Publicly available warning
If you see this notice it means your copy of Matillion ETL is directly accessible from the public internet.
We strongly recommend that even if you are trying out the software you secure your Matillion ETL in at least one (but preferably all) of the following ways.
- Restrict using a Security Group
- Set up your instance in a VPC
- Enable Security
Fixing the issue
- Log into your AWS console.
- Find your instance of Matillion ETL and select it.
- in the the Description tab at the bottom of the page find Security Groups and click your assigned security group.
- Ensure the source matches an IP or IP ranges that you intend to use to access the product. You can add extra IP addresses as new rules.
- Log into your Google Cloud Platform account.
- Ensure you're on the correct project that contains the instance to be changed.
- Navigate via the upper-left main menu to Compute Engine→VM instances.
- Select the instance that exhibits the 'Publicly available' warning.
- Scroll down the page to find the subheadings 'Firewalls' and 'Network Tags'.
- 2 things can cause the 'Publicly Available' warning on an instance:
- Having 'allow http traffic' and 'allow https traffic' checkboxes on (ticked).
- Having the default Network Tags 'http-server' 'https-server'.
- To fix these, click the 'Edit' button at the top of the page.
- Under the 'Firewalls' subheading, ensure the checkboxes are deselected. Under 'Network tags', ensure that the default tags are removed. These tags should be replaced with at least one firewall rule of your own.
- Hit 'Save' at the bottom of the page
For users with instances hosted on Microsoft Azure, the 'Publicly Available' warning can be addressed by ensuring the Network Security Group (NSG) associated with the Virtual Machine does not have HTTP or HTTPS sources set to Any.
1. Log into the Microsoft Azure Portal.
2. Click All Services from the main menu. From the Services screen, select Network Security Groups (not Classic).
3. Select the NSG associated with your Matillion ETL Virtual Machine. The NSG is created when the VM is created and thus they will share a name.
4. Now in the screen for your NSG, locate the HTTP and HTTPS Inbound Security Rules.
5. If either of these are set to Any then your instance is publicly available and will receive the Notice inside the client.
6. Click the appropriate Inbound Security Rule and in the blade that appears, edit the Source to anything other than Any. It is common for Matillion ETL instances to be configured such that only select IP addresses can access the instance.
Set up your instance in a VPC
Please see the article on running inside a VPC here
Please see the article on enabling security within the product here
For information on securing your Matillion ETL instance, please contact support.