Amazon RDS PostgreSQL

Amazon RDS PostgreSQL Setup Guide

You can set up, operate, and scale PostgreSQL deployments in the cloud with Amazon RDS. Amazon RDS for PostgreSQL gives you access to the capabilities of the familiar PostgreSQL database engine. This means that the code, applications, and tools you already use today with your existing databases can be used with Amazon RDS.

You can ingest data from your Amazon RDS PostgreSQL database using Hevo Pipelines and replicate it to a Destination of your choice.

Getting Started

Setup

Data Sync

Troubleshooting

Prerequisites

IP address or host name of your PostgreSQL server is available.
The PostgreSQL version is 9.4.15 or higher.
If Pipeline mode is Logical Replication:
- Log-based incremental replication is enabled.
- PostgreSQL versions 15.8 and below do not support logical replication on read replicas. This feature is available starting from version 16.
Hevo’s IP addresses are whitelisted.
SELECT, USAGE, and CONNECT privileges are granted to the database user.

Note: We recommend that you create a database user for configuring your Amazon RDS PostgreSQL Source in Hevo. However, if you already have one, refer to section Grant privileges to the user.
You are assigned the Team Administrator, Team Collaborator, or Pipeline Administrator role in Hevo, to create the Pipeline.

Perform the following steps to configure your Amazon RDS PostgreSQL Source:

Set up Log-based Incremental Replication

Hevo supports data ingestion from PostgreSQL servers via Write Ahead Logs set at the logical level (available on PostgreSQL version 9.4). A Write Ahead Log(WAL) is a collection of log files that record information about data modifications and data object modifications made on a PostgreSQL server instance. Typically WAL is used for data replication and data recovery.

To set up log-based replication, follow these steps:

1. Create a parameter group

Log in to the Amazon RDS console.
In the left navigation pane, click Parameter groups.
On the Parameter groups page, click Create parameter group.
On the Create parameter group page, perform the following steps:
1. Specify the Parameter group name and Description, and select PostgreSQL from the Engine type drop-down.
2. Select a PostgreSQL version from the Parameter group family drop-down.
3. Select DB Parameter Group from the Type drop-down and then click Create.
  
  Note: This field is available only if you select postgres13 or above version as the Parameter group family.

You have successfully created a parameter group.

2. Configure the parameters

Click on the parameter you just created in Create a parameter group.
On the <Parameter_name> page, click Edit in the top right.

Search and update the following parameters:

Parameter	Recommended Value	Description
`max_replication_slots`	5	The maximum number of replication slots that server can support. Default value: 10. RDS recommends to set this value to at least 5 so that internal replication by RDS is not affected.
`max_wal_senders`	5	The number of processes that can simultaneously transmit the WAL log. Default value: 10. RDS recommends to set this value to at least 5 so that the internal replication by RDS is not affected.
`rds.logical_replication`	1	The setting to enable or disable logical replication. The value of 1 is required to enable WAL at the logical level.
`wal_sender_timeout`	0	The time, in seconds, after which PostgreSQL terminates the replication connections due to inactivity. Default value: 60 seconds. You must set the value to 0 so that the connections are never terminated and your Pipeline does not fail. You can use the following query to check the value configured for the parameter: `show wal_sender_timeout`

Click Save changes.

3. Apply the parameter group to your PostgreSQL database

In your Amazon RDS console, click Databases in the left navigation pane.
On the Databases page, click the DB identifier for your database, and then click Modify.
Select the DB parameter group you just created in Create a parameter group.
Set the Backup retention period to at least 3 days. This setting defines the number of days for which automated backups are retained.
On the Modify DB instance… page, click Modify DB instance.
For the changes to take effect, reboot the DB instance.

Whitelist Hevo’s IP Addresses

You need to whitelist the Hevo IP addresses for your region to enable Hevo to connect to your PostgreSQL database. To do this:

1. Add inbound rules

Open the Amazon RDS console.
In the left navigation pane, click Databases (or Instances if you are using an older version).
In the Databases section on the right, click the DB identifier of the Amazon RDS PostgreSQL instance to configure a security group.
In the Connectivity & security tab, click the security group ID under Security, VPC security groups.
On the Security Groups page, select the check box for your Security group ID, and from the Actions drop-down, click Edit inbound rules.
On the Edit inbound rules page:
1. Click Add rule.
2. Add a new rule with Hevo’s IP addresses for your region to give access to the PostgreSQL instance.
3. Click Save rules.

