Three types of endpoints must be added to your organization's allow list before you can use a Tetra Hub v1 (previously Tetra Data Hub):
If you're configuring a Tetra Agent on your Hub, see Endpoint Allow List for Tetra Agents When Using a Tetra Hub v1.
For the endpoints listed in this topic, [region] is the AWS Region where the TetraScience stack is deployed. TetraScience uses us-east-1 for Tetra hosted deployments.
Make sure that all of the following endpoints are visible through standard HTTPS port 443.
The AWS Systems Manager Agent (SSM Agent) installed on the Hub machine uses the following endpoints:
For Remote Management of the Host Machine by AWS Systems Manager
For Shipping Connector Logs to Amazon CloudWatch
For Shipping Metrics to Amazon CloudWatch
For Downloading Configuration and Upload Data to Amazon S3
For Sending Notifications about Tetra Data Hub Status to Amazon SNS
For Receiving and Replying to Commands for Tetra Data Hub, Its Connectors, and Agents
Tetra Hub v1 must refresh AWS IoT credentials periodically, because the credentials expire after one hour. For this reason, any AWS IoT credentials endpoints visible to the Hub machine must also be visible through standard HTTPS port 443.
AWS IoT credentials endpoints are in the following format:
The * value at the beginning of the URL is a general value. The actual name of the machine where the endpoint is deployed depends on the AWS account and Region that you used for platform deployment.
If your setup requires a Fully Qualified Domain Name (FQDN) instead of a general value, use the AWS Command Line Interface (AWS CLI) to run the AWS describe-endpoint command. The command returns the
endpointAddressthat you use to request security tokens.
To pull required Docker images, Tetra Hub v1 must have access to the following Amazon Elastic Container Registry (Amazon ECR) endpoints:
For Connecting to the Main Amazon ECR Endpoints in the AWS Region Where the TDP Stores Docker Images
For Connecting to the Account-Specific Amazon ECR Endpoint
The following Tetra Connectors need additional endpoints added to the Hub v1 machine's allow list, based on the specific integration:
Tetra Connectors that aren't included in the following list rely on AWS infrastructure, and don't require additional URLs.
- Tetra HRB Cellario Connector must have access to the Cellario URLs it connects to and polls for new data. However, if your Cellario software is part of an internal network, then no additional allow list configuration is needed.
- Tetra AGU SDC Connector must have access to the SDC URLs it connects to and polls for new data. However, if your SDC software is part of an internal network, then no additional allow list configuration is needed.
The following endpoints are required at the time of Tetra Hub v1 installation and activation.
- Ubuntu access to its own software source URLs in order to install: Unzip, Python, and Docker
Red Hat and CentOs Linux
- (For CentOS)
- (For CentOS)
- (For Red Hat)
- (For Red Hat)
If you select the Enable S3 Direct Upload or Receive Commands option when you configure a Tetra Agent, then you must add the following endpoints to your organization's allow list before you can use a Tetra Hub v1.
|AWS Endpoint||Description||When Required|
Note: Self-hosting customers can find these bucket names in their Amazon S3 console. Tetra hosted customers receive these URLs from TetraScience.
|Uploads files||When the Enable S3 Direct Upload option is selected|
|Fetches the command message and then returns the command processing status||When the Receive Commands option is selected|
|Posts agent heart beats and logs||When the Enable S3 Direct Upload option is selected|
|Sends Metrics Data (such as CPU, memory, and disk usage)||When the Enable S3 Direct Upload option is selected|
Updated about 1 month ago