Tetra Hub Allow List Endpoints
Three types of endpoints must be added to your organization's allow list before you can use a Tetra Hub:
NOTE
For the endpoints listed in this topic, [region] is the AWS Region where the TetraScience stack is deployed. TetraScience uses us-east-1 for Tetra hosted deployments.
Required AWS Endpoints
NOTE
The following endpoints are used by Tetra Hub, the AWS Systems Manager Agent (SSM Agent), Amazon Elastic Compute Cloud (Amazon EC2) Agent, and Amazon CloudWatch Agent.
For Remote Orchestration of Proxies and Connectors by Amazon ECS
https://ecs-a-*.[region].amazonaws.com
https://ecs-t-*.[region].amazonaws.com
https://ecs.[region].amazonaws.com
For Remote Management of the Host Machine by AWS Systems Manager
https://ssm.[region].amazonaws.com
https://ec2messages.[region].amazonaws.com
https://ssmmessages.[region].amazonaws.com
For Downloading Configuration Data and Uploading Data to Amazon S3
https://s3.[region].amazonaws.com
For Sending Connector Logs to Amazon CloudWatch
https://logs.[region].amazonaws.com
For Sending Metrics to Amazon CloudWatch
https://monitoring.[region].amazonaws.com
For Downloading Required Docker Images
https://ecr.us-east-1.amazonaws.com
https://api.ecr.us-east-1.amazonaws.com
https://753968983172.dkr.ecr.us-east-1.amazonaws.com
Required Connector Endpoints
NOTE
The following endpoints are required by all Connectors. Each Connector type might need additional endpoints added to your organization’s allow list, based on the specific integration. For example, the Tetra Cellario Connector requires access to the configured Cellario endpoint.
For Receiving and Responding To TDP Commands through Amazon SQS
https://sqs.[region].amazonaws.com
For Downloading Configuration Data and Uploading Data to Amazon S3
https://s3.[region].amazonaws.com
For Downloading Configuration Data from AWS Systems Manager
https://ssm.[region].amazonaws.com
For TDP Orchestration, Status Reporting, and Data Uploads
- The TetraScience API (Verify with your customer success manager which endpoint is required for your use case)
Required Tetra Hub Installer Endpoints
NOTE
The following endpoints are required at the time of Tetra Hub installation and activation.
For All Operating Systems
https://s3.[region].amazonaws.com
https://amazon-ecs-agent.s3.amazonaws.com
https://s3.amazonaws.com
https://raw.githubusercontent.com
(to download public keys for verifying AWS packages)
For Ubuntu
- All default Ubuntu package sources
For RHEL
- All default RHEL package sources
https://download.docker.com
- The following package sources for RHEL v7:
http://mirror.centos.org/
https://dl.fedoraproject.org/pub/
NOTE
The
http://mirror.centos.org/
endpoint supports the HTTP protocol only. The endpoint won't work if you use HTTPS.
For CentOS
- All default CentOS package sources
Endpoint Allow List for Tetra Agents When Using a Tetra Hub
If your Hub acts as a proxy for Tetra Agents, the Hub must have access to those Agents' required endpoints.
This includes the TDP API endpoint for your deployment (for example, platform.tetrascience.com
).
Updated 3 months ago