Change from Private to Public Endpoints with Autonomous Database

If your Autonomous Database instance is configured to use a private endpoint you can change the configuration to use a public endpoint.

There are several prerequisites to change an instance from a private to a public endpoint, as follows:

To specify a public endpoint for your Autonomous Database do the following:

  1. On the Details page, from the More Actions drop-down list, select Update Network Access.
  2. In the Update Network Access dialog, select one of Secure access from everywhere or Secure access from allowed IPs and VCNs only.

    For example, if you select Secure access from allowed IPs and VCNs only the dialog shows fields to configure access control rules:

    Description of adb_network_access_update.png follows
    Description of the illustration adb_network_access_update.png
  3. In the dialog, under Configure access control rules specify rules by selecting an IP notation type and values:
    • IP Address:

      In Values field enter values for the IP Address. An IP address specified in a network ACL entry is the public IP address of the client that is visible on the public internet that you want to grant access. For example, for an Oracle Cloud Infrastructure VM, this is the IP address shown in the Public IP field on the Oracle Cloud Infrastructure console for that VM.

      Note:

      Optionally click Add My IP Address to add your current IP address to the ACL entry.
    • CIDR Block:

      In Values field enter values for the CIDR Block. The CIDR block specified is the public CIDR block of the clients that are visible on the public internet that you want to grant access.

    • Virtual Cloud Network:
      • In Virtual Cloud Network field select the VCN that you want to grant access from. If you do not have the privileges to see the VCNs in your tenancy this list is empty. In this case use the selection Virtual Cloud Network (OCID) to specify the OCID of the VCN.
      • Optionally, in the IP Addresses or CIDRs field enter private IP addresses or private CIDR blocks as a comma separated list to allow specific clients in the VCN.
    • Virtual Cloud Network (OCID):
      • In the Values field enter the OCID of the VCN you want to grant access from.
      • Optionally, in the IP Addresses or CIDRs field enter private IP addresses or private CIDR blocks as a comma separated list to allow specific clients in the VCN.

    If you want to specify multiple IP addresses or CIDR ranges within the same VCN, do not create multiple ACL entries. Use one ACL entry with the values for the multiple IP addresses or CIDR ranges separated by commas.

  4. Click + Access Control Rule to add a new value to the access control list.
  5. Click x to remove an entry.
    You can also clear the value in the IP Addresses or CIDR Blocks field to remove an entry.
  6. Click Update.
  7. In the Confirm dialog, type the Autonomous Database name to confirm the change.
  8. In the Confirm dialog, click Update.

The Lifecycle State changes to Updating until the operation completes.

Notes for changing from private endpoint to public endpoint network access:

  • After updating the network access type all database users must obtain a new wallet and use the new wallet to access the database. See Download Client Credentials (Wallets) for more information.

  • After the update completes, you can change or define new access control rules ACLs for the public endpoint. See Configure Access Control Lists for an Existing Autonomous Database Instance for more information.

  • The URL for Database Actions and for the Database Tools are different when a database uses a private endpoint compared to using a public endpoint. Click Database Actions on the Oracle Cloud Infrastructure Console to find the updated Database Actions URL and in Database Actions click the appropriate cards to find the updated Database Tools URLs, after changing from a private endpoint to a public endpoint.