Enable public and/or private service endpoints for IBM Cloud Databases

You may have noticed a small change in your IBM Cloud Databases UI—we recently released an update to all IBM Cloud Databases which allows you to enable public and/or private service endpoints for your database deployments. In this post, we’ll walk you through the setup.

IBM Cloud Databases recently released an update which integrates with IBM Cloud Service Endpoints.

The benefits of using private Service Endpoints include the following:

  1. They allow you to connect to other IBM Cloud Service Endpoint enabled products over the IBM Cloud network without requiring a routable IP address. This comes with increased security since traffic between your databases stays within the IBM Cloud network. Also, it allows you to create an internal interface for your IBM Cloud services that are accessible using internal network interfaces without requiring internet access to connect to IBM services.

  2. Inbound and outbound traffic on the private network is unlimited and not charged—previously, you’d be billed for egress bandwidth when talking to an IBM Cloud service.

This means that you now have the ability to have both private and public endpoints for your databases deployed on IBM Cloud. Service Endpoints are currently only available in IBM Cloud Multi-Zone Regions, so if your deployments are in Oslo 01, for example, you aren’t able to use private endpoints since it’s a Single-Zone Region. Deployments in all other regions are able to use Service Endpoints.

Public and private Service Endpoints are available to all customers using IBM Cloud Databases. Public Service Endpoints are what you’re given by default to connect to your databases. This allows you to connect securely to your databases over the public network via the internet. Private Service Endpoints, on the other hand, are different since they route your traffic to hardware dedicated to IBM Cloud Databases over the IBM Cloud private network. These Service Endpoints are not accessible from the public internet and an internet connection is not required to connect to your deployment.

Enabling Service Endpoints

If you want to use your databases connections over the public internet, you don’t have to enable IBM Cloud Service Endpoints on your IBM Cloud account. However, to enable a private endpoint, you’ll need to manually set them up using the IBM Cloud CLI. To do that, the first step is to log in to your IBM Cloud account:

ibmcloud login
Scroll to view full table

Then, see if your account has Service Endpoints enabled:

ibmcloud account show
Scroll to view full table

Look for Service Endpoint Enabled. If it’s false, then you’ll need to enable it using the following command:

ibmcloud account update --service-endpoint-enable true
Scroll to view full table

At this point, a prompt to will show that you opened a support ticket with IBM Cloud to enable the Service Endpoint. You then can check the status of the ticket by going to your support page on IBM Cloud.

Creating Service Endpoints for Cloud Databases

You can enable Service Endpoints on new and old Cloud Databases deployments from the IBM Cloud console and the Cloud Databases API. The Service Endpoints that are available when provisioning a Cloud Database are public (default), private, or public and private (except for Databases for MongoDB, which allows only either public or private Service Endpoints to be enabled). On Databases for MongoDB, once you’ve enabled either a public or private Service Endpoint after provisioning the database, you can’t change the Service Endpoint.

You can choose whether to add Service Endpoints from the IBM Cloud UI or using the IBM Cloud CLI. We’ll show you how to add them using both ways.

Databases Service Endpoints from the IBM Cloud UI

From the IBM Cloud UI, when selecting a Cloud Database for the first time, you’ll be directed to the database’s provisioning page. Here, you can now select the Service Endpoints that are supported for your deployment. The default Service Endpoint is through the public network, but for most deployments, you can select public, private, or both public and private Service Endpoints.

In this example, I’ve chosen to enable both public and private endpoints.

Once you’ve selected the Service Endpoint you’d like to use, as well as any other configuration that’s available for the database you’ve selected, click Create and your database will provision. After it’s been provisioned, click on the database from your IBM Cloud resources panel and you’ll see both the public and private endpoints visible in the Connections pane in your Cloud Database management console.

Select either the public or private endpoints from the Connections pane to get your database connection strings and credentials.

For deployments that have already been provisioned, you already have a public Service Endpoint created. However, if you’d like to add on a private Service Endpoint, you can do that from your Cloud Databases management console by selecting the Settings tab. From there, scroll down to the Service Endpoints panel, where you can toggle Private endpoints.

After that, click on Update Endpoints and a window will pop up to confirm that you’d like to add the Service Endpoint. Once it’s been added, you’ll also see two connections in your Connections panel: one for public endpoints and another for private endpoints like above.

