Skip to content

Publicly available warning

Overview

If you see this notice it means your copy of Matillion ETL is directly accessible from the public internet.

We strongly recommend that even if you are trying out the software you secure your Matillion ETL in at least one (but preferably all) of the following ways.

  • Restrict using a Security Group
  • Set up your instance in a VPC
  • Enable Security



Fixing the issue

Hosted on AWS

  1. Log in to your AWS console.
  2. Find your instance of Matillion ETL and select it.
  3. in the the Description tab at the bottom of the page find Security Groups and click your assigned security group.

  4. Ensure the source matches an IP or IP ranges that you intend to use to access the product. You can add extra IP addresses as new rules.

For additional security, users may consider running their instance inside a VPC

Hosted on GCP

  1. Log in to your Google Cloud Platform account.
  2. Ensure you're on the correct project that contains the instance to be changed.
  3. Navigate via the upper-left main menu to Compute Engine→VM instances.
  4. Select the instance that exhibits the 'Publicly available' warning.
  5. Scroll down the page to find the subheadings 'Firewalls' and 'Network Tags'.

  6. 2 things can cause the 'Publicly Available' warning on an instance:
    1. Having 'allow http traffic' and 'allow https traffic' checkboxes on (ticked).
    2. Having the default Network Tags 'http-server' 'https-server'.
  7. To fix these, click the 'Edit' button at the top of the page.
  8. Under the 'Firewalls' subheading, ensure the checkboxes are deselected. Under 'Network tags', ensure that the default tags are removed. These tags should be replaced with at least one firewall rule of your own.
  9. Hit 'Save' at the bottom of the page

Hosted on Azure

For users with instances hosted on Microsoft Azure, the 'Publicly Available' warning can be addressed by ensuring the Network Security Group (NSG) associated with the Virtual Machine does not have HTTP or HTTPS sources set to Any.

  1. 1. Log in to the Microsoft Azure Portal.
  2. 2. Click All Services from the main menu. From the Services screen, select Network Security Groups (not Classic).
  3. 3. Select the NSG associated with your Matillion ETL Virtual Machine. The NSG is created when the VM is created and thus they will share a name

6. Click the appropriate Inbound Security Rule and in the blade that appears, edit the Source to anything other than Any. It is common for Matillion ETL instances to be configured such that only select IP addresses can access the instance.

Enable Security

Please read User Configuration to learn about enabling security within Matillion ETL.