Latest

Secure your Tiger Cloud services with Azure Private Link

Tiger Cloud: Performance, Scale, Enterprise

Self-hosted products

MST

Azure Private Link creates a private connection between your Azure Virtual Network and Tiger Cloud services hosted on Azure, eliminating exposure to the public internet. Applications in your Azure VNet connect to a Private Endpoint with a private IP address, which links to Tiger Cloud. Once connected, your services become accessible only through the Private Endpoint, providing enhanced security, reduced attack surface, and compliance with data isolation requirements.

Note

This feature is currently not supported for Tiger Cloud on AWS.

Prerequisites

To follow the steps on this page:

  • Create an Azure account with an active subscription.
  • Configure permissions to create private endpoints and manage network resources.
  • Create an Azure Virtual Network with a subnet for the resources you will connect to Tiger Cloud.
Note

Azure Private Link is currently in private preview. To request access in Tiger Console, go to Security > Private Endpoints and click Request access. Then refresh the page and follow the steps below.

Take the following steps to connect Tiger Cloud to Azure with Private Link:

  1. Create a Private Link subscription authorization

    1. In Tiger Console, select Security > Private Endpoints > Configure Private Endpoint Connection.

    2. Enter your Azure subscription ID and specify a name for the Private Link authorization, then click a checkmark next to it.

      Azure Private Link authorization

    3. Under Alias, copy the alias for the region in which you need to create the connection.

      Choose the region closest to your Azure resources for optimal performance.

    4. Click Done.

      Tiger Cloud confirms your authorization. Once it is confirmed, you can create multiple private endpoints from the same authorized subscription.

      Azure Private Link authorization complete

  2. Create a private endpoint

    1. In Azure Portal, go to Private endpoints and click Create.

      Create Azure Private Endpoint

    2. Configure the endpoint:

      1. In Subscription, select the subscription you have previously authorized in Tiger Cloud.
      2. In Resource group, select an existing resource group or create a new one for your private endpoint.
      3. Provide a name for your endpoint.
      4. Select the region where your Virtual Network is deployed, then click Next: Resource.
      5. In Connection method, select Connect to an Azure resource by resource ID or alias.
      6. In Resource ID or alias, paste the alias you have copied from Tiger Console.
      7. In Request message, enter your Tiger Cloud project ID, then click Next: Virtual Network.
      8. Select the Virtual Network and subnet for your endpoint, optionally select an application security group, then click Next: DNS.
      9. Optionally configure private DNS integration and tags for your endpoint, then click Next: Review + create.
      10. Review your config and click Create. Azure creates your private endpoint. Wait for the deployment to succeed.
      11. Go to Private endpoints and copy the private endpoint IP from the Private IP column.

  3. Sync the connection

    1. In Tiger Console > Security > Private Link, click Refresh. Tiger Cloud automatically approves connections from authorized subscriptions. Your connection appears in the list.

      Azure Private Endpoint IP

    2. Click Add IP and paste the IP address you have copied from Azure Portal.

    3. Click the three dots next to your connection and select + Attach service. Select your service from the dropdown and click Attach. You can attach a service to one Private Endpoint connection.

      Important

      After attaching a service to a Private Endpoint, it is no longer accessible from the public internet. Make sure all your applications are configured to connect through the Private Endpoint before attaching your service.

    4. From a VM inside your Azure VNet, connect to your service using a connection string with your connection details. You should be able to connect successfully.

Manage connections

  • To detach a service from a Private Endpoint connection, go to Security > Private Endpoints and expand the details of the corresponding connection. Click the trash bin icon and confirm detaching your service.
  • To edit or remove a connection, click the three dots next to the connection in the list and select Edit or Disconnect, respectively. Detach services from the connection before deleting it.
  • To remove an authorization, click Manage Authorizations > trash bin icon. Disconnect all relevant connections before removing an authorization.

Keywords

PrivateLinkAzureprivate endpointservicesoperationssecurity

Found an issue on this page?Report an issue or Edit this page in GitHub.

PreviousVPC peering and AWS PrivateLinkNextIP allow list

Related Content

Virtual Private Cloud
Virtual Private Cloud peering ensures that your Tiger Cloud services are only accessible through your secured AWS infrastructure. Set up VPC peering in Tiger Console
Service management
Manage your Tiger Cloud service from the Operations dashboard in Tiger Console. Fork the service, reset your password, pause or delete a service, and more
Security
A high level of security is a major requirement to any database. Learn how Tiger Cloud protects your services with MFA, SAML, SSL modes, read-only access, VPC peering, and IP allow lists
About Tiger Cloud services
A Tiger Cloud service is a 100% Postgres database instance that you use as is, or extend with capabilities specific to your business needs. Learn more about services and available features
Postgres extensions
Tiger Cloud comes with a number of Tiger Data and Postgres extensions enabled by default. See all the extensions you can enable for your service
SAML (Security Assertion Markup Language)
SAML is a standard for exchanging authentication and authorization data. Tiger Cloud offers SAML authentication as part of its security suite