Most cloud database providers provide a way to restrict database access to a set of known origin public IP addresses.
About Static IP addresses
You can use the static IP addresses feature to connect your databases to the Prisma Data Platform securely whilst keeping them protected from the public internet.
When you implement static IP addresses for your database, then the platform will connect to your database using this static IP address. This works seamlessly across all features: data browser, query console, data proxy.
The following database offerings are compatible with this feature:
- AWS RDS via security groups
- AWS Aurora via security groups (not Aurora Serverless)
- MongoDB Atlas
- Google Cloud SQL
The following database offerings are not compatible:
- AWS Aurora Serverless (database does not have a public IP)
Before implementing static IP addresses, review the following considerations:
- if the IP addresses are removed from the IP allow list on the database provider, the Prisma Data Platform will lose connectivity to the database
- the IP addresses are specific to the region in which the data proxy is configured. Changing the region of the data proxy will change the IPs for egress and will thus require a change of the IP allow list on your provider
- should Prisma ever change any of the public IPs used, we will communicate with impacted users
Enabling the static IP addresses feature
There are different contexts in which the static IP feature can be configured:
- when creating a new project, at the stage at which a database is configured
- when creating a new environment
- when updating the database settings of an existing environment
Step 1. Enable the feature
In the Prisma Data Platform, either when you are creating a new project or environment (or when modifying the settings of an existing environment), navigate to the Static IP addresses section. Select the option "Enabled (there is a firewall in front of my database)".
A list of three (3) IP addresses display.
Step 2. Allow traffic in your database provider
In your database provider, configure your database to allow traffic from the IP addresses displayed in the previous step. Please make sure to include all three (3) addresses.
Step 3. Save to test connectivity and finish
Back in your Prisma Data Platform account, again in the Static IP addresses section, submit the form. At this point, the platform will verify that it can connect to the database. If it cannot connect, it means something went wrong with the setup. Please review the configuration with your database provider.