Prerequisites for private networking in AWS environments

To use the AWS private networking feature in the Cloudera Data Warehouse service, make sure you set up gateway virtual private cloud (VPC) endpoints and that you specify the correct number of public and private subnets for the CDP environment you plan to use for the service.

Set up gateway VPC endpoints to improve performance

For the Public Load Balancer/Private Worker Nodes and the Private Load Balancer/Private Worker Nodes deployment modes where worker nodes are running in private subnets, all outbound internet traffic passes through network address translation (NAT) gateways. For example, traffic created by activities such as downloading Docker images or accessing Cloudera services like billing or metering, S3 storage, and Amazon DynamoDB. To improve performance by reducing the number of network hops for accessing S3 and DynamoDB, set gateway VPC endpoints. A gateway endpoint is a gateway that you specify as a target for a route in your route table for traffic that is destined to either Amazon S3 or DynamoDB, the two supported AWS services.

If your VPC does not contain VPC endpoints that target S3 or DynamoDB, use the Amazon documentation, which is linked to at the bottom of the page, to set them up.

Specify the correct number of public and private subnets for your CDP environment

Depending on which deployment mode you choose, select the correct number of private and public subnets in the VPC environment that you register with the Management Console in CDP. Check the documentation on Supported deployment modes to make sure what combination of public and private VPC subnets are needed before you register your environment.

General instructions for registering an environment are included in the Management Console documentation. A link to this documentation is provided below. When you are on Step 6 where you specify information on the Region, Networking, Security and Storage page of Management Console, specify the appropriate number of public or private subnets in your VPC for the Select Subnets prompt on the page:

Then proceed through the instructions to complete registering your environment with CDP.