Publicly available warning

Overview

If you see this notice it means your copy of Matillion ETL is directly accessible from the public internet.

We strongly recommend that even if you are trying out the software you secure your Matillion ETL in at least one (but preferably all) of the following ways.

  • Restrict using a Security Group
  • Set up your instance in a VPC
  • Enable Security
 

Fixing the issue

Hosted on AWS
  1. Log into your AWS console.
  2. Find your instance of Matillion ETL and select it.
  3. in the the Description tab at the bottom of the page find Security Groups and click your assigned security group.
  4. Ensure the source matches an IP or IP ranges that you intend to use to access the product. You can add extra IP addresses as new rules.
  1. Log into your Google Cloud Platform account.
  2. Ensure you're on the correct project that contains the instance to be changed.
  3. Navigate via the upper-left main menu to Compute Engine→VM instances.
  4. Select the instance that exhibits the 'Publicly available' warning.
  5. Scroll down the page to find the subheadings 'Firewalls' and 'Network Tags'. 

  6. 2 things can cause the 'Publicly Available' warning on an instance: 
    1. Having 'allow http traffic' and 'allow https traffic' checkboxes on (ticked).
    2. Having the default Network Tags 'http-server' 'https-server'.
  7. To fix these, click the 'Edit' button at the top of the page.
  8. Under the 'Firewalls' subheading, ensure the checkboxes are deselected. Under 'Network tags', ensure that the default tags are removed. These tags should be replaced with at least one firewall rule of your own.
  9. Hit 'Save' at the bottom of the page

Hosted on Azure

For users with instances hosted on Microsoft Azure, the 'Publicly Available' warning can be addressed by ensuring the Network Security Group (NSG) associated with the Virtual Machine does not have HTTP or HTTPS sources set to Any.

1. Log into the Microsoft Azure Portal.

2. Click All Services from the main menu. From the Services screen, select Network Security Groups (not Classic).

3. Select the NSG associated with your Matillion ETL Virtual Machine. The NSG is created when the VM is created and thus they will share a name.


4. Now in the screen for your NSG, locate the HTTP and HTTPS Inbound Security Rules.

5. If either of these are set to Any then your instance is publicly available and will receive the Notice inside the client.


6. Click the appropriate Inbound Security Rule and in the blade that appears, edit the Source to anything other than Any. It is common for Matillion ETL instances to be configured such that only select IP addresses can access the instance.
 

Set up your instance in a VPC

Please see the article on running inside a VPC here

 

Enable Security

Please see the article on enabling security within the product here

For information on securing your Matillion ETL instance, please contact support.