Networking and Firewall Rules

You can configure your firewall rules on a per cluster basis. This applies to your primary instance as well as any read replicas associated with that cluster. By default your cluster is configured with rules that allow for all traffic into it:




In order to restrict your database, you can delete the defaults and create new rules within the Networking tab of your cluster. You are allowed to create rules of specific IP, or of a CIDR block.

Firewall rules cannot overlap. For example, if you do not delete the default of, you will not be able to add any new IPv4 rules as they will overlap with the default.

AWS VPC Peering

All Crunchy Bridge clusters are automatically created within their own isolated VPC (Virtual Private Cloud). Your VPC is isolated from all others. VPCs can be peered to your existing AWS VPCs to ensure only private traffic flows to your database, and no traffic is publicly accessible. In order to configure VPC peering please open a support ticket within the console.