Configuring Apache Hive™ Metastore cluster security groups
If your cloud network uses security groups, they can hinder the Apache Hive™ Metastore cluster performance. In which case you need to configure the security group assigned to the Apache Hive™ Metastore cluster by adding the following rules for incoming traffic to it:
-
For incoming service traffic:
- Port range:
30000-32767 - Protocol:
TCP - Source:
Security group - Security group:
Current
- Port range:
-
For incoming traffic from clients over Thrift:
- Description:
thrift - Port range:
9083 - Protocol:
TCP - Source:
CIDR - CIDR blocks:
0.0.0.0/0
- Description:
-
For incoming traffic from clients over REST:
- Description:
iceberg rest (4.2+) - Port range:
9001 - Protocol:
TCP - Source:
CIDR - CIDR blocks:
0.0.0.0/0
- Description:
-
For incoming load balancer traffic:
- Protocol:
Any - Source:
Load balancer healthchecks
- Protocol:
If you plan to use multiple security groups for a cluster, enable all traffic between these groups.
Note
You can specify more granular rules for your security groups, e.g., to allow traffic only in specific subnets.
Apache® and Apache Hive™