Authorizing Inbound Traffic for Your Instances

Security groups enable you to control traffic to your instance, including the kind of traffic that can reach your instance. For example, you can allow computers from only your home network to access your instance using SSH. If your instance is a web server, you can allow all IP addresses to access your instance using HTTP or HTTPS, so that external users can browse the content on your web server.

This article explains how you can whitelist Kloudio IPs so that Kloudio can access your instance and run reports on your behalf. We have covered instructions for 3 main hosting providers in this article - Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP). If your database is hosted on some other provider, please let us know via chat or email and we can point you in the right direction.

Your default security groups and newly created security groups include default rules that do not enable you to access your instance from the Internet. To enable network access to your instance, you must allow inbound traffic to your instance. To open a port for inbound traffic, add a rule to a security group that you associated with your instance when you launched it.

To connect to your instance, you must set up a rule to authorize SSH traffic from your computer's public IPv4 address. To allow SSH traffic from additional IP address ranges, add another rule for each range you need to authorize.

Whitelisting IP Addresses on AWS

Adding a Rule for Inbound SSH Traffic to a Instance

Security groups act as a firewall for associated instances, controlling both inbound and outbound traffic at the instance level. You must add rules to a security group that enable you to connect to your instance from your IP address using SSH.

To add a rule to a security group for inbound SSH traffic over IPv4 

  1. In the navigation pane of the Amazon EC2 console, choose Instances. Select your instance and look at the Description tab; Security groups lists the security groups that are associated with the instance. Choose view inbound rules to display a list of the rules that are in effect for the instance.


2. In the navigation pane, choose Security Groups. Select one of the security groups associated with your instance.


3. In the details pane, on the Inbound tab, choose Edit. In the dialog, choose Add Rule, and then choose SSH from the Type list.


4. In the Source field, choose Custom enter Kloudio IP 52.34.31.72/32 and 52.38.227.76/32 and give appropriate port for your database.
POSTGRES : 5432
MYSQL : 3306
REDSHIFT : 5439
MSSQL : 1433
ORACLE : 1521

5. Choose Save.

Assigning a Security Group to an Instance

You can assign a security group to an instance when you launch the instance. When you add or remove rules, those changes are automatically applied to all instances to which you've assigned the security group.

After you launch an instance, you can change its security groups. For more information, see Changing an Instance's Security Groups in the Amazon VPC User Guide.

Whitelisting IP addresses on Azure

  1. Open Azure portal.
  2. Select an instance with your database.

3. Select Networking tab

4. Click on Add inbound.

Select IP Address from the source drop down and create rules with Kloudio IP 52.34.31.72/32 and 52.38.227.76/32 and give appropriate port for your database.
POSTGRES : 5432
MYSQL : 3306
REDSHIFT : 5439
MSSQL : 1433
ORACLE : 1521

5. Click Add.

Whitelisting Kloudio IP Addresses on Google Cloud Platform

  1. Go to the Firewall rules page in the Google Cloud Platform Console. GO TO THE FIREWALL RULES PAGE
  2. Click Create firewall rule.
  3. Enter a Name for the firewall rule. This name must be unique for the project.
  4. Specify the Network where the firewall rule will be implemented.
  5. Specify the Priority of the rule. The lower the number, the higher the priority.
  6. For the Direction of traffic, choose ingress or egress.
  7. For the Action on match, choose allow or deny.
  8. Specify the Targets of the rule.If you want the rule to apply to all instances in the network, choose All instances in the network.If you want the rule to apply to select instances by network (target) tags, choose Specified target tags, then type the tags to which the rule should apply into the Target tags field.If you want the rule to apply to select instances by associated service account, choose Specified service account, indicate whether the service account is in the current project or another one under Service account scope, and choose or type the service account name in the Target service account field.
  9. For an ingress rule, specify the Source filter: Choose IP ranges and type the CIDR blocks into the Source IP ranges field to define the source for incoming traffic by IP address ranges.
    Kloudio IP 52.34.31.72/32
    and 52.38.227.76/32 and give appropriate port for your database.
    POSTGRES : 5432
    MYSQL : 3306
    REDSHIFT : 5439
    MSSQL : 1433
    ORACLE : 1521
  10. Define the Protocols and ports to which the rule will apply: Select Allow all or Deny all, depending on the action, to have the rule apply to all protocols and ports.Define specific protocols and ports:Select tcp to include the TCP protocol and ports. Enter all or a comma delimited list of ports, such as 20-22, 80, 8080. Select udp to include the UDP protocol and ports. Enter all or a comma delimited list of ports, such as 67-69, 123.Select Other protocols to include protocols such as icmp or sctp.
  11. (Optional) You can create the firewall rule but not enforce it by setting its enforcement state to disabled. Click Disable rule, then select Disabled.
  12. (Optional) You can enable firewall rules logging:Click Logs > On.Click Turn on.
  13. Click Create.

Try adding a connection on Kloudio now.

Thank you!

Did this answer your question?