Skip to main content

Network Policies

This topic provides details about network policies, including their definition and instructions on how to use and manage them.

Overview

By default, access from all IP addresses is allowed for each DW service unit. However, for security purposes, you may want to restrict access to your DW service unit to specific IP addresses or block access from certain IP addresses. In such cases, you can use network policies.

A network policy consists of an allowlist and optionally a blocklist. Relyt provides a default value 0.0.0.0/0 for the allowlist, which indicates that all IPv4 addresses are allowed.

Example 1:

Allowed IP Addresses: 192.168.1.1, 192.168.1.2

This example indicates that only access from 192.168.1.1 and 192.168.1.2 is allowed for the specific DW service unit.

Example 2:

Allowed IP Addresses: 192.168.1.1, 192.168.0.0/24
Blocked IP Addresses: 192.168.0.3

This example indicates that only access from 192.168.1.1 and any IP addresses in the range of 192.168.0.0 to 192.168.0.255 is allowed for the specific DW service unit, with 192.168.0.3 being the exception.

Usage notes

Before using network policies, note the following:

  • Currently, an allowlist or a blocklist can consist of only IPv4 addresses or Classless Inter-Domain Routing (CIDR) blocks.

  • Only the owner of a DW service unit can create network policies for the DW service unit.

Create a network policy

On the Relyt console, you can create a network policy for an existing service unit. The following procedure details how to create a network policy for an existing DW service unit.

  1. Sign in to the Relyt console by using your cloud account.

  2. Locate the target DW service unit card and click Connect.

  3. On the Connection Information page, select the target tab:

    • To configure a network policy to control access via JDBC endpoints, click the JDBC Endpoints tab.

    • TO configure a network policy to control access via console endpoints, click the Console Endpoints tab.

  4. In the Network Policies section on the right-hand side, click Edit.

  5. On the Edit Network Policy page, configure the allowlist and blocklist as needed and click Update.

Modify a network policy

After a network policy is created, you can add or remove IP addresses from the allowlist or blocklist on the Relyt console.

The procedure is as Create a network policy.

Drop a network policy

If you decide not to apply network policies for your DW service unit, follow these steps:

  1. Sign in to the Relyt console by using your cloud account.

  2. Locate the target DW service unit card and click Connect.

  3. On the Connection Information page, select the target tab:

    • To remove a network policy that manages access via JDBC endpoints, click the JDBC Endpoints tab.

    • To remove a network policy that manages access via console endpoints, click the Console Endpoints tab.

  4. In the Network Policies section on the right-hand side, click Edit.

  5. On the Edit Network Policy page, set the allowlist to 0.0.0.0/0, clear the blocklist, and click Update.