Connecting to your cluster

You can connect to your cluster using psql, the terminal-based client for Postgres, or another client. For additional security measures see:

Using psql

To connect to your cluster using psql:

  1. Sign in to the BigAnimal portal.

  2. Go to the Clusters page.

  3. Select the name of your cluster.

  4. On the Overview tab, select the copy icon to the right of the Quick Connect field to copy the command for connecting to your cluster using psql to your clipboard. psql will prompt for the edb_admin user password you selected at cluster creation time.

  5. Paste the command in your terminal.

Using another client

To connect to your cluster using a client other than psql:

  1. Sign in to the BigAnimal portal.

  2. Go to the Clusters page.

  3. Select the name of your cluster.

  4. Select the Connect tab. You can review and copy all the relevant information you need from this screen except for the edb_admin user password. Please consult the client driver documentation for the connection string format the driver uses.

Different clients can have different default TLS/SSL modes (sslmode). For example, psql defaults to prefer, which means the client will attempt to establish a TLS connection but fall back to non-TLS if the server does not support it. In the psql example provided by EDB in the Quick Connect field, sslmode is explicitly set to require, which means the client will attempt a TLS connection and fail if the connection to the server can't be encrypted.

For public connections and in most environments, EDB recommends setting sslmode to verify-full. This ensures that you connect to the server you specified and that the connection is encrypted. BigAnimal generates certificates with LetsEncrypt, a widely trusted certificate authority. Your client machine may already have a bundled CA certificate for LetsEncrypt, for example, at /etc/ssl/certs/ca-certificates.crt or /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem. If it doesn't, your client machine needs a CA certificate for Let's Encrypt. Once the CA certificate is in place on your client machine, configure the sslrootcert parameter to its location and set the sslmode parameter to verify-full to verify the certificate to fully validate the connection:

psql -W "postgres://edb_admin@xxxxxxxxx.xxxxx.biganimal.io:5432/edb_admin?sslmode=verify-full&sslrootcert=/usr/share/ca-certificates/isrgrootx1.pem"

Once connected to the cluster using psql, the conninfo meta-command shows the encryption protocol being used for communication. In the case of BigAnimal, TLS (v1.2+) is supported:

edb_admin=> \conninfo
You are connected to database "edb_admin" as user "edb_admin" on host "xxxxxxxxx.xxxxx.biganimal.io" at port "5432".
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)

Setting up Azure infrastructure to connect to a private network cluster

The Private Networking option offers a higher level of isolation and security by moving your cluster out of the public Internet. Clusters with Private Networking enabled, are by default not accessible from outside of your cluster's resource virtual network. You need to perform additional configuration steps to connect your applications in other parts of your Azure infrastructure to your clusters via private network links.

Note

EDB strongly discourages users from provisioning additional resources in the cluster's resource virtual network.

You can connect to the private cluster from an application in Azure, see Connecting from Azure. This section also contains walkthrough examples to guide you through the different methods to connect to your cluster.