Connection Options
There are multiple ways to connect to your integrations depending on how you deploy Superblocks (Cloud or On-Premise Agent) as well as the integration type.
- Connect from Superblocks Cloud
- Direct - Third-party SaaS APIs
- IP allowlist - Databases and non-public internal APIs
- SSH tunnel - Databases where direct access is restricted
- Connect from On-Premise Agent
Connect from Superblocks Cloud
By default, Superblocks Cloud acts as a proxy to your integrations. This makes it simple to get started and simple to manage.
Direct
For integrations with public third-party SaaS REST APIs, Superblocks Cloud can connect directly without any networking configuration.
IP allowlist
For databases and non-public internal APIs, we recommend using IP allowlists to protect your environment. When using the Superblocks Cloud deployment model, add the following IP addresses to your ingress allowlist in the network where your data sources reside.
- US Instance
- EU Instance
| NAT hostname | Current DNS | Last Recorded IPs |
|---|---|---|
| nat.superblocks.com | A Records | 107.22.228.2443.93.101.12434.209.17.5034.227.169.5135.155.119.17835.171.116.21435.86.18.13744.232.244.9354.148.33.216 |
| NAT hostname | Current DNS | Last Recorded IPs |
|---|---|---|
| nat.eu.superblocks.com | A Records | 52.17.136.21999.81.159.154.220.65.10713.50.50.6613.50.81.3013.51.231.18 |
Superblocks aims to rarely change these addresses. For the most up to date IP addresses, reference the current A records link above.
For configuring an IP allowlist for databases on AWS and GCP, see the implementation guide here
SSH tunnel
Superblocks supports connecting via an SSH tunnel for the following database integrations:
To setup SSH tunneling:
- Select the Use SSH Tunnel checkbox in the Superblocks integration form, and configure the following settings:
| Setting | Description |
|---|---|
| Authentication Method | Auth method used by the bastion server to connect to your instance. Choose between User-defined Private Key and Password. |
| Bastion Host | Bastion destination address to connect to for SSH port forwarding |
| Bastion Port | Bastion destination port to connect to for SSH port forwarding |
| Bastion Username | Username for bastion host |
-
Configure authentication settings based on the previously chosen Authentication Method:
- User-defined Private Key - Add your public and private keys in Superblocks. Both
RSAandEd25519are supported. - Password - Add bastion password in Superblocks
- User-defined Private Key - Add your public and private keys in Superblocks. Both
-
Allow connections from Superblocks to your bastion host (see IP allowlist)
-
On the bastion host, make sure there is a user account associated with the bastion username. If creating a new account, add the public key into
~/.ssh/authorized_keys.
Connect from On-Premise Agent
When using the On-Premise Agent deployment model, an agent running inside your own network connects to your integrations. As such, you do not need to open any inbound firewall rules. See the On-Premise Agent docs for more details.