2. Configure Virtual Private Cloud (VPC)

Follow steps 1-3 from the section above.
In the Connectivity & security tab, click the link text under VPC.
On the Your VPCs page, click the VPC ID, and in the Details section, click the link text under Main network ACL.
On the Network ACLs page, click the Inbound Rules tab and ensure that the IP address you added is set to Allow.

Create a Database User and Grant Privileges

1. Create a database user (Optional)

Perform the following steps to create a user in your Amazon RDS PostgreSQL database:

Connect to your Amazon RDS PostgreSQL database instance as a root user with an SQL client tool, such as psql.
Create a database user:
```
CREATE USER <database_username> WITH LOGIN PASSWORD '<password>';
```
Note: Replace the placeholder values in the command above with your own. For example, <database_username> with hevouser.

2. Grant privileges to the user

Grant privileges to the database user connecting to the PostgreSQL database as follows:

Connect to your Amazon Aurora PostgreSQL database instance as a root user with an SQL client tool, such as psql.

Run the following commands to grant privileges to the database user:

GRANT CONNECT ON DATABASE <database_name> TO <database_username>;
GRANT USAGE ON SCHEMA <schema_name> TO <database_username>;
GRANT SELECT ON ALL TABLES IN SCHEMA <schema_name> to <database_username>;

Alter the schema’s default privileges to grant SELECT privileges on tables created in the future to the database user:
```
ALTER DEFAULT PRIVILEGES IN SCHEMA <schema_name> GRANT SELECT ON TABLES TO <database_username>;
```
Note: If you want to use Log-based Incremental Replication, grant the rds_replication role to the database user. Log in to the database as a user with the rds_superuser role and run the following command:
```
GRANT rds_replication TO <database_username>;
```

Note: Replace the placeholder values in the commands above with your own. For example, <database_username> with hevouser.

Specify Amazon RDS PostgreSQL Connection Settings

Perform the following steps to configure Amazon RDS PostgreSQL as a Source in Hevo:

Click PIPELINES in the Navigation Bar.
Click + CREATE PIPELINE in the Pipelines List View.
On the Select Source Type page, select Amazon RDS PostgreSQL.
On the Configure your Amazon RDS PostgreSQL Source page, specify the following:
- Pipeline Name: A unique name for your Pipeline, not exceeding 255 characters.
- Database Host: The Amazon RDS PostgreSQL host’s IP address or DNS. For example, postgresql-rds-1.xxxxx.rds.amazonaws.com .
  
  Note: For a URL-based hostname, exclude the http:// or https:// part. For example, if the hostname URL is https://postgresql-rds-1.xxxxx.rds.amazonaws.com, enter postgresql-rds-1.xxxxx.rds.amazonaws.com.
- Database Port: The port on which your Amazon RDS PostgreSQL server listens for connections. Default value: 5432.
- Database User: The read-only user who has the permissions to read tables in your database.
- Database Password: The password for the read-only user.
- Select an Ingestion Mode: The desired mode by which you want to ingest data from the Source. This section is expanded by default. However, you can collapse the section by clicking SEE LESS. Default value: Logical Replication.
  
  The available ingestion modes are Logical Replication, Table, and Custom SQL. Additionally, the XMIN ingestion mode is available for Early Access. Logical Replication is the recommended ingestion mode and selected by default.
  
  Depending on the ingestion mode you select, you must configure the objects to be replicated. Refer to section, Object and Query Mode Settings for the steps to do this.
  
  Note:
  - PostgreSQL versions 15.8 and below do not support logical replication on read replicas. This feature is available starting from version 16.
  - For Custom SQL ingestion mode, all Events loaded to the Destination are billable.
- Database Name: The database that you wish to replicate.
- Connection Settings:
  - Connect through SSH: Enable this option to connect to Hevo using an SSH tunnel, instead of directly connecting your PostgreSQL database host to Hevo. This provides an additional level of security to your database by not exposing your PostgreSQL setup to the public. Read Connecting Through SSH.
    
    If this option is disabled, you must whitelist Hevo’s IP addresses. Refer to the content for your PostgreSQL variant for steps to do this.
  - Use SSL: Enable it to use SSL encrypted connection. You should also enable this if you are using Heroku PostgreSQL databases. To enable this, specify the following:
    - CA File: The file containing the SSL server certificate authority (CA).
      - Load all CA Certificates: If selected, Hevo loads all CA certificates (up to 50) from the uploaded CA file, else it loads only the first certificate.
        
