Join the PostgreSQL server to a Vnet so we can avoid the requirement to expose a public IP address to the wider internet. Or, create a setting to allow just access from a given App Service.
The VNet service endpoints for Azure Database for PostgreSQL feature is now Generally Available. Thank you for your support and feedback for this feature! Please visit the blog for more information: https://azure.microsoft.com/blog/vnet-service-endpoints-for-azure-database-services-for-mysql-and-postgresql-ga/
Rachel on behalf of the Azure Database for PostgreSQL team
Hi, I experimented with Service Endpoints for Postgresql and found that my database was *still* publicly reachable but a message from pg_hba.conf appeared for disallowed IP addresses. In my mind, this is not an adequate solution for a private Postgresql. Even the Postgresql docs say that pg_hba is not satisfactory for securing Postgresql from the public internet. When we will be able to *launch* a managed Postgresql instance *inside* a VNet? This is a default on AWS and the one feature that I can say without exaggeration, every single week I think about going back to AWS for. I'm running my own Postgresql instances on VMs right now because I can't have a publicly reachable Postgresql database.
Any update for this issue?
The ETA of public preview of VNET continues to be a few weeks out. We're adding features and validating at this time.
Thanks for your interest!
Rachel on behalf of Azure Database for PostgreSQL team
Ben Wyatt commented
The last update on this request was just over 3 weeks ago. Can you please update us on where it currently stands? Is there a firmer ETA than a "few weeks" at this time?
We expect VNET Service Endpoint support to enter public preview in few weeks.
Also please note that we added 'Allow access to Azure services' on 'Connection security' tab that would allow you to access your Azure Database for PostgreSQL server from any Azure IP.
Nik on behalf of Azure Database for PostgreSQL team
Petter Skog commented
Any update regarding this issue?
Because our application does not use ssl connection、So
the db instances must can be created within the local virtual network.
+1 for this, our app tier is within a vnet and not exposed to the internet and we would like to have our database tier within a vnet.
This is a critical feature for us. It really limits the ability to scale out connected services without running some hacky scripts to update the ip address settings on the Azure Database for Postgres every time we scale up/down. Not to mention the performance (and although negligible, egress bandwidth cost) hit of sending traffic over the internet instead of the Azure backbone.
Some kind of functionality using full or a pared down VNET peering experience here would be great!
Tobias Ternstrom commented
Hey Matt & Chris, sorry for the late reply (and thank you Brent for reminding me to reply here). This is definitely work in progress, both for our PostgreSQL and MySQL services as well as the SQL Server based ones Azure SQL Database and Data Warehouse. We will get back with a timeline as soon as we can.
Apparently even managed SQL Server can only be access via public IP addresses, without support for private IP addresses within virtual networks:
Hope this will be fixed soon for all managed DB servers.