SQL Proxy Docs #11397
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,32 @@ | ||||||||||||||
| # Working with Databases | ||||||||||||||
| Connecting to databases is a fundamental aspect of creating powerful workflows for your applications. Whether you're storing application data, querying user information, or analyzing event logs, most workflows require querying data at some step. | ||||||||||||||
|
|
||||||||||||||
| Every Pipedream workflow is deployed to its own virtual machine in AWS. This means your workflow runs in its own execution environment with dedicated RAM and disk space, isolated from other users' workflows. | ||||||||||||||
|
|
||||||||||||||
| However, outbound traffic from your workflows uses the same network as other AWS services in the us-east-1 region. **This means your workflows share AWS's `us-east-1` network, sending requests from standard AWS IP ranges.** | ||||||||||||||
|
There was a problem hiding this comment. Same point as above, let's focus on:
Suggested change
|
||||||||||||||
|
|
||||||||||||||
| ## How to Connect to Restricted Databases | ||||||||||||||
dannyroosevelt marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||||||||||
| When you need to connect to a database that restricts access to a specific set of IP addresses, you have a couple options: | ||||||||||||||
|
There was a problem hiding this comment. Consider adding an intro paragraph about database security for the unaware, then go into the specific options provided by Pipedream.
Suggested change
|
||||||||||||||
|
|
||||||||||||||
| ### Create a Virtual Private Cloud (VPC) | ||||||||||||||
| - The most secure, recommended approach, since it gives you a dedicated static IP only for workflows within your workspace | ||||||||||||||
| - Learn more about VPCs [here](/workflows/vpcs/) | ||||||||||||||
|
|
||||||||||||||
| ### Use Pipedream's SQL Proxy | ||||||||||||||
| - The Pipedream SQL Proxy routes network requests through a static IP block | ||||||||||||||
| - When you create a connected account with any of [the apps](#supported-databases) that are currently supported by the SQL Proxy, steps using that account will route through the SQL Proxy, using the static IPs listed below. | ||||||||||||||
|
|
||||||||||||||
| #### Supported Databases | ||||||||||||||
| The SQL Proxy currently supports [MySQL](https://pipedream.com/apps/mysql), [PostgreSQL](https://pipedream.com/apps/postgresql), and [Snowflake](https://pipedream.com/apps/snowflake). Please let us know if you'd like to see support for other database types! | ||||||||||||||
|
|
||||||||||||||
| #### Static IPs | ||||||||||||||
| For database allow-listing, add the following IP block: | ||||||||||||||
| ``` | ||||||||||||||
| 44.223.89.56/29 | ||||||||||||||
| ``` | ||||||||||||||
|
|
||||||||||||||
| ## Frequently Asked Questions | ||||||||||||||
|
|
||||||||||||||
| #### What's the difference between the SQL Proxy and a VPC? | ||||||||||||||
| - While both the SQL Proxy and a VPC enable secure database connections, a VPC offers enhanced isolation and security by providing a dedicated static IP that for workflows within your workspace. | ||||||||||||||
dannyroosevelt marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||||||||||
| - When enabled on a workflow, all requests from that workflow go through the VPC. The SQL Proxy, on the other hand, routes requests for the relevant database connection through a shared static IP block. | ||||||||||||||
dannyroosevelt marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||||||||||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While this is definitely true, I don't think it's focused to how to connect to a Database in a workflow, let's keep the intro focused on the tutorial, then go into the weeds about security.