Skip to content

Subnets and security groups

Your agent must be deployed within a customer private cloud and requires subnets that allow outbound access to the relevant data sources and destinations, as well as to ECR and to the Matillion CDC websocket endpoint.

This installation guide assumes you have an AWS account and customer private cloud ready to use. Indeed, AWS accounts come with a default customer private cloud, although we recommend creating one for CDC use. These can be easily created with minimal input via the AWS console but should only be done with the supervision of your cloud administrator. It is not possible for Matillion to give exact guidance in this area since the security requirements of your organization are a determining factor to the configuration you will use.

Required access

Your installation will require a subnet (with NAT Gateway or instance) and Security Group with no inbound rules and outbound access to:

  • Data Loader
  • Secrets Manager
  • Source database
  • Target staging area
  • The CDC agent image on the ECR Public Repository

It is highly recommended to give open outbound access from the CDC agent where possible.