Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Configuring a network for Yandex Data Processing

Written by
Updated at September 25, 2025

In this tutorial, you will learn how to create a Yandex Data Processing cluster and set up subnets and a NAT gateway.

The support cost includes:

Create resources

  1. Create a network named data-proc-network with the Create subnets option disabled.

  2. In data-proc-network, create a subnet with the following settings:

    • Name: data-proc-subnet-a
    • Availability zone: ru-central1-a
    • CIDR: 192.168.1.0/24

  3. Create a NAT gateway and a route table named data-proc-route-table in data-proc-network. Associate the table with data-proc-subnet-a.

  4. In data-proc-network, create a security group named data-proc-security-group with the following rules:

    • One rule for incoming and another one for outgoing service traffic:

      • Port range: 0-65535
      • Protocol: Any
      • Source/Destination name: Security group
      • Security group: Current

    • Rule for outgoing HTTPS traffic:

      • Port range: 443
      • Protocol: TCP
      • Destination name: CIDR
      • CIDR blocks: 0.0.0.0/0

    • Rule that allows access to NTP servers for time syncing:

      • Port range: 123
      • Protocol: UDP
      • Destination name: CIDR
      • CIDR blocks: 0.0.0.0/0

    Note

    You can configure additional security group rules to connect to cluster hosts.

  5. Create a service account named data-proc-sa with the following roles:

  6. Create a Yandex Object Storage bucket with restricted access.

  7. Create a Yandex Data Processing cluster in any suitable configuration with the following settings:

    • Service account: data-proc-sa.
    • Bucket ID format: List.
    • Bucket name: Select the bucket you created earlier.
    • Network: data-proc-network.
    • Security groups: data-proc-security-group.

  1. If you do not have Terraform yet, install it and configure the Yandex Cloud provider.

  2. Get the authentication credentials and specify the Yandex Cloud provider installation source (see Configure your provider, Step 1).

  3. Download the cluster configuration file to the same working directory.

    This file describes:

    • Network.
    • Subnet.
    • NAT gateway and route table.
    • Security group.
    • Service account to work with cluster resources.
    • Service account for bucket management.
    • Static access key required to grant the service account permissions for the bucket.
    • Bucket to store job dependencies and results.
    • Yandex Data Processing cluster.

    Note

    You can configure additional security group rules to connect to cluster hosts.

  4. In the configuration file, specify all the relevant parameters.

  5. Run the terraform init command in the working directory with the configuration files. This command initializes the provider specified in the configuration files and enables you to use its resources and data sources.

  6. Make sure the Terraform configuration files are correct using this command:

    terraform validate

    Terraform will show any errors found in your configuration files.

  7. Create the required infrastructure:

    1. Run this command to view the intended changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

All the resources you need will be created in the specified folder. You can check the new resources and their settings using the management console.

Delete the resources you created

Some resources are not free of charge. To avoid paying for them, delete the resources you no longer need:

  1. In the terminal window, go to the directory containing the infrastructure plan.

    Warning

    Make sure the directory has no Terraform manifests with the resources you want to keep. Terraform deletes all resources that were created using the manifests in the current directory.

  2. Delete resources:

    1. Run this command:

      terraform destroy

    2. Confirm deleting the resources and wait for the operation to complete.

    All the resources described in the Terraform manifests will be deleted.

Previous
Implementing fault-tolerant scenarios for NAT VMs
Next
Network connection switching during Yandex Data Processing cluster recreation