How you expose and reach SurrealDB Cloud affects security, latency, and compliance. Cloud supports several patterns; pick the one that matches your threat model and cloud architecture.
IP allowlisting
Restrict which client IP addresses or CIDR ranges may connect to your instance’s public endpoint. This reduces exposure to the open internet and is a common baseline for admin APIs and application tiers with fixed egress IPs.
VPC peering and private connectivity
Where available, connect your cloud VPC to SurrealDB Cloud so traffic stays on provider networks instead of the public internet. Options and onboarding vary by region and plan—confirm with your account team if you need private routing between application subnets and the database.
AWS PrivateLink
AWS PrivateLink offers interface endpoints so traffic between your VPC and SurrealDB Cloud does not traverse the public internet. Enterprise setups often require coordinated enablement and DNS configuration.
Detailed configuration
Instance-level rules (including outbound HTTP access from queries) and console steps are documented here: Network access.