{"id":20697512,"url":"https://github.com/epomatti/azure-psql-vnet","last_synced_at":"2026-04-27T05:33:40.759Z","repository":{"id":190469280,"uuid":"682575784","full_name":"epomatti/azure-psql-vnet","owner":"epomatti","description":"Azure PostgreSQL Flexible Server private VNET integration","archived":false,"fork":false,"pushed_at":"2023-08-24T23:57:34.000Z","size":210,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-12-25T17:10:07.299Z","etag":null,"topics":["azure","bicep","postgresql","vnet"],"latest_commit_sha":null,"homepage":"","language":"Bicep","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/epomatti.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-08-24T13:19:15.000Z","updated_at":"2023-08-25T01:05:04.000Z","dependencies_parsed_at":"2023-08-24T20:32:46.990Z","dependency_job_id":"61586660-6eeb-4d71-8d88-6e85778369ff","html_url":"https://github.com/epomatti/azure-psql-vnet","commit_stats":null,"previous_names":["epomatti/azure-psql-vnet"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/epomatti/azure-psql-vnet","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/epomatti%2Fazure-psql-vnet","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/epomatti%2Fazure-psql-vnet/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/epomatti%2Fazure-psql-vnet/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/epomatti%2Fazure-psql-vnet/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/epomatti","download_url":"https://codeload.github.com/epomatti/azure-psql-vnet/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/epomatti%2Fazure-psql-vnet/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32324547,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-26T23:26:28.701Z","status":"online","status_checked_at":"2026-04-27T02:00:06.769Z","response_time":128,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["azure","bicep","postgresql","vnet"],"created_at":"2024-11-17T00:18:49.120Z","updated_at":"2026-04-27T05:33:40.739Z","avatar_url":"https://github.com/epomatti.png","language":"Bicep","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Azure PostgreSQL VNET integration\n\nDemonstrating VNET integration with PostgreSQL Flexible Server.\n\nAs of today, Flexible Server does not support Private Endpoints.\n\n\u003cimg src=\".assets/psql.png\" /\u003e\n\n## Setup\n\nStart by creating a resource group where the resources will be provisioned:\n\n```sh\naz group create -n rg-myapp -l brazilsouth\n```\n\nCopy the template and set your variables:\n\n```sh\ncp config-template.json config.json\n```\n\nAlways check for Bicep upgrades: `az bicep upgrade`.\n\nGenerate the keys to connect to the VM:\n\n```sh\nssh-keygen -f ./id_rsa\n```\n\nInvoke ARM using the Bicep recipes:\n\n```sh\naz deployment group create -g rg-myapp -f main.bicep\n```\n\nOnce ready, connect to the VM:\n\n```sh\nssh -i id_rsa vmclient@\u003cpublic-ip\u003e\n```\n\n## Public Access\n\nThis section will test different settings for the Public access.\n\nAs a baseline configuration for this workload, no origin is allowed:\n\n\u003cimg src=\".assets/public-001.png\" width=700 /\u003e\n\nAs expected, all access is blocked, including from the VNET:\n\n\u003e 💡 Notice that the resolved IP is public, as expected\n\n\u003cimg src=\".assets/public-002.png\" /\u003e\n\nChecking the box to allow Azure services will open the connectivity from the VNET resources.\n\n⚠️ **However**, it does come with a disclaimer, on which it also includes undesired origins:\n\n\u003e This option configures the firewall to allow connections from IP addresses allocated to any Azure service or asset, including connections from the subscriptions of other customers.\n\n\u003cimg src=\".assets/public-003.png\" /\u003e\n\nWe can confirm that, even not as secure as expected, it does allow connectivity from the VNET:\n\n\u003cimg src=\".assets/public-004.png\" /\u003e\n\nAs a last test with Public access, adding the VNET CIDR will have no effect, as this PostgreSQL instance is not integrated into a VNET.\n\n\u003cimg src=\".assets/public-005.png\" /\u003e\n\nThis will not work:\n\n\u003cimg src=\".assets/public-006.png\" /\u003e\n\n\n## Private Access (VNET)\n\nWith the private PostgreSQL instance, we have extra security.\n\nThe first noticeable change is that the DNS will respond to a private IP, thanks to the Private DNS Zone integration link:\n\n\u003cimg src=\".assets/private-001.png\" /\u003e\n\nFrom the VM subnet, it is possible to connect privately.\n\n```sh\npsql -h psql-private-wlmzbaxrqurda.postgres.database.azure.com -p 5432 -U pgadmin -d postgres\n```\n\nResults, as expected:\n\n\u003cimg src=\".assets/private-002.png\" /\u003e\n\n## Documentation\n\n- To find the latest API versions access [Azure REST API Specs][1].\n- Detailed API values can be found at the [REST API][2] documentation.\n- More bout dedicated services in the [documentation][3].\n- Also more information about PostgreSQL Flexible Server [networking concepts][4].\n\n[1]: https://github.com/Azure/azure-rest-api-specs\n[2]: https://learn.microsoft.com/en-us/azure/templates/microsoft.dbforpostgresql/flexibleservers?pivots=deployment-language-bicep\n[3]: https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-for-azure-services\n[4]: https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-networking\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fepomatti%2Fazure-psql-vnet","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fepomatti%2Fazure-psql-vnet","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fepomatti%2Fazure-psql-vnet/lists"}