Network ACL Settings
Vertica requires the following basic network access control list (ACL) settings on an AWS instance running the Vertica AMI. Vertica recommends that you secure your network with additional ACL settings that are appropriate to your situation.
Inbound Rules
| Type | Protocol | Port Range | Use | Source | Allow/Deny |
|---|---|---|---|---|---|
| SSH | TCP (6) | 22 | SSH (Optional—for access to your cluster from outside your VPC) | User Specific | Allow |
| Custom TCP Rule | TCP (6) | 5450 | MC (Optional—for MC running outside of your VPC) | User Specific | Allow |
| Custom TCP Rule | TCP (6) | 5433 | SQL Clients (Optional—for access to your cluster from SQL clients) | User Specific | Allow |
| Custom TCP Rule | TCP (6) | 50000 | Rsync (Optional—for backup outside of your VPC) | User Specific | Allow |
| Custom TCP Rule | TCP (6) | 1024-65535 | Ephemeral Ports (Needed if you use any of the above) | User Specific | Allow |
| ALL Traffic | ALL | ALL | N/A | 0.0.0.0/0 | Deny |
Outbound Rules
| Type | Protocol | Port Range | Use | Source | Allow/Deny |
|---|---|---|---|---|---|
| Custom TCP Rule | TCP (6) | 0–65535 | Ephemeral Ports | 0.0.0.0/0 | Allow |
You can use the entire port range specified in the previous table, or find your specific ephemeral ports by entering the following command:
$ cat /proc/sys/net/ipv4/ip_local_port_range
More Information
For detailed information on network ACLs within AWS, refer to Network ACLs in the Amazon documentation.
For detailed information on ephemeral ports within AWS, refer to Ephemeral Ports in the Amazon documentation.