Tetra Hub v2 Allow List Endpoints

Three types of endpoints must be added to your organization's allow list before you can use a Tetra Hub v2:

If you're configuring a Tetra Agent on your Hub, see Endpoint Allow List for Tetra Agents When Using a Tetra Hub v2.

πŸ“˜

NOTE

For the endpoints listed in this topic, [region] is the AWS Region where the TetraScience stack is deployed. TetraScience uses us-east-1 for Tetra hosted deployments.

Required AWS Endpoints

πŸ“˜

NOTE

The following endpoints are used by Tetra Hub v2, the AWS Systems Manager Agent (SSM Agent), Amazon Elastic Compute Cloud (Amazon EC2) Agent, and Amazon CloudWatch Agent.

For Remote Orchestration of Proxies and Connectors by Amazon ECS

  • https://ecs-a-*.[region].amazonaws.com
  • https://ecs-t-*.[region].amazonaws.com
  • https://ecs.[region].amazonaws.com

For Remote Management of the Host Machine by AWS Systems Manager

  • https://ssm.[region].amazonaws.com
  • https://ec2messages.[region].amazonaws.com
  • https://ssmmessages.[region].amazonaws.com

For Downloading Configuration Data and Uploading Data to Amazon S3

  • https://s3.[region].amazonaws.com

For Sending Connector Logs to Amazon CloudWatch

  • https://logs.[region].amazonaws.com

For Sending Metrics to Amazon CloudWatch

  • https://monitoring.[region].amazonaws.com

For Downloading Required Docker Images

  • https://ecr.us-east-1.amazonaws.com
  • https://api.ecr.us-east-1.amazonaws.com
  • https://753968983172.dkr.ecr.us-east-1.amazonaws.com

Required Connector Endpoints

πŸ“˜

NOTE

The following endpoints are required by all Connectors. Each Connector type might need additional endpoints added to your organization’s allow list, based on the specific integration. For example, the Tetra Cellario Connector requires access to the configured Cellario endpoint.

For Receiving and Responding To TDP Commands through Amazon SQS

  • https://sqs.[region].amazonaws.com

For Downloading Configuration Data and Uploading Data to Amazon S3

  • https://s3.[region].amazonaws.com

For Downloading Configuration Data from AWS Systems Manager

  • https://ssm.[region].amazonaws.com

For TDP Orchestration, Status Reporting, and Data Uploads

  • The TetraScience API (Verify with your customer success manager which endpoint is required for your use case)

Required Tetra Hub v2 Installer Endpoints

πŸ“˜

NOTE

The following endpoints are required at the time of Tetra Hub installation and activation.

For All Operating Systems

  • https://s3.[region].amazonaws.com
  • https://amazon-ecs-agent.s3.amazonaws.com
  • https://s3.amazonaws.com

For Ubuntu

  • All default Ubuntu package sources

For RHEL

  • All default RHEL package sources
  • https://download.docker.com
  • The following package sources for RHEL v7:
    • http://mirror.centos.org/
    • https://dl.fedoraproject.org/pub/

πŸ“˜

NOTE

The http://mirror.centos.org/ endpoint supports the HTTP protocol only. The endpoint won't work if you use HTTPS.

For CentOS

  • All default CentOS package sources

Endpoint Allow List for Tetra Agents When Using a Tetra Hub v2

🚧

IMPORTANT

If you select the Enable S3 Direct Upload or Receive Commands option when you configure a Tetra Agent, then you must add the following endpoints to your organization's allow list before you can use a Tetra Hub v2.

AWS EndpointDescriptionWhen Required
https://[infrastructure name]-[environment]-datalake.s3.[region].amazonaws.com

https://[infrastructure name]-[environment]-backup.s3.[region].amazonaws.com

Note: Self-hosting customers can find these bucket names in their Amazon S3 console. Tetra hosted customers receive these URLs from TetraScience.
Uploads filesWhen the Enable S3 Direct Upload option is selected
https://sqs.[region].amazonaws.comFetches the command message and then returns the command processing statusWhen the Receive Commands option is selected
https://logs.[region].amazonaws.comPosts agent heart beats and logsWhen the Enable S3 Direct Upload option is selected
https://monitoring.[region].amazonaws.comSends Metrics Data (such as CPU, memory, and disk usage)When the Enable S3 Direct Upload option is selected