Provides a DigitalOcean database firewall resource allowing you to restrict connections to your database to trusted sources. You may limit connections to specific Droplets, Kubernetes clusters, or IP addresses.
resource "digitalocean_database_firewall" "example-fw" {
cluster_id = digitalocean_database_cluster.postgres-example.id
rule {
type = "ip_addr"
value = "192.168.1.1"
}
rule {
type = "ip_addr"
value = "192.0.2.0"
}
}
resource "digitalocean_database_cluster" "postgres-example" {
name = "example-postgres-cluster"
engine = "pg"
version = "15"
size = "db-s-1vcpu-1gb"
region = "nyc1"
node_count = 1
}
resource "digitalocean_database_firewall" "example-fw" {
cluster_id = digitalocean_database_cluster.postgres-example.id
rule {
type = "droplet"
value = digitalocean_droplet.web.id
}
}
resource "digitalocean_droplet" "web" {
name = "web-01"
size = "s-1vcpu-1gb"
image = "ubuntu-22-04-x64"
region = "nyc3"
}
resource "digitalocean_database_cluster" "postgres-example" {
name = "example-postgres-cluster"
engine = "pg"
version = "15"
size = "db-s-1vcpu-1gb"
region = "nyc1"
node_count = 1
}
resource "digitalocean_database_cluster" "postgres-example" {
name = "example-postgres-cluster"
engine = "pg"
version = "15"
size = "db-s-1vcpu-1gb"
region = "nyc1"
node_count = 1
}
resource "digitalocean_database_replica" "replica-example" {
cluster_id = digitalocean_database_cluster.postgres-example.id
name = "replica-example"
size = "db-s-1vcpu-1gb"
region = "nyc1"
}
# Create firewall rule for database replica
resource "digitalocean_database_firewall" "example-fw" {
cluster_id = digitalocean_database_replica.replica-example.uuid
rule {
type = "ip_addr"
value = "192.168.1.1"
}
}
The following arguments are supported:
cluster_id
- (Required) The ID of the target database cluster.rule
- (Required) A rule specifying a resource allowed to access the database cluster. The following arguments must be specified:
type
- (Required) The type of resource that the firewall rule allows to access the database cluster. The possible values are: droplet
, k8s
, ip_addr
, tag
, or app
.value
- (Required) The ID of the specific resource, the name of a tag applied to a group of resources, or the IP address that the firewall rule allows to access the database cluster.In addition to the above arguments, the following attributes are exported:
uuid
- A unique identifier for the firewall rule.created_at
- The date and time when the firewall rule was created.Database firewalls can be imported using the id
of the target database cluster
For example:
terraform import digitalocean_database_firewall.example-fw 5f55c6cd-863b-4907-99b8-7e09b0275d54