Amazon PostgreSQL RDS (v15-10-2015)

Amazon PostgreSQL RDS is supported by Stitch
This integration is certified by Stitch. For support, contact Stitch support.

Important: PostgreSQL RDS as an input data source

This article describes how to connect Amazon PostgreSQL RDS as an input data source.

If you want to connect a Amazon PostgreSQL RDS instance as a destination, refer to the Connecting an Amazon PostgreSQL RDS Destination guide.

Amazon PostgreSQL RDS feature snapshot

A high-level look at Stitch's Amazon PostgreSQL RDS (v15-10-2015) integration, including release status, useful links, and the features supported in Stitch.

STITCH
Release Status	Released	Supported By	Stitch
Stitch Plan	Free	Supported Versions	9.3+
CONNECTION METHODS
SSH Connections	Supported	SSL Connections	Supported
REPLICATION SETTINGS
Anchor Scheduling	Unsupported	Advanced Scheduling	Unsupported
Table-level Reset	Supported	Configurable Replication Methods	Supported
REPLICATION METHODS
Log-based Replication	Unsupported	Key-based Replication	Supported
Full Table Replication	Supported
DATA SELECTION
Table Selection	Supported	Column Selection	Supported
View Replication	Supported
TRANSPARENCY
Extraction Logs	Unsupported	Loading Reports	Supported

Connecting Amazon PostgreSQL RDS

Amazon PostgreSQL RDS setup requirements

To set up Amazon PostgreSQL RDS in Stitch, you need:

Permissions in Amazon Web Services (AWS) that allow you to:
- Create/manage Security Groups, which is required to whitelist Stitch’s IP addresses.
- View database details, which is required for retrieving the database’s connection details.
Permissions in Amazon PostgreSQL RDS that allow you to create/manage users. This is required to create the Stitch database user.
To verify if the database is a read replica, or follower. While we always recommend connecting a replica over a production database, this also means you may need to verify some of its settings - specifically the standby settings - before connecting it to Stitch.

On occasion, the default values for the standby settings can prevent Stitch from successfully completing queries, resulting in slow, intermittent replication. This is usually only an issue during historical syncs or when replicating large amounts of data (ex: a large table using Full Table Replication).

If you find that the hot_standby setting is on, proactively increasing the following settings from 30 seconds to 8-12 hours can help prevent this issue:
- max_standby_archive_delay
- max_standby_streaming_delay
After the initial historical sync completes, you can typically decrease these settings again.

For an official explanation of these settings, check out the Postgres docs.

Step 1: Configure database connection settings

In this step, you’ll configure the database server to allow traffic from Stitch to access it. There are two ways to connect your database:

A direct connection will work if your database is publicly accessible.
An SSH tunnel is required if your database isn’t publicly accessible. This method uses a publicly accessible instance, or an SSH server, to act as an intermediary between Stitch and your database. The SSH server will forward traffic from Stitch through an encrypted tunnel to the private database.

Click the option you’re using below and follow the instructions.

I'm using a direct connection.

Note: This step requires privileges in AWS that allow you to create and manage Security Groups.

For Stitch to successfully connect with your database instance, you’ll need to add our IP addresses to the appropriate Security Group via the AWS management console.

Security Groups must reside in the same VPC as the instance. Use the instructions below to create a security group for Stitch and grant access to the VPC.

Log into your AWS account.
Navigate to the Security Group Management page, typically Services > Compute > EC2.
Click the Security Groups option, under Network & Security in the menu on the left side of the page.
Click Create Security Group.
In the window that displays, fill in the fields as follows:
- Security group name: Enter a unique name for the Security Group. For example: Stitch
- Description: Enter a description for the security group.
- VPC: Select the VPC that contains the database you want to connect to Stitch. Note: The Security Group and database must be in the same VPC, or the connection will fail.
In the Inbound tab, click Add Rule.
Fill in the fields as follows:
- Type: Select Custom TCP Rule
- Port Range: Enter the port your database uses. (5432 by default)
- CIDR, IP or Security Group: Enter one of the IP addresses listed below:
  - 52.23.137.21/32
  - 52.204.223.208/32
  - 52.204.228.32/32
  - 52.204.230.227/32
Click Add Rule to add an additional Inbound rule.
Repeat steps 6-8 until all the IP addresses above have been added:
When finished, click Create to create the Security Group.

