What are the recommendations for securely exposing existing databases to a Stardog Cloud instance?
We recommend following your database vendor's security best practices. We also recommend that you create a service account user on your database that has the appropriately scoped privileges for the data you wish to access from Stardog. As an additional layer of protection, you can also use IP-whitelist the point of origin for any Stardog Cloud instance VG query, which is
produswest2-vg-egress.stardog.cloud (184.108.40.206). This is a static IP.
For enterprise customers, we currently have a beta feature which allows Stardog Cloud Enterprise instances to access data sources over AWS PrivateLink (for those customers with VG data sources inside AWS VPCs).
Thanks @PaulPlace ! The ability to IP-whitelist is what I was hoping to hear. And also good to know about AWS PrivateLink as well. Based off of the DNS name, Stardog Cloud is in AWS' us-west-2 region?
Currently, yes, although we are planning to support running Stardog Cloud instances in other regions. (In case your next questions are "when?" and "where?", the answer is that I don't have any specifics I can share at this time.)
Thanks; I'll follow up with my sales contact on that