Securing your TigerGraph Cloud infrastructure using private networking and user management.
Cloud Security & Private Access
TigerGraph Cloud provides multiple layers of security to protect your graph data, ranging from network-level isolation to fine-grained database access control.
1. Network Security
By default, TigerGraph Cloud solutions are accessible via a public URL protected by SSL/TLS. For enterprise production environments, you can isolate your cluster using private networking.
VPC Peering
VPC Peering allows you to connect your existing Virtual Private Cloud (VPC) or Virtual Network (VNet) directly to the TigerGraph Cloud VPC.
- AWS: VPC Peering.
- Azure: VNet Peering.
- GCP: VPC Network Peering.
Private Access Services
For higher security without the complexity of full peering, TigerGraph supports Private Links:
- AWS PrivateLink
- Azure Private Link
- GCP Private Service Connect
[!NOTE] Private Access Services are only available for Paid Tiers and must be configured during the cluster creation process.
2. User Management
TigerGraph Cloud distinguishes between two types of identities:
| Identity Type | Managed In | Purpose |
|---|---|---|
| Org Account | Cloud Portal | Accessing the dashboard, billing, and creating/stopping clusters. |
| Database User | Cluster Access Mgmt | Programmatic access via pyTigerGraph, GSQL Shell, or REST API. |
Creating Database Users
To create a programmatic user:
- Go to Clusters > Access Management.
- Select Database Access.
- Create a username/password and assign a role (e.g.,
queryreader,admin).
3. Data-at-Rest Encryption
All data stored in TigerGraph Cloud is encrypted at rest using provider-managed keys (EFS on AWS, Azure Files, GCP Filestore).
On this page
TigerGraph Book
v1.0 Curated