Preparing Your AWS EC2 Resources

You must set up a VPC and create an SSH key pair in the AWS environment before deploying Altus Director.

Setting Up a VPC

Altus Director requires an Amazon Virtual Private Cloud (Amazon VPC) to implement its virtual environment. The Amazon VPC must be set up for forward and reverse hostname resolution.

Perform the following steps:

  1. Log in to the AWS Management Console and make sure you are in the desired region. The current region is displayed in the upper-right corner of the AWS Management Console. Click the region name to change your region.
  2. In the AWS Management Console, select VPC in the Networking section.
  3. Click Start VPC Wizard. (Click VPC Dashboard in the left side pane if the Start VPC Wizard button is not displayed.)
  4. Select the desired VPC configuration. For the easiest way to get started, select VPC with a Single Public Subnet. Make sure that DNS Hostnames is set to Yes in the Edit DNS Hostnames dialog.
  5. Complete the VPC wizard, and then click Create VPC.

Configuring your Security Group

Altus Director requires the following inbound ports to be open:

Ports
Type Protocol Port Range Source
ALL Traffic ALL ALL security_group_id
SSH (22) TCP (6) 22 <your ip address>

Creating a New Security Group

The simplest way to set up the required network connectivity for Altus Director is to create a security group for your VPC and allow traffic between members of this security group as described below. With this approach, you do not have to specify each part that is required by Cloudera Manager.

  1. In the left pane, click Security Groups.
  2. Click Create Security Group.
  3. Enter a name and description. Make sure to select the VPC you created from the VPC list box.
  4. Click Yes, Create.

Select the newly created security group and add inbound rules as detailed in the Ports table.

The configured security group should look similar to the following, but with your own values in the Source column.



For more information about security groups in AWS, see Security Groups for Your VPC. If your organization's network policies are more restrictive, and you need to specify each port required by Cloudera Manager, see Ports Used by Cloudera Manager and Cloudera Navigator in the Cloudera Manager documentation for details.

Creating an SSH Key Pair

To interact with the cluster launcher and other instances, you must create an SSH key pair or use an existing EC2 key pair. For information on importing an existing key pair, see Amazon EC2 Key Pairs in the AWS documentation. If you do not have a key pair, follow these steps:

  1. Select EC2 in Compute section of the AWS console.
  2. In the Network & Security section of the left pane, click Key Pairs.
  3. Click Create Key Pair. In the Create Key Pair dialog box, enter a name for the key pair and click Create.
  4. Note the key pair name. Move the automatically downloaded private key file (with the .pem extension) to a secure location and note the location. For Mac OS X, the key pair file is initially stored in the Downloads folder.
    • On Mac OS X, a secure location for storing the private key file is the hidden ~/.ssh folder.
    • Enter the following command in a terminal window to move the key pair file from the Downloads folder to the SSH folder:
      $ mv name_of_key_pair.pem ~/.ssh

You are now ready to launch an EC2 instance.