-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Postgres proxy on cloud #5354
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Context
We have a multi tenant-cloud but use 1 schema per workspace.
We could leverage this to our advantage to let people access their data externally (e.g. via Metabase or Tableau)
We need to find a way to do that in a secure way (we cannot expose Postgres publicly/for all tenants)
Proposal
My initial proposal was to setup a new Postgres DB that we would use as a proxy with foreign data wrappers pointing to our read-replica. That way we would only expose the data for people that opt-in + we could add additional security layers (connection limit enforced by the read replica, read-only at prod db-level + read-replica level, additional logging tailored specifically for the proxy etc).
Then talking to @Freebios we realized that building a wrapper in Node wasn't actually complex. It feels a bit hacky as we're almost at the packet level but it seems to work reasonably well
Proof of concept
Here's a sample code that works (IP whitelisting part wasn't tested)
(note this is not Typescript)
Implementation
From a structure perspective I think the easiest would be to run this as a separate package twenty-postgres-proxy ; add a README, tests, etc. It's possible to tell NestJS to listen on 2 ports but I think that will add some un-necessary slowness and complexity. Since this could be a risky area, keeping the code small, extremely well tested and isolated seems like a good option.
The text was updated successfully, but these errors were encountered: