To better protect your database connection, you can connect to a private endpoint using the Astra DB private endpoint.Private endpoints are available for only intra-region use.The region for your private endpoint in the Google Cloud Console and your Astra DB database must match.
This information applies to only serverless databases.
For pricing related to using private endpoints, see Pricing and billing.
The following roles can manage private endpoints:
Organization Administrator
Database Administrator
Alternatively, you can use a custom role with permissions to manage private endpoints.
For more, see GCP Private Service Connect.
- Create your Astra DB database using the Astra DB console.
- Ensure you have permission to manage private endpoints.
- Get your application token.
- From your Google Cloud Console, get your Project ID. For example, valiant-ocean-258751 .
- Create a Google Cloud Console network, subnetwork, and IP address for your private endpoint. For more, see Creating neworks.
To increase your security, restrict public access to your database using the access list.
If you are using Postman for your API calls, ensure you use the raw option to enter the body of your API call.
- Enter the Project ID as your allowed principal for your private endpoints to Astra DB:
- Create the endpoint in your Google Cloud Console.
- Using the PSC Connection ID from your Google Cloud Console as your endpoint ID, accept your GCP private endpoint connection:
- Create a DNS entry for your private endpoint.
You can now connect to your private endpoint using your updated secure connect bundle. For more, see Drivers for Astra.
Remove a private endpoint
- Delete a private endpoint from your Astra DB:
- In the Google Cloud Console, go to Private Service Connect.
- Select the endpoint you want to remove.
- Select Delete.
What’s next?
- Private Service Connect
- link:_attachments/devopsv2.html#operation/Private-Endpoints[DevOps API reference, window="_blank"]
- Learn how to Manage access lists for public access.