How-to | Create default or custom security groups#

Default Security Groups

Fleet Manager automatically creates AWS security groups for all Dataiku nodes linked to the virtual network. This is the default configuration.

To automatically create security groups when creating a new virtual network:

  • Toggle Auto-create security groups to On.

The default security group configuration permits the following:

  • DSS nodes to be reached from 0.0.0.0/0 on ports 80, 22, and 443.

  • DSS nodes to communicate with each other.

  • Fleet Manager to communicate with Dataiku nodes if you choose to deploy nodes in another VPC/subnet from Fleet Manager.

Custom Security Groups

If you choose not to automatically create AWS security groups, you can attach your own custom security groups.

To attach your own security groups:

  1. Toggle Auto-create security groups to Off.

  2. Select Add Security Group.

  3. In Security groups Ids, enter the id of each security group, separated by a comma.

When creating a new virtual network, you can configure the Network Security Group to allow communication between Fleet Manager and its DSS instances, and choose the Internet Access Mode.

To do this:

  1. Select the Update security groups checkbox.

  2. In Internet Access Mode, choose a mode:

    • No internet access

    • Egress only internet

    • Create an internet gateway

Azure Tags

When creating a new virtual network you can tag your Azure resources to help organize them.