Security groups created in E-MapReduce can be used during the creation of clusters.
Only the port 22 is accessible in the cluster created by E-MapReduce. We recommend that you divide ECS instances by function, and put them into different user security groups. For example, the security group of E-MapReduce is E-MapReduce security group, while the security group that you have created is User security group. Each security group is provided with unique access control as required.
If it is necessary to link with the cluster that has been created, follow these steps.
Add E-MapReduce cluster to the existing security group
- Log on to theAlibaba Cloud E-MapReduce console.
- At the top of the page, click Cluster Management.
- Click View Details.
- In the Network tab, find Security Group ID and click the ID link.
- In the left-side menu, click Instances in Security Group to view security group names of all ECS instances.
- Log on to the Alibaba Cloud ECS console, and in the left-side navigation panel, click Security Group to find the security group entry in the list as viewed in the preceding step.
- Click Manage Instances in a security group, and see ECS instances names starting with emr-xxx. These are the corresponding ECS instances in an E-MapReduce cluster.
- Select all these instances, click Move to security group, and then select a security group to move an E-MapReduce cluster to an existing group.
Add the existing cluster into E-MapReduce security group
Find the security group where the existing cluster is located. Repeat the preceding operations, and move to the E-MapReduce security group. Select scattered machines in the ECS console directly and move the clusters to E-MapReduce security group in batch.
Security group rules
The security group rules are subject to the OR relationship when an ECS instance is in several different security groups. For example, only port 22 of the E-MapReduce security group is accessible, while all ports of the User security group are accessible. After the cluster of E-MapReduce is added into the User security group, all ports of the machine in E-MapReduce are open.