How to connect a PostgreSQL and MySQL Database Instance to a Private Network

Reviewed on January 04, 2025

Private Networks allows you to enhance the security of your system's architecture by isolating it from the internet.

When using Private Networks, your application connects directly to your Database nodes without going through a Load Balancer.

This improves performance by reducing the latency between your application and your database nodes. It also increases the security of your databases, as Instances in your Private Network can directly communicate with your Database Instance, without passing through the public internet.

You can create new Database Instances to attach to your Private Network, or attach existing ones.

Before you start

To complete the actions presented below, you must have:

• A Scaleway account logged into the console
• Owner status or IAM permissions allowing you to perform actions in the intended Organization
• A valid API key
• A PostgreSQL or MySQL Database Instance

How to attach a Database Instance to a Private Network

1. Click PostgreSQL and MySQL under Databases on the side menu. A list of your Database Instances displays.

2. Select the geographical region of the Instance you want to manage from the drop-down.

3. Click the database name or more icon > More info to access the Database Instance information page.

4. Scroll to the Network section.

   Note

   Alternatively, you can follow the next steps from the Private Networks tab. Click + Attach to a Private Network to open the configuration pop-up.

5. Click Attach Private Network next to Private endpoint. A pop-up appears.

6. Choose whether to:

   • Select and attach an existing Private Network and select the network from the drop-down list.
     Important

     The Database Instance must be attached to a Private Network in the same region.

   • Create and attach a new Private Network and enter the name of the network in the form.
     Important

     If you select this option, a Private Network with default settings will be created in the same region as your Database Instance. Do not use a TLD (e.g. dev, cloud) as a name, to avoid conflicts.

   Note

   Your private IP addresses are automatically allocated. They are managed via an IP Address Manager (IPAM). You can retrieve them on the Private Network tab of your Database Instance. To allocate IPs manually, you can use the Scaleway API and CLI, or Terraform/OpenTofu.

7. Click Attach to Private Network to conclude.

How to connect to a Database Instance through a Public Gateway

If you want to connect locally to a Database Instance that is not accessible via the public internet, you can use SSH bastion and connect it to the same Private Network the Database Instance is connected to.

1. Open an SSH tunnel with port forwarding:

   ssh -L <local_port>:<database_private_ip>:<database_port> bastion@<bastion_ip> -p<bastion_port> -N

2. Connect using psql:

   psql -h localhost --port <local_port> -d <database> -U <user>

How to detach a Database Instance from a Private Network

1. Click PostgreSQL and MySQL under Databases on the side menu. A list of your Database Instances displays.
2. Select the geographical region of the Instance you want to manage from the drop-down.
3. Click the database name or more icon > More info to access the Database Instance information page.
4. Click the Private Networks tabs. The Private Network configuration displays.
5. Click unlink icon next to the static IP that you want to unlink from your Database Instance.
6. Click Detach resource to remove the Instance from your Private Network.