Creating a Security Group

The Vertica AMI has specific security group requirements. When you create a Virtual Private Cloud (VPC), AWS automatically creates a default security group and assigns it to the VPC. You can use the default security group, or you can name and assign your own.

Create and name your own security group with the following basic security group settings. You may make additional modifications based on your specific needs.

Inbound

Type Use Protocol Port Range Source IP
SSH   TCP 22 My IP

Limited IP range 169.24.165.0/24 or 0.0.0.0/0 for all internet access.

DNS (UDP)   UDP 53 My IP 10.0.0.0/24
Custom UDP Spread UDP 4803 and 4804 My IP 10.0.0.0/24
Custom TCP Spread TCP 4803 My IP 10.0.0.0/24
Custom TCP VSQL/SQL TCP 5433 My IP Limited IP range 169.24.165.0/24 or 0.0.0.0/0 for all internet access.
Custom TCP Inter-node Communication TCP 5434 My IP 10.0.0.0/24
Custom TCP   TCP 5444 My IP 10.0.0.0/24
Custom TCP MC TCP 5450 My IP Limited IP range 169.24.165.0/24 or 0.0.0.0/0 for all internet access.
Custom TCP   TCP 48073 My IP 10.0.0.0/24
Custom TCP Rsync TCP 50000 My IP

10.0.0.0/24

ICMP Installer Echo Reply N/A My IP 10.0.0.0/24
ICMP Installer Traceroute N/A My IP 10.0.0.0/24

All ports must have a rule to open in the subnetCDIR level to allow nodes to be interconnected. For example, 10.11.12.0/24.

Note: In Management Console (MC), the Java IANA discovery process uses port 7 once to detect if an IP address is reachable before the database import operation. Vertica tries port 7 first. If port 7 is blocked, Vertica switches to port 22.

Outbound

Type Protocol Port Range Destination IP
All TCP TCP 0-65535 Anywhere 0.0.0.0/0
All ICMP ICMP 0-65535 Anywhere

0.0.0.0/0

All UDP UDP 0-65535 Anywhere 0.0.0.0/0

More Information

For information about what a security group is, as well as how to create one, visit the AWS documentation.