When Autonomous Database is configured with a Private Endpoint, you need to explicitly route outbound connectivity through the private endpoint. Additionally, you need to set proper DNS resolution and connection configuration to ensure secure communication between Data Transforms and the database.

To configure Data Transforms with Autonomous Database Private Endpoint access, you need to:

• Route outbound connections through the Private Endpoint. See Configure Outbound Routing to the Private Endpoint.
• Allow sufficient time for routing changes to propagate. See Steps after Configuring Outbound Routing.
• Use DNS-based hostnames (FQDNs) instead of IP addresses. See Configure Data Transforms Connectivity.
• Ensure appropriate network and DNS configuration. See Update Data Transforms Connection Configuration.

Failure to meet these requirements may result in connection issues.

Configure Outbound Routing to the Private Endpoint

You need to route outbound connections from Autonomous Database through the Private Endpoint.

Do the following:

1. To set the routing property, log in to SQL Web as the ADMIN user and execute the following statement:

   ALTER DATABASE PROPERTY SET ROUTE_OUTBOUND_CONNECTIONS = 'PRIVATE_ENDPOINT';

   Note:

   If this command fails to execute, contact Oracle Autonomous Database Support.
2. To verify that the routing configuration is set correctly, run the following query:

   SELECT *FROM
         DATABASE_PROPERTIESWHERE PROPERTY_NAME =
         'ROUTE_OUTBOUND_CONNECTIONS';

   The expected value is PRIVATE_ENDPOINT.

Steps after Configuring Outbound Routing

After you set the ROUTE_OUTBOUND_CONNECTIONS property, do the following:

• Wait for a maximum of two hours for the private endpoint configuration to take effect.
• Ensure that there are no Data Transforms jobs in the running or pending state.
• Ensure that the Data Transforms instance is not in use. You should be logged out for the query to run successfully.

For additional information, refer to https://docs.oracle.com/en/cloud/paas/autonomous-database/serverless/adbsb/private-endpoints-autonomous.html#GUID-1EC9620B-9DB9-4E7B-B667-B3143FBDF7B2.

Configure Data Transforms Connectivity

You need to configure Data Transforms connectivity based on the deployment scenario.

If Data Transforms connects from an Autonomous Database that uses the same Private Endpoint, do the following:

• Repackage the database wallet.
• Update the tnsnames.ora file to remove any Private Endpoint–specific prefixes from the host value in the connection string.

  For example,

  Incorrect: HOST = <private-endpoint-specific>.adb.eu-frankfurt-1.oraclecloud.com

  Correct format: HOST = adb.eu-frankfurt-1.oraclecloud.com

• Configure the connection to use the public Autonomous Database load balancer host.

This ensures correct name resolution and routing within the same Private Endpoint environment.

If Data Transforms and the target database are not within the same Private Endpoint, do the following:

1. Ensure that the Autonomous Database private IP address allows network access. Add an ingress security rule permitting traffic from the Autonomous Database instance.
2. To configure Private DNS Resolution:
   • Log in to the OCI Console.
   • Navigate to the VCN associated with Autonomous Database.
   • Open Private DNS Resolver.
   • Create a new private DNS zone. Ensure that the zone name does not use the *.oraclecloud.com domain.
3. Create a Type A DNS record.
4. Map the fully qualified domain name (FQDN) to the target private IP address.
5. Save and publish the DNS changes.

Update Data Transforms Connection Configuration

Configure the Data Transforms connection to use the newly created FQDN as the host in the connection string.

Data Transforms requires a fully qualified domain name (FQDN) to ensure:

• Proper TLS certificate validation.
• Correct wallet-based connectivity.
• Stable routing through Private Endpoints.

  Connections configured using a raw IP address are not supported and may fail.

Note the following:

• Using an IP address as the host in the Data Transforms connection string is not supported.
• You may need additional network configuration if the source database is located in a different VCN, or an on-premises network. In such cases, engage your internal network solution architect or raise a service request with OCI Networking Support.