Menu
AWS Glue
Developer Guide

Setting Up a VPC to Connect to JDBC Data Stores

To enable AWS Glue components to communicate, you must set up access to your data stores, such as Amazon Redshift and Amazon RDS. To enable AWS Glue to communicate between its components, specify a security group with a self-referencing inbound rule for all TCP ports. By creating a self-referencing rule, you can restrict the source to the same security group in the VPC, and it's not open to all networks. The default security group for your VPC might already have a self-referencing inbound rule for ALL Traffic.

To set up access for Amazon Redshift data stores

  1. Sign in to the AWS Management Console and open the Amazon Redshift console at https://console.aws.amazon.com/redshift/.

  2. In the left navigation pane, choose Clusters.

  3. Choose the cluster name that you want to access from AWS Glue.

  4. In the Cluster Properties section, choose a security group in VPC security groups to allow AWS Glue to use. Record the name of the security group that you chose for future reference. Choosing the security group opens the Amazon EC2 console Security Groups list.

  5. Choose the security group to modify and navigate to the Inbound tab.

  6. Add a self-referencing rule to allow AWS Glue components to communicate. Specifically, add or confirm that there is a rule of Type All TCP, Protocol is TCP, Port Range includes all ports, and whose Source is the same security group name as the Group ID.

    The inbound rule looks similar to the following:

    Type Protocol Port Range Source

    All TCP

    TCP

    0–65535

    database-security-group

    For example:

    
                        An example of a self-referencing inbound rule.
  7. Add a rule for outbound traffic also. Either open outbound traffic to all ports, or create a self-referencing rule of Type All TCP, Protocol is TCP, Port Range includes all ports, and whose Source is the same security group name as the Group ID.

    The outbound rule looks similar to one of these rules:

    Type Protocol Port Range Destination

    All TCP

    TCP

    0–65535

    security-group

    All Traffic

    ALL

    ALL

    0.0.0.0/0

To set up access for Amazon RDS data stores

  1. Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/.

  2. In the left navigation pane, choose Instances.

  3. Choose the Amazon RDS Engine and DB Instance name that you want to access from AWS Glue.

  4. From Instance Actions, choose See Details. On the Details tab, find the Security Groups name you will access from AWS Glue. Record the name of the security group for future reference.

  5. Choose the security group to open the Amazon EC2 console.

  6. Confirm that your Group ID from Amazon RDS is chosen, then choose the Inbound tab.

  7. Add a self-referencing rule to allow AWS Glue components to communicate. Specifically, add or confirm that there is a rule of Type All TCP, Protocol is TCP, Port Range includes all ports, and whose Source is the same security group name as the Group ID.

    The inbound rule looks similar to this:

    Type Protocol Port Range Source

    All TCP

    TCP

    0–65535

    database-security-group

    For example:

    
                        An example of a self-referencing inbound rule.
  8. Add a rule to for outbound traffic also. Either open outbound traffic to all ports or create a self-referencing rule of Type All TCP, Protocol is TCP, Port Range includes all ports, and whose Source is the same security group name as the Group ID.

    The outbound rule looks similar to one of these rules:

    Type Protocol Port Range Destination

    All TCP

    TCP

    0–65535

    security-group

    All Traffic

    ALL

    ALL

    0.0.0.0/0