The security group created in E-MapReduce will be used during cluster creation.
Only port 22 is opened in the cluster created by E-MapReduce. We recommend that you divide the ECS instance by function and place it into different user security groups. For example, the security group of E-MapReduce is “E-MapReduce security group”, while the security group that you have created is “User-security group”. Each security group is provided with unique access control as required.
If it is necessary to link with the cluster that has been created, refer to the following method.
Find the cluster entry to be added to the security group. Click View details to enter the cluster details page.
Find the security group under “Network information” on the cluster details page. View the name and ID of the security group where all ECS instances are located.
Enter Alibaba Cloud ECS console. Click Security group on the left side to find the security group entry in the list as viewed in Step 3.
Click Manage instances in the security group, and you can see ECS instance names starting with emr-xxx. These are corresponding ECS in the E-MapReduce cluster.
Select all of these instances, click Move to security group, and then select the new security group to add into.
Find the security group where the existing cluster is located, repeat the preceding operations, and move to the E-MapReduce security group. Select the scattered machines in the ECS console directly, and move the clusters to E-MapReduce security group in batch.
The security group rules are subject to the “OR” relationship when an ECS instance is in several different security groups. For example, only port 22 of the E-MapReduce security group is opened, while all ports of “User - security group” are opened. After the cluster of E-MapReduce is added into “User - security group”, all ports of the machine in E-MapReduce will be opened. Take care when performing this process.