» digitalocean_database_firewall

Provides a DigitalOcean database firewall resource allowing you to restrict connections to your database to trusted sources. You may limit connections to specific Droplets, Kubernetes clusters, or IP addresses.

» Example Usage

» Create a new database firewall allowing multiple IP addresses

resource "digitalocean_database_firewall" "example-fw" {
  cluster_id = digitalocean_database_cluster.postgres-example.id

  rule {
    type  = "ip_addr"
    value = "192.168.1.1"
  }

  rule {
    type  = "ip_addr"
    value = "192.0.2.0"
  }
}

resource "digitalocean_database_cluster" "postgres-example" {
  name       = "example-postgres-cluster"
  engine     = "pg"
  version    = "11"
  size       = "db-s-1vcpu-1gb"
  region     = "nyc1"
  node_count = 1
}

» Create a new database firewall allowing a Droplet

resource "digitalocean_database_firewall" "example-fw" {
  cluster_id = digitalocean_database_cluster.postgres-example.id

  rule {
    type  = "droplet"
    value = digitalocean_droplet.web.id
  }
}

resource "digitalocean_droplet" "web" {
  name   = "web-01"
  size   = "s-1vcpu-1gb"
  image  = "centos-7-x64"
  region = "nyc3"
}

resource "digitalocean_database_cluster" "postgres-example" {
  name       = "example-postgres-cluster"
  engine     = "pg"
  version    = "11"
  size       = "db-s-1vcpu-1gb"
  region     = "nyc1"
  node_count = 1
}

» Argument Reference

The following arguments are supported:

  • cluster_id - (Required) The ID of the target database cluster.
  • rule - (Required) A rule specifying a resource allowed to access the database cluster. The following arguments must be specified:
    • type - (Required) The type of resource that the firewall rule allows to access the database cluster. The possible values are: droplet, k8s, ip_addr, or tag.
    • value - (Required) The ID of the specific resource, the name of a tag applied to a group of resources, or the IP address that the firewall rule allows to access the database cluster.

» Attributes Reference

In addition to the above arguments, the following attributes are exported:

  • uuid - A unique identifier for the firewall rule.
  • created_at - The date and time when the firewall rule was created.

» Import

Database firewalls can be imported using the id of the target database cluster For example:

terraform import digitalocean_database_firewall.example-fw 5f55c6cd-863b-4907-99b8-7e09b0275d54