        Note: Select this check box if you have more than one certificate in your CA file.
    - Client Certificate: The client public key certificate file.
    - Client Key: The client private key file.
- Advanced Settings
  - Load Historical Data: Applicable for Pipelines with Logical Replication mode. If this option is enabled, the entire table data is fetched during the first run of the Pipeline. If disabled, Hevo loads only the data that was written in your database after the time of creation of the Pipeline.
  - Merge Tables: Applicable for Pipelines with Logical Replication mode. If this option is enabled, Hevo merges tables with the same name from different databases while loading the data to the warehouse. Hevo loads the Database Name field with each record. If disabled, the database name is prefixed to each table name. Read How does the Merge Tables feature work?.
  - Include New Tables in the Pipeline: Applicable for all ingestion modes except Custom SQL. If enabled, Hevo automatically ingests data from tables created in the Source after the Pipeline has been built. These may include completely new tables or previously deleted tables that have been re-created in the Source. If disabled, new and re-created tables are not ingested automatically. They are added in SKIPPED state in the objects list, on the Pipeline Overview page. You can update their status to INCLUDED to ingest data. You can change this setting later. You can include these objects post-Pipeline creation to ingest data.
Click TEST CONNECTION. This button is enabled once you specify all the mandatory fields. Hevo’s underlying connectivity checker validates the connection settings you provide.
Click TEST & CONTINUE to proceed for setting up the Destination. This button is enabled once you specify all the mandatory fields.

Object and Query Mode Settings

Once you have specified the Source connection settings in Step 4 above, do one of the following:

For Pipelines configured with the Table or Logical Replication mode:
1. On the Select Objects page, select the objects you want to replicate and click CONTINUE.
  
  Note:
  - Each object represents a table in your database.
  - From Release 2.19 onwards, for log-based Pipelines, you can keep the objects listed on the Select Objects page deselected by default. In this case, when you skip object selection, all objects are skipped for ingestion, and the Pipeline is created in the Active state. You can include the required objects post-Pipeline creation. Contact Hevo Support to enable this option for your teams.
2. On the Configure Objects page, specify the query mode you want to use for each selected object.
  
  Note: In Full Load mode, Hevo attempts to replicate the full table in a single run of the Pipeline, with an ingestion limit of 25 Million rows.
For Pipelines configured with the XMIN mode:
1. On the Select Objects page, select the objects you want to replicate.
  
  Note:
  - Each object represents a table in your database.
  - For the selected objects, only new and updated records are ingested using the XMIN column.
  - The Edit Config option is unavailable for the objects selected for XMIN-based ingestion. You cannot change the ingestion mode for these objects post-Pipeline creation.
2. Click CONTINUE.
For Pipelines configured with the Custom SQL mode:
1. On the Provide Query Settings page, enter the custom SQL query to fetch data from the Source.
2. In the Query Mode drop-down, select the query mode, and click CONTINUE.

Data Replication

For Teams Created	Ingestion Mode	Default Ingestion Frequency	Minimum Ingestion Frequency	Maximum Ingestion Frequency	Custom Frequency Range (in Hrs)
Before Release 2.21	Table	15 Mins	15 Mins	24 Hrs	1-24
	Log-based	5 Mins	5 Mins	1 Hr	NA
After Release 2.21	Table	6 Hrs	30 Mins	24 Hrs	1-24
	Log-based	30 Mins	30 Mins	12 Hrs	1-24

Note: The custom frequency must be set in hours as an integer value. For example, 1, 2, or 3 but not 1.5 or 1.75.

Historical Data: In the first run of the Pipeline, Hevo ingests all available data for the selected objects from your Source database.
Incremental Data: Once the historical load is complete, data is ingested as per the ingestion frequency.

Additional Information

Read the detailed Hevo documentation for the following related topics:

Error 1003 - Authentication failure

Potential Causes

The credentials for the database user authorizing the connection are incorrect.

Suggested Actions

Verify that the password entered for the authorizing user in the Configure your Source page is correct.
Invite another team member with the required privileges to set up the Pipeline. Read Inviting and Moderating Team Members.

Error 1006 - Connection settings errors

Potential Causes

The database connection details are incorrect.
Hevo’s IP addresses are not whitelisted.

Suggested Actions

Verify that the Database Host entered in the Configure your Source page is correct.
Verify that the Database Port entered in the Configure your Source page is correct.
Verify that Hevo’s IP addresses are whitelisted.
For Amazon RDS databases: Check that the Security Group and VPC Subnet associated with the database allows access from all Hevo’s IP addresses.
Invite another team member with the required privileges to set up the Pipeline. Read Inviting and Moderating Team Members.

