Skip to main content

Configure network security

Configure network security for Self-Deployed Runtime to permit only required encrypted traffic between the runtime and Atlan services. This ensures secure communication while blocking unauthorized access.

Prerequisites

Before you begin, make sure you have:

  • Administrative access to your firewall or network security groups

Configure firewall rules

  1. Access your firewall management interface: Log into your firewall management system (AWS Security Groups, Azure NSGs, enterprise firewall console, or iptables for Linux).

  2. Permit outbound connections: Configure your firewall to permit the following outbound connections from your Self-Deployed Runtime deployment:

    firewall_rules:
      outbound_allowed:
        - destination: "*.atlan.com"
          port: 443
          protocol: HTTPS
        - destination: "*.atlan.com" 
          port: 443
          protocol: gRPC/TLS

  3. Block all inbound traffic: Configure your firewall to deny all inbound connections to Self-Deployed Runtime:

    firewall_rules:
      inbound_blocked:
        - all_traffic: DENY  # No inbound connections to agent

Need help

If you are still facing issues and need help, contact [email protected] for assistance.

See also

  • Security: Security architecture, authentication, encryption, and compliance controls for Self-Deployed Runtime.
  • Verify container images: Confirm image authenticity and integrity with Cosign before deployment.