Dynamic IPs can make it difficult to whitelist

1 comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

1 answer

App Platform components have dynamic IPs that change during every deployment.

Unfortunately this means that for database connections and other whitelisting purposes you can’t rely on IP addresses.

Given this, App Platform cannot connect to a database that has restricted connections or trusted sources configured, even if that database is managed by DigitalOcean. This is because App Platform components have dynamic IPs that change during every deployment and so cannot be used for defining trusted sources.

  • So is it correct to say that DigitalOcean’s App Platform + DigitalOcean’s Managed DB is not production ready? Since it does not support restricted connections or trusted sources, which requires DigitalOcean’s Managed DB always exposed?

  • I understand the reasons that this might be difficult. But unfortunately this goes against your own recommendations of keeping a DB secure and am inclined to believe this product is not fit for purpose.

    How about being able to release an app into your virtual network, then be able to setup firewalls against the network?

    I was excited and now quite disappointed :-(. There must be a way to do it because Heroku do this fairly successfully - from about 8 years ago.

  • Any update on this? Are there any plans to address this?

Submit an Answer