Network ACL settings

Vertica requires the following network access control list (ACL) settings on an AWS instance running the Vertica AMI.

Vertica requires the following basic network access control list (ACL) settings on an AWS instance running the Vertica AMI. Vertica recommends that you secure your network with additional ACL settings that are appropriate to your situation.

Inbound Rules

Type Protocol Port Range Use Source Allow/Deny
SSH TCP (6) 22 SSH (Optional—for access to your cluster from outside your VPC) User Specific Allow
Custom TCP Rule TCP (6) 5450 MC (Optional—for MC running outside of your VPC) User Specific Allow
Custom TCP Rule TCP (6) 5433 SQL Clients (Optional—for access to your cluster from SQL clients) User Specific Allow
Custom TCP Rule TCP (6) 50000 Rsync (Optional—for backup outside of your VPC) User Specific Allow
Custom TCP Rule TCP (6) 1024-65535 Ephemeral Ports (Needed if you use any of the above) User Specific Allow
ALL Traffic ALL ALL N/A 0.0.0.0/0 Deny

Outbound Rules

Type Protocol Port Range Use Source Allow/Deny
Custom TCP Rule TCP (6) 0–65535 Ephemeral Ports 0.0.0.0/0 Allow

You can use the entire port range specified in the previous table, or find your specific ephemeral ports by entering the following command:

$ cat /proc/sys/net/ipv4/ip_local_port_range

More information

For detailed information on network ACLs within AWS, refer to Network ACLs in the Amazon documentation.

For detailed information on ephemeral ports within AWS, refer to Ephemeral Ports in the Amazon documentation.