5

My understanding of the EMR Managed Security Group Documentation is that on creation of a cluster, an inbound rule to SSH from any IP to Master on port 22 is added.

SSH TCP 22 (public subnets only) 0.0.0.0/0

Allows inbound access to the master node via SSH from any IP address. This rule can be edited to limit access to individual IP addresses or address ranges.

However, I find that is not the case. I had to create an additional security group with SSH on port 22 and specify that in my cluster creation step.

Have I misunderstood the documentation? My concern is that I didn't correctly use the default security group and my 'additional security group' is a hack

RAbraham
  • 5,956
  • 8
  • 45
  • 80
  • Did you create your cluster in a public subnet (default route goes to IGW)? – ChristopherB Dec 29 '15 at 14:06
  • @ChristopherB: sigh, you are right, rereading the excerpt, my cluster may not be in a public subnet. – RAbraham Jan 06 '16 at 21:38
  • Did you manage to resolve this? My public subnet has the default 0.0.0.0/0 route to the IGW but is still not adding for ssh. – Nora Olsen Mar 02 '16 at 09:01
  • @NoraOlsen: I just created an additional security group with explicit SSH port 22 inbound rule and added that in my cluster creation step. I think you could do that or modify the existing security group – RAbraham Mar 02 '16 at 17:19

0 Answers0