VPC peering and private link
Crunchy Bridge instances run in an isolated network or VPC (a logically isolated Virtual Private Cloud). Your network is fully isolated from other customers and from other teams within your account. By default your VPC is configured to be publicly available with a firewall rule of 0.0.0.0/0
. It is recommended for further security you setup specific firewall rules for your environment's access only.
VPC peering
Crunchy Bridge supports VPC peering to enable your Crunchy Bridge cluster's VPC to communicate over a private network route with another VPC under your control. In order to configure VPC peering, please open a support ticket.
Note that the firewall rules for a cluster apply to both public and private (peered) traffic. If you enable VPC peering, and leave the firewall rules set to the default of 0.0.0.0/0
, your database cluster will be accessible via public IPs as well as the private network of the VPC peer. To fully secure your cluster in a VPC peering arrangement, be sure to update the firewall rules to match the private network address space of the peered VPC.
Private link
It is also possible to connect your Crunchy Bridge cluster to your private network using private link. To set up a private link connection to a cluster, please get in touch with support.
Note that firewall rules will remain in place for your cluster after a private link has been established. However, these do not impact the flow of traffic with private link. You may safely delete these firewall rules entirely if you do not wish your cluster to be accessible outside of a private link connection.
If you create a fork or a replica of a cluster that is configured to use private link, it will not automatically be connected in the same way.