This step-by-step guide will show you how to increase the security and privacy of your Digifi Analyst Cloud instance. This entails restricting your Security Group settings and creating an encrypted tunnel for your Analyst Cloud communications. For Windows users, we will also show you how to password protect your private key for an additional layer of security.
Security Group Settings
Your Analyst Cloud instance has open permissions for port 22 and 8787. This means your instance is open to the world on these ports. To see your specific settings, login to your AWS console and navigate to EC2 > Security Groups and select the security group name beginning with `Digifi Analyst Cloud`. Select `Inbound` and you should see a source value of 0.0.0.0 for ports 22 and 8787.
Now do the following:
- Click the `Edit` button
- Delete the row containing port range 8787
- Select the drop-down menu under `Source` and select `My IP`.
- Click `Save`
This configuration will close your web browser access via port 8787 and accept SSH connectivity only from your current network. Your final settings should look like the screenshot below with your IP address in the `Source` field.
Create an Encrypted Tunnel
You can use SSH to tunnel port communications over an encrypted connection. This facilitates multi-factor authentication and secure communications via web browser. As the Windows configuration requires more steps, it has its own guide for setting up the tunnel and key password.
ssh –i [/path/private-key.pem] –L 8787:localhost:8787 ec2-user@[elastic ip]
The easiest way to view your environment is to use RStudio running on Digifi.
- Establish an SSH connection per the preceding step
- Open a web browser
- Enter the following address: http://localhost:8787/
- Sign in using your `bighat` username and password
With a successful connection, your RStudio web traffic will be tunneled via secure shell. If your RStudio login fails, please make sure you have set your `bighat` user password. For more information on setting your `bighat` password, please visit the Digifi AWS Quick Start Guide for instruction.