Oracle RDS Tunnel Setup Guidelink
Follow these instructions to replicate your Oracle RDS database to your destination through your SSH Tunnel.
Prerequisiteslink
To connect your Oracle database to Fivetran, you need:
- Oracle 11g or above
- Your database host's IP (e.g.,
1.2.3.4
) or domain (your.server.com
) - Your database's port (usually
1521
) - TLS enabled on your database (if you want to connect to Fivetran directly)
Enable accesslink
Fivetran's data processing servers need access to your database server. Configure your VPC Security Groups and Network ACLs (Access Control Lists) to allow incoming connections from your SSH tunnel server's IP address to your Oracle database host and port (usually 1521
).
Configure security grouplink
Note: These instructions assume that your instance is in a VPC.
-
Click on the Oracle instance to expand it, then select the Configuration Details tab.
-
A panel of details about your read replica appears.
-
Verify that the Publicly Accessible field reads Yes.
-
Write down the read instance's port number. You will need this later.
-
Click the link to the read instance's Security Group.
-
In the security group panel, select the Inbound tab.
-
Click Edit.
-
Click Add Rule.
-
A new Custom TCP Rule is created at the bottom of the list with a blank space for a Port Range and a Source IP address.
- For the Port, enter your instance's port number that you wrote down in Step 4 of this section (usually
1521
). - For the Source, enter a Custom IP of
{your-ssh-tunnel-server-ip-address}/32
.
- For the Port, enter your instance's port number that you wrote down in Step 4 of this section (usually
-
Click Save.
Configure Network ACLslink
-
Return to the RDS Dashboard and expand the view on the instance.
-
Click the link to the instance's VPC.
-
Select the VPC.
-
In the Summary tab, click the Network ACL link.
You will see tabs for Inbound Rules and Outbound Rules. You must edit both.
Edit inbound ruleslink
-
Select Inbound Rules.
-
If you have a default VPC that was automatically created by AWS, the settings already allow all incoming traffic. To verify that the settings allow incoming traffic, confirm that the Source value is
0.0.0.0/0
and that the ALLOW entry is listed above the DENY entry. -
If your inbound rules don't include an
ALL - 0.0.0.0/0 - ALLOW
entry, edit the rules to allow{your-ssh-tunnel-server-ip-address}/32
to access the port number of your read replica (usually5432
). For additional help, see AWS's Network ACLs documentation.
Edit outbound ruleslink
-
Select Outbound Rules.
-
If your outbound rules don't include an
ALL - 0.0.0.0/0 - ALLOW
entry, edit the rules to allow outbound traffic to all ports1024-65535
fordestination {your-ssh-tunnel-ip-address}/32
.
Related articleslink
description Connector Overview
account_tree Schema Information
settings API Connector Configuration