How to add Data Stream's IPs to your firewall
Data Streams’ IP list
Most data warehouses have firewalls set up to help protect data. Based on certain safety rules, these firewalls prevent unwanted entries or intrusions, and if configured to do so, grant access based on the IP address of each request.
When using Data Streams to access a data warehouse that is behind a firewall, the credential linking process is not enough for our tool to transfer data to, or to pull data from the respective warehouse.
How to know if I need to whitelist Cognetik's IP addresses
If after linking data warehouse credentials in Data Streams, the database profile dropdown doesn’t populate, you might have to whitelist Cognetik's IP addresses.
Keep in mind that all three need to be whitelisted in order to allow Data Streams to access the data warehouse.
Whitelist Data Streams’ IP for AWS (S3, Redshift, etc):
- Access the AWS management console and go to the management page for the security group (new or existing).
- In the Security Group View, select the Inbound tab on the bottom half of the page, then click Edit.
- In the Edit Inbound Rules dialog, click Add Rule at the bottom of the list, and set the following:
Type - Custom TCP Rule.
Protocol - TCP (the default).
Port Range - The number of the open port your data source uses
Source - Custom IP (the default). In the field next to Source, paste in one of the 3 IP addresses:
Repeat the Add Rule steps above until you've created a rule for each of the IP addresses listed.
Note: AWS uses the CIDR IP format, thus the need to append the '/32' to the end of the IPs.
Whitelist Data Streams’ IP for MongoDB Atlas:
- Go to IP Whitelist view
- From the Clusters view, select the Security tab then IP Whitelist.
- Click Add IP Address.
- Enter IP address
Ensure that you add the IP address you will use to access MongoDB as the admin user.
Whitelist Data Streams’ IP for Snowflake.
Creating a Network Policy:
- Only account administrators and security administrators (i.e. users with the ACCOUNTADMIN or SECURITYADMIN role) can create, alter, or drop network policies
- You can create a network policy using either the web interface or SQL (by executing a Create Network Policy)
- Log into your Snowflake management console, select Accounts and then Policies.
2. Click Create a New Network Policy.
3. Name the policy and then enter the following IP addresses, separated by commas:
4. Enter other information for the network policy, as needed, and click Finish.Snowflake displays a success message.
After creating a network policy, you must activate it before Snowflake enforces the policy. For details, see Activating a Network Policy for Your Account.
To activate a network policy, your current IP address must be included in the Allowed IP Addresses list; otherwise, when you click the Activate button, an error is returned.
Activating a Network Policy for Your Account
Once the policy is associated with your account, Snowflake restricts access to your account based on the allowed IP address list and blocked IP address list.
Whitelist Data Streams’ IP for Microsoft SQL Server:
- Log into RDP (remote desktop).
- Go to Start.
- Select Administrative Tools.
- Click on Windows Firewall With Advanced Security.
- Click on Inbound Rules on the left-hand side.
- In the middle, click on MSSQL Server or MySQL.
- Under the MSSQL Server section, click Properties.
- Click the Scope tab.
- At the bottom, under Remote IP Address, click Add and add: