Custom TCP or HTTPS.
- For Port range, enter 443.
- Select the same Source as the first rule.
- Click Save Rules.
Editing Outbound Rules
Edit outbound rules to allow Dremio Cloud engines in your VPC outbound access to connect to S3 and other sources.
To edit outbound rules:
- Find the security group you created in the previous step (for example dremio-SG) and select the Edit Outbound rules action.
- For Type, select All TCP.
- For the Destination, select Custom and 0.0.0.0/0.
- Click Save Rules.
- Inbound rule: Rules for a security group that authorize or revoke access to receiving/inbound traffic (ingress).
- Outbound rule: Rules for a security group that authorize or revoke access to sent/outbound traffic (egress).
- Security group: Virtual firewalls for a VPC that control both inbound and outbound traffic (via rules).
- VPC: Also known as a virtual private cloud, these act as virtual networks based solely off your AWS account and are completely isolated from any other AWS Cloud virtual networks.