Outbound network access destinations for GCP

If you have limited outbound internet access (for example due to using a firewall or proxy), review this content to learn which specific outbound destinations must be available in order to register a CDP environment.

The following list includes general destinations as well as GCP-specific destinations.

General endpoints

Description/Usage

CDP service

Destination

Protocol and Authentication

IP Protocol/Port

Comments

Cloudera CCM

Persistent Control Plane connection

All services

IP: 44.234.52.96/27

Hostname pattern: *.ccm.cdp.cloudera.com

SSH public/private key authentication

TCP/6000-6049

One connection per cluster configured; persistent.

Cloudera Databus

Telemetry, billing and metering data

All services

For Control Plane region us-west-1:

dbusapi.us-west-1.sigma.altus.cloudera.com

*.s3.amazonaws.com

For other Control Plane regions: api.<CONTROL-PLANE-REGION>.cdp.cloudera.com

*.s3.amazonaws.com

HTTPS with Cloudera-generated access key for dbus

HTTPS for S3

TCP/443

Regular interval for telemetry, billing, metering services, and used for Workload Manager if enabled. Larger payloads are sent to a Cloudera managed S3 bucket.

Cloudera Manager parcels

Software distribution

Data Hub

Data Lake

archive.cloudera.com

HTTPS

TCP/443

Cloudera’s public software repository. CDN backed service; IP range not predictable.

Control Plane API

CDP API

api.<CONTROL-PLANE-REGION>.cdp.cloudera.com

HTTPS with Cloudera-generated access key

TCP/443

Cloudera’s control plane REST API.

GCP-specific endpoints

Description/Usage

CDP service

Destination

Protocol and Authentication

IP Protocol/Port

Comments

APIs

All services

storage.googleapis.com

iamcredentials.googleapis.com

HTTPS

TCP/443

In addition to adding the listed destinations, you need to configure Private Service Connect. Private Service Connect lets you send traffic to Google APIs using a Private Service Connect endpoint that is private to your VPC network.

To configure Private Service Connect, refer to Configuring Private Service Connect.