Learn how to configure azurerm postgresql flexible server firewall rule using Azure CLI and Terraform with clear commands and examples. Our PostgrSQL Support Team is always here to help you.
How to Configure azurerm postgresql flexible server firewall rule in Azure
When working with Azure Database for PostgreSQL flexible server, one important part is setting up network access. By default, the firewall blocks all incoming connections, and therefore no one can 
access the server until proper rules are in place. This is exactly where the azurerm postgresql flexible server firewall rule becomes important, since it defines which IP addresses or ranges can connect, and in turn, it gives you complete control over access.
In practice, you have two networking options to choose from: private access and public access. On one hand, private access is limited strictly to your virtual network; on the other hand, public access lets you allow specific IPs through a firewall rule. Furthermore, because each option works differently, it is essential to know how to configure them correctly. Consequently, let’s move step by step and look at the exact ways you can set everything up without missing anything.
An Overview
Creating a PostgreSQL flexible server with public access
Firstly, you can configure firewall rules during creation itself.
Then allow a single client IP:
az postgres flexible-server create --public-access <my_client_ip>To open up access for a range of IP addresses, use:
az postgres flexible-server create --public-access <start_ip_address-end_ip_address>If your applications need to connect from Azure IP addresses only, then run:
az postgres flexible-server create --public-access 0.0.0.0Finally, when you want to permit every IP address or block all of them, you can choose one of these:
az postgres flexible-server create --public-access allAllow no IP addresses:
az postgres flexible-server create --public-access noneCreating a firewall rule
To add firewall rules after the server is running, you can use this:
az postgres flexible-server firewall-rule create --name mydemoserver --resource-group testGroup --start-ip-address 13.83.152.0 --end-ip-address 13.83.152.15For a single IP address:
az postgres flexible-server firewall-rule create --name mydemoserver --resource-group testGroup --start-ip-address 1.1.1.1For Azure IP addresses only:
az postgres flexible-server firewall-rule create --name mydemoserver --resource-group testGroup --start-ip-address 0.0.0.0Listing firewall rules
To check existing rules:
az postgres flexible-server firewall-rule list --name mydemoserver --resource-group testGroupFor a table view:
az postgres flexible-server firewall-rule list --name mydemoserver --resource-group testGroup --output tableViewing details of a rule
To see details of a specific rule:
az postgres flexible-server firewall-rule delete --name mydemoserver --rule-name FirewallRule1 --resource-group testGroupUsing Terraform to configure postgresql flexible server firewall rule
For infrastructure as code, Terraform makes things easier. Here’s an example:
resource "azurerm_postgresql_flexible_server_firewall_rule" "example" {
for_each = local.firewall_rules
name = each.key
server_id = azurerm_postgresql_flexible_server.example.id
start_ip_address = each.value["start_ip_address"]
end_ip_address = each.value["end_ip_address"]
}This way, you can manage your firewall rules consistently across environments.
[If needed, Our team is available 24/7 for additional assistance.]
Conclusion
The azurerm postgresql flexible server firewall rule is essential for securing access to your PostgreSQL databases on Azure. By combining CLI commands and Terraform, you get flexibility, security, and repeatability. Always remember to keep IP ranges tight to avoid risks. With the commands and code shared above, you now have a complete guide to configuring, managing, and maintaining firewall rules effectively.
0 Comments