enough-kite-69616
06/25/2020, 7:59 PMlimited-rainbow-51650
06/26/2020, 1:11 PMazure.postgresql.FirewallRule
which allows for full external access, e.g. from your home
2. you create azure.postgresql.VirtualNetworkRule
which allows for machines on a subnet within your virtual network to access the database server.
The example below shows the two cases:
// NOTE: don't use the Basic SKUs. Basic SKUs do not support the virtual network rules defined lower
// <https://docs.microsoft.com/en-us/azure/postgresql/concepts-limits#vnet-service-endpoints>
const databaseServer = new azure.postgresql.Server("test-dbs", {
administratorLogin: dbAdministrator.user,
administratorLoginPassword: dbAdministrator.password,
location: dataResourceGroup.location,
resourceGroupName: dataResourceGroup.name,
skuName: "GP_Gen5_2",
sslEnforcement: "Enabled",
storageProfile: {
autoGrow: "Enabled",
backupRetentionDays: 7,
geoRedundantBackup: "Disabled",
storageMb: 5120,
},
version: "10",
});
// This resource is not really a firewall rule
// It manages the pg_hba.conf file describing from where connections are allowed to the PostgreSQL server.
// Notice: Firewall rule name limited to 16 characters (24 including random suffix added by Pulumi).
const databaseServerFirewallRuleOfficeGuest = new azure.postgresql.FirewallRule("officegst", {
resourceGroupName: dataResourceGroup.name,
serverName: databaseServer.name,
endIpAddress: "<your-office-ip-here>",
startIpAddress: "<your-office-ip-here>",
});
const subnetId = config.require("dbUsersSubnetId")
const databaseUsersNetworkRule = new azure.postgresql.VirtualNetworkRule("dbusersallowed", {
resourceGroupName: dataResourceGroup.name,
serverName: databaseServer.name,
subnetId: subnetId,
});
const databaseProvider = new postgresql.Provider('adminconnection', {
username: pulumi.interpolate`${dbAdminUser}@${dbHost}`,
password: dbAdminPassword,
databaseUsername: dbAdminUser,
superuser: false,
host: dbHost,
port: 5432
})
Note the separate username
and databaseUsername
fields.