Creating a Security Group
The Vertica AMI has specific security group requirements. When you create a Virtual Private Cloud (VPC), AWS automatically creates a default security group and assigns it to the VPC. You can use the default security group, or you can name and assign your own.
Create and name your own security group with the following basic security group settings. You may make additional modifications based on your specific needs.
Inbound
Type | Use | Protocol | Port Range | Source | IP |
---|---|---|---|---|---|
SSH | TCP | 22 | My IP |
Limited IP range 169.24.165.0/24 or 0.0.0.0/0 for all internet access. |
|
DNS (UDP) | UDP | 53 | My IP | 10.0.0.0/24 | |
Custom UDP | Spread | UDP | 4803 and 4804 | My IP | 10.0.0.0/24 |
Custom TCP | Spread | TCP | 4803 | My IP | 10.0.0.0/24 |
Custom TCP | VSQL/SQL | TCP | 5433 | My IP | Limited IP range 169.24.165.0/24 or 0.0.0.0/0 for all internet access. |
Custom TCP | Inter-node Communication | TCP | 5434 | My IP | 10.0.0.0/24 |
Custom TCP | TCP | 5444 | My IP | 10.0.0.0/24 | |
Custom TCP | MC | TCP | 5450 | My IP | Limited IP range 169.24.165.0/24 or 0.0.0.0/0 for all internet access. |
Custom TCP | TCP | 48073 | My IP | 10.0.0.0/24 | |
Custom TCP | Rsync | TCP | 50000 | My IP |
10.0.0.0/24 |
ICMP | Installer | Echo Reply | N/A | My IP | 10.0.0.0/24 |
ICMP | Installer | Traceroute | N/A | My IP | 10.0.0.0/24 |
All ports must have a rule to open in the subnetCDIR level to allow nodes to be interconnected. For example, 10.11.12.0/24.
Note: In Management Console (MC), the Java IANA discovery process uses port 7 once to detect if an IP address is reachable before the database import operation. Vertica tries port 7 first. If port 7 is blocked, Vertica switches to port 22.
Outbound
Type | Protocol | Port Range | Destination | IP |
---|---|---|---|---|
All TCP | TCP | 0-65535 | Anywhere | 0.0.0.0/0 |
All ICMP | ICMP | 0-65535 | Anywhere |
0.0.0.0/0 |
All UDP | UDP | 0-65535 | Anywhere | 0.0.0.0/0 |
More Information
For information about what a security group is, as well as how to create one, visit the AWS documentation.