Skip to main content

Configure network access to a PostgreSQL TimescaleDB cluster

By default, in clusters with a public subnet, connection is allowed for all IP addresses provided you have a login and password.

For a cluster in a private subnet, connection is allowed from the cluster subnet and from subnets that are connected to the cluster subnet via a cloud router.

You can define a list of allowed IP addresses from which access to the Managed Database cluster will be allowed.

Также для ограничения доступа к кластеру облачных баз данных можно использовать группы безопасности

Any changes to network access settings are the client's responsibility.

Define a list of allowed IP addresses

When restoring a cluster from a backup, the list of allowed IP addresses will not be saved; for a new cluster, the allowed IP addresses will need to be reconfigured.

  1. In the Dashboard, on the top menu, click Products and select Managed Databases.
  2. Откройте вкладку Активные.
  3. Откройте страницу кластера баз данных → вкладка Настройки.
  4. В блоке Управление сетевым доступом нажмите on поле Разрешенные адреса and CIDR подсетей.
  5. At the bottom of the drop-down list, enter the subnet CIDR or IP address from which access to the cluster should be allowed. Only IPv4 addressing is supported.
  6. Click .
  7. Repeat steps 5 and 6 for all allowed IP addresses.
  8. Click Save. All IP addresses, except those specified in the allowed list, will be denied access.

Security groups in a Managed Database cluster

Группа безопасности in кластере облачных баз данных — набор правил для фильтрации входящего and исходящего трафика кластера. Для работы групп безопасности in сети должна быть включена фильтрация трафика (port security)

Если in сети включена фильтрация, то для всех портов in этой сети назначается группа безопасности по умолчанию, которая разрешает прохождение всего трафика через порты. Вы можете назначить другую группу безопасности при создании кластера or in существующем кластере

In addition to the security groups you select when you create the cluster, a service security group is automatically assigned to the Managed Database cluster network ports. This group keeps the cluster running and cannot be changed or deleted. The service group appears only in the OpenStack CLI and Terraform.

Подробнее о группах безопасности in разделе Группы безопасности

Assign a security group in an existing cluster

warning

After a security group is assigned, all active sessions that do not comply with the group's rules will be terminated.

  1. Ensure that port security (traffic filtering) is enabled on the cluster network. To do this, in the Dashboard, on the top menu, click ProductsCloud ServersNetwork → the Private networks or Public networks tab. A network with filtering enabled is marked with .

    If filtering is disabled, to use security groups, create a new cluster in a new subnet or in a subnet with traffic filtering enabled and transfer data using logical replication or a logical dump.

  2. In the Dashboard, on the top menu, click Products and select Managed Databases.

  3. Откройте вкладку Активные.

  4. Откройте страницу кластера баз данных → вкладка Настройки.

  5. In the Security block, click Edit.

  6. Select the security group you want to assign to all ports on the cluster network.

  7. Click .