A Sample Configuration for a Service Private Endpoint

When you spin up a service that has service private endpoint support, it automatically assigns a private IP address from the VCN along with the service private endpoint URL.

  1. Sign in to Oracle Cloud Infrastructure.
  2. Open the navigation menu. Under Database, click Autonomous Transaction Processing or Autonomous Data Warehouse.
  3. Select your compartment.
  4. Click the database that you wish to connect to.
  5. On the Autonomous Database Information page, in the Network section, the service private endpoint IP and service private endpoint URL fields display the IP address and URL of the endpoint.
  6. To allow incoming and outgoing traffic to the service, you'll need to define security rules in NSG. The service private endpoint feature supports both stateful and stateless security rules within NSGs. Your rule covering ingress traffic can specify the IP Protocol TCP, and your Destination Port Range can be 1522. To connect another resource located inside Oracle Cloud Infrastructure to your database, the second resource needs a security rule that allows all egress traffic to the NSG of the database. This means you specify the NSG of the database as the Destination for this security rule. To set up ingress and egress rules:
    1. Go to Networking and select your compartment.
    2. You can add a security list / NSG to explicitly allow the stateless ingress traffic to the service along with the stateless egress rule for the traffic to go back to the client.
    3. You can set up ingress direction. The service (on port 1522) can receive incoming traffic from the source 10.1.20.0/24 (CIDR for subnet A).
    4. For egress direction. you can set the egress traffic from the service private endpoint to the destination 10.1.20.0/24 (CIDR for subnet A).
  7. On the other hand, you can define stateful rules instead of stateless. For example, in the Add Rules tab, you can set stateful ingress rule with the source set to 10.1.20.0/24 to allow to connect to your service, protocol set to TCP, source port range set All, and destination port set to 1522. The destination port range will differ from service to service.