A Sample Configuration for a Service Private Endpoint
When you spin up a service that has service private endpoint support, it automatically assigns a private IP address from the VCN along with the service private endpoint URL.
- Sign in to Oracle Cloud Infrastructure.
- Open the navigation menu. Under Database, click Autonomous Transaction Processing or Autonomous Data Warehouse.
- Select your compartment.
- Click the database that you wish to connect to.
- On the Autonomous Database Information page, in the Network section, the service private endpoint IP and service private endpoint URL fields display the IP address and URL of the endpoint.
- To allow incoming and outgoing traffic to the service, you'll
need to define security rules in NSG. The service private endpoint feature supports both stateful and
stateless security rules within NSGs. Your rule covering
ingress traffic can specify the IP
Protocol TCP, and your
Destination Port Range can be
1522. To connect another resource located inside Oracle Cloud
Infrastructure to your database, the second resource needs a security
rule that allows all egress traffic to the NSG of the
database. This means you specify the NSG of the database as
the Destination for this security
rule. To set up ingress and egress rules:
- Go to Networking and select your compartment.
- You can add a security list / NSG to explicitly allow the stateless ingress traffic to the service along with the stateless egress rule for the traffic to go back to the client.
- You can set up ingress direction. The service
(on port 1522) can receive incoming traffic from
the source
10.1.20.0/24
(CIDR for subnet A). - For egress direction. you can set the egress
traffic from the service private endpoint to the destination
10.1.20.0/24
(CIDR for subnet A).
- On the other hand, you can define stateful rules instead of
stateless. For example, in the Add
Rules tab, you can set stateful ingress
rule with the source set to
10.1.20.0/24
to allow to connect to your service, protocol set to TCP, source port range set All, and destination port set to 1522. The destination port range will differ from service to service.