-
Notifications
You must be signed in to change notification settings - Fork 5.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SQL Proxy Docs #11397
SQL Proxy Docs #11397
Changes from 3 commits
0d7b169
d9f0a2e
48e897e
7796190
ea78e9e
fcbc857
908fbf4
36b6bf1
a9f1d90
7375722
9d693dd
4660c64
4ea91a6
0c0e675
b6d369f
bad66e3
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
@@ -0,0 +1,32 @@ | ||||||||||||||
# Working with Databases | ||||||||||||||
Connecting to databases is a fundamental aspect of creating powerful workflows for your applications. Whether you're storing application data, querying user information, or analyzing event logs, most workflows require querying data at some step. | ||||||||||||||
|
||||||||||||||
Every Pipedream workflow is deployed to its own virtual machine in AWS. This means your workflow runs in its own execution environment with dedicated RAM and disk space, isolated from other users' workflows. | ||||||||||||||
|
||||||||||||||
However, outbound traffic from your workflows uses the same network as other AWS services in the us-east-1 region. **This means your workflows share AWS's `us-east-1` network, sending requests from standard AWS IP ranges.** | ||||||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Same point as above, let's focus on:
Suggested change
|
||||||||||||||
|
||||||||||||||
## How to Connect to Restricted Databases | ||||||||||||||
dannyroosevelt marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||||||||||
When you need to connect to a database that restricts access to a specific set of IP addresses, you have a couple options: | ||||||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Consider adding an intro paragraph about database security for the unaware, then go into the specific options provided by Pipedream.
Suggested change
|
||||||||||||||
|
||||||||||||||
### Create a Virtual Private Cloud (VPC) | ||||||||||||||
- The most secure, recommended approach, since it gives you a dedicated static IP only for workflows within your workspace | ||||||||||||||
- Learn more about VPCs [here](/workflows/vpcs/) | ||||||||||||||
|
||||||||||||||
### Use Pipedream's SQL Proxy | ||||||||||||||
- The Pipedream SQL Proxy routes network requests through a static IP block | ||||||||||||||
- When you create a connected account with any of [the apps](#supported-databases) that are currently supported by the SQL Proxy, steps using that account will route through the SQL Proxy, using the static IPs listed below. | ||||||||||||||
|
||||||||||||||
#### Supported Databases | ||||||||||||||
The SQL Proxy currently supports [MySQL](https://pipedream.com/apps/mysql), [PostgreSQL](https://pipedream.com/apps/postgresql), and [Snowflake](https://pipedream.com/apps/snowflake). Please let us know if you'd like to see support for other database types! | ||||||||||||||
|
||||||||||||||
#### Static IPs | ||||||||||||||
For database allow-listing, add the following IP block: | ||||||||||||||
``` | ||||||||||||||
44.223.89.56/29 | ||||||||||||||
``` | ||||||||||||||
|
||||||||||||||
## Frequently Asked Questions | ||||||||||||||
|
||||||||||||||
#### What's the difference between the SQL Proxy and a VPC? | ||||||||||||||
- While both the SQL Proxy and a VPC enable secure database connections, a VPC offers enhanced isolation and security by providing a dedicated static IP that for workflows within your workspace. | ||||||||||||||
dannyroosevelt marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||||||||||
- When enabled on a workflow, all requests from that workflow go through the VPC. The SQL Proxy, on the other hand, routes requests for the relevant database connection through a shared static IP block. | ||||||||||||||
dannyroosevelt marked this conversation as resolved.
Show resolved
Hide resolved
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While this is definitely true, I don't think it's focused to how to connect to a Database in a workflow, let's keep the intro focused on the tutorial, then go into the weeds about security.