Contents x
    Database Connectivity Options
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Database Connectivity Options

    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    Introduction

    This document outlines the various options available for connecting to a database, along with their respective pros and cons, Rivery compatibility, recommendations, and links to detailed documentation.


    Connection OptionProsConsRivery CompatibilityRivery RecommendationDocumentation
    IP Whitelist- Simple configuration and management.
    - No additional resources required.    		Least secure.
    - Exposes database to the internet.
    - Higher cost.
    - Poor performance.
    - Requires internet ingress connection.    		LESS RECOMMENDED
    Use for open/demo databases with public data only.    		Rivery's Whitelist IPs - Access Methods
    SSH Tunnel- Minimal resource requirements.
    - Easy setup.
    - Database not exposed to the public internet.
    - Quick ingress traffic.    		- Poor scalability with many connections.
    - Requires instance configuration.
    - SSH instance must be internet-accessible with IP whitelisting.    		MEDIUM RECOMMENDED
    Use if no other internal AWS options are available.    		SSH Tunnel - Access Methods
    PrivateLink (AWS Endpoint Service)- Minimal resource needs.
    - Low to medium infrastructure effort.
    - Unlimited scalability.
    - Secure and managed by AWS.
    - Easy maintenance.    		- May require additional Lambda provisioning for some resources.
    - Only works within the same AWS region.    		HIGHLY RECOMMENDED
    Ideal for internal AWS resources    		AWS PrivateLink - Access Methods
    AWS PrivateLink Setup for Snowflake Connection in Rivery
    VPC Peering- Minimal resource requirements.
    - Low to medium infrastructure effort.
    - Unlimited scalability.
    - Operates on AWS network backbone.    		- Exposes internal IPs to Rivery and vice versa.
    - Potential IP collision.
    - Requires strict security measures.
    - Inflexible with VPC changes.    		NOT AVAILABLE
    Not supported due to high-security compliance.
    VPN Site-To-Site Customer Gateway- Unlimited scalability.
    - Operates on AWS network backbone.    		- Medium to high effort.
    - Requires in-depth configuration and maintenance.
    - Less flexible with VPC changes.    		MEDIUM RECOMMENDED
    Best for connecting on-premise resources in internal VPC    		Integrating Rivery with VPN
    Reverse SSH- Low resource requirements.
    - Client-initiated ingress connection.    		- Requires knowledge of proxy servers
    - Fully managed by the client
    - Less flexible with VPC changes.
    - Limited scalability compared to VPN.    		MEDIUM RECOMMENDEDReverse SSH Tunnel
    Was this article helpful?
    What's Next