Discuss with expertTry it for free
© 2026 Direct Cursus Technology L.L.C.

Connecting to a Trino cluster

Written by
Updated at May 8, 2026

This section presents settings for connection to the Managed Service for Trino cluster using command line tools, from graphical IDEs and WebSQL. To learn how to connect from your application code, see Connection string examples.

You can connect to a Managed Service for Trino cluster with disabled private access only from the network the cluster resides in.

Note

If the connection requires a port, use port 443.

Configuring security groups

Security groups do not restrict inbound traffic to the Managed Service for Trino cluster and do not affect the Trino web interface availability. You do not need to configure any inbound traffic rules.

You can use security groups to configure outbound traffic rules, e.g., when setting up a new catalog.

To connect to a Trino cluster from a Yandex Cloud VM, configure a security group for the VM you will use for connection. VM rule examples:

  • For incoming traffic:

    • Port range: 22.
    • Protocol: TCP.
    • Source: CIDR.
    • CIDR blocks: 0.0.0.0/0.

    This rule allows inbound connections to the VM over SSH.

  • For outbound traffic:

    • Protocol: Any.
    • Port range: 0-65535.
    • Destination name: CIDR.
    • CIDR blocks: 0.0.0.0/0.

    This rule allows all outgoing traffic, which enables you to both connect to the cluster and install any required utilities on your VM.

Security groups for Yandex MPP Analytics for PostgreSQL

To access the Greenplum® cluster, the Trino connector uses the GPFDIST protocol:

  • Trino coordinators and workers send queries to the Greenplum® master over TCP port 6432.
  • Greenplum® segments forward data to Trino workers over the GPFDIST TCP port in the 30078–30085 range.

Data transmitted between the Greenplum® and Trino clusters over the GPFDIST protocol is unencrypted. To secure your connection, configure security groups in Yandex MPP Analytics for PostgreSQL and, optionally, in Managed Service for Trino.

Yandex MPP Analytics for PostgreSQL side setup

  • Rule for internal Greenplum® cluster traffic:

    • Port range: 0-65535.
    • Protocol: Any.
    • Source: Security group.
    • Security group: Current.

  • Rule for connections from a Trino cluster:

    • Port range: 6432.
    • Protocol: TCP.
    • Source: Security group.
    • Security group: Specify the Trino cluster security group.

  • Rule for internal Greenplum® cluster traffic:

    • Port range: 0-65535.
    • Protocol: Any.
    • Source: Security group.
    • Security group: Current.

  • Rule for connections to a Trino cluster:

    • Port range: 30078-30085.
    • Protocol: TCP.
    • Source: Security group.
    • Security group: Specify the Trino cluster security group.

Managed Service for Trino side setup

To configure security group rules in Trino, invert the Greenplum® rule settings. Setting up rules for a Trino cluster is optional, but this provides added security for your cluster.

Rule for receiving data from Greenplum® segments:

  • Port range: 30078-30085.
  • Protocol: TCP.
  • Source: Security group.
  • Security group: Specify the Greenplum® cluster security group.

Rule for connections to a Greenplum® master:

  • Port range: 6432.
  • Protocol: TCP.
  • Source: Security group.
  • Security group: Specify the Greenplum® cluster security group.

Command line tools

Trino CLI

If you do not have the Trino CLI yet, install it using the guide on the official Trino website.

To connect to an Managed Service for Trino cluster:

  1. Create an IAM token and put it to the TRINO_PASSWORD environment variable:

    export TRINO_PASSWORD=$(yc iam create-token)

    This IAM token in TRINO_PASSWORD will be your password to the Managed Service for Trino cluster. To enable it, specify the --password flag upon connection.

  2. Connect to the Managed Service for Trino cluster:

    ./trino c-<cluster_ID>.trino.yandexcloud.net --user iam --password

    You can get the cluster ID with the list of clusters in the folder.

Connecting from graphical IDEs

Before connecting:

  1. Create an IAM token:

    yc iam create-token

  2. Save the token. You will use it as a password for the connection.

  1. Create a data source:
    1. Select FileNewData SourceTrino.
    2. Enter a name for the data source.
    3. Specify the connection settings on the General tab:

      • Host: c-<cluster_ID>.trino.yandexcloud.net.

        If you are connecting to your Managed Service for Trino cluster via a service connection, specify c-<cluster_ID>.trino.pe.yandexcloud.net as the host address.

      • Port: 443.

      • User: iam.

      • Password: Previously created IAM token.

  2. Click Test Connection. If the connection is successful, you will see the connection status and information about the DBMS and driver.
  3. Click OK to save the data source.
  1. Create a new DB connection:
    1. In the Database menu, select New connection.
    2. Select Trino from the list.
    3. Click Next.
    4. Specify the connection settings on the Main tab:

      • Host: c-<cluster_ID>.trino.yandexcloud.net.

        If you are connecting to your Managed Service for Trino cluster via a service connection, specify c-<cluster_ID>.trino.pe.yandexcloud.net as the host address.

      • Port: 443.

      • Under Authentication, specify:

        • Username: iam.
        • Password: Previously created IAM token.
  2. Click Test Connection .... If the connection is successful, you will see the connection status, DBMS information, and driver details.
  3. Click Done to save the database connection settings.

WebSQL

  1. Open the folder dashboard.

  2. Go to Managed Service for Trino.

  3. Open your Managed Service for Trino cluster.

  4. Navigate to WebSQL.

  5. Click Go to WebSQL.

  6. In the SQL query editor that opens, run the following query:

    SELECT version() AS version;

    The response will contain Trino version information.

