Configuring test agent security groups
Warning
Make sure to set up security groups before creating the agent. This way you can restrict the agent's access.
- Create an agent security group named
agent-sg. - Add rules:
-
Rule for outbound HTTPS traffic to the Load Testing public API:
- Port range:
443. - Protocol:
TCP. - Destination name:
CIDR. - CIDR blocks:
0.0.0.0/0.
This will allow you to connect the agent to Load Testing to manage tests from the interface and get test results.
- Port range:
-
Inbound SSH traffic rule:
- Port range:
22. - Protocol:
TCP. - Destination name:
CIDR. - CIDR blocks:
0.0.0.0/0.
This will allow you to connect to the agent over SSH and manage tests from the console or collect debugging information.
- Port range:
-
Rule for outbound traffic when generating load to the test target:
- Port range:
0-65535. - Protocol:
Any. - Destination name:
Security group.
SelectFrom list. Specify the security group comprising the test target.
Create this rule for each test target with a unique security group.
- Port range:
-
If you plan to use multiple security groups for your agent, allow all traffic between them.
To assign another security group, update the VM network settings in Yandex Compute Cloud.
Note
You can specify more granular rules for your security groups, such as allowing traffic only within specific subnets.
Make sure security groups are properly configured for all subnets that will host traffic-generating agents.