Create a Security Group
The Vertica AMI has specific security group requirements. When you create a Virtual Private Cloud (VPC), AWS automatically creates a default security group and assigns it to the VPC. You can use the default security group, or you can name and assign your own.
Create and name your own security group using the following basic security group settings. You may make additional modifications based on your specific needs.
Inbound
| Type | Use | Protocol | Port Range | IP |
|---|---|---|---|---|
| SSH | TCP | 22 |
The CIDR address range of administrative systems that require SSH access to the Vertica nodes. Make this range as restrictive as possible. You can add multiple rules for separate network ranges, if necessary. |
|
| DNS (UDP) | UDP | 53 | Your private subnet address range (for example, 10.0.0.0/24). | |
| Custom UDP | Spread | UDP | 4803 and 4804 | Your private subnet address range (for example, 10.0.0.0/24). |
| Custom TCP | Spread | TCP | 4803 | Your private subnet address range (for example, 10.0.0.0/24). |
| Custom TCP | VSQL/SQL | TCP | 5433 | The CIDR address range of client systems that require access to the Vertica nodes. This range should be as restrictive as possible. You can add multiple rules for separate network ranges, if necessary. |
| Custom TCP | Inter-node Communication | TCP | 5434 | Your private subnet address range (for example, 10.0.0.0/24). |
| Custom TCP | TCP | 5444 | Your private subnet address range (for example, 10.0.0.0/24). | |
| Custom TCP | MC | TCP | 5450 | The CIDR address of client systems that require access to the management console. This range should be as restrictive as possible. You can add multiple rules for separate network ranges, if necessary. |
| Custom TCP | Rsync | TCP | 50000 |
Your private subnet address range (for example, 10.0.0.0/24). |
| ICMP | Installer | Echo Reply | N/A | Your private subnet address range (for example, 10.0.0.0/24). |
| ICMP | Installer | Traceroute | N/A | Your private subnet address range (for example, 10.0.0.0/24). |
In Management Console (MC), the Java IANA discovery process uses port 7 once to detect if an IP address is reachable before the database import operation. Vertica tries port 7 first. If port 7 is blocked, Vertica switches to port 22.
Outbound
| Type | Protocol | Port Range | Destination | IP |
|---|---|---|---|---|
| All TCP | TCP | 0-65535 | Anywhere | 0.0.0.0/0 |
| All ICMP | ICMP | 0-65535 | Anywhere |
0.0.0.0/0 |
| All UDP | UDP | 0-65535 | Anywhere | 0.0.0.0/0 |
For information about what a security group is, as well as how to create one, see Amazon EC2 Security Groups for Linux Instances in the AWS documentation.