Materialize Documentation
s
Join the Community github/materialize

Security

Materialize Cloud is in beta and is not subject to Materialize's backwards compatibility guarantee.

Materialize Cloud secures your connections by enforcing that clients connect via TLS 1.2+, and supports:

In the future, the enterprise product will also provide secure network ingress and egress. If you have other specific security requirements, please let us know.

Static IP addresses

All Materialize Cloud deployments come with a static IP address.

This gives you the ability to connect your Materialize Cloud deployments to sources and sinks secured with a firewall.

Allowing the static IP address enables the connection from your Materialize Cloud deployments to your sources and sinks.

The specific commands to allow the static IP address will vary depending on your operating system and firewall (e.g. iptables, firewall-cmd, UFW, AWS, Azure, and etc). Please refer to the appropriate documentation for your specific firewall.

Getting the static IP address

Once you’ve created a deployment, you can get its associated static IP address following these steps:

  1. Click on a deployment to see the individual deployment view.
  2. On the right-hand side, click on the copy button to copy the IP address.

Allowing the static IP address

The following is a list of commands to allow the static IP address with some of the most common firewalls:

iptables

sudo iptables -I INPUT -s <static IP> -j ACCEPT

FIREWALL-CMD

sudo firewall-cmd --zone=public --add-source=<static IP>

UFW

sudo ufw allow from <static IP>

CSF

sudo csf -a <static IP>

AWS Security Groups

If you are already using AWS security groups, you can add the static IP address to the security group to allow connections from your Materialize Cloud deployments.

To add the static IP address to your AWS Security Group, follow these steps:

  1. Log into your AWS account.
  2. Go to your Security Groups and click on the Security Group you want to add the static IP address to.
  3. Click on the Edit Inbound Rules button.
  4. Click on the Add rule button.
  5. Select Custom TCP as the type.
  6. Specify the Port range depending on the source you want to connect to. For example, if you want to connect to a Kafka source, you would specify Port range: 9092 or if you want to connect to a PostgreSQL source, you would specify Port range: 5432.
  7. Add the Materialize Cloud deployment’s static IP address followed by /32 to the Source field. The /32 mask is used to only designate the speficic host, and not the entire subnet.
  8. Click on the Save button.

For more information on AWS security groups, please refer to the AWS VPC security groups documentaiton.

Azure Firewall

For the steps required to allow static IP addresses with Azure, please refer to the Azure documentation.

GCP VPC firewall

For the steps required to allow static IP addresses with GCP, please refer to the GCP documentation.

Did this info help?
Yes No