How to secure AWS RDS endpoint for Netlify

Hi

I’m looking for information on how to properly secure a database connection. I’ve looked through the settings for the website but there’s no real IP addresses etc that I can firewall the database connection.

Generally we would prefer not to have this endpoint be accessible to the public.

Hi @david_upgrademedia welcome to the forums. Have you thought about using env variables? You can use this and store your database credentials as environmental variables in your settings

I would use env variables to add a password and the endpoint for application access but that doesn’t address the issue.

The issue is that I don’t know how to firewall the database endpoint so only the netlify application can access it. This way we can block all other traffic from accessing the DB endpoint (as this would be exposing a large security flaw)

Is there an IP address or at the very least a range we can set our outgoing firewall addresses to?

Short answer: No.

See

As @jasiqli pointed out, nothing like this exists (as provided by our platform). All connections come from a dynamic IP pool, be that at build time, or at (function or edge function) runtime.

The functionality we have for “authenticating that the connection came from netlify” is only for connections made via a proxy redirect, which would not help with your database as I understand it:

and

…are the features I’m speaking of.

1 Like

@david_upgrademedia did you ever find a solution for this?