1.5 - Security Groups and Ports - Aster Analytics on AWS

Teradata Aster Analytics on AWS Getting Started Guide

prodname
Aster Analytics on AWS
vrm_release
1.5
created_date
October 2017
category
Configuration
Installation
featnum
B700-3024-620K

A security group acts as a virtual firewall that controls the traffic allowed to reach one or more instances. When you launch an instance, you associate one or more security groups with the instance. You add rules to each security group that allow traffic to or from its associated instances on specified ports. You can modify the rules for a security group at any time; the new rules are automatically applied to all instances that are associated with the security group.

Teradata Aster recommends that you enable all traffic within your security group.
  1. In your VPC Dashboard, select Security.
  2. In the left panel, select Security Group.
  3. Enter the security group you want to use for deploying Teradata Aster Analytics on AWS
  4. Add a new rule in both inbound and outbound rules that enables all traffic within the same security group.

Follow AWS best practices for security group settings. Do not use the default VPC because it is open to the public. See AWS Security Best Practices.

For more information on creating a security group, see Amazon User Guide for Linux Instances.

When configuring a security group, set up the following port ranges for each Teradata Aster Analytics on AWS instance so the instance can be locked down to the local host. Port 1025 is blocked in the local instance until the Aster database password for the user db_superuser is entered.

If you are using NTP, ensure the VPC ACL setting is not blocking UDP port 123 for both inbound and outbound traffic.
Software Protocol Direction Port Range Description
Aster Database TCP Inbound
  • 22
  • 1025
  • SSH
  • Aster Database Service to AWS
Aster Database TCP Outbound
  • 336
NTP
Also when configuring a security group, set up the following port ranges for each software instance to allow access to and from those ports. Although all outbound ports can be opened, ensure the outbound ports listed are specifically designated. Only add ports for software being accessed.
Software Protocol Direction Port Range Description
Parallel Upgrade Tool (PUT) TCP Inbound
  • 22
  • 9000-9010, 8080
  • SSH
  • Connect to PUT