-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Public network access enabled for PostgreSQL Flexible Server #14989
Comments
@kmehkeri , thanks for raising this issue. At service API side, this property in Postgresql Flexible Server is marked as |
When i create flexible PostgreSQL in UI it is possible to choose between |
i figured out how it works with PostgreSQL Flexible Server resource "azurerm_postgresql_flexible_server_firewall_rule" "azure" {
count = var.public_network_access_enabled ? 1 : 0
name = "allow-access-from-azure-services"
server_id = azurerm_postgresql_flexible_server.main.id
start_ip_address = "0.0.0.0"
end_ip_address = "0.0.0.0"
}
resource "azurerm_postgresql_flexible_server_firewall_rule" "all" {
count = var.public_network_access_enabled && var.firewall_allow_all_ips ? 1 : 0
name = "allow-all-ips"
server_id = azurerm_postgresql_flexible_server.main.id
start_ip_address = "0.0.0.0"
end_ip_address = "255.255.255.255"
} So if you need to configure I think this issue can be closed. |
Been looking all over, at the far ends of the internet, and suprisingly this is the only post i have found thus far addressing how to use terraform to set up a public flexible server. I do have a question. I have several developers that work from home that i need to set add to the firewall rule. is there a firewal resouce that supports a list of ips, or do i need to loop w/ azurerm_postgresql_flexible_server_firewall_rule? |
If you know the I.P addresses of your team, then yes, you can loop through a list of them and create a firewall rule for Azure services in the following way: ...
// variables.tf
...
variable "az_config" {
description = "configurations for azure service access"
type = object({
allow_azure_access = bool
})
default = false
}
variable "allowed_ip_list" {
description = "List of I.P addresses allowed to through firewall"
type = list(string)
default = []
}
...
vars.tfvars
...
// database config
az_config = {
allow_azure_access = true
}
// allowed I.P addresses list
allowed_ip_list = [ <developer ips> ]
...
main.tf
...
// Create server firewall rules for azure service internal access
resource "azurerm_postgresql_flexible_server_firewall_rule" "azure_access" {
count = var.az_config.allow_azure_access ? 1 : 0
name = "AllowAllWindowsAzureIps"
server_id = azurerm_postgresql_flexible_server.default.id
start_ip_address = "0.0.0.0" // IP address of azure services
end_ip_address = "0.0.0.0"
}
// Create server firewall rules for allowed I.P addresses
resource "azurerm_postgresql_flexible_server_firewall_rule" "allowed_ips" {
count = length(var.allowed_ip_list)
name = "allowed_ip_${count.index}"
server_id = azurerm_postgresql_flexible_server.default.id
start_ip_address = var.allowed_ip_list[count.index]
end_ip_address = var.allowed_ip_list[count.index]
} Documentation from Azure on the firewall rule for Azure services can be found here. |
The only problem with this solution is that now I'm not using the subnet I have prepared for the DB but for now it is good enough for me :-) |
Hi, I want to setup a flexible postgres database with the settings: Connectivity Method: Public Access with Terraform it is only possible to setup Public access or Private with VNET intgration, but i would like to setup: |
Same here. With private endpoint support launched, it now makes sense to allow setting |
We also already setup a Postgres Flex Server without vnet injection by creating our own vnet manually and connected through a private endpoint. The only part missing is now to disable the public endpoint via So really looking forward of having this property as well! |
Another engineer here running into the exact same problem! Looking forward to having this property. |
Also see #24641 |
Currently dealing with the fallout of this issue - an undeployed flexible server instance. Yes, it can be fixed using an azapi resource to quickly check the public network checkbox, but I'd prefer to just use Terraform IaaC rather than resulting to use an API. Is there a timeline for the issue to be fixed? It seems to be synonymous with an issue affecting mysql resources as well. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Is there any reason why
public_network_access_enabled
can be set for PostgreSQL Server (here), but not for PostgreSQL Flexible Server (it's just an attribute - could this mean that it is inferred based on some other parameters)?The text was updated successfully, but these errors were encountered: