Database clusters have both public and private network connection details.
Digitalocean provides a couple ways to secure:
My test setup has a trusted source (restricted ip) and VPC network. Therefore I can connect via the private connection, from my trusted ip (droplet), within my VPC. This seems pretty secure. If I want to connect externally I just SSH tunnel into the droplet and go from there.
But I can also just use the database’s public network connection from any trusted droplet, that is not within the VPC.
Sure, I can just not use the public network connection and therefore it is not known through obscurity, but wouldn’t it be better to be able to completely disable it. That way I can ensure a database cluster can only be connected to via a: trusted source + VPC + private connection only.
Interested to hear thoughts on this.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.