From b28ae0f56ce55b243568b6a660fb618cfbc27fab Mon Sep 17 00:00:00 2001 From: Antonios Kouzoupis Date: Wed, 18 Nov 2020 14:21:09 +0100 Subject: [PATCH] [vpc_doc] Add link to create Security Group guide --- docs/hopsworksai/aws/restrictive_permissions.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/docs/hopsworksai/aws/restrictive_permissions.md b/docs/hopsworksai/aws/restrictive_permissions.md index 74e805f65f..0ea08550a5 100644 --- a/docs/hopsworksai/aws/restrictive_permissions.md +++ b/docs/hopsworksai/aws/restrictive_permissions.md @@ -12,12 +12,18 @@ Hopsworks.ai to only access resources in a specific VPC. To restrict Hopsworks.ai from accessing resources outside of a specific VPC, you need to create a new VPC connected to an Internet Gateway. This can be achieved in the AWS Management Console following this guide: [Create the VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-getting-started.html#getting-started-create-vpc). -The option VPC with a Single Public Subnet from the Launch VPC Wizard should work out of the box. +The option VPC with a `Single Public Subnet` from the Launch VPC Wizard should work out of the box. Alternatively, an existing VPC such as the default VPC can be used and Hopsworks.ai will be restricted to this VPC. Note the VPC ID of the VPC you want to use for the following steps. !!! note - The VPC and its Network ACLs need to be configured so that at least port 80 is reachable from the internet or creating Hopsworks instances will fail when creating SSL certificates. DNS hostnames need to be enabled as well. + Make sure you enable `DNS hostnames` for your VPC + +After you have created the VPC either [Create a Security Group](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#CreatingSecurityGroups) or use VPC's default. + +!!! note + The [Security Group](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#AddRemoveRules) and/or [Network ACLs](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html#Rules) + need to be configured so that at least port `80` is reachable from the internet otherwise creating Hopsworks instances will fail when creating SSL certificates. ## Step 2: Create an instance profile