Contents x
    Access Methods
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Access Methods

    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    Introduction

    This document provides an overview of the different access methods available, highlighting their respective pros and cons, compatibility with Rivery, recommendations, and links to more detailed documentation.

    Connection OptionProsConsRivery CompatibilityRivery RecommendationDocumentation
    IP Whitelist- Simple configuration and management.
    - No additional resources required.    		Least secure.
    - Exposes database to the internet.
    - Higher cost.
    - Poor performance.
    - Requires internet ingress connection.    		LESS RECOMMENDED
    Use for open/demo databases with public data only.    		Rivery's Whitelist IPs - Access Methods
    SSH Tunnel- Minimal resource requirements.
    - Easy setup.
    - Database not exposed to the public internet.
    - Quick ingress traffic.    		- Poor scalability with many connections.
    - Requires instance configuration.
    - SSH instance must be internet-accessible with IP whitelisting.    		MEDIUM RECOMMENDED
    Use if no other internal AWS options are available.    		SSH Tunnel - Access Methods
    PrivateLink (AWS Endpoint Service)- Minimal resource needs.
    - Low to medium infrastructure effort.
    - Unlimited scalability.
    - Secure and managed by AWS.
    - Easy maintenance.    		- May require additional Lambda provisioning for some resources.
    - Only works within the same AWS region.    		HIGHLY RECOMMENDED
    Ideal for internal AWS resources    		AWS PrivateLink - Access Methods
    AWS PrivateLink Setup for Snowflake Connection in Rivery
    VPC Peering- Minimal resource requirements.
    - Low to medium infrastructure effort.
    - Unlimited scalability.
    - Operates on AWS network backbone.    		- Exposes internal IPs to Rivery and vice versa.
    - Potential IP collision.
    - Requires strict security measures.
    - Inflexible with VPC changes.    		NOT AVAILABLE
    Not supported due to high-security compliance.
    VPN Site-To-Site Customer Gateway- Unlimited scalability.
    - Operates on AWS network backbone.    		- Medium to high effort.
    - Requires in-depth configuration and maintenance.
    - Less flexible with VPC changes.    		MEDIUM RECOMMENDED
    Best for connecting on-premise resources in internal VPC    		Integrating Rivery with VPN
    Reverse SSH- Low resource requirements.
    - Client-initiated ingress connection.    		- Requires knowledge of proxy servers
    - Fully managed by the client
    - Less flexible with VPC changes.
    - Limited scalability compared to VPN.    		MEDIUM RECOMMENDEDReverse SSH Tunnel
    Was this article helpful?
    What's Next