Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Getting an "is publicly available" warning -- how to restrict?

I started getting this warning, in the Matillion app.

I did read this article:
https://redshiftsupport.matillion.com/customer/en/portal/articles/2236864-publicly-available-warning

My EC2 instance that hosts Matillion is in a VPC, and it does have a security group attached. However, the attached security group currently allows ALL inbound traffic. I am guessing that is why I am getting the warning -- right?

Then, how should I restrict it?

What people/systems make inbound requests to the instance? I'm thinking maybe it is only users of the Matillion app. I think that while Matillion programmatically makes many outbound requests to other systems, there are no systems that make any programmatic requests into Matillion. Does that sound right? So, should I only allow inbound traffic from the IP addresses (or ranges) of the users who log into and use the Matillion app?

1 Community Answers

Matillion Agent  

Ian Funnell —

Hi Kevin,

You’re right: it warns about being publicly available if the security group is open to the world – i.e. where the Source is 0.0.0.0/0. To fix this you should go to the Inbound tab of the Security Group and restrict it to the IP addresses of legitimate Matillion users.

There is no need to bother about the IP addresses of external systems that Matillion contacts (e.g. SaaS systems such as Salesforce, or RDS databases) since a Security Group will always allow data to return from a system with which Matillion has initiated contact.

Best regards,
Ian

Post Your Community Answer

To add an answer please login