Restricting access to endpoints in AWS environments

This topic describes how to limit access to Hive, Impala, Data Analytics Studio, or Hue endpoints in Cloudera Data Warehouse (CDW) Public Cloud.

You can restrict access to Kubernetes endpoints and load balancer endpoints of the Kubernetes cluster by specifying a list of IP Classless Inter-Domain Routing (CIDRs) that are allowed access. Kubernetes endpoints are used to control the deployment and maintenance of workload components, such as Virtual Warehouses and Database Catalogs. Load balancer endpoints are endpoints of services like Hive, Impala, or Hue. You can specify trusted IP addresses when you activate a CDP environment to use in the Data Warehouse service or in the Environment Details page. Otherwise, all external IP addresses can access these endpoints on the Kubernetes cluster that is being used in the Data Warehouse service.

Required role: DWAdmin

Contact your network team to get your internal network's IP CIDR ranges of IP addresses that need access to Kubernetes and load balancer service endpoints. All Cloudera IP addresses that need access to these endpoints have already been allowed.
  1. In the CDW service, in Environments, search for and locate the environment that you want to specify CIDRs.
  2. Click Start to activate the environment.
  3. In Activation Settings > Advanced Settings, in Enable IP CIDR for Kubernetes cluster specify a comma-separated list of IP CIDRs that you want to be able to access your Kubernetes endpoints:
  4. In Activation Settings > Advanced Settings, in Enable IP CIDR for the load balancer specify a comma-separated list of IP CIDRs that you want to be able to access your load balancer endpoints:


  5. After specifying the IP CIDRs, click Activate.