Access Crunchy Bridge privately using Tailscale

Crunchy Bridge is a managed Postgres service run in major cloud provides such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform. It is built by the company Crunchy Data. Each Crunchy Bridge instance lives in its own virtual private cloud (VPC). The Tailscale integration for Crunchy Bridge allows users to connect to their Crunchy Bridge cluster securely for clouds where there are no VPCs, or directly where VPC peering doesn’t make sense, for example, for testing.

Prerequisites

Before you begin this guide, you’ll need a tailnet and a Crunchy Bridge account.

Integration

See the full instructions in Crunchy Data’s blog post for setting up an integration with Tailscale.

To use Crunchy Bridge with Tailscale, you’ll need to:

  1. Create an auth key. You need to be an Owner, Admin, or Network Admin of a tailnet in order to create an auth key. To create the key, open the Keys page in the Tailscale admin console. We recommend using a tagged reusable pre-authorized key for this purpose. A tagged key restricts the Crunchy Bridge device’s permissions based on the access control list rules for the tag that will apply as soon as the device is provisioned. A reusable key is useful in retry connection logic, and pre-authorized so that every new instance doesn’t need to be authorized.

    Be very careful with reusable keys! These can be very dangerous if stolen. They’re best kept in a key vault product specially designed for the purpose.
  2. In the Crunchy Bridge dashboard for managing your cluster, click Networking and then click Tailscale. For Auth Key, paste in the auth key that you previously created.

  3. Click Connect Tailscale.

  4. Open the Machines page of the Tailscale admin console. After the connection initializes, you should see the Crunchy Bridge cluster device in your tailnet. Copy the Tailscale IP address, which is in the form 100.x.y.x format.

  5. Use the Tailscale IP address when you connect to your Crunchy Bridge cluster. For example, if the Tailscale IP address is the 100.101.102.103 and you’re using port 5432:

    psql postgres://application:<your-application-id>@100.101.102.103:5432/postgres
    

Limitations

  • Auth keys expire after 90 days.

Last updated

WireGuard is a registered
trademark of Jason A. Donenfeld.

© 2023 Tailscale Inc.

Privacy & Terms