Help Center/ MapReduce Service/ User Guide/ Managing Clusters/ Managing an MRS Cluster/ Managing the Security Group of an MRS Cluster
Updated on 2025-08-09 GMT+08:00

Managing the Security Group of an MRS Cluster

A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. A security group can have inbound and outbound rules. You need to specify the source, port, and protocol for each inbound rule and specify the destination, port, and protocol for each outbound rule to control the inbound and outbound traffic to and from the instances in the security group.

For more information about security groups and security group rules, see Security Group and Security Group Rule Overview.

Figure 1 Security group architecture

When creating an MRS cluster, you can enable the system to automatically create a security group or manually select an existing security group. Ensure that the security group used by the MRS cluster allows traffic from the IP address range of the current user to reach TCP port 9022. In this way, the user can access MRS Manager of the cluster.

After an MRS cluster is created, if you need to connect to nodes or big data components in the cluster, you need to add a security group rule to allow traffic on ports (for example, port 22) of the nodes or components.

Viewing the Security Group of an MRS Cluster

  1. Log in to the MRS console.
  2. In the navigation pane, choose Active Clusters, select a running cluster, and click its name to switch to the cluster details page.
  3. In the network information area, view the security group of the MRS cluster.

    Figure 2 Viewing the security group of an MRS cluster

  4. Access the VPC console.
  5. In the security group list, search for and locate the security group used by the MRS cluster. Click the security group name to go to its details page. You can then view details about the current security group, such as inbound and outbound rules.
  6. Click Add Rule to add an inbound or outbound rule to the security group.

    For example, if you access MRS Manager from IP address range 10.x.x.x, add the security group rules shown in the following figure to the security group.
    Figure 3 Configuring a security group

    If an EIP has been bound to MRS Manager of the current cluster, you can click Add Security Group Rule in the network information area of the cluster in Step 3 to quickly add a security group rule to allow traffic on TCP port 9022.

Helpful Links