Do you have an idea or suggestion based on your experience with Azure Database for PostgreSQL?

Vnet integration

Join the PostgreSQL server to a Vnet so we can avoid the requirement to expose a public IP address to the wider internet. Or, create a setting to allow just access from a given App Service.

84 votes
Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)

We’ll send you updates on this idea

Matt shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

Hi,

The VNet service endpoints for Azure Database for PostgreSQL feature is now Generally Available. Thank you for your support and feedback for this feature! Please visit the blog for more information: https://azure.microsoft.com/blog/vnet-service-endpoints-for-azure-database-services-for-mysql-and-postgresql-ga/

Best,
Rachel on behalf of the Azure Database for PostgreSQL team

11 comments

Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
Submitting...
  • Anonymous commented  ·   ·  Flag as inappropriate

    Hi, I experimented with Service Endpoints for Postgresql and found that my database was *still* publicly reachable but a message from pg_hba.conf appeared for disallowed IP addresses. In my mind, this is not an adequate solution for a private Postgresql. Even the Postgresql docs say that pg_hba is not satisfactory for securing Postgresql from the public internet. When we will be able to *launch* a managed Postgresql instance *inside* a VNet? This is a default on AWS and the one feature that I can say without exaggeration, every single week I think about going back to AWS for. I'm running my own Postgresql instances on VMs right now because I can't have a publicly reachable Postgresql database.

  • Ben Wyatt commented  ·   ·  Flag as inappropriate

    The last update on this request was just over 3 weeks ago. Can you please update us on where it currently stands? Is there a firmer ETA than a "few weeks" at this time?

  • AdminAzure Database for PostgreSQL Product Team (Product Owner, Microsoft Azure) commented  ·   ·  Flag as inappropriate

    We expect VNET Service Endpoint support to enter public preview in few weeks.

    Also please note that we added 'Allow access to Azure services' on 'Connection security' tab that would allow you to access your Azure Database for PostgreSQL server from any Azure IP.

    Nik on behalf of Azure Database for PostgreSQL team

  • Anonymous commented  ·   ·  Flag as inappropriate

    Because our application does not use ssl connection、So
    the db instances must can be created within the local virtual network.

  • Dinesh commented  ·   ·  Flag as inappropriate

    +1 for this, our app tier is within a vnet and not exposed to the internet and we would like to have our database tier within a vnet.

  • Henry commented  ·   ·  Flag as inappropriate

    This is a critical feature for us. It really limits the ability to scale out connected services without running some hacky scripts to update the ip address settings on the Azure Database for Postgres every time we scale up/down. Not to mention the performance (and although negligible, egress bandwidth cost) hit of sending traffic over the internet instead of the Azure backbone.

    Some kind of functionality using full or a pared down VNET peering experience here would be great!

  • Tobias Ternstrom commented  ·   ·  Flag as inappropriate

    Hey Matt & Chris, sorry for the late reply (and thank you Brent for reminding me to reply here). This is definitely work in progress, both for our PostgreSQL and MySQL services as well as the SQL Server based ones Azure SQL Database and Data Warehouse. We will get back with a timeline as soon as we can.

Feedback and Knowledge Base