Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Halaman ini memberikan ringkasan cara Anda dapat terhubung ke instance AlloyDB untuk PostgreSQL menggunakan alamat IP pribadi.
Menggunakan alamat IP pribadi akan menjaga traffic data Anda dalam jaringan yang aman dan meminimalkan risiko penyadapan. Alamat IP internal resource, yang bersifat internal untuk jaringannya dan tidak dapat diakses dari internet, secara efektif membatasi cakupan aksesnya ke instance AlloyDB dan potensi permukaan serangan.
Metode konektivitas IP pribadi
Untuk mengakses instance AlloyDB menggunakan IP pribadi, Anda dapat memilih
akses layanan pribadi atau Private Service Connect. Karena setiap metode koneksi menawarkan kelebihan dan kekurangan yang berbeda, gunakan informasi dalam dokumen ini untuk memilih pendekatan terbaik untuk persyaratan spesifik Anda.
Akses layanan pribadi
Akses layanan pribadi diterapkan sebagai koneksi peering Virtual Private Cloud (VPC) antara jaringan VPC Anda dan jaringan VPC yang mendasari Google Cloud tempat instance AlloyDB for PostgreSQL Anda berada. Koneksi pribadi memungkinkan instance VM di jaringan VPC Anda dan layanan yang diakses untuk berkomunikasi melalui alamat IP internal secara eksklusif. Instance VM tidak memerlukan akses Internet atau alamat IP eksternal untuk menjangkau layanan yang tersedia melalui akses layanan pribadi.
Untuk mengetahui informasi selengkapnya tentang cara menggunakan akses layanan pribadi untuk konektivitas, lihat Ringkasan akses layanan pribadi.
Private Service Connect
Private Service Connect memungkinkan Anda membuat koneksi pribadi dan aman antara jaringan VPC Anda dan Google Cloud layanan, seperti AlloyDB for PostgreSQL. Anda dapat terhubung ke instance AlloyDB dari beberapa jaringan VPC yang tergabung dalam grup, tim, project, atau organisasi yang berbeda. Saat membuat cluster AlloyDB, Anda dapat mengaktifkannya untuk mendukung Private Service Connect. Saat membuat instance AlloyDB dalam cluster, Anda menentukan project mana dari jaringan VPC Anda yang dapat mengaksesnya.
Sebelum memutuskan apakah akan menggunakan akses layanan pribadi atau Private Service Connect sebagai metode koneksi, pertimbangkan perbandingan berikut:
Akses layanan pribadi
Private Service Connect
Memerlukan pencadangan rentang CIDR (/24 minimal) dari VPC konsumen. Rentang IP dicadangkan terlepas dari apakah IP tersebut sedang digunakan atau tidak, sehingga menyebabkan penguncian pada semua alamat IP dalam rentang tersebut.
Memerlukan satu alamat IP untuk membuat aturan penerusan di endpoint per jaringan VPC.
Rentang RFC 1918 dan Non-RFC 1918 dapat digunakan untuk endpoint.
Menghubungkan ke project dalam jaringan VPC yang sama.
Menghubungkan di beberapa VPC atau project.
Pilih skenario VPC tunggal berskala kecil.
Pilih penyiapan multi-VPC skala besar.
Biaya minimal karena Anda menggunakan peering VPC yang ada dan disertakan dalam project Anda.
Lebih mahal dibandingkan akses layanan pribadi karena biaya yang terlibat dalam penyiapan awal, penggunaan setiap endpoint per jam, dan transfer data per GiB.
Kurang aman dibandingkan Private Service Connect karena koneksi langsung.
Lebih aman karena isolasi VPC konsumen dan produsen.
Koneksi bersifat dua arah, sehingga memungkinkan traffic masuk dan keluar.
