Amazon EMR sg for Master and Core nodes

0

Why does Amazon EMR creates inbound rule entries for master and core security groups?

Core SG

Master SG

Documentation says that it creates an entry for all request type on all ports and all IPs addresses, I create this sgs using Amazon CloudFormation, so at the moment to erase them, it throws an exception about a circular dependency.

CloudFormation ERROR

1 Answer
2
Accepted Answer

Why does Amazon EMR creates inbound rule entries for master and core security groups?

This is being implemented so that master and core/task nodes can communicate with each other in the cluster. e.g. ICMP for ping and all other ports ( which should be harmless in general ) for hadoop ports e.g. 8020, 8088 and others.

you can read more about this here -

https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-man-sec-groups.html https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-security-groups.html

it throws an exception about a circular dependency

Yes, this is expected as well. in your automation, you need to put a logic to delete the inbound rules ( as default outbound rule has 0.0.0.0/0 allow ) before deleting the security group(s).

AWS
answered a month ago
AWS
SUPPORT ENGINEER
reviewed 25 days ago
  • Thank you so much for the information, Mr Mishra!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions