Generic PostgreSQL Setup Guide
Follow these instructions to replicate your generic PostgreSQL database to your destination using Fivetran.
Prerequisites
To connect your generic PostgreSQL database to Fivetran, you need:
- PostgreSQL version 9.4 - 16
- Your database host's IP (e.g.,
1.2.3.4
) or domain (your.server.com
) - Your database's port (usually
5432
) - TLS enabled on your database
Setup instructions
IMPORTANT: Do not perform the Choose connection method step in the following scenarios:
- You want to use the Hybrid Deployment model for your data pipeline
- You are setting up the connector for the PostgreSQL native app
Choose connection method (TLS required)
IMPORTANT: You must have TLS enabled on your database to connect to Fivetran.
Decide how you want to connect your database to Fivetran. How you configure your security groups in later steps will differ depending on this decision.
Connect directly
Fivetran connects directly to your database instance. This is the simplest method.
If you connect directly, you will create a rule in a security group that allows Fivetran access to your database instance.
Connect using SSH
Fivetran connects to a separate server in your network that provides an SSH tunnel to your database. You must connect through SSH if your database resides in an inaccessible subnet.
If you connect using SSH:
- configure your SSH tunnel server's security group to allow Fivetran access
- configure your database's security to allow access from the tunnel
Before you proceed to the next step, you must follow our SSH connection instructions.
Connect using private networking
IMPORTANT: You must have a Business Critical plan to use private networking.
Private networking enables communication between private networks and services without exposing traffic to the public internet. Private networking is the most secure connection method. We support the following providers:
- AWS PrivateLink – used for VPCs and AWS-hosted or on-premises services. See our AWS PrivateLink setup guide for details
- Azure PrivateLink – used for Virtual Networks (VNets) and Azure-hosted or on-premises services. See our Azure PrivateLink setup guide for details
- Google Cloud Private Service Connect – used for VPCs and Google-hosted or on-premises services. See our Google Cloud Private Service Connect setup guide for details
Connect using Proxy Agent
Fivetran connects to your database through the Proxy Agent, providing secure communication between Fivetran processes and your database host. The Proxy Agent is installed in your network and creates an outbound network connection to the Fivetran-managed SaaS.
To learn more about the Proxy Agent, how to install it, and how to configure it, see our Proxy Agent documentation.
Choose incremental sync method
To keep your data up to date after the initial sync, we use one of the following incremental sync methods. The logical replication and XMIN methods keep a record of recent data changes, which allows Fivetran to update only the data that has changed since our last sync. Fivetran Teleport Sync instead takes snapshots of tables to calculate differences.
TIP: We recommend using logical replication as your incremental sync method because it is faster than XMIN replication and allows Fivetran to detect deleted rows for tables with primary keys. Learn more in our Updating data documentation.
Choose your incremental sync method:
NOTE: You will configure your incremental sync method in later steps.
Logical replication
IMPORTANT: You can only enable logical replication if your PostgreSQL version is 10 or later. If you want to use logical replication on a read replica, your PostgreSQL version must be 16 or later.
Logical replication is based on logical decoding of the PostgreSQL write-ahead log (WAL). Fivetran reads the WAL using the pgoutput
plugin to detect any new or changed data. This plugin replicates from your custom publication without needing additional libraries.
To learn more, see our logical replication documentation.
XMIN
The XMIN method is based on the hidden xmin
system column that is present in all PostgreSQL tables. With XMIN, Fivetran must scan every table in full to detect updated data. We do not recommend XMIN for near real-time data needs because XMIN replication is slower than logical replication and doesn't allow Fivetran to detect deleted rows.
Learn more in our XMIN documentation.
Fivetran Teleport Sync
Fivetran Teleport Sync is a proprietary incremental sync method that can add delete capture with no additional setup other than a read-only SQL connection. Updates will be captured using the XMIN system column.
Learn more in our Fivetran Teleport Sync documentation.
Create user
Create a database user for Fivetran's exclusive use.
Open a connection to your PostgreSQL database in a PostgreSQL console (such as a SQL workbench or psql).
Create a user for Fivetran by executing the following SQL command. Replace
<username>
andsome-password
with a username and password of your choice.
CREATE USER <username> PASSWORD 'some-password';
Grant read-only access
Grant the Fivetran user read-only access to all tables by running the following commands. To grant access to a schema other than PostgreSQL's default public
schema, replace public
with the schema name.
GRANT USAGE ON SCHEMA "public" TO <username>;
GRANT SELECT ON ALL TABLES IN SCHEMA "public" TO <username>;
ALTER DEFAULT PRIVILEGES IN SCHEMA "public" GRANT SELECT ON TABLES TO <username>;
NOTE: The last command makes sure that any future tables will be accessible to Fivetran.
If you want to grant access to multiple schemas, you must run these three commands for each schema.
Restrict access to tables (optional)
If you want to limit Fivetran's access to your tables, grant the Fivetran user access to only the tables that you would like to sync. You must individually grant access for each table that you want to sync. You cannot grant access to all tables and then revoke access for a subset of tables.
Ensure that the Fivetran user has access to the schema that contains your table(s).
GRANT USAGE ON SCHEMA "some_schema" TO <username>;
Revoke any previously granted permission to all tables in that schema.
ALTER DEFAULT PRIVILEGES IN SCHEMA "some_schema" REVOKE SELECT ON TABLES FROM <username>; REVOKE SELECT ON ALL TABLES IN SCHEMA "some_schema" FROM <username>;
Repeat the following command for each table you want Fivetran to sync.
GRANT SELECT ON "some_schema"."some_table" TO <username>;
By default, any tables that you create in the future will be excluded from the Fivetran user's access. To grant access to new tables, run the following command.
ALTER DEFAULT PRIVILEGES IN SCHEMA "some_schema" GRANT SELECT ON TABLES TO <username>;
Restrict access to columns (optional)
If you want to limit Fivetran's access to the columns in your tables, grant the Fivetran user access to only certain columns.
Revoke any previously granted permission to read all columns in the table.
REVOKE SELECT ON "some_schema"."some_table" FROM <username>;
Grant permission to the specific columns you want to sync (for example,
some_column
andother_column
).IMPORTANT: If you chose XMIN as your incremental sync method, you must grant us access to the hidden system column
xmin
. While it's not mandatory, you can also grant us access to the hidden system columnctid
to make your initial sync faster.GRANT SELECT (xmin, ctid, some_column, other_column) ON "some_schema"."some_table" TO <username>;
Once you restrict access to columns within a table, the Fivetran user will not have access to any new columns added to that table in the future. To grant access to new columns, you must rerun the command above.
Configure incremental sync method
Configure your chosen incremental sync method:
Logical replication
To enable logical replication, follow these steps:
Go to your PostgreSQL database.
Ensure that your server has ample free space for the logs. As soon as Fivetran processes a log, we delete it. However, we don't delete logs if the sync is interrupted (for example, if we lose access to your database). In this case, logs may accumulate on your server and consume additional storage. The amount of additional disk space that these logs consume is proportional to the number of changes committed on the server. If we can't resume a lost connection quickly enough and you need more disk space, you can drop the replication slot, which deletes its unconsumed logs.
Ensure that the
statement_timeout
setting on your server is either0
(the default value to disable the timeout) or greater than5 minute
.Set the
wal_level
parameter in your database configuration tological
. For a standard PostgreSQL database, do this by adding awal_level = logical
line to thepostgresql.conf1
file. Restart the server for this change to take effect.Ensure that your
max_replication_slots
value is equal to or higher than the number of PostgreSQL connectors that use logical replication plus the number of other replication slots your database uses.Set the
wal_sender_timeout
parameter in your database configuration to0
to disable the timeout.Add a record to your
pg_hba.conf
file that allows your database to authenticate Fivetran's connection to the WAL.Go to the
postgresql.conf
file and ensure that themax_wal_senders
parameter, which specifies the maximum number of concurrent connections to the WAL, is at least twice the total number of logical replication slots. For example, if your database uses 11 replication slots in total, then themax_wal_senders
value must be 22 or greater.Use a PostgreSQL console (such as a SQL workbench or psql) to log in to your primary database as a superuser.
