I’m running database migrations from Fly release commands.
Because release commands are run from an ephemeral VM, the IP addresses there can’t be whitelisted by my database.
What’s best practice for accessing my DB through the firewall in this situation?
create a “proxy” app with a static egress IP, and proxy your release command connection through it.
Great, thank you @lillian. Are there any docs on how to proxy my release command through another app?
hm, there’s not really something built into the platform - you’d have to configure it in your app. you can check if a machine is a release command by looking at the FLY_PROCESS_GROUP env variable, it is set to fly_app_release_command.
For any future readers, I moved my migration to happen on app startup automatically to avoid doing this