|
| 1 | +--- |
| 2 | +Title: Block public endpoints |
| 3 | +alwaysopen: false |
| 4 | +categories: |
| 5 | +- docs |
| 6 | +- operate |
| 7 | +- rc |
| 8 | +description: Learn how to block the public endpoints of your databases. |
| 9 | +weight: 40 |
| 10 | +--- |
| 11 | + |
| 12 | +By default, you can connect to Redis Cloud databases through the database's public endpoint, or through the database's private endpoint with a private connectivity method. |
| 13 | + |
| 14 | +Public endpoints are accessible from the public internet and don't require a private connectivity method. While this makes Redis Cloud databases convenient to use, it also exposes the databases to potential unauthorized access or brute force attacks, even with a database password in place. Some organizations may want to block public access to their databases to comply with security policies or to better meet stringent compliance standards. |
| 15 | + |
| 16 | +Users with Redis Cloud Pro databases can choose to block public endpoints for all databases in their subscription. |
| 17 | + |
| 18 | +## Block public endpoints |
| 19 | + |
| 20 | +You can block public endpoints for a subscription for a [new subscription](#new-subscription) or an [existing subscription](#existing-subscription). |
| 21 | + |
| 22 | +### New subscription |
| 23 | + |
| 24 | +To block the public endpoints when you [create a new Pro subscription]({{< relref "/operate/rc/databases/create-database/create-pro-database-new" >}}): |
| 25 | + |
| 26 | +1. Follow the instructions to [create a Pro database with custom settings]({{< relref "/operate/rc/databases/create-database/create-pro-database-new#custom-settings" >}}). |
| 27 | +1. On the **Setup** tab, go to **Advanced options > Security** to select persistent storage encryption options. |
| 28 | +1. Select **Block public endpoint** to block the public endpoint for all databases on the subscription. |
| 29 | +1. Select **Continue** to go to the [Sizing tab]({{< relref "/operate/rc/databases/create-database/create-pro-database-new#sizing-tab" >}}). Follow the instructions to provision your database(s). |
| 30 | + |
| 31 | +After you block the public endpoints for a new subscription, you will need to set up a [private connectivity method](#private-connectivity-methods) to connect to your databases. |
| 32 | + |
| 33 | +### Existing subscription |
| 34 | + |
| 35 | +For existing subscriptions, we recommend setting up a [private connectivity method](#private-connectivity-methods) to connect to your databases before blocking the private endpoint and migrating all connections to the private endpoint. |
| 36 | + |
| 37 | +To block the public endpoints of an existing Pro subscription: |
| 38 | + |
| 39 | +1. From the [Redis Cloud console](https://cloud.redis.io/), select the **Subscriptions** menu and then select your subscription from the list. |
| 40 | +1. Open the **Security** tab to view security settings. |
| 41 | +1. In the **Endpoint** section, select **Edit**. |
| 42 | +1. Select **Block public endpoint**. |
| 43 | +1. Select **Save** to save your changes. |
| 44 | +1. A window will appear asking you to confirm that blocking the public endpoint will reject clients connecting to the public endpoint. Select **I understand** and then **Block** to confirm. |
| 45 | + |
| 46 | +After your changes are saved, any incoming connections to the public endpoint of your database will be rejected. |
| 47 | + |
| 48 | +## Private connectivity methods |
| 49 | + |
| 50 | +Redis Cloud supports the following private connectivity options: |
| 51 | +- [VPC peering]({{< relref "/operate/rc/security/vpc-peering" >}}) |
| 52 | +- [Google Cloud Private Service Connect]({{< relref "/operate/rc/security/private-service-connect" >}}) _(Google Cloud only)_ |
| 53 | +- [AWS Transit Gateway]({{< relref "/operate/rc/security/aws-transit-gateway" >}}) _(AWS only)_ |
0 commit comments