Create a publication for your tables. If you want, you can create a publication for only certain tables so that you add or remove tables from the publication later on. Only changes from tables in the publication are replicated to Fivetran. Each database can have multiple distinct publications. You must have
CREATE
privileges or above to run this command.IMPORTANT: The publication name
fivetran_pub
quoted throughout this guide is used purely as an example. The actual publication name should be unique for every database and cannot start with a number.CREATE PUBLICATION fivetran_pub FOR TABLE table2, table4, table8;
To add or remove a table from a publication, run the following command. You must have ownership rights over the table(s).
ALTER PUBLICATION fivetran_pub ADD/DROP TABLE table_name;
Alternatively, you can create a publication for all of your tables. However, you cannot remove any table from this publication later on. You must have superuser privileges to run this command.
CREATE PUBLICATION fivetran_pub FOR ALL TABLES;
(Optional) You can choose which operations to include in the publication. For example, the following publication includes only
INSERT
andUPDATE
operations.CREATE PUBLICATION insert_only_pub FOR TABLE table1 WITH (publish = 'INSERT, UPDATE');
To add partitioned tables for PostgreSQL version 13 or later, run the following command to enable publish_via_partition_root.
CREATE PUBLICATION fivetran_pub FOR ALL TABLES WITH (publish_via_partition_root=true);
Create a logical replication slot for the database you want to sync by running the following command. You must use the standard output plugin
pgoutput
. Ensure that you are connected to the correct database when you create your replication slot, or your connector will not be able to find the slot.IMPORTANT: You must create a unique replication slot for every connector that uses the same PostgreSQL cluster. Replication slot names cannot start with a number. (The replication slot name
fivetran_pgoutput_slot
quoted throughout this guide is used purely as an example.)IMPORTANT: You need to create the replication slot after you have created the publication.
SELECT pg_create_logical_replication_slot('fivetran_pgoutput_slot', 'pgoutput');
NOTE: If your PostgreSQL server version is 16 or later and you want to sync from a standby, create the replication slot in the read replica.
Verify that your chosen tables are in the publication.
SELECT * FROM pg_publication_tables;
Grant the Fivetran user permission to read the replication slot.
ALTER ROLE <username> WITH REPLICATION;
Log in as the Fivetran user.
Verify that the Fivetran user can read the replication slot by running the following command. Replace
fivetran_pgoutput_slot
with your replication slot name andfivetran_pub
with the publication name.SELECT count(*) FROM pg_logical_slot_peek_binary_changes('fivetran_pgoutput_slot', null, null, 'proto_version', '1', 'publication_names', 'fivetran_pub');
If the query succeeds, then permissions are sufficient.
IMPORTANT: You must periodically tune the
checkpoint_timeout
andmax_wal_size
parameters based on your PostgreSQL database operations. If you do not, you may experience replication failures. To learn how to tune, read this tuning checkpoints documentation.
XMIN
The XMIN method is based on the hidden xmin
system column that is present in all PostgreSQL tables.
We recommend that you filter frozen pages from incremental syncs. Filtering makes incremental syncs significantly shorter, which means that we use fewer resources in your source database.
(Optional) To filter frozen pages, run the following commands on your primary database as a superuser:
CREATE EXTENSION pg_visibility;
CREATE SCHEMA fivetran;
CREATE OR REPLACE FUNCTION fivetran.get_all_pages(v_table_name character varying)
RETURNS TABLE (
pagenumber integer,
all_visible_yn boolean,
all_frozen_yn boolean)
LANGUAGE plpgsql
SECURITY definer
AS $function$
declare
begin
RETURN QUERY
SELECT blkno::int as pageNumber,
all_visible as all_visible_yn,
all_frozen as all_frozen_yn
FROM pg_visibility_map($1::regclass);
END;
$function$;
GRANT USAGE ON SCHEMA fivetran TO <username>;
GRANT EXECUTE ON FUNCTION fivetran.get_all_pages TO <username>;
Fivetran Teleport Sync
To connect to a standby or read replica, run the following SQL command on your primary database as the Fivetran user:
CREATE AGGREGATE BIT_XOR(IN v bigint) (SFUNC = int8xor, STYPE = bigint);
NOTE: You must run the command above in the parent database because you cannot create new objects in read replicas. This command propagates the function to the read-only replica.
