Security groups determine the inbound and outbound traffic to and from your CDP environment. That is, you should use security group settings to allow users from your organization access to CDP resources.
You have two options:
- Use your existing security groups (recommended for production)
- Have CDP create new security groups
You should verify the security group limits in your AWS account to ensure that you can create security groups for CDP.
Existing security groups
If you would like to create your own security groups, you need to create two security groups. Ensure that the inbound settings allow traffic via the ports described in the AWS environment prerequisites: Security groups documentation. This option is recommended for production.
New security groups
If you would like CDP to create the security groups for you, you need to provide a CIDR range for inbound traffic to EC2 instances from your organization. CDP creates multiple security groups: one for each Data Lake host group, one for each FreeIPA host group, and one per host group when Data Hub, Data Warehouse, and Machine Learning clusters are created. On these security groups, CDP opens ports as described in Default security group settings documentation.