Hi all, trying to get set-up with Data Proxy, but need to connect to the database first - what’s the convention for connecting over SSH Tunnel?

Can you elaborate on what you're doing, where your app and your database live? Please note that Data Proxy requires your database to be publicly reachable while we are in EAP.

It’s an AWS RDS Private instance in a VPC, which has a jumpbox for SSH tunneling - guess that’s not gonna be viable for early-access?

It's definitely a scenario we will support in the future; realistically this quarter we will only support databases exposed to the public internet.

Hello @Tom Mosey. I’m with the product team at Prisma. Can you describe this jumpbox? Does it allow to connect to the VPC or database from specific IP addresses? I’d love to better understand the setup so we can look into how to support such configurations.

@Alberto Perdomo I'm jumping in here to say I use aurora serverless in a private VPC in us-east-2. Any idea when data proxy will support this? I would love to use it to manage connection pooling from lambda to rds. Right now I'm not using any pooling and will scale through that faster than I'd like. I submitted a request to get east-2 added to supported regions as well

Thanks for the interest @Dan Borstelmann. Would you be able to able to open up traffic to your DB from a specific set of IPs? We;ve started working on static egress IPs and this should be ready very soon. If it doesn’t can you expand? How critical is for the proxy to be deployed in us-east-1 vs us-east-2? Based on https://www.cloudping.co/grid the latency should be about 16ms? If you have some time, I’d love to chat more in depth. You can book some time with me here: https://calendly.com/alberto-prisma/45-min-zoom-call

I booked a slot! Looking forward to it. In the meantime, the proxy being in us-east-1 is ok for now (at least for early access) but I'm not sure we want to add latency to a different DB region for every query. We can talk more about this on the call. Our lambdas/API gateway and RDS instances are all in us-east-2. We could move if we need to but it's more expensive in Virginia. Long term, we will be multi region for sure. For static IPs: "You can't give an Amazon Aurora Serverless DB cluster a public IP address. You can access an Aurora Serverless DB cluster only from within a virtual private cloud (VPC), based on the Amazon VPC service." So sadly it's an Amazon limitation, at least for now.

I booked a slot! Looking forward to it.

Awesome, I am looking forward too!

In the meantime, the proxy being in us-east-1 is ok for now (at least for early access) but I’m not sure we want to add latency to a different DB region for every query.

That’s totally understandable. We do plan to add additional regions, so I would not consider this a blocker from our side.

For static IPs

Understood. From what I see, it could be perhaps possible to connect via intra-region VPC peering connections. That could be perhaps an option. I will try to dig deeper and find out more.

Ooh I'd be curious what you find out there