I'm using an SSH tunnel to connect.

Follow the steps in the Setting up an SSH Tunnel for a database in Amazon Web Services guide to set up an SSH tunnel for Amazon PostgreSQL RDS.
Complete the steps in this guide after the SSH setup is complete.

Step 2: Create a Stitch database user

Next, you’ll create a dedicated database user for Stitch. This will ensure Stitch is visible in any logs or audits, and allow you to maintain your privilege hierarchy.

Instructions
Privileges list

Your organization may require a different process, but the simplest way to create this user is to execute the following query when logged into the Amazon PostgreSQL RDS database as a user with the right to grant privileges.

Note: The user performing this step should also own the schema(s) that Stitch is being granted access to.

Log into your database.
Create a database user named stitch, replacing <password> with a password:
```
CREATE USER stitch WITH ENCRYPTED PASSWORD '<password>'
```
Grant the stitch user CONNECT privileges to the database, replacing <database_name> with the name of a database you want to connect Stitch to:
```
GRANT CONNECT ON DATABASE <database_name> TO stitch
```
Grant the stitch user schema usage privileges, replacing <schema_name> with the name of a schema you want to replicate data from:
```
GRANT USAGE ON SCHEMA <schema_name> TO stitch
```

Grant the stitch user SELECT privileges on the tables in the schema:

GRANT SELECT ON ALL TABLES IN SCHEMA <schema_name> TO stitch

Alter the schema’s default privileges to grant SELECT privileges on tables to stitch. This is required to ensure that objects created in the schema after connecting to Stitch will remain accessible to the stitch user:
```
ALTER DEFAULT PRIVILEGES IN SCHEMA <schema_name> GRANT SELECT ON TABLES TO stitch
```
If you want to replicate data from multiple databases or schemas, repeat steps 3 - 6 as needed.

See the Privileges list tab for an explanation of why these permissions are required by Stitch.

In the table below are the database user privileges Stitch requires to connect to and replicate data from a Amazon PostgreSQL RDS database.

Privilege name	Reason for requirement
CONNECT	Required to connect successfully to the specified database.
USAGE	Required to access the objects contained in the specified schema.
SELECT	Required to select rows from tables in the specified schema.
ALTER DEFAULT PRIVILEGES	Required to ensure that objects created in the schema after connecting to Stitch will be accessible by the Stitch database user.
rds_replication	Required to allow the Stitch database user to use logical (Log-based) replication. The `rds_superuser` role is required to grant this privilege.

Step 3: Connect Stitch

In this step, you’ll complete the setup by entering the database’s connection details and defining replication settings in Stitch.

Step 3.1: Locate the database connection details in AWS

Sign into the AWS Console, if needed.
Navigate to the RDS option.
On the RDS Dashboard page, click the Databases option on the left side of the page. This will open the RDS Databases page.
In the list of databases, locate and click on the instance you want to connect to Stitch. This will open the Database Details page.

Step 3.2: Define the database connection details

If you aren’t signed into your Stitch account, sign in now.
On the Stitch Dashboard page, click the Add Integration button.
Locate and click the PostgreSQL icon.
Fill in the fields as follows:
- Integration Name: Enter a name for the integration. This is the name that will display on the Stitch Dashboard for the integration; it’ll also be used to create the schema in your destination.
  
  For example, the name “Stitch Amazon PostgreSQL RDS” would create a schema called stitch_amazon_postgresql_rds in the destination. Note: The schema name cannot be changed after the integration is saved.
- Host (Endpoint): Paste the Endpoint address from the Amazon PostgreSQL RDS Details page in AWS into this field. Don’t include the port number, if it’s appended to the end of the endpoint string - this will cause errors.
- Port: Enter the port used by the instance. The default is 5432.
- Username: Enter the Stitch Amazon PostgreSQL RDS database user’s username.
- Password: Enter the password for the Stitch Amazon PostgreSQL RDS database user.
- Database: Enter the name of the Amazon PostgreSQL RDS database you want to connect to Stitch. Stitch will ‘find’ all databases you give the Stitch user access to - a default database is only used to complete the connection. This is required for Amazon PostgreSQL RDS integrations.

