Access a Postgres Database
In this guide, we'll use Firezone to set up access to a Postgres database. This is useful when you have a Postgres database that you want to keep behind a firewall, but still need to access it from external networks like the internet.
This steps in this guide can be effectively applied to virtually any database or service, not just Postgres.
Prerequisites
- A Site that will contain the Postgres database you want to secure access to. Create a Site if you haven't already.
- One or more Gateways deployed within the Site. Deploy a Gateway if you don't have any in the Site where this database is located.
We recommend setting up multiple Gateways for load balancing access to high-traffic services like databases. See Deploying multiple Gateways.
Step 1: Create a Resource
- In your admin portal, go to
Sites -> <site>
and click theAdd Resource
button. - Select
DNS
orIP
as the Resource type depending on how you plan to access the database. If you're using a DNS name, the address should be resolvable by all of the Gateways in your Site. - Optionally, add a traffic restriction for
TCP/5432
(or the port your Postgres database is running on) to restrict access to the Postgres service only (Team and Enterprise plans). - Enter the address of the Postgres database you want to secure access to.
Step 2: Create a Policy
- In the
Policies
tab, click theAdd Policy
button. - Create a Policy for the Resource you created in Step (1). Be sure to select the appropriate Group and Resource for the Policy.
Step 3: Done!
You've now secured access to your Postgres database. You can test the connection
by testing access to the database with a tool like psql
:
psql -h <resource-address> -U <username> -d <database>
If you get a password prompt, you've successfully secured access to your Postgres database.
Need additional help?
See all support options or try asking on one of our community-powered support channels:
- Discussion forums: Ask questions, report bugs, and suggest features.
- Discord server: Join discussions, meet other users, and chat with the Firezone team
- Email us: We read every message.