Introduction
This article is part 7 of a tutorial to help you get started with FME Cloud. There are three different tiers of FME Cloud security:
- the FME Cloud account and your user profile (covered in Part 6: Account Security),
- FME Cloud instance security (covered in this article),
- FME Server security (not covered in this tutorial).
This tutorial needs to be followed in order. Please complete Part 1: Sign Up and Part 2: Launch Instance before continuing with this article.
Step-by-Step Instructions
1) Login to FME Cloud
Login to FME Cloud here if you have not already done so.
2) Explore security options for ports
Select a running instance and then click the Security tab.
This tab shows open ports under Permissions. We see a couple of inbound permissions already set up. The ports 80, 443 & 25 regulate the access to the web user interface and the SMTP server of the FME Server running on the instance. It is not recommended to remove these ports, but they can be modified to only allow traffic from a specific IP address or IP range. Port 22 is used for support access and can not be removed.
Security tab
You can add additional access to the instance under New inbound permission. You can choose a udp or tcp port, a port range, and a source (the IP range that can access the instance in /32 CIDR Notation).
New inbound permission form
Once you have added a new inbound permission you will see it added to the Permissions list:
New inbound permission visible on the Security tab
A very common task is to access allow access to the PostGIS database that ships with FME Cloud. For example, if we know the public IP of the machine that should have access to the database is 203.0.113.1, we want to allow traffic on port 5432 (the default port for PostGIS). To do this we would specify the port and the IP address with a /32 suffix to only allow this single IP. It is also possible to specify port ranges and IP ranges with the respective syntax.
3) Set up a static IP for an instance
Now that we know how to control the inbound traffic of our FME Cloud instance, we can think about networks, services, and instances that might allow inbound traffic from our FME Cloud instance. By default the FME Cloud instance has a dynamic IP address that will change every time the instance is restarted. However, what if we had a database we want to access with our FME Cloud instance. The database administrator would not want to to open access to the database more than is necessary. To avoid this issue, we can assign a static IP to our instance.
To do this, click the FME Cloud logo in the top left or click Instances in the left menu. Select the instance you wish to assign a static IP to and pause it. Then click Static IPs on the left menu. Click the Request new IP Address button. Then choose the region and name for the IP address. Make sure the region matches your instance’s region; the name can be whatever you want. Click OK. You will get a message saying Static IP Address requested successfully.
Request new IP Address button location
Click the Select Instance button, select your instance, and then click Assign. The next time the instance is started it will use this newly assigned static IP address.
Request Static IP Address form
Security Updates
The way user updates are handled is specified for instances during the launch process. You can view this setting by selecting your instance on the Instances page and looking at Details > OS Security Updates.
OS Security Updates setting location in the Details tab
If your FME Cloud instance is configured for Unattended security updates of the operating system (OS), security updates are installed in the background as soon as they become available. No additional action is necessary.
If your instance is configured for User initiated security updates, you must initiate updates after they become available. Depending on the updates, you may need to reboot the instance after installation.
Please see How to keep the OS of your FME Cloud instance up to date for more information.
Continue to Next Article:
In the next article, we will cover how to set up schedules for your instances:
