Amazon Aurora PostgreSQL Warehouse Setup Guidelink
Choose connection optionlink
Decide whether to connect to your warehouse directly or connect using an SSH tunnel.
- To connect using an SSH tunnel, follow these instructions.
- To connect directly, configure your firewall and/or other access control systems to allow:
- Incoming connections to your Postgres port (usually
5432
) from Fivetran's IP - Outgoing connections to all ports (1024 to 65535) at Fivetran's IP
- Incoming connections to your Postgres port (usually
Allow Fivetran to access your databaselink
The Fivetran data processing servers need access to your database.
-
If your instance is in a VPC, you need to configure your VPC Security Groups and Network ACLs (Access Control Lists).
-
If your instance is not in a VPC, then you only need to configure Security Groups.
Configure VPC security group link
These instructions assume that your database is in a VPC (if not, you can still use these instructions as a guide because configuring a non-VPC security group is almost identical).
-
Select your Aurora PostgreSQL database by navigating to the databases panel on the AWS RDS service and clicking on your database from the list.
-
Go to the Connectivity & security panel. Write down the database's port number (you will need this later).
-
Click on the active VPC security group under the Security tab to view the current configuration of this group:
-
In the security group panel, select the Inbound tab:
-
Click Edit:
-
Click Add Rule. This will create a new Custom TCP Rule at the bottom of the list with a blank space for a Port Range and a Source IP address.
-
For the Port, enter your database's port number that you wrote down in step 2 (usually
5432
). -
For the Source, enter a Fivetran IP best suited for your project's location. You can always add rules with more than one Fivetran IP if required.
-
Save the newly created Inbound rule before closing the pop-up:
Configure Network ACLs link
-
Select your Aurora PostgreSQL database by navigating to the databases panel on the AWS RDS service and clicking on your database from the list.
-
Go to the Connectivity & security panel. Write down the database's port number (you may need this later).
-
Click on the current VPC link under the Networking tab to view the current configuration of this VPC:
-
Click on the Network ACL link present in the Description panel to view it's current configuration, including the Inbound and Outbound rules:
-
If you have a default VPC that was automatically created by AWS, then the settings already allow all incoming and outgoing traffic. You don't need to take any action.
-
Select Inbound Rules to view your existing rules:
-
You can verify that your settings allow all incoming traffic because the the Source value is
0.0.0.0/0
:If your inbound rules don't include an
ALL - 0.0.0.0/0 - ALLOW
entry, follow steps mentioned under Edit Inbound rules. -
Select Outbound Rules to view your existing rules:
-
You can verify that your settings allow all outgoing traffic because the the Destination value is
0.0.0.0/0
:If your outbound rules don't include an
ALL - 0.0.0.0/0 - ALLOW
entry, follow steps mentioned under Edit Outbound rules.
Edit Inbound ruleslink
-
Click Edit inbound rules:
-
Click Add Rule. This will create a new Custom TCP Rule at the bottom of the list.
-
For the Port range, enter your database's port number that you wrote down in step 2 (usually
5432
). -
For the Source, enter a Fivetran IP best suited for your project's location. You can always add rules with more than one Fivetran IP if required:
-
Save the newly created Inbound rule.
Edit Outbound ruleslink
-
Click Edit outbound rules:
-
Click Add Rule. This will create a new TCP Rule at the bottom of the list.
-
For the Port range, enter
1024-65535
to allow outgoing traffic to these ports. -
For the Destination, enter a Fivetran IP best suited for your project's location. You can always add rules with more than one Fivetran IP if required:
-
Save the newly created Outbound rule.
Create a Fivetran userlink
-
Connect to your Postgres database and run the following query to create a password:
CREATE USER fivetran PASSWORD <password>;
-
Run the following query to grant the
fivetran
user the following privileges:- CREATE: Allows the user to create new schemas in the database
- TEMPORARY: Allows the user to create temporary tables while using the database
GRANT CREATE, TEMPORARY ON DATABASE <database> TO fivetran;