digitalocean_database_firewall

Provides a DigitalOcean database firewall resource allowing you to restrict connections to your database to trusted sources. You may limit connections to specific Droplets, Kubernetes clusters, or IP addresses.

Example Usage

Create a new database firewall allowing multiple IP addresses

resource "digitalocean_database_firewall" "example-fw" {
  cluster_id = digitalocean_database_cluster.postgres-example.id

  rule {
    type  = "ip_addr"
    value = "192.168.1.1"
  }

  rule {
    type  = "ip_addr"
    value = "192.0.2.0"
  }
}

resource "digitalocean_database_cluster" "postgres-example" {
  name       = "example-postgres-cluster"
  engine     = "pg"
  version    = "15"
  size       = "db-s-1vcpu-1gb"
  region     = "nyc1"
  node_count = 1
}

Create a new database firewall allowing a Droplet

resource "digitalocean_database_firewall" "example-fw" {
  cluster_id = digitalocean_database_cluster.postgres-example.id

  rule {
    type  = "droplet"
    value = digitalocean_droplet.web.id
  }
}

resource "digitalocean_droplet" "web" {
  name   = "web-01"
  size   = "s-1vcpu-1gb"
  image  = "ubuntu-22-04-x64"
  region = "nyc3"
}

resource "digitalocean_database_cluster" "postgres-example" {
  name       = "example-postgres-cluster"
  engine     = "pg"
  version    = "15"
  size       = "db-s-1vcpu-1gb"
  region     = "nyc1"
  node_count = 1
}

Create a new database firewall for a database replica

resource "digitalocean_database_cluster" "postgres-example" {
  name       = "example-postgres-cluster"
  engine     = "pg"
  version    = "15"
  size       = "db-s-1vcpu-1gb"
  region     = "nyc1"
  node_count = 1
}

resource "digitalocean_database_replica" "replica-example" {
  cluster_id = digitalocean_database_cluster.postgres-example.id
  name       = "replica-example"
  size       = "db-s-1vcpu-1gb"
  region     = "nyc1"
}

# Create firewall rule for database replica
resource "digitalocean_database_firewall" "example-fw" {
  cluster_id = digitalocean_database_replica.replica-example.uuid

  rule {
    type  = "ip_addr"
    value = "192.168.1.1"
  }
}

Argument Reference

The following arguments are supported:

Attributes Reference

In addition to the above arguments, the following attributes are exported:

Import

Database firewalls can be imported using the id of the target database cluster For example:

terraform import digitalocean_database_firewall.example-fw 5f55c6cd-863b-4907-99b8-7e09b0275d54