Restricting access to endpoints in AWS environments
You can restrict access to Kubernetes endpoints and service endpoints of the Kubernetes cluster at the load balancer level by specifying a list of IP CIDRs that are allowed access. Kubernetes endpoints are used to control the deployment and maintenance of workload components, such as Virtual Warehouses and Database Catalogs. Service endpoints are endpoints of services like Hive, Impala, Data Analytics Studio, or Hue. Specifying allowed IP addresses is called "whitelisting." You can specify whitelisted IP addresses when you activate a CDP environment to use in the Data Warehouse service or in the Environment Details page. Otherwise, all external IP addresses can access these endpoints on the Kubernetes cluster that is being used in the Data Warehouse service.
Required role: DWAdmin
In the Data Warehouse service, expand the Environments
column by clicking the More… menu:
In the Environments column, click the search icon and locate
the environment you registered with CDP where you want to specify access for IP CIDRs:
When you locate the environment, click the activation icon to launch the
Activation Settings dialog box where you can specify the IP CIDRs
that have access to the Kubernetes and service endpoints of the Kubernetes cluster:
In the Activation Settings dialog box, specify a comma-separated
list of IP CIDRs that you want to be able to access your Kubernetes and service endpoints
in the Whitelist IP CIDR(s) text box:
- After specifying the IP CIDRs, click Activate.