Allow database access only for app

Posted October 6, 2020 2.3k views
FirewallDigitalOcean Cloud FirewallsDigitalOcean App Platform


is it possible to set up the firewall for the database in a way that only the app has access to it while public access is blocked?

Some providers (incl. Heroku) don’t offer that functionality in their non-enterprise tiers.

You can’t configure it via a regular static IP whitelist rule because the app doesn’t have a static IP unless it does for Digital Ocean?

1 comment
  • I’m not sure why Digital Ocean marketing misled us into signing up for the app platform claiming it was “Production-ready”. We now have to spend extra time and money moving to somewhere else. I was in ear shot of someone even talking about suing. Maybe it was a joke, or maybe it isn’t. I do not know…

    But what I do know is that You cannot claim production readiness if your users HAVE to expose their production databases to the world in this era of Data ransom attacks.
    I hope you guys understand that this should take front priority over any other new feature you are working on. SECURITY IS HUGE.

    I cannot, in sound reason, recommend the app-platform of DigitalOcean to any client of mine given the lack of attention to supporting basic security protocols. Gotta level this up guys.

    Databases should NEVER be exposed to the WWW.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
3 answers

👋 @jpwallhorn

Currently App Platform requires that your database is publicly accessible to be accessed by apps in App Platform. That being said, this is something that we are working on and will be available in the future.

Would be great with some feedback and not least a solution

Agreed, I really like the idea of the App platform but when creating a new App, when you get to the ‘add a managed database’ stage, it really puts me off when it basically says 'turn off the thing that protects your database’ first. I would have thought tight integration with managed databases would be one of the best features of the App platform :(