How to limit database access to specific web service

Hi,

I’m just setting up a new web service and database on render. I’d like to restrict access to the database to only allow my render hosted web service to be able to connect to it.

I see the CIDR access rules in the database settings. Should I use these? If so, what IP address / range should I use and what’s the tightest I can scope the access to – my service / anything on the same host / anything in “the render network”?

Thanks,

James.

Hi @thruflo , your database will always be accessible to your services (or if your database belongs to a team, then it will be accessible to services in that team). Your services still need the correct credentials, but they will always be able to attempt to log in.

The CIDR access rules are for connecting outside of your Render services, like from your personal development workstation. If you do not want the database to be accessible to anything other than your Render services, you can delete all Access Control rules.

@dan got it, that makes lots of sense, thanks :slight_smile: