CREATE NETWORK POLICY
PREVIEW
This feature is in
private preview.
It is under active development and may have stability or performance issues.
It isn't subject to our backwards compatibility guarantees.
To enable this feature in your Materialize region, contact our team.
To enable this feature in your Materialize region, contact our team.
CREATE NETWORK POLICY creates a network policy that restricts access to a
Materialize region using IP-based rules. Network policies are part of
Materialize’s framework for access control.
Syntax
network_policy_rule
Field |
Value | Description |
|---|---|---|
| name | text |
A name for the network policy. |
RULES |
text[] |
A comma-separated list of network policy rules. |
Network policy rule options
Field |
Value | Description |
|---|---|---|
| name | text |
A name for the network policy rule. |
ACTION |
text |
The action to take for this rule. ALLOW is the only valid option. |
DIRECTION |
text |
The direction of traffic the rule applies to. INGRESS is the only valid option. |
ADDRESS |
text |
The Classless Inter-Domain Routing (CIDR) block the rule will be applied to. |
Details
Pre-installed network policy
When you enable a Materialize region, a default network policy named default
will be pre-installed. This policy has a wide open ingress rule allow 0.0.0.0/0. You can modify or drop this network policy at any time.
NOTE: The default value for the
network_policy session parameter is default.
Before dropping the default network policy, a superuser (i.e. Organization Admin) must run ALTER SYSTEM SET network_policy to
change the default value.
Privileges
The privileges required to execute this statement are:
CREATENETWORKPOLICYprivileges on the system.
Examples
CREATE NETWORK POLICY office_access_policy (
RULES (
new_york (action='allow', direction='ingress',address='1.2.3.4/28'),
minnesota (action='allow',direction='ingress',address='2.3.4.5/32')
)
);
ALTER SYSTEM SET network_policy = office_access_policy;