Error 1011 - Connection settings errors

Potential Causes

The username or password is incorrect.

Suggested Actions

Grant the rds_replication role to the database user:
1. Log in to the database as a user with the rds_superuser role.
2. Run the following command:
```
  GRANT rds_replication TO <database_username>;
```
Invite another team member with the required privileges to set up the Pipeline. Read Inviting and Moderating Team Members.

Error 1012 - Access role issue for logical replication

Potential Causes

The username or password is incorrect.

Suggested Actions

Grant the rds_replication role to the database user:
1. Log in to the database as a user with the rds_superuser role.
2. Run the following command:
```
  GRANT rds_replication TO <database_username>;
```
Invite another team member with the required privileges to set up the Pipeline. Read Inviting and Moderating Team Members.

Error 1014 - Access role issue for logical replication

Potential Causes

The database name is either incorrect or not provided.

Suggested Actions

Verify that the Database Host entered in the Configure your Source page is correct.
Verify that the Database Port entered in the Configure your Source page is correct.
Verify that the user entered in the Configure your Source page has access to the database.
Invite another team member with the required privileges to set up the Pipeline. Read Inviting and Moderating Team Members.

Error 1017 - Database does not exist

Potential Causes

The database connection details are incorrect.
Hevo’s IP addresses are not whitelisted.
The database user authorizing the connection does not have sufficient permissions to access the database.

Suggested Actions

Verify that the Database Host and or Database Port entered in the Configure your Source page are correct.
Verify that Hevo’s IP addresses for your region are whitelisted. Refer to the content for your PostgreSQL variant for steps to do this.
Check that the Security Group and VPC subnet associated with the database allows access from all Hevo’s IP addresses for Amazon RDS databases.
Invite another team member with the required privileges to set up the Pipeline. Read Inviting and Moderating Team Members.

Error 1023 - Connection settings errors

Potential Causes

Hevo is unable to access the PostgreSQL server.
Hevo’s IP address is not whitelisted.

Suggested Actions

Whitelist Hevo’s IP addresses:
1. Navigate to the PostgreSQL configuration file, pg_hba.conf. This file is generally found in the path: /etc/postgresql/<version>/main/.
2. Add the Hevo IP addresses for your region or 0.0.0.0 to allow all IPs to connect:
```
    host    all             user_name           0.0.0.0/0              md5
```
Invite another team member with the required privileges to set up the Pipeline. Read Inviting and Moderating Team Members.

Error 1024 - No pg_hba.conf entry

Potential Causes

The configuration for log-based incremental replication is incorrect.

Suggested Actions

Set up log-based incremental replication correctly. Click the link for the respective MySQL variant for steps to do this:
Invite another team member with the required privileges to set up the Pipeline. Read Inviting and Moderating Team Members.

Source Considerations

If you add a column with a default value to a table in PostgreSQL, entries with it are created in the WAL only for the rows that are added or updated after the column is added. As a result, in the case of log-based Pipelines, Hevo cannot capture the column value for the unchanged rows. To capture those values, you need to:
- Restart the historical load for the respective object.
- Run a query in the Destination to add the column and its value to all rows.
When you delete a row in the Source table, its XMIN value is deleted as well. As a result, for Pipelines created with the XMIN ingestion mode, Hevo cannot track deletes in the Source object(s). To capture deletes, you need to restart the historical load for the respective object.
XMIN is a system-generated column in PostgreSQL, and it cannot be indexed. Hence, to identify the updated rows in Pipelines created with the XMIN ingestion mode, Hevo scans the entire table. This action may lead to slower data ingestion and increased processing overheads on your PostgreSQL database host. Due to this, Hevo recommends that you create the Pipeline in the Logical Replication mode.

Note: The XMIN limitations specified above are applicable only to Pipelines created using the XMIN ingestion mode, which is currently available for Early Access.

Limitations

The data type Array in the Source is automatically mapped to Varchar at the Destination. No other mapping is currently supported.
Hevo does not support data replication from foreign tables, temporary tables, and views.
Hevo supports only RSA-based keys for establishing SSL connections. RSA is an encryption algorithm used for certificate private keys. You must ensure that your SSL certificates and keys are RSA-based.

