Supported deployment modes for private networking in AWS

The Data Warehouse service can be deployed in three different types of modes on AWS cloud resources. These supported deployment modes determine whether your cluster nodes can receive direct connections from the internet.

The supported deployment modes in AWS are:

  1. Public Load Balancer, Public Worker Nodes

    Requires that you specify 3 public subnets in the virtual private cloud (VPC) that is registered with the Management Console in CDP. In this mode, all AWS network components have a publicly visible IP address assigned to them. However, all traffic flows through the Kubernetes ingress controller so services and ports are not directly accessible.

  2. Public Load Balancer, Private Worker Nodes

    Requires that you specify 3 public subnets and 3 private subnets in the VPC that is registered with the Management Console in CDP. In this mode, the Amazon EKS nodes are not assigned public IP addresses. All traffic is routed from the load balancer (Amazon ELB), which is located in a public subnet, to the ingress controller and the private subnet containing the private worker nodes.

  3. Private Load Balancer, Private Worker Nodes

    Requires that you specify 3 private subnets in the VPC that is registered with the Management Console in CDP. This mode also requires that you set up network routing by way of a VPN between your on-premises network and the VPC. Both the load balancer and worker nodes reside in private subnets so no Data Warehouse services have publicly visible IP addresses assigned to them.