Creating the RDS instance for PostgreSQL using the IAM Authentication

  • 25 April 2024
  • 0 replies
  • 20 views

Userlevel 2
Badge

In cloud computing, managing databases efficiently and securely is paramount. One such method involves creating an Amazon RDS instance for PostgreSQL using IAM Authentication. This process allows users to leverage the robustness of PostgreSQL databases while ensuring secure access through AWS’s Identity and Access Management (IAM) system. This approach enhances security and simplifies database management, making it an attractive option for businesses and developers alike. 

CData Sync simplifies the process of replicating data into your RDS PostgreSQL instance while adhering to the security best practices of IAM authentication. Meanwhile, CData Drivers ensure that your applications can communicate seamlessly with this database, allowing you to read, write, and update data. 

In the upcoming sections, we’ll explore a step-by-step guide for configuring an RDS instance for PostgreSQL using IAM Authentication: 

  1. Creating the RDS Instance  
  2. Creating the PostgreSQL user in pgAdmin. 
  3. Creating an IAM role  
  4. Configuration of PostgreSQL in Sync and Drivers

Step 1: Creating the RDS Instance 

This is the first step where an Amazon RDS instance for PostgreSQL is set up in AWS. The RDS instance acts as your database on the cloud, which can be accessed and managed remotely. 

  1. Log in to your AWS instance, then navigate to RDS. Once there, open the Databases section and click on ‘Create Database’.
    j0cpmNWtTNNAlNrYfZaHjXZQEqS21B0xYm_7ROIS-HbjHn5HNYJ7DoNeVda4bm-7SV1TEOx3PgoT_2046tLNTErchnrMjm6IYJKa2owTKURxrmqSnL5KL-aDiz3L-aBeuQUfxaCBw699ICC9jTB9T6g
  2. Configure the Databases with the following properties: 
  • Select the ‘Standard’ database creation method.  
  • Choose the ‘PostgreSQL’ engine option. 
  • Choose either the Dev/Test template or the Free Tier template, depending on the cost. 
    HkpAi82ZMufCNmKVBbvLW3k9isrk3Pu4MG4N8lBMIR6TModJp8aovNscC5R-IqWLqgnpnT_PzYKY3_-_DEgP_j2kJoSyC7lbKfIpy_YTXe2gULUMBjlWyofuvk0YjWDI78P5JOEqFc8eyPOley2Zkkk
    8zMRS1d03-G6CJYvKCdu5zx7bLfZYm48AT2DMnz-AKLCIoZidu-4dz-7MpxrBIogBwYUEVtEPf1Pq2zOdll_6V8PefDyCahUq2OfPA4_vk_S7CE6Wdyir1WGe-iv5oDaipJR2caoiodfYSgoM1Dhl54
  1. Configure the Settings to: 
  • DB instance identifier: Name your RDS instance 
  • Master username: Name your database 
  • Master password: Choose the password for your database 
  • Confirm master password -I48rh4T0keo-5GsTU4qYst5neNELCaRAuObfz7A65hPMVygbkDQs8MMySrWGAiYnhEEidTdyvaK-EdG_bkSFUKBGI5YTNDfecrfleTzSj84sguSO03yHz9MSq6FM0G2jUKp7UgE9m3Y7nHUc9wnF7A
  1. Connectivity: Public access: Yes n9ZT1xx1Gfitgvxe1oZ89cRFAVMq9y87ZIM8vTf5pSMhbPdlNc6oZjs4g0wXf6smuEZE4Al9sxB05xbjjUAk8yn9PrHMvMSAXvVXP2-_XmyKbBtAquTIZmQHhKAWtm4O-FB5JESvAEVGupj3LGVfID4
  2. Database Authentication: Database and IAM database authentication xZjFnyBGI5XBoko1IFHVFNPenx-KlNMek3BHE7eISCU6hbLytg9FBr4X_AO77ysneR2owqmdKXJSXePf0oP71dmhFSRmKdKbGzH7PSN5Xc2q7IVcOpEj43rPMMApkuaogE15N1ownB27p9CbUVgpmSc
  3. Create the database by configuring the above properties. pHBw1yp5hJja7LK9qhN8-a9mtQaADynh-aYzv11nNKK5qrTqfd2HTL-vs2cCIOAbfaAHXtmWSu9k8oWJeXLBX7If3hVtUB-EvV5rciNF_JKDyuqPg3JoCkWVPK1huiW2LBVRl7holEw5setknXrTmzg

 

Step 2: Creating the PostgreSQL user in pgAdmin 

pgAdmin is a popular open-source and full-featured PostgreSQL administration tool. In this section, a new PostgreSQL user is created who will have the rights to perform certain database operations.

  1. In PostgreSQL, right-click on ‘Servers’. Then, navigate to and click on Register > Server.
    TpqX8SAhN2tZYEbc0EroeojRPvQZpd8tUAJGuxq8Un_Bsw1rbTag7d7dHWOL8X2-ktvxfwvI-RjcjDcFExUAcKvex0k5KqOBhNKPOEYE_D_ybY9U0l-z0kw2aTQCWg8XVPaVlcpLTv98ftwP-IctoUw
      
  2. Configure the RDS instance of PostgreSQL in the database console. 
    aRF0uE9IA7XIYuzzWtguapV3wrqbAfHkMuDqvhFldwFIIDGViy4ZSDCsfmbXF7SeXLoWf8U4_H89V3G5BUWN85vmywX1ulj06ygBgDRFq-k39lbBCnUrULENqCdUXXlUzHzhj3u4vMBqg9ACnpI8M1c
  3. Create the PostgreSQL user by executing the following script: 
    CREATE USER db_user WITH LOGIN;

     

  4. Grant RDS access to the user with the command: 
    GRANT rds_iam TO db_user;

    r3VYSM4huvYyHk1PL2aM8mOvEsaddTVfnxaGDtU_t1jp5vBIpFQ88ELLvHQgNoBDfCrOtZvsE9ILZbwqeaPoU-G1Ojluzrc1gV5GLHnWUGojLSVRn5epZAZxdtmvcb4dOR7Lmae4GwsgNXqGn3RaD7g

Note: Remember that db_user represents the username you’ve created for PostgreSQL. 