Secara default, koneksi bersifat satu arah yang hanya mengizinkan koneksi masuk. Konfigurasi tambahan diperlukan untuk koneksi keluar.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-08-30 UTC."],[[["\u003cp\u003eThis document outlines methods for connecting to AlloyDB for PostgreSQL instances using private IP addresses, ensuring data traffic remains within a secure network.\u003c/p\u003e\n"],["\u003cp\u003eTwo primary connection methods are available: private services access, which uses VPC peering, and Private Service Connect, which allows connections from multiple VPC networks.\u003c/p\u003e\n"],["\u003cp\u003ePrivate services access is suitable for smaller-scale, single-VPC setups with minimal costs, whereas Private Service Connect is ideal for larger, multi-VPC environments requiring higher security.\u003c/p\u003e\n"],["\u003cp\u003ePrivate services access requires reserving a CIDR range and is limited to RFC 1918 IP ranges, while Private Service Connect only requires a single IP address and supports both RFC 1918 and non-RFC 1918 ranges.\u003c/p\u003e\n"],["\u003cp\u003eThe chosen private IP access method for an AlloyDB cluster cannot be changed after creation, necessitating careful consideration during the initial setup.\u003c/p\u003e\n"]]],[],null,["# Private IP overview\n\nThis page provides an overview of the ways in which you can connect to your AlloyDB for PostgreSQL instance using private IP addresses.\n\nUsing private IP addresses keeps your data traffic within a secured network and minimizes risk of interception. A resource's internal IP address, being internal to its network and inaccessible from the internet, effectively limits both its scope of accessing an AlloyDB instance and potential attack surface.\n| **Note:** If you plan to use AlloyDB along with other Google Cloud services, then you can use Terraform templates for setup and management of Google Cloud networking infrastructure. For more information, see [Simplified Cloud Networking Configuration Solutions](https://github.com/GoogleCloudPlatform/cloudnetworking-config-solutions).\n\nPrivate IP connectivity methods\n-------------------------------\n\nTo access your AlloyDB instances using private IP, you can choose\neither private services access or Private Service Connect. Since each\nconnection method offers distinct advantages and trade-offs, use the information\nin this document to choose the best approach for your specific requirements.\n| **Caution:** Once you create your AlloyDB cluster, the private IP access method cannot be changed. Therefore, careful consideration is required during the initial setup process.\n\n### Private services access\n\nPrivate services access is implemented as a Virtual Private Cloud (VPC) peering connection between your VPC network and the underlying Google Cloud VPC network where your AlloyDB for PostgreSQL instance resides. The private connection enables VM instances in your VPC network and the services that you access to communicate exclusively by using internal IP addresses. VM instances don't need Internet access or external IP addresses to reach services that are available through private services access.\n\nTo automate the setup of AlloyDB clusters with private services access using Terraform, see [Deploy AlloyDB using Terraform](https://github.com/GoogleCloudPlatform/cloudnetworking-config-solutions/blob/main/docs/AlloyDB/alloydbinstance-using-psa-accessed-from-gce.md).\n\nFor more information about using private services access for connectivity, see [Private services access overview](/alloydb/docs/about-private-services-access).\n\n### Private Service Connect\n\n[Private Service Connect](/vpc/docs/private-service-connect) lets you create private and secure connections between your VPC networks and the Google Cloud service, such as AlloyDB for PostgreSQL. You can connect to your AlloyDB instance from multiple VPC networks that belong to different groups, teams, projects, or organizations. When you create an AlloyDB cluster, you can enable it to support Private Service Connect. When creating an AlloyDB instance within the cluster, you specify which projects from your VPC network can access it.\n\nFor more information about using Private Service Connect, see [Private Service Connect overview](/alloydb/docs/about-private-service-connect) and the video [What is Private Service Connect?](https://www.youtube.com/watch?v=JAFagcQBV08).\n\nChoose between methods to use\n-----------------------------\n\nBefore you make a decision about whether to use private services access or Private Service Connect as your connection method, consider the following comparison:\n\nWhat's next\n-----------\n\n- [Private services access overview](/alloydb/docs/about-private-services-access)\n- [Private Service Connect overview](/alloydb/docs/about-private-service-connect)\n- Watch a Cloud Skills Boost video to learn how to [use private services access to provide access to producer services](https://www.cloudskillsboost.google/paths/14/course_templates/36/video/500632)."]]
