VPC peering and private link

Crunchy Bridge instances run in an isolated network or VPC (a logically isolated Virtual Private Cloud). Your network is fully isolated from other customers and from other teams within your account. By default your VPC is configured to be publicly available with a firewall rule of It is recommended for further security you setup specific firewall rules for your environment's access only.

VPC peering

Crunchy Bridge supports VPC peering to enable your Crunchy Bridge cluster's VPC to communicate over a private network route with another VPC under your control.

Note that the firewall rules for a cluster apply to both public and private (peered) traffic. If you enable VPC peering, and leave the firewall rules set to the default of, your database cluster will be accessible via public IPs as well as the private network of the VPC peer. To fully secure your cluster in a VPC peering arrangement, be sure to update the firewall rules to match the private network address space of the peered VPC.

Note that peering is done per team, per network.

AWS and GCP VPC peering

You can create network peering connections inside the Crunchy Bridge dashboard in Team Settings -- Networks.


Input the VPC specific information that set up in your AWS account:

  • AWS Account ID
  • VPC Region
  • VPC ID

After creating the peering connection, it must be accepted by the corresponding peer, and a route created for the Crunchy Bridge CIDR to route through the peering connection.


Input the VPC specific information for your GCP account:

  • GCP Project ID
  • GCP Network Name

After creating the peering connection in Crunchy Bridge, a corresponding peering connection must be created in the peered VPC.

  • Project: crunchy-bridge
  • VPC: n-<network_id>

Once the peering is set up, it should be possible to connect to the cluster via its internal DNS entry - It is the same as the public cluster DNS entry, only beginning with an i. instead of a p..

Azure peering

In order to configure VPC / VNET peering, please open a support ticket.

It is also possible to connect your Crunchy Bridge cluster to your private network using private link to each of the cloud providers, including AWS PrivateLink, GCP Private Service Connect, and Azure Private Link.

The private link feature is enabled per individual cluster on the cluster networking tab.

You will turn on the private link feature which will create a unique identifier. That unique identifier will then be input with the other resource you want to connect.

Note that firewall rules will remain in place for your cluster after a private link has been established. However, these do not impact the flow of traffic with private link. You may safely delete these firewall rules entirely if you do not wish your cluster to be accessible outside of a private link connection.

If you create a fork or a replica of a cluster that is configured to use private link, it will not automatically be connected in the same way.