@IT Admin
Thank you for reaching out.Based on my understanding you are looking for private and public access at the same time, I think this will be a good option to have https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-networking-private-link , regarding to the two option you mentioned, with private link you can follow any of them, because you can provision with private and enable public and vice versa. Like the below example:
More information: The following characteristic apply whether you choose to use the private access or the public access option:
- The server has a fully qualified domain name (FQDN). For the
hostname
property in connection strings, we recommend using the FQDN instead of an IP address.
For public access, (allowed IP and private endpoint)
Choose this networking option if you want the following capabilities:
- Connect from Azure resources that don't support virtual networks.
- Connect from resources outside Azure that are not connected by VPN or ExpressRoute.
- Ensure that the Azure Database for PostgreSQL flexible server instance has a public endpoint that's accessible through the internet.
For private access with Vnet
Choose this networking option if you want the following capabilities:
- Connect from Azure resources in the same virtual network to your Azure Database for PostgreSQL flexible server instance by using private IP addresses.
- Use VPN or Azure ExpressRoute to connect from non-Azure resources to your Azure Database for PostgreSQL flexible server instance.
- Ensure that the Azure Database for PostgreSQL flexible server instance has no public endpoint that's accessible through the internet.
All the above is documented here
With public access, the Azure Database for PostgreSQL flexible server instance is accessed through a public endpoint. By default, the firewall blocks all access to the server. To specify which IP hosts can access the server, you create server-level firewall rules. Firewall rules specify allowed public IP address ranges. The firewall grants access to the server based on the originating IP address of each request. With private access no public endpoint is available and only hosts located on the same network can access Azure Database for PostgreSQL flexible server.
I would suggest going through the below doc for a better understanding of private link in Azure PaaS PostgreSQL flex.
Firewall rules in Azure Database for PostgreSQL - Flexible Server
Azure Database for PostgreSQL - Flexible Server networking with Private Link - Preview
Regards,
Oury