Skip to main content

Connection Options

There are multiple ways to connect to your integrations depending on how you deploy Superblocks (Cloud or On-Premise Agent) as well as the integration type.

Connect from Superblocks Cloud

By default, Superblocks Cloud acts as a proxy to your integrations. This makes it simple to get started and simple to manage.


For integrations with public third-party SaaS REST APIs, Superblocks Cloud can connect directly without any networking configuration.

IP allowlist

For databases and non-public internal APIs, we recommend using IP allowlists to protect your environment. When using the Superblocks Cloud deployment model, add the following IP addresses to your ingress allowlist in the network where your data sources reside.

NAT hostnameCurrent DNSLast Recorded IPs
nat.superblocks.comA Records107.22.228.244

Superblocks aims to rarely change these addresses. For the most up to date IP addresses, reference the current A records link above.

Implementation guide - AWS and GCP

  • Log in to the AWS Console
  • Navigate to the resource that you would like Superblocks to connect to
  • If you are applying an allowlist to an RDS instance, the instance must be set to Publicly accessible (this is found under Connectivity -> Additional configuration)

Ensure your RDS instance is publicly accessible

  • Select an existing Security Group or create a new one
  • Select the Inbound rules tab at the bottom and click Edit inbound rules

Update inbound rules to ensure that Superblocks IP addresses are allowed

  • Choose the port (defaults: Postgres: 5432, MySQL: 3306, MSSQL: 1433)
  • Set Source to "Custom" and enter the following IP addresses:,,,,,,,,

Add Superblocks IP addresses to the allow list

  • Click Save rules

SSH tunnel

Superblocks supports connecting via an SSH tunnel for the following database integrations:

To setup SSH tunneling:

  1. Select the Use SSH Tunnel checkbox in the Superblocks integration form, and configure the following settings:

    Authentication MethodAuth method used by the bastion server to connect to your instance. Choose between User-defined Private Key and Password.
    Bastion HostBastion destination address to connect to for SSH port forwarding
    Bastion PortBastion destination port to connect to for SSH port forwarding
    Bastion UsernameUsername for bastion host
  2. Configure authentication settings based on the previously chosen Authentication Method:

    • User-defined Private Key - Add your public and private keys in Superblocks. Both RSA and Ed25519 are supported.
    • Password - Add bastion password in Superblocks
  3. Allow connections from Superblocks to your bastion host (see IP allowlist)

  4. On the bastion host, make sure there is a user account associated with the bastion username. If creating a new account, add the public key into ~/.ssh/authorized_keys.

Connect from On-Premise Agent

When using the On-Premise Agent deployment model, an agent running inside your own network connects to your integrations. As such, you do not need to open any inbound firewall rules. See the On-Premise Agent docs for more details.