Oracle RDS Tunnel Setup Guide

Follow these instructions to replicate your Oracle RDS database to your destination through your SSH Tunnel.

---

Prerequisites

To connect your Oracle database to Fivetran, you need:

• Oracle 11g or above
• IP (e.g., 1.2.3.4) or host (your.server.com)
• Port (usually 1521)

---

Enable access

Fivetran's data processing servers need access to your database server. Configure your VPC Security Groups and Network ACLs (Access Control Lists) to allow incoming connections from your SSH tunnel server's IP address to your Oracle database host and port (usually 1521).

---

Configure security group

Note: These instructions assume that your instance is in a VPC.

1. Click on the Oracle instance to expand it, then select the Configuration Details tab.

   

2. A panel of details about your read replica appears.

   

3. Verify that the Publicly Accessible field reads Yes.

   

4. Write down the read instance's port number. You will need this later.

   

5. Click the link to the read instance's Security Group.

   

6. In the security group panel, select the Inbound tab.

   

7. Click Edit.

   

8. Click Add Rule.

   

9. A new Custom TCP Rule is created at the bottom of the list with a blank space for a Port Range and a Source IP address.

   • For the Port, enter your instance's port number that you wrote down in Step 4 of this section (usually 1521).
   • For the Source, enter a Custom IP of {your-ssh-tunnel-server-ip-address}/32.

   

10. Click Save.

    

---

Configure Network ACLs

1. Return to the RDS Dashboard and expand the view on the instance.

   

2. Click the link to the instance's VPC.

   

3. Select the VPC.

   

4. In the Summary tab, click the Network ACL link.

   

You will see tabs for Inbound Rules and Outbound Rules. You must edit both.

Edit inbound rules

1. Select Inbound Rules.

   

2. If you have a default VPC that was automatically created by AWS, the settings already allow all incoming traffic. To verify that the settings allow incoming traffic, confirm that the Source value is 0.0.0.0/0 and that the ALLOW entry is listed above the DENY entry.

   

3. If your inbound rules don't include an ALL - 0.0.0.0/0 - ALLOW entry, edit the rules to allow {your-ssh-tunnel-server-ip-address}/32 to access the port number of your read replica (usually 5432). For additional help, see AWS's Network ACLs documentation.

Edit outbound rules

1. Select Outbound Rules.

   

2. If your outbound rules don't include an ALL - 0.0.0.0/0 - ALLOW entry, edit the rules to allow outbound traffic to all ports 1024-65535 for destination {your-ssh-tunnel-ip-address}/32.

---

Related articles

description Connector Overview

account_tree Schema Information

assignment Release Notes

settings API Connector Configuration

home Documentation Home