Connecting Satori SaaS to a Private Network

The following section describes how to expose and connect Satori SaaS to a database deployed on a private network.

Pre-requisites

Ensure that you have the following items deployed and configured before you start. - Deploy a database, for example, an Aurora PostgreSQL cluster deployed in a private subnet. - Configure an EC2 instance or container running nginx proxy deployed on a public subnet which will serve as a proxy server. - Enable network connectivity between the proxy server and the database cluster.

Connecting Satori SaaS to your Database

Satori recommends building a TCP/IP proxy from Satori SaaS to the database using nginx server that is installed inside the private network.

Perform the following steps to connect Satori SaaS to your database.

1. Configure the nginx file according to the following nginx configuration example. The “greyed out” configurations should be set according to customer deployment requirements.

user nginx;
worker_processes auto;
error_log stderr info;
pid /run/nginx.pid;
load_module /usr/lib/nginx/modules/ngx_stream_module.so;
events {
  worker_connections 1024;
}
stream {
 upstream target {
  server <target_database_endpoint>:<port_number>;
 }
 server {
 listen <port_number> so_keepalive=on;
  allow <DAC outgoing ip>; #x.x.x.x/x
  allow <another allowed ip>;
  deny all;
  proxy_pass target;
 }
}

1. Enable the DAC access to the proxy using the relevant specified port. (See the config doc)
2. Onboard the datastore. (See the onboarding document)
3. Recommended Setup - Configure the network to only allow access to the proxy server from the relevant Satori IP addresses. To get the list of IP addresses check the Data Store view in Satori or ask your Satori support representative.

Return to Satori SaaS

To lTo return to the Satori SaaS section click here Satori SaaS guide.