If you are not connecting with a read replica, you do not need to do any additional configuration. The aggregate that the Teleport mechanism will later use is automatically created for you.
Finish Fivetran configuration
In your connector setup form, enter a Destination schema prefix. This is used as the connector name and cannot be modified once the connector is created.
NOTE: Depending on your selection in the Destination schema names field, we will either prefix the connector name to each replicated schema or use the source schema names instead.
In the Host field, enter your database host's IP (for example,
1.2.3.4
) or domain (for example,your.server.com
).Enter your database instance's port number. The port number is usually
5432
.Enter the Fivetran-specific user that you created in Step 2.
Enter the password for the Fivetran-specific user that you created in Step 2.
Enter the name of your database (for example,
your_database
).(Hybrid Deployment and PostgreSQL native app only) If your destination is configured for Hybrid Deployment, the Hybrid Deployment Agent associated with your destination is pre-selected in the Select an existing agent drop-down menu. To use a different agent, select the agent of your choice, and then select the same agent for your destination.
(Not applicable to Hybrid Deployment and PostgreSQL native app) Choose your connection method. If you selected Connect via an SSH tunnel, copy or make a note of the Public Key and add it to the
authorized_keys
file while configuring the SSH tunnel, and provide the following information:- SSH hostname (do not use a load balancer's IP address/hostname)
- SSH port
- SSH user
Choose your Update Method. If you selected Logical Replication, enter both the name of your database's replication slot and publication name accordingly.
Private PreviewIn the Destination schema names field, select Fivetran naming or Source naming to determine how the schema names appear in your destination. For more information, see the Schema information section.
Click Save & Test. Fivetran tests and validates our connection to your PostgreSQL database. Upon successful completion of the setup tests, you can sync your data using Fivetran.
Setup tests
Fivetran performs the following tests to ensure that we can connect to your generic PostgreSQL database and that it is properly configured:
- The Connecting to SSH Tunnel Test validates the SSH tunnel details you provided in the setup form. It then checks that we can connect to your database using the SSH Tunnel. (We skip this test if you aren't connecting using SSH.)
- The Connecting to Host Test validates the database credentials you provided in the setup form. The test verifies that the host is not private and then checks the connectivity to the host.
- The Validating Certificate Test generates a pop-up window where you must choose which certificate you want Fivetran to use. It then validates that certificate and checks that we can connect to your database using TLS. (We skip this test if you selected an indirect connection method and then disabled the Require TLS through Tunnel toggle.)
- The Connecting to Database Test checks that we can access your database.
- The Connecting to WAL Replication Slot Test confirms that the database associated with the replication slot matches the name you supplied in the setup form. It then verifies that the replication slot uses the
pgoutput
plugin. Lastly, it makes sure that the Fivetran user has replication privileges. (We skip this test if you selected XMIN or Teleport as your incremental sync method) - The Checking Configuration Values Test checks a set of WAL-configured values against the recommended settings and detects if they are below the recommended range. (We skip this test if you selected XMIN as your incremental sync method.)
- The Publication Test verifies that the supplied publication name exists in your database. (We skip this test if you selected XMIN as your incremental sync method.)
- The Validating Speed Setup test validates Fivetran can fetch data from your source database quickly enough. During this test, we measure our ability to download sample data from your source database to Fivetran, but we do not perform a historical sync. We start a timer, then download the sample data in memory. We then calculate the connector speed based on how much data we downloaded and how long it took to download. The test shows a warning if the download speed is less than 5MB/sec.
- The XMIN Extensions test checks that the correct extensions are enabled for XMIN. (This test is skipped if you select Logical Replication as your incremental sync method.)
NOTE: The tests may take a few minutes to finish running.
Related articles
description Connector Overview
account_tree Schema Information
settings API Connector Configuration