doctl databases firewalls replace <db-id> --rules type:value [--rule type:value] [flags]
r
Use this command to replace the firewall rules of a given database. This command requires the ID of a database cluster, which you can retrieve by calling:
doctl databases list
This command also requires a –rule flag. You can pass in multiple –rule flags. Each rule passed in to the –rule flag must be of format type:value - “type” is the type of resource that the firewall rule allows to access the database cluster. The possible values for type are: “droplet”, “k8s”, “ip_addr”, “tag”, or “app” - “value” is either the ID of the specific resource, the name of a tag applied to a group of resources, or the IP address that the firewall rule allows to access the database cluster
For example:
doctl databases firewalls replace d1234-1c12-1234-b123-12345c4789 --rule tag:backend --rule ip_addr:0.0.0.0
or
databases firewalls replace d1234-1c12-1234-b123-12345c4789 --rule tag:backend,ip_addr:0.0.0.0
This would replace the firewall rules for database of id d1234-1c12-1234-b123-12345c4789 with the two rules passed above (tag:backend, ip_addr:0.0.0.0)
| Option | Description |
|---|---|
--help, -h | Help for this command |
--rule | A comma-separated list of firewall rules of format type:value, e.g.: type:value (required) |
| Command | Description |
|---|---|
| doctl databases firewalls | Display commands to manage firewall rules (called`trusted sources` in the control panel) for database clusters |
| Option | Description |
|---|---|
--access-token, -t | API V2 access token |
--api-url, -u | Override default API endpoint |
--config, -c | Specify a custom config file Default:
|
--context | Specify a custom authentication context name |
--output, -o | Desired output format [text|json] Default: text |
--trace | Show a log of network activity while performing a command Default: false |
--verbose, -v | Enable verbose output Default: false |