Examples of connection strings

Python

Before connecting:

  1. Install the dependencies:

    pip3 install trino

  2. Create an IAM token and put it to the TOKEN environment variable:

    export TOKEN=$(yc iam create-token)

  1. Code example:

    connect.py

    import os
from contextlib import closing
from trino.dbapi import connect
from trino.auth import BasicAuthentication

TIMEOUT = 10
COORDINATOR_URL = 'c-<cluster_ID>.trino.yandexcloud.net'
IAM_TOKEN = os.environ['TOKEN']

def get_version():
    auth = BasicAuthentication(username='iam', password=IAM_TOKEN)
    with closing(connect(host=COORDINATOR_URL, port=443, auth=auth, request_timeout=TIMEOUT)) as conn:
        with closing(conn.cursor()) as cur:
            cur.execute('SELECT version() as version')
            rows = cur.fetchall()
            print(rows[0])

if __name__ == "__main__":
    get_version()

    You can request the cluster ID with the list of clusters in the folder.

    If you are connecting to your Managed Service for Trino cluster via a service connection, specify c-<cluster_ID>.trino.pe.yandexcloud.net as the host address.

  2. Connecting:

    python3 connect.py

Java

Before connecting:

  1. Install the dependencies:

    sudo apt update && sudo apt install --yes openjdk-21-jre maven

  2. Create a directory for the Maven project:

    cd ~/ && mkdir -p project/src/main/java/com/example && cd project/

  3. Create a configuration file for Maven:

    pom.xml
    <?xml version="1.0" encoding="utf-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">

    <modelVersion>4.0.0</modelVersion>
    <groupId>com.example</groupId>
    <artifactId>app</artifactId>
    <version>0.1.0</version>
    <packaging>jar</packaging>
    <properties>
        <maven.compiler.source>21</maven.compiler.source>
        <maven.compiler.target>21</maven.compiler.target>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    </properties>
    <dependencies>
        <dependency>
            <groupId>io.trino</groupId>
            <artifactId>trino-jdbc</artifactId>
            <version>469</version>
        </dependency>
    </dependencies>
    <build>
        <finalName>${project.artifactId}-${project.version}</finalName>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-assembly-plugin</artifactId>
                <version>3.7.1</version>
                <executions>
                    <execution>
                        <goals>
                            <goal>single</goal>
                        </goals>
                        <phase>package</phase>
                        <configuration>
                            <descriptorRefs>
                                <descriptorRef>
                                    jar-with-dependencies</descriptorRef>
                            </descriptorRefs>
                            <archive>
                                <manifest>
                                    <mainClass>com.example.App</mainClass>
                                </manifest>
                            </archive>
                        </configuration>
                    </execution>
                </executions>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-jar-plugin</artifactId>
                <version>3.4.2</version>
                <configuration>
                    <archive>
                        <manifest>
                            <mainClass>com.example.App</mainClass>
                        </manifest>
                    </archive>
                </configuration>
            </plugin>
        </plugins>
    </build>
</project>

  4. Create an IAM token and put it to the TOKEN environment variable:

    export TOKEN=$(yc iam create-token)

  1. Code example:

    src/main/java/com/example/App.java

    package com.example;

import java.sql.DriverManager;
import java.util.Properties;

public class App {
    private static final String COORDINATOR_URL = "c-<cluster_ID>.trino.yandexcloud.net";

    public static void main(String[] args) {
        String url = String.format("jdbc:trino://%s", COORDINATOR_URL);
        String iamToken = System.getenv("TOKEN");
  
        Properties properties = new Properties();
        properties.setProperty("user", "iam");
        properties.setProperty("password", iamToken);
        properties.setProperty("SSL", "true");

        try (var connection = DriverManager.getConnection(url, properties)) {
            var rs = connection.createStatement().executeQuery("SELECT version() as VERSION");
            if (rs.next()) {
                System.out.println(rs.getString(1));
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

    You can request the cluster ID with the list of clusters in the folder.

    If you are connecting to your Managed Service for Trino cluster via a service connection, specify c-<cluster_ID>.trino.pe.yandexcloud.net as the host address.

  2. Building and connecting:

    mvn clean package && \
java -jar target/app-0.1.0-jar-with-dependencies.jar

Node.js

Before connecting:

  1. Install the dependencies:

    sudo apt update && sudo apt install --yes nodejs npm && \
npm install trino-client

  2. Create an IAM token and put it to the TOKEN environment variable:

    export TOKEN=$(yc iam create-token)

app.mjs

"use strict";
import {BasicAuth, Trino} from 'trino-client';

const COORDINATOR_URL = 'c-<cluster_ID>.trino.yandexcloud.net'
let TOKEN = process.env.TOKEN

async function get_version() {
    const trino = Trino.create({server: COORDINATOR_URL,auth: new BasicAuth('iam', TOKEN)});
    const query = await trino.query('SELECT version() as VERSION');
    const queryResult = await query.next()
    console.log(queryResult.value.data[0][0])
}

get_version();

You can request the cluster ID with the list of clusters in the folder.

If you are connecting to your Managed Service for Trino cluster via a service connection, specify c-<cluster_ID>.trino.pe.yandexcloud.net as the host address.

Connecting:

node app.mjs
Previous
Stopping and restarting a cluster
Next
Managing cluster access