Digifi AWS Enhanced Security Guide

This step-by-step guide will show you how to increase the security and privacy of your Digifi Analyst Cloud instance. This entails restricting your Security Group settings and creating an encrypted tunnel for your Analyst Cloud communications. For Windows users, we will also show you how to password protect your private key for an additional layer of security.

aws_quick_start_quide_ss_01

Security Group Settings

Your Analyst Cloud instance has open permissions for port 22 and 8787. This means your instance is open to the world on these ports. To see your specific settings, login to your AWS console and navigate to EC2 > Security Groups and select the security group name beginning with `Digifi Analyst Cloud`. Select `Inbound` and you should see a source value of 0.0.0.0 for ports 22 and 8787.

aws_security_group_ss_01
Now do the following:

  1. Click the `Edit` button
  2. Delete the row containing port range 8787
  3. Select the drop-down menu under `Source` and select `My IP`.
  4. Click `Save`

This configuration will close your web browser access via port 8787 and accept SSH connectivity only from your current network. Your final settings should look like the screenshot below with your IP address in the `Source` field.

aws_security_group_ss_02



aws_quick_start_quide_ss_02

Create an Encrypted Tunnel

You can use SSH to tunnel port communications over an encrypted connection. This facilitates multi-factor authentication and secure communications via web browser. As the Windows configuration requires more steps, it has its own guide for setting up the tunnel and key password.

WINDOWS:
configure and connect with PuTTY following these steps.
LINUX:
open a terminal window and use the following command:

ssh –i [/path/private-key.pem] –L 8787:localhost:8787 ec2-user@[elastic ip]



aws_quick_start_quide_ss_03

Connect

The easiest way to view your environment is to use RStudio running on Digifi.

  1. Establish an SSH connection per the preceding step
  2. Open a web browser
  3. Enter the following address: http://localhost:8787/
  4. Sign in using your `bighat` username and password

With a successful connection, your RStudio web traffic will be tunneled via secure shell. If your RStudio login fails, please make sure you have set your `bighat` user password. For more information on setting your `bighat` password, please visit the Digifi AWS Quick Start Guide for instruction.