Step 3.3: Define the SSH connection details

Note: Skip this step if you’re not using SSH to connect to Stitch.

If you’re using an SSH tunnel to connect your Amazon PostgreSQL RDS database to Stitch, you’ll also need to define the SSH settings. Refer to the Setting up an SSH Tunnel for a database in Amazon Web Services guide for assistance with completing these fields.

Click the Encryption Type menu.
Select SSH to display the SSH fields.
Fill in the fields as follows:
- Remote Address: Paste the Public DNS of the SSH sever (EC2 instance) into this field. Refer to the Amazon SSH guide for instructions on retrieving this info.
- SSH Port: Enter the SSH port of the SSH server (EC2 instance) into this field. This will usually be 22.
- SSH User: Enter the Stitch Linux (SSH) user’s username.

Step 3.4: Define the SSL connection details

Note: Skip this step if you’re not using SSL to connect to Stitch.

Click the Connect using SSL checkbox if you’re using an SSL connection. Note: The database must support and allow SSL connections for this setting to work correctly.

Step 4: Create a replication schedule

Replication schedules affect the time Extraction begins, not the time to data loaded. Refer to the Replication Scheduling documentation for more information.

In the Replication Frequency section, you’ll create the integration’s replication schedule. An integration’s replication schedule determines how often Stitch runs a replication job, and the time that job begins.

Amazon PostgreSQL RDS integrations support the following replication scheduling methods:

Replication Frequency

To keep your row usage low, consider setting the integration to replicate less frequently. See the Understanding and Reducing Your Row Usage guide for tips on reducing your usage.

Step 5: Select data to replicate

The last step is to select select the tables and columns you want to replicate.

When you track a table, you’ll also need to define its Replication Method and, if using Key-based Incremental Replication, its Replication Key.

You can select tables and columns by:

In the Integration Details page, click the Tables to Replicate tab.
Locate a table you want to replicate.
Click the checkbox next to the object’s name. A green checkmark means the object is set to replicate.
If there are child objects, they’ll automatically display and you’ll be prompted to select some.
After you set a table to replicate, the Settings page will display. Note: When you track a table, by default all columns will also be tracked.
In the Settings page, define the table’s Replication Method and, if using Key-based Incremental Replication, its Replication Key.
Repeat this process for every table you want to replicate.

Initial and historical replication jobs

After you finish setting up Amazon PostgreSQL RDS, its Sync Status may show as Pending on either the Stitch Dashboard or in the Integration Details page.

For a new integration, a Pending status indicates that Stitch is in the process of scheduling the initial replication job for the integration. This may take some time to complete.

Initial replication jobs with Anchor Scheduling

If using Anchor Scheduling, an initial replication job may not kick off immediately. This depends on the selected Replication Frequency and Anchor Time. Refer to the Anchor Scheduling documentation for more information.

Free historical data loads

The first seven days of replication, beginning when data is first replicated, are free. Rows replicated from the new integration during this time won’t count towards your quota. Stitch offers this as a way of testing new integrations, measuring usage, and ensuring historical data volumes don’t quickly consume your quota.

Replication will continue after the seven days are over. If you’re no longer interested in this source, be sure to pause or delete the integration to prevent unwanted usage.

Questions? Feedback?

Did this article help? If you have questions or feedback, feel free to submit a pull request with your suggestions, open an issue on GitHub, or reach out to us.

Related	Troubleshooting
Destination & Integration Compatibility Replication Scheduling Replication Methods Replication Keys	PostgreSQL Data Types Stored as Strings PostgreSQL Read Replicas and Slow Replication Database Connection Errors Understanding & Reducing Your Usage Re-Authorizing Integrations Replication Issues