Create Database Links from Autonomous Database to an Autonomous Database on a Private Endpoint
You can create database links from an Autonomous Database to a target Autonomous Database that is on a private endpoint.
Depending on configuration of the target Autonomous Database, you have these options:
-
Create Database Links to a Target Autonomous Database on a Private Endpoint without a Wallet (TLS)
-
Create Database Links to a Target Autonomous Database on a Private Endpoint with a Wallet (mTLS)
See How to Create a Database Link from Your Autonomous Database to a Database Cloud Service Instance for more information.
Topics
- Prerequisites for Database Links from Autonomous Database to a Target Autonomous Database on a Private Endpoint
Lists the prerequisites to create database links to a target Autonomous Database that is on a private endpoint. - Create Database Links to a Target Autonomous Database on a Private Endpoint without a Wallet (TLS)
You can create database links from an Autonomous Database to a target Autonomous Database that is on a private endpoint and connect without a wallet (TLS). - Create Database Links to a Target Autonomous Database on a Private Endpoint with a Wallet (mTLS)
You can create database links from an Autonomous Database to a target Autonomous Database that is on a private endpoint (mTLS).
Prerequisites for Database Links from Autonomous Database to a Target Autonomous Database on a Private Endpoint
Lists the prerequisites to create database links to a target Autonomous Database that is on a private endpoint.
To create a database link to a target Autonomous Database on a private endpoint:
-
The target database must be accessible from the source database's Oracle Cloud Infrastructure VCN. For example, you can connect to the target database when:
-
The target database is on a private endpoint.
-
Both the source database and the target database are in the same Oracle Cloud Infrastructure VCN.
-
The source database and the target database are in different Oracle Cloud Infrastructure VCNs that are paired.
-
The target database is connected to the source database's Oracle Cloud Infrastructure VCN using FastConnect or VPN.
-
-
For a target on a private endpoint,
DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK
supports specifying a single hostname with thehostname
parameter. On a private endpoint, using an IP address, SCAN IP, or a SCAN hostname is not supported (when the target is on a public endpoint,CREATE_DATABASE_LINK
supports using an IP address, a SCAN IP, or a SCAN hostname). -
DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK
does not support a value oflocalhost
for thehostname
parameter. -
The following ingress and egress rules must be defined for the private endpoint:
-
Define an egress rule in the source database's subnet security list or network security group such that the traffic over TCP is allowed to the target database's IP address and port number.
-
Define an ingress rule in the target database's subnet security list or network security group such that the traffic over TCP is allowed from the source database IP address to the destination port.
See Configure Network Access with Private Endpoints for information on configuring private endpoints with ingress and egress rules.
-
When your Autonomous Database instance is configured with a private endpoint, set the
ROUTE_OUTBOUND_CONNECTIONS
database property to
'PRIVATE_ENDPOINT
' to specify that all outgoing database links are
subject to the Autonomous Database instance
private endpoint VCN's egress rules. See Enhanced Security for Outbound Connections with Private Endpoints for more information.
Create Database Links to a Target Autonomous Database on a Private Endpoint without a Wallet (TLS)
You can create database links from an Autonomous Database to a target Autonomous Database that is on a private endpoint and connect without a wallet (TLS).
Perform the prerequisite steps, as required. See Prerequisites for Database Links from Autonomous Database to a Target Autonomous Database on a Private Endpoint for details.
To create a database link to a target Autonomous Database on a private endpoint without a wallet:
For the credentials you create in Step 1, the Oracle Database credentials, if the password of the target user changes you can update the credential that contains the target user's credentials as follows:
BEGIN
DBMS_CLOUD.UPDATE_CREDENTIAL
(
credential_name => 'DB_LINK_CRED',
attribute => 'PASSWORD',
value => 'password');
END;
/
Where password is the new password.
After this operation, the existing database links that use this credential continue to work without having to drop and recreate the database links.
See CREATE_DATABASE_LINK Procedure for additional information.
Create Database Links to a Target Autonomous Database on a Private Endpoint with a Wallet (mTLS)
You can create database links from an Autonomous Database to a target Autonomous Database that is on a private endpoint (mTLS).
Perform the prerequisite steps, as required. See Prerequisites for Database Links from Autonomous Database to a Target Autonomous Database on a Private Endpoint for details.
To create a database link to a target Autonomous Database on a private endpoint, with a wallet:
For the credentials you create in Step 5, the Oracle Database credentials, if the password of the target user changes you can update the credential that contains the target user's credentials as follows:
BEGIN
DBMS_CLOUD.UPDATE_CREDENTIAL
(
credential_name => 'DB_LINK_CRED',
attribute => 'PASSWORD',
value => 'password');
END;
/
Where password is the new password.
After this operation, the existing database links that use this credential continue to work without having to drop and recreate the database links.
See CREATE_DATABASE_LINK Procedure for additional information.