Configuring test agent security groups
Warning
You must create and configure security groups before creating an agent. This way you can restrict the agent's access.
- Create an agent security group named
agent-sg
. - Add rules:
-
Rule for outgoing HTTPS traffic to the Load Testing public API:
- Port range:
443
- Protocol:
TCP
- Destination name:
CIDR
- CIDR blocks:
0.0.0.0/0
This will allow connecting the agent to Load Testing to manage tests from the interface and get test results.
- Port range:
-
Rule for incoming SSH traffic:
- Port range:
22
- Protocol:
TCP
- Destination name:
CIDR
- CIDR blocks:
0.0.0.0/0
This will allow you to connect to the agent over SSH and manage tests from the console or collect debugging information.
- Port range:
-
Rule for outgoing traffic when generating load to the test target:
- Port range:
0-65535
- Protocol:
Any
- Destination name:
Security group
SelectFrom list
. Specify the security group where the test target is located.
Create this rule for each test target with a unique security group.
- Port range:
-
If you plan to use multiple security groups for an agent, enable all traffic between these groups.
To assign another security group, edit the virtual machine network settings in Yandex Compute Cloud.
Note
You can set more detailed rules for security groups, such as allowing traffic in only specific subnets.
It is important to have security groups properly configured for all subnets hosting traffic-generating agents.