Databases Service Endpoints from the IBM Cloud CLI

Creating a Cloud Databases deployment from the IBM Cloud CLI with Service Endpoints is also easy to do.

Once you’re logged into your IBM Cloud account and have requested that Service Endpoints are enabled, you can provision a Cloud Database that has public, private, or public and private endpoints. In the example below, I’ve given you the command to create an example Databases for PostgreSQL deployment called

example-databases-for-postgresql with a private endpoint using the --service-endpoints option with private.
Scroll to view full table
ibmcloud resource service-instance-create example-databases-for-postgresql \ databases-for-postgresql standard us-south --service-endpoints private
Scroll to view full table

If you wanted only a private Service Endpoint for your database, you’d use private. If you wanted only a public Service Endpoint, you’d use public or not designate an endpoint at all, and it would be public by default.

To update an existing Cloud Databases deployment using the IBM Cloud CLI, you’d use the following command:

ibmcloud resource service-instance-updateexample-databases-for-postgresql --service-endpoints public-and-private
Scroll to view full table

Here, we’re using the

service-instance-update command and our deployment nameexample-databases-for-postgresql
Scroll to view full table

in order to give both public and private Service Endpoints to the database.

Viewing Cloud Databases Service Endpoints with the IBM Cloud API

Using the Cloud Databases API, you can view the Service Endpoints connection strings and credentials of your Cloud Databases. The documentation provides an example of the required parameters you’ll need to create the endpoint. Essentially, the endpoint that you will need to receive or to use:

Scroll to view full table

So, running something like the following in your terminal would give you the private Service Endpoint for your given deployment:

curl -sS -XPOST \   "https://api.us-south.databases.cloud.ibm.com/v4/ibm/deployments/<deployment CRN/users/admin/connections/private" \ -H "Authorization: Bearer <IBM API TOKEN>"
Scroll to view full table

Contact us

This article provided you with a short overview of how to get started using IBM Cloud Service Endpoints with your IBM Cloud Databases. If you have any more questions, please feel free to reach out to our Cloud Databases support team.

More from Cloud

Strengthening cybersecurity in life sciences with IBM and AWS

7 min read - Cloud is transforming the way life sciences organizations are doing business. Cloud computing offers the potential to redefine and personalize customer relationships, transform and optimize operations, improve governance and transparency, and expand business agility and capability. Leading life science companies are leveraging cloud for innovation around operational, revenue and business models. According to a report on mapping the cloud maturity curve from the EIU, 48% of industry executives said cloud has improved data access, analysis and utilization, 45% say cloud…

7 min read

Kubernetes version 1.27 now available in IBM Cloud Kubernetes Service

< 1 min read - We are excited to announce the availability of Kubernetes version 1.27 for your clusters that are running in IBM Cloud Kubernetes Service. This is our 22nd release of Kubernetes. With our Kubernetes service, you can easily upgrade your clusters without the need for deep Kubernetes knowledge. When you deploy new clusters, the default Kubernetes version remains 1.25 (soon to be 1.26); you can also choose to immediately deploy version 1.27. Learn more about deploying clusters here. Kubernetes version 1.27 In…

< 1 min read

Redefining the consumer experience: Diageo partners with SAP and IBM on global digital transformation

3 min read - In an era of evolving consumer preferences and economic uncertainties, the beverage industry stands as a vibrant reflection of changing trends and shifting priorities. Despite the challenges posed by inflation and the cost-of-living crisis, a dichotomy has emerged in consumer behavior, where individuals untouched by the crisis continue to indulge in their favorite beverages, while those directly affected pivot towards more affordable luxuries, such as a bottle of something special. This intriguing juxtaposition highlights the resilient nature of consumers and…

3 min read

IBM Cloud releases 2023 IBM Cloud for Financial Services Agreed-Upon Procedures (AUP) Report

2 min read - IBM Cloud completed its 2023 independent review of IBM Cloud services and processes. The review report demonstrates to its clients, partners and other interested parties that IBM Cloud services have implemented and adhere to the technical, administrative and physical control requirements of IBM Cloud Framework for Financial Services. What is the IBM Cloud Framework for Financial Services? IBM Cloud for Financial Services® is designed to build trust and enable a transparent public cloud ecosystem with features for security, compliance and…

2 min read