Step 3: Creating an IAM role 

IAM (Identity and Access Management) is a service offered by AWS that helps control access to AWS resources. An IAM role is an entity that defines a set of permissions for making AWS service requests. Here, an IAM role is created to manage permissions and control access to the PostgreSQL database. 

  1. Log in to the AWS portal, then search for IAM Roles and click on ‘Create Role’. 
    3L-78TeWG1qsQziN4OAxRmM8Rh7aC-Yl0urLFWp5sqrs9mgDPsErKWFRBzLyfLDtOLhDyoIayCNUuu2jWrY0VGu9Ryu37c6zPgKyyjMDbPEnkj2N4yVk75jA-6GlsyQm98O7PZaTCHadgfw5MxRdbAs
    mmyHcZYv-bXZ2CpWrfaX3RcFPtuOB92ZSaZhbm6RFmW5-TulP18IDbZxJJKVF2sBNwTB_ylFuiquobFhVltz7pRzyE7nn-hfx4ZZmw7GqRCXZeH89D4XUFxrYnG--DGMN2Fg-P-2uaLZDfAZVBJFbGM
  2. Configure the IAM Roles with the following settings: 
    1. Select ‘AWS Account’ as the Trusted Entity type 
    2. Choose the following Permission Policies:
      • AmazonRDSFullAccess 
      • AmazonRDSDataFullAccess 
  3. Provide the role name and create the role
  4. In the Permissions tab, click on ‘Add Permissions’ and create an Inline Policy

    EkNniP_rPz4-LMJvertYaIvz729o_aOWGI3NoxOt0nCpLmRiAg2DZLEZ73ux70OEiN-LqnmRStiWw1-KZl-iZOYLPYPCE7HFOjNYTp6novkdavH_B-g28ZRB9HPBVqo8fHCL_DbN2b0igCFLsaOHLgc
  5. In ‘Specify permissions,’ pass the following JSON: 
    { 
    "Version": "2012-10-17",
    "Statement": [
    {
    "Sid": "VisualEditor0",
    "Effect": "Allow",
    "Action": "rds-db:connect",
    "Resource": "<rds arn>:<rds resource id>/<postgresql user created in part 2>"
    }
    ]
    }

    Note: RDS ARN and RDS Resource ID can be fetched from PostgreSQL RDS instance configuration 

  6. After creating the Inline Policy, please configure the Trust relationships.
    2SfWbnuD5S6hUHwz7viopGWbZX6wBETZZ81MxOJLpjk7xDMCwI8cJmO2SfzL8SjYTEvPHXdKvngYLyDBPX5SMMLoiW8RuePLxOeCDOjSTRvhAQTGJ4_Ks-55QDL8Iyi6lHHN9IAuXrWaYLP-AdlJIYUNote: Add one more tag in your trust relationships which is AWS and enter your User ARN

Step 4: Configuration of PostgreSQL in CData Sync and CData Drivers 

CData Sync is a universal data pipeline that delivers automated continuous replication for a wide range of databases, CRMs, ERPs, and APIs. CData Drivers are universal data connectors that offer seamless integration with a wide range of data-driven applications and platforms. In this step, the PostgreSQL database is configured to work with CData Sync and CData Drivers. This ensures smooth data synchronization and seamless integration between your applications and the database. 

  1. Log in to the Sync Application, then navigate to the ‘Connections’ tab.  
  2. Click on ‘Add Connection’ and configure your PostgreSQL 
  3. Set the following connection properties:
    • Connection Name: Name the PostgreSQL connection 
    • Server: Enter the endpoint of your RDS instance. 
    • AuthScheme: AWSIAMRoles 
    • User: Enter the same username you created in PostgreSQL (Section: Step 2) 
    • AWS Access Key: Created for the IAM user. 
    • AWS Secret Key: Enter the corresponding secret key for which you have created the access key. 
    • AWS Role ARN: IAM Role ARN 
    • Database: Enter the database name used in the RDS instance. 
    • Port: Enter the port number from the RDS instance. 
    • UseSSL: True 
    • SSLServerCert= * 
      t-rX5O9t84r7P5Z-jVw1P07uTEmIIfYbWx2DHH4-bIvNTdE_U0s6vW8LN8PDm2OAMWjlqEnfhQtxpTaY4qSCGhRLyHXrNKkQzNAos2NUCzDWyxyooEMVeJGrFxQswNFlKd5rB096RkCELfBccXfodiA
      Note: These configurations are applicable for connecting to any edition of the PostgreSQL driver. 

Each of these steps plays a crucial role in setting up a secure and efficient cloud-based PostgreSQL database using Amazon RDS, IAM Authentication, and CData Sync/CData PostgreSQL Driver. They collectively contribute to enhancing the security, manageability, and scalability of your database operations.

Try CData Sync Today 

To effortlessly integrate live and on-demand data with incredible speed and accuracy, sign up for a 30-day free trial of CData Sync!


0 replies

Be the first to reply!

Reply