Revision History

Refer to the following table for the list of key updates made to this page:

Date	Release	Description of Change
Nov-18-2024	NA	Updated section, Set up Log-based Incremental Replication as per the latest Amazon RDS PostgreSQL UI.
Sep-30-2024	NA	Updated the Prerequisites section to add information about the logical replication support for read replicas.
Jun-27-2024	NA	Updated section, Limitations to add information about Hevo supporting only RSA-based keys.
May-30-2024	NA	Updated section, Grant privileges to the user to add all the necessary permissions.
Apr-29-2024	NA	Updated section, Specify Amazon RDS PostgreSQL Connection Settings to include more detailed steps.
Mar-18-2024	2.21.2	Updated section, Specify Amazon RDS PostgreSQL Connection Settings to add information about the Load all CA certificates option.
Mar-05-2024	2.21	Added the Data Replication section.
Feb-05-2024	NA	Updated sections, Specify Amazon RDS PostgreSQL Connection Settings and Object and Query Mode Settings to add information about the XMIN ingestion mode.
Jan-22-2024	2.19.2	Updated section, Object and Query Mode Settings to add a note about the enhanced object selection flow available for log-based Pipelines.
Jan-10-2024	NA	- Updated section, Source Considerations to add information about limitations of XMIN query mode. - Removed mentions of XMIN as a query mode.
Nov-03-2023	NA	Renamed section, Object Settings to Object and Query Mode Settings.
Oct-27-2023	NA	Added subsection, Create a database user.
Oct-18-2023	NA	Updated section, Apply the parameter group to your PostgreSQL database to add information about rebooting an AWS instance.
Sep-19-2023	NA	Updated section, Limitations to add information about Hevo not supporting data replication from certain tables.
Sep-11-2023	NA	Updated section, Create a parameter group as per the latest Amazon functionality.
Jun-26-2023	NA	Added section, Source Considerations.
Apr-21-2023	NA	Updated section, Specify Amazon RDS PostgreSQL Connection Settings to add a note to inform users that all loaded Events are billable for Custom SQL mode-based Pipelines.
Mar-09-2023	2.09	Updated section, Specify Amazon RDS PostgreSQL Connection Settings to mention about SEE MORE in the Select an Ingestion Mode section.
Dec-19-2022	2.04	Updated section, Specify Amazon RDS PostgreSQL Connection Settings to add information that you must specify all fields to create a Pipeline.
Dec-07-2022	2.03	Updated section, Specify Amazon RDS PostgreSQL Connection Settings to mention about including skipped objects post-Pipeline creation.
Dec-07-2022	2.03	Updated section, Specify Amazon RDS PostgreSQL Connection Settings to mention about the connectivity checker.
Sep-07-2022	NA	Updated section, Set up Log-based Incremental Replication to reflect the latest UI changes.
Jul-04-2022	NA	- Added section, Specify Amazon RDS PostgreSQL Connection Settings and Object Settings.
Feb-07-2022	1.81	Updated section, Whitelist Hevo’s IP Address to remove details about Outbound rules as they are not required.
Jan-24-2022	1.80	Removed from Limitations that Hevo does not support UUID datatype as primary key.
Dec-20-2021	1.78	Updated section, Configure the parameters.
Sep-09-2021	1.71	Updated the section, Limitations to include information about columns with the UUID data type not being supported as a primary key.
Jun-14-2021	1.65	Updated the Grant Privileges to the User section to include latest commands.

Last updated on Dec 16, 2024

Prerequisites

Set up Log-based Incremental Replication

1. Create a parameter group

2. Configure the parameters

3. Apply the parameter group to your PostgreSQL database

Whitelist Hevo’s IP Addresses

1. Add inbound rules

2. Configure Virtual Private Cloud (VPC)

Create a Database User and Grant Privileges

1. Create a database user (Optional)

2. Grant privileges to the user

Specify Amazon RDS PostgreSQL Connection Settings

Object and Query Mode Settings

Data Replication

Additional Information

Error 1003 - Authentication failure

Potential Causes

Suggested Actions

Error 1006 - Connection settings errors

Potential Causes

Suggested Actions

Error 1011 - Connection settings errors

Potential Causes

Suggested Actions

Error 1012 - Access role issue for logical replication

Potential Causes

Suggested Actions

Error 1014 - Access role issue for logical replication

Potential Causes

Suggested Actions

Error 1017 - Database does not exist

Potential Causes

Suggested Actions

Error 1023 - Connection settings errors

Potential Causes

Suggested Actions

Error 1024 - No pg_hba.conf entry

Potential Causes

Suggested Actions

Source Considerations

Limitations

See Also

Revision